Computer viruses make it to orbit
http://news.bbc.co.uk/2/hi/technology/7583805.stm
A computer virus is alive and well on the International Space Station (ISS).
Nasa has confirmed that laptops carried to the ISS in July were infected with a virus known as Gammima.AG.
The worm was first detected on earth in August 2007 and lurks on infected machines waiting to steal login names for popular online games.
Nasa said it was not the first time computer viruses had travelled into space and it was investigating how the machines were infected.
Microsoft readies new Windows XP Pro antipiracy nag
Microsoft has decided to beef up the antipiracy software in Windows XP Professional to make nagging more prominent for those running bogus copies of the operating system. Read more...
Best Western says data breach even smaller than first thought
Date: August 25, 2008
Source: economictimes.indiatimes.com
LONDON: An investigation by Scotland's Sunday Herald newspaper has discovered that late on Thursday night a previously unknown Indian hacker successfully breached the IT defences of UK's Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia. Original article
Privacy group: U.S. border-crossing database raises concerns
Google, Microsoft, Yahoo & Others Nearing Completion of Online Human Rights Code - 8/20/2008 6:00:00 PM Document is designed to set IT standards for users' rights to privacy, freedom of speech
Rival Botnets Share a Common Bond, Researchers Find - 8/20/2008 5:42:00 PM But world's biggest botnets Rustock and Srizbi remain autonomous
The Seven Deadliest Social Networking Hacks - 8/26/2008 7:40:00 PM
Think you know who your real online friends are? You could be just a few hops away from a cybercriminal in today's social networks
Separation of Duties and IT Security
Muddied responsibilities create unwanted risk. Kevin Coleman says auditors may start labeling poorly defined IT duties as a material deficiency.
Read more
When to Worry About Security Holes--and When Not To
Annoyed by all the computerese that litters security stories? Here's your guide.
DOJ Announces Plan to Weaken Privacy Rule on Databases
The Department of Justice (DOJ) announced a plan to weaken the 28 Code of Federal Regulation (CFR) Part 23 that governs federal law enforcement access to the criminal databases operated by state and local governments. The 28 CFR Part 23 is cited in the National Criminal Intelligence Sharing Plan as the rule that allegedly provide "privacy protection for data subjects. The regulation addresses the management of inter-, and multi jurisdictional criminal intelligence sharing systems operated by local and state law enforcement or on their behalf. The Federal Privacy Act, which requires data accuracy, provides much better protection for how personal information stored in databases should be managed. In 2003, the DOJ opted to not require that the FBI comply with accuracy requirements for information held by the National Crime Information Center database. The DOJ and Department of Homeland Security fund a number of local and state law enforcement domestic surveillance programs.
U.S. May Ease Police Spy Rules, Washington Post, August 16, 2008
Posted by EPIC on August 16, 2008.Permanent link to this item.
Active attacks using stolen SSH keys
Published: 2008-08-26,Last Updated: 2008-08-26 21:52:26 UTCby John Bambenek (Version: 1)
The US-CERT is reporting that there is active attacks against Linux environments using stolen SSH keys. There is a new rootkit out, Phalanx2 which is dropped by attackers which, among the usual rootkit tasks, steal any SSH key on a system. The attackers then, presumably, use those stolen keys (the ones without passwords/passphrases at least) to get into other machines.
Web Fraud 2.0: Thwarting Anti-Spam Defenses
http://blogs.washingtonpost.com/securityfix/
Spammers have made great strides this past year in defeating CAPTCHAs, the distorted text used as a security test to ensure a person and not a machine is behind a computer screen. But automated programs that spammers use to thwart CAPTCHAs still aren't nearly as successful as the practice of hiring thousands of people to do nothing but remotely solve the puzzles for clients.
This is the business model behind anti-captcha.com, a subscription service that offers spammers a cheap way to solve CAPTCHAs, or "Completely Automated Public Turing test to tell Computers and Humans Apart." Google, Yahoo and other e-mail and Web service providers employ CAPTCHAs to stop spammers and other bad guys from using automated processes to create hundreds or thousands of fake accounts.
...
They charge $1 for every 1,000 CAPTCHAs you send. But the site also features an à la carte menu, selling new and used Gmail and Yahoo Web mail accounts in bulk. Currently offered are packages for 1,000, 10,000 and even 100,000 accounts at a time. Anti-captcha.com is selling 1,000 new Gmail accounts for $8, 10,000 Gmail accounts for $64, and 50,000 pristine Gmail inboxes for $280. Some 100,000 used Yahoo! mail accounts can be had for $150 to $200.
Search hacker exposes Olympic age scandalNews Brief, 2008-08-25
A dedicated security blogger finds evidence on the Internet, allegedly showing that two Chinese gold-medal gymnasts were too young to compete. The International Olympic Committee opens, and then promptly closes, an investigation.
...
Soon after Walker, who blogs under the name Stryder Hax, found each document, the evidence quickly disappeared. The lesson, he said, is that -- while it is difficult to delete documents from the Internet -- an entity with the power and reach of China seems to be able to make information about He Kexin disappear quickly.
IT Professionals Fear Job Loss Caused by Security Breaches
A recent survey performed by market research firm Opine Consulting showed that 86% of the respondents, all IT professi...[ more >> ]
XP Genuine 'nagware' gets a makeover
A (Microsoft) Codename a day: Geneva
Mary Jo Foley: Best guess on what it is: An identity metasystem including a new security token service and Active Directory Federation Services (ADFS) version 2.0.
An E-Card From SrizbiAugust 27, 2008
Srizbi's latest malicious spam campaign is greeting e-cards that have links to malware.
Srizbi, Rustock and the Big FourAugust 26, 2008
Srizbi, Rustock and other major spamming botnets may have close links.
Localized 0-day Once Again: Exploit-TaroDrop.e
One of the issues that we’ve been highlighting at our recent conference presentations and blogs was the emergence of major localized threats around Asia. McAfee Avert Labs discovered yet another unidentified vulnerability in the Japanese word processor , Ichitaro, last Friday.
This Japanese application have been known to be under the targeted attacks for several years and a few 0-day vulnerabilities were discovered and exploited in the past. Other than Ichitaro, other popular and localized applications are often targeted by 0-day exploits. We also frequently observe exploits targeting vulnerabilities, even months after they have already been patched by the vendor.
Data breaches already surpass 2007 total
Sue Marquette Poremba August 26, 2008
The number of reported data breaches has already surpassed last year's total, according to a report from Identity Theft Resource Center.
More on BGP Attacks -- Updated
Taiwan breaks up hacking ring
6 Ways To Test Your Online Banking Website To See How Secure It Really Is By Grey McKenzie 08/15/2008
Locked iPhones can be unlocked without a password
Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment