August 14, USA Today – (National) TSA screener testing labeled ‘a waste’. A government program to find gaps in airport screening is "a waste of money" because it does not follow up on why screeners failed to spot guns, knives and bombs on undercover agents, the head of the House Homeland Security Committee says. A Government Accountability Office report obtained by USA Today says Transportation Security Administration inspectors posing as passengers do not record why individual screeners failed to spot weapons. The TSA ran 20,000 covert tests at the USA’s 450 commercial airports from 2002 to 2007, and the results ought to be used to improve screening, the report says. The TSA disputed the report and said it has adopted many new screening practices and technologies to close holes revealed by testing. Results of the covert tests are classified, but recent reports made public have alarmed lawmakers. A November GAO report said investigators repeatedly smuggled liquid explosives and detonators past airport checkpoints in 2006. An internal TSA report said screeners in Los Angeles and Chicago airports missed fake bombs on agents in more than 60 percent of tests in 2006. Source: http://www.usatoday.com/travel/flights/2008-08-13-tsatests_N.htm
August 14, VNUNet – (International) Malware heats up in July. Spammed malware activity boomed during the month of July, according to Google. The company’s Postini security branch recorded a major spike in malicious spam traffic over the month, peaking at 10 million messages logged on 24 July. The numbers are the highest recorded all year. Previous spikes logged by the company in March and April had only reached numbers of approximately four million. One of the prime offenders cited for the spike was an attack centered on fake UPS invoices. The user was asked to download malware disguised as software to track the supposed parcel. Also cited was the wave of attacks touting phony news articles. Attackers sent out spam messages containing links to supposed news sites. When the user visited the fake site and attempted to watch a movie file, the malware was installed. Source: http://www.vnunet.com/vnunet/news/2223897/malware-heats-july
August 14, VNUNet – (International) Dutch police smash Shadow botnet. The Dutch High Tech Crime Unit has arrested two people and shut down the Shadow botnet, which is thought to contain over 100,000 compromised computers. A 19-year-old Dutch national is accused of running the botnet and police also arrested a Brazilian man who was trying to buy the use of it. The police have now asked security software vendor Kaspersky Labs to help shut the botnet down. The Dutch police are asking anyone who finds that they were part of the Shadow botnet to contact them and register a complaint. Kaspersky Labs have set up a web page detailing how to remove the Shadow malware. The Federal Bureau of Investigation is also reported to have taken part in the case, as the organization is mounting a major campaign against criminal use of botnets. Previous successes have included the arrest of a teenager in New Zealand who was writing botnet code. Source: http://www.vnunet.com/vnunet/news/2223909/dutch-police-smash-shadowbotnet
Former Countrywide Homeloan Employee, Second Man Arrested for Downleading and Selling Identities of Countrywide Homeloan Customers: Two men were arrested today on charges related to the illegal access of computers containing personal identification information of Countrywide Home Loan customers and the illegal sale of the data, announced Salvador Hernandez, Assistant Director in Charge of the FBI in Los Angeles, and United States Attorney Thomas P. O’Brien. The complaint alleges that Rebollo was employed as a senior financial analyst for Countrywide Home Loan's subprime mortgage division, Full Spectrum Lending in Pasadena. In his position, he had access to Countrywide computer databases, many of which contained sensitive information of Countrywide clients. Countrywide terminated Rebollo’s employment in July 2008. Rebollo said he obtained the information from Countrywide computers at his workspace and saved the reports to personally owned flash drives, according to the complaint. After Rebollo saved the Countrywide Home Loan data on the flash drives, he left the Countrywide Home Loan premises with the intent to sell the data. Rebollo opened a personal bank account specifically for the purpose of depositing and holding the illegal proceeds of the Countrywide data sales, and he estimated that he profited approximately $50,000 to $70,000 from the sale of the Countrywide-owned data, according to the complaint. http://losangeles.fbi.gov/pressrel/2008/la080108.htm
Motorcade Map Found at House Of Bomb Suspect: Police found a map of Camp David marked with a presidential motorcade route inside the Bethesda home of the teenager at the center of a bombmaking probe, along with a document that appears to describe how to kill someone at a distance of 200 meters, a Montgomery County prosecutor said yesterday at a court hearing. Collin McKenzie-Gude, 18, also had two forms of fake identification: one portraying him as a Central Intelligence Agency employee, and the other in the name of a federal contractor purportedly protected by the Geneva Conventions, authorities said. Until recently, the student worked as an intern at a Montgomery County police district station, where authorities said he stole police letterhead stationery that was used to obtain items restricted to law enforcement personnel. http://www.washingtonpost.com/wp-dyn/content/story/2008/08/05/ST2008080500131.html?sid=ST2008080500131&pos=list
DHS Keeps Mum on Cybersecurity Contract Work: The Homeland Security Department has released additional details about its role in the Bush administration’s Comprehensive National Cybersecurity Initiative (CNCI) to Congress, but it is being less forthcoming in public releases. In particular, DHS redacted almost all of its responses to questions about the use of contractors to support its cybersecurity efforts in the public version of its response to questions from the Senate Homeland Security and Governmental Affairs Committee. Sen. Joseph Lieberman (I-Conn.), chairman of the committee, and Sen. Susan Collins (R-Maine), the ranking member, said the public release of the information on July 31 was important to improve awareness about the program. “It is my hope that the release of this information will assist in improving security in both the public and private sectors,” Collins said. http://www.fcw.com/online/news/153375-1.html
S.D. Agents Help Bust Massive ID-theft Ring: For three years, San Diego-based Secret Service agents used the Internet to communicate with thieves, part of an investigation that has led to the prosecution of what federal officials call the largest identity-theft ring ever busted. “The investigation started here in San Diego,” local U.S. Attorney Karen Hewitt said yesterday. “It spread across the country and around the world.” Three of those charged are U.S. citizens. The others are from Estonia, Ukraine, Belarus and China. Officials say the full breadth of the conspiracy is staggering – more than 40 million credit and debit card numbers stolen from some of the nation's most popular retail chains. The thieves hacked into wireless networks of retailers, including BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW, as well as TJX Cos., owners of Marshalls and T.J. Maxx, authorities said. Losses to banks, retailers and consumers are “impossible to quantify at this point,” Attorney General Michael Mukasey said yesterday at a news conference in Boston. http://www.signonsandiego.com/news/metro/20080806-9999-1n6hacked.html
-- Top Government Official To Lay Out New Strategy For Protecting Systems That Control Power and Oil & Gas and Other Critical Industries (August 15, 2008) In his keynote presentation at the European SCADA Security Summit, Roger Cumming, Deputy Director of the UK's Centre for the Protection of. National Infrastructure, will outline a five-part strategy by which government and industry can move to protect the critical infrastructures on which all industrial societies depend for survival.
The new strategy ranges from how vulnerabilities will be disclosed and mitigated to how top executives of power and other critical industries will be engaged in the process. The meeting will also show how these systems are being penetrated, how to prioritize defenses, and how to buy control systems with security baked-in. A large number of corporate users will be there along with leaders from other nations to discuss the new strategies. The meeting is open to all IT security and control systems managers from critical industries, government officials responsible for critical infrastructure protection, and service providers who can help secure these systems. The full agenda will be published early next week. In the mean time, registration information can be found at http://www.sans.org/euscada08_summit/
--Judge Lets Gag Order Stand Against MIT Students (August 14, 2008) US District Judge George O'Toole Jr. has let stand a temporary restraining order that prevented three Massachusetts Institute of Technology (MIT) students from revealing their research on the security of payment cards used by the Massachusetts Bay Transit Authority (MBTA). The MBTA sought the order to allow it time to address the vulnerabilities before the specifics of the flaws
are disclosed. A hearing has been scheduled for Tuesday, when the
temporary order expires; at that time, a decision will be made as to whether the order will be lifted altogether or amended to cover only "nonpublic" information. Some of the information has been available on the Internet for a while and some was made available to conference goers prior to the scheduled presentation.
http://www.usatoday.com/tech/news/computersecurity/hacking/2008-08-14-subway-mit-subways_N.htm?csp=34
http://news.cnet.com/8301-1009_3-10017438-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://www.theregister.co.uk/2008/08/14/mbta_gag_order_remains/print.html
--Man Hopes to Fund Start-up by Charging for Vulnerability Details (August 11, 12 & 13, 2008) A man who claims to have found a number of vulnerabilities in the Java technology used on some Nokia handsets wants Nokia and Sun Microsystems to pay 20,000 euros (US $29,597) for a report that details the specifics of the flaws and includes two proof-of-concept exploits. Adam Gowdiak rejects the notion that he is blackmailing the companies, instead viewing his decision to charge for the information a means of gathering money to fund his start-up security research company. Gowdiak has briefed both companies about the vulnerabilities, so they are aware of the nature of the flaws.
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=210002897
http://www.theregister.co.uk/2008/08/11/s40_security_issues/print.html
http://www.zdnetasia.com/news/security/0,39044215,62044807,00.htm
--AOL Spammer Draws Seven-Year Sentence (August 13 & 14, 2008) Michael Dolan has received a seven year prison sentence for his role in a phishing scheme that targeted AOL members. Dolan and his cohorts used tools to harvest AOL screen names from chat rooms; those names were then targeted with phishing emails that appeared to be online greeting cards, but actually contained malware that ultimately led users to a site run by Dolan and others where the users were asked to provide information that included credit card and Social Security numbers (SSNs). Users were also directed to the site with emails that claimed to be from AOL's billing office. The scheme ran for more than four years, during which time prosecutors estimate the gang stole US $400,000 from 250 victims. Dolan pleaded guilty to fraud and aggravated identity theft last year.
http://www.theregister.co.uk/2008/08/14/aol_phisher_jailed/print.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112579&source=rss_topic17
IT managers opting for solid-state drives over hard disks http://cwflyris.computerworld.com/t/3460499/6339517/133277/2/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment