Monday, September 29, 2008

Security News Feed Monday 9/29/08

IBM offers glimpse at virtualization security products On tap: IBM's first software-based intrusion-prevention system designed to operate in VMware's ESX virtual-machine environment. Read more...






Norway pressures Apple to ditch iTunes DRM






Gartner: Security risks rise as smart phones get smarter






EMC to offer advanced storage features to consumers







Web Mail Rivals at Risk of Password-Reset Hacks
September 29, 2008 (Computerworld) Yahoo Mail isn't the only Web-based e-mail service that hackers could dupe into giving up user passwords, the tactic that was apparently used to break into the e-mail account of Alaska Gov. Sarah Palin, the Republican nominee for vice president.

Google Inc.'s Gmail and Microsoft Corp.'s Windows Live Hotmail also rely on automated password-reset mechanisms that can be abused by someone who knows the username associated with an account and an answer to a single security question, according to tests done by Computerworld.






Limbo malware grabs personal banking data
September 26, 2008 (IDG News Service) A Trojan horse program now available to a growing number of fraudsters can add data entry fields to legitimate online banking sites and entice consumers to give up sensitive information such as bank card numbers and personal identification numbers.

The malware, Limbo, integrates itself into a Web browser using a technique called HTML injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions. Because it's so closely integrated in the browser, it can operate even while the user is at the real bank site and can actually change the layout of that site, he said.







Microsoft, Washington state to sue 'scareware' pushers
September 26, 2008 (IDG News Service) Microsoft Corp. and Washington state are cracking down on scammers who bombard computer users with fake warning messages in the hope of selling them useless software.

On Monday, the state's attorney general and lawyers from Microsoft's Internet Safety Enforcement team will announce several lawsuits against so-called "scareware" vendors, who are being charged under Washington's Computer Spyware Act.






Security researchers warn of new 'clickjacking' browser bugs
September 26, 2008 (Computerworld) Security researchers warned today that a new class of vulnerabilities dubbed "clickjacking" puts users of every major browser at risk from attack.

Details of the multiple flaws -- six different types, by one count -- are sketchy, because the researchers, who presented some of their findings at a security conference earlier this week, have purposefully kept their information confidential as at least one vendor works on a fix.

Although the clickjacking problem has been associated with browsers -- users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack -- the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, and one of the two researchers who discussed the bug in a semi-closed session at OWASP AppSec 2008 on Wednesday.

In an interview on Friday, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by CSRF or "sidejacking." But clickjacking is different enough that the current anti-CSRF security provisions built into browsers, sites and Web applications are worthless.






Mozilla rushes to fix Firefox password bug






Visa to develop e-payment applications for Android, Nokia phones






Nokia announces potential new ownership of its security businessNokia today announces that it is in the advanced stages of discussions with a financial investor to purchase the security business from Nokia. “The investor is committed to continuing the development and growth of the business, to serving its current network of customers, and to retaining and motivating its employees. I am pleased to say that this is an extremely positive development for the security business, which will be able to realize its full potential under new ownership.” - Niklas Savander, EVP, Services & Software, Nokia. Read the full press release.






http://www.pcmag.com/article2/0,2817,2331225,00.asp
The 10 Most Mysterious Cyber Crimes







New ID Theft Service Crawls the Web on Consumers' Behalf - 9/26/2008 11:45:00 AM
For $15, Affinion penetrates hacker chat rooms and warns users when their data is for sale


Tiger Team Member Attacks Developers, Not Apps - 9/25/2008 5:28:00 PM
Expert shows how he can get into a Web app without touching the application itself







Shadowserver to Build 'Sinkhole' Server to Find Errant Bots - 9/24/2008 4:25:00 PM
New initiative will emulate IRC, HTTP botnet traffic






Sep 28, 3:10 pmFirms Urged to Boost Web 2.0 Security
Three out of 10 businesses have experienced security breaches because of employees using social nets or other community services at work.







http://blog.makezine.com/archive/2008/09/metal_plates_send_message.html
Send your personalized message to TSA x-ray screeners using metal plates you can put in your carry-on luggage.





Apple, Cisco fix serious security flawsNews Brief, 2008-09-25
The consumer technology maker pushes out a large patch for Java on Mac OS X, while Cisco publishes a dozen updates to fix serious issues in its networking hardware.








Congress finally passes broadband data collection bill
Days before recessing for the year, the Senate has at last passed the Broadband Data Improvement Act. It directs the FCC to gather far more detailed (and useful) information about the US broadband market, including better deployment maps and price information.
September 29, 2008 - 01:04PM CT - by Nate Anderson







Classmate PC gets a boost with million-unit Venezuelan order
The government of Venezuela has ordered one million low-cost Classmate PC laptops to be shipped to students with Linux preinstalled.
September 29, 2008 - 08:42AM CT - by Ryan Paul






iPhone 3G/iPod touch 2G is a tougher nut to crack
Adrian Kingsley-Hughes: The iPhone 3G was unveiled in June, but hackers are having a tougher time cracking the software to make the iPhone carrier-free and jailbreak the iPod touch.






Kaspersky: Worry About Trojans, Mobile Phone WormsPC Magazine - Wed Sep 24, 11:20 AM ET
Russian security giant Kaspersky Lab on Wednesday released its mid-year report on current trends in malware along with a report on spam trends. The upshot? Trojans continue to dominate the threat radar, and mobile-phone viruses are now a valid concern.





Bypassing the Great Firewall of China - iaminchina.com

Wednesday, September 24, 2008

Security News Feed Wednesday 9/24/08

Argentina President Christina Fernandez de Kirchner tax identification number altered by hacker
Well, what to do about this? As far as I can tell, this has nothing to do with Chinese hackers but it is being widely reported in the PRC news. Checked the western press to see if anyone had picked up on it but haven’t seen anything yet.
So…
New China News via Sina.com reports that in July of this year, Argentina President Christina Fernandez de Kirchner’s tax identification number was altered by a hacker.
On 22 September, an official from the Argentina Tax Department said President Fernandez de Kirchner’s tax Identification number had been altered by a network hacker, rendering her unable to report or pay taxes normally.





Palin Email Hackers Dorm Raid Creates Another Reason To Get A Password Manager By Grey McKenzie 09/22/2008






Controversial ISP Intercage now back online
Pressure from computer security researchers may have knocked ISP Intercage offline, but not for...







No charges as grand jury investigates Palin hack
A federal grand jury investigation into the compromise of vice presidential candidate Sarah Palin's...






California hacker charged with stealing, extortion
A resident of Solana Beach, Calif., has been charged with stealing customer data from luxury car...







[September 24, 2008]
Amid Internal Turmoil, Microsoft Delays Windows Mobile 7Microsoft has informed its hardware and wireless carrier partners that it has delayed the release of Windows Mobile 7, the upcoming major update to its smart phone platform. The delay suggests that warring parties inside of Microsoft continue to disagreeWinInfo - Paul Thurrott

"Officially, Windows Mobile 7 has been delayed from the first half of 2009 to the second half 2009, but real world time-to-market is always further lengthened by Microsoft's mobile carrier and hardware partners, who typically add another 6 to 12 months to the schedule. And while the company doesn't plan an interim release of the OS before then, it will ship a new version of its Mobile IE browser that includes the rendering engine from the desktop PC version of IE 6. That browser is expected to make Windows Mobile phones more competitive with the iPhone's Safari browser."






Two Arrested in First Bust for ATM Reprogramming Scam






Android Has Arrived
By Kate GreeneWednesday, September 24, 2008
Google's phone has plenty of potential, but some say its mechanism for delivering applications could lead to ...






A Face-Finding Search Engine
By Kate GreeneWednesday, September 17, 2008
A new approach to face recognition is better at handling low-resolution video.







A "gotcha" in online payment security
Dan Raywood September 24, 2008
A customer's password can be used to commit fraudulent activity on their account, and banks can now blame the customer for not protecting it sufficiently.







Second TJX hacker pleads guilty
Dan Kaplan September 23, 2008
A Miami man pleaded guilty this week for his involvement in the wireless-enabled data heists at TJX and a number of other well-known retailers.







Bogus Facebook emails pass trojans
Angela Moscaritolo September 23, 2008
A new round of malicious emails tries to trick recipients into believing someone wants to be their Facebook friend.






Consumer Class Action
Blockbuster cheats customers by failing to redeem gift cards when the value sinks below $10, a class action claims in Los Angeles Superior Court.







Clerk's Bad Advice Isn't a Valid Excuse, Court Says
NEW YORK (CN) - The New York Appellate Division rejected a plaintiff's claim that he missed a filing deadline because the case was still in discovery, and a law clerk had told him the deadline was not mandatory.






Kentucky Governor Seizes Online Gambling Domain Names
from the can't-have-competition-for-horse-racing dept

It's always fascinating to watch US politicians act as complete hypocrites when it comes to gambling. They talk about moral issues on why they need to stop online gambling, but allow their own personal favorite types of gambling, such as horse races and lottery. Kentucky, of course, is a big horse racing state, so perhaps it should come as no surprise that the state has strict anti-online-gambling laws. These laws are so strict that the state's governor is using them to seize 141 domain names of sites that the state claims are used for illegal gambling. Of course, it appears that many of the domains aren't online gambling sites at all, but parked domains. The state doesn't seem shy about the fact that it's doing this to "protect" the horse racing business...






Homeland Security Continues To Expand Border Searches: Now Can Copy Your Paper-Based Documents
from the probable-cause-is-so-last-millennium dept

We've been covering the stories of how the Department of Homeland Security has a policy in place that lets it search and copy the contents of your laptop as you cross the border without any probable cause. DHS's reasoning for why it needs this power are not particularly convincing -- focusing mainly on scare mongering rather than rational argument. Now, the EFF has discovered, thanks to a Freedom of Information Act request, that it's not just computer data that DHS wants to copy. Last year, it quietly changed its policies to allow customs and border guards to read and copy any personal papers the traveler has, even without "reasonable suspicion" or "probable cause." Compared to searching through and copying your hard drive, this may seem like a minor deal, but it's yet another example of DHS expanding its authority in ways that are very likely to be abused.







Malaysia Jails Blogger For Two Years Without Trial






India Claims To Have Cracked Blackberry Encryption; Proudly Spying On Emails
from the details-missing dept






Rejected From College Because Of Your Facebook Profile?
from the your-new-permanent-record dept







Srizbi's Important DocumentSeptember 24, 2008
Srizbi is sending spam that claims to contain an important document for you.








Another online poker site caught cheating: UltimateBet
Adam O'Donnell: The cheat involved allowing certain customers to view the hole cards of opponents. Like other incidences of online poker fraud, this one was an inside job.







Everyone declares victory in smutfree wireless broadband test
M2Z took off the gloves this morning in its fight with T-Mobile over a proposed smut free broadband service. But T-Mobile insists the plan will do harm to its customers.
September 24, 2008 - 05:20AM CT - by Matthew Lasar






Blu-ray stutters in face of tough economy, HD downloads
Now that HD DVD is out of the picture, Blu-ray should be soaring, right? Wrong. The high-def format's market share has dropped in recent weeks, with regular old DVD taking the very large majority of the market.
September 23, 2008 - 08:18PM CT - by Jacqui Cheng






Technology: China To Run Out of IPv4 Addresses In 830 Days







http://www.schneier.com/blog/archives/2008/09/the_two_classes.html
Airport security found a jar of pasta sauce in my luggage last month. It was a 6-ounce jar, above the limit; the official confiscated it, because allowing it on the airplane with me would have been too dangerous. And to demonstrate how dangerous he really thought that jar was, he blithely tossed it in a nearby bin of similar liquid bottles and sent me on my way.

There are two classes of contraband at airport security checkpoints: the class that will get you in trouble if you try to bring it on an airplane, and the class that will cheerily be taken away from you if you try to bring it on an airplane. This difference is important: Making security screeners confiscate anything from that second class is a waste of time. All it does is harm innocents; it doesn't stop terrorists at all.







Phony Pop-Up Warning Messages Dupe Most Users - 9/23/2008 4:50:00 PM
New research from NC State University shows how even savvy users fall for malicious system error messages






Microsoft to drop support for Office 2003 SP2

Monday, September 22, 2008

Security News Feed Monday 9/22/08

McAfee to buy Secure Computing for $465M Security vendor McAfee said it plans to acquire network security specialist Secure Computing for $465 million. Read more...






Since we are looking at Secure Computing's WebWasher, I checked the announcements from the vendor:
http://www.securecomputing.com/news_display.cfm?nid=1549
http://www.mcafee.com/us/about/press/corporate/2008/20080922_080000_q.html
It looks like they plan on cross-selling to each other's customers, and maybe integrate some of McAfee's other products into the Secure Computing line. I think WebWasher is likely to be maintained as an ongoing product line.







Forever 21 Discloses Card Data Theft






Wikileaks posts Bill O'Reilly Web site data
September 19, 2008 (IDG News Service)

Just days after publishing vice presidential candidate Sarah Palin's personal e-mail messages, the Wikileaks Web site has published data about members who signed up for a section of Fox Television host Bill O'Reilly's Web site.

Hackers were able to obtain a list of Billoreilly.com premium members, including e-mail addresses, site passwords, and the cities and states where they live. Some of the information was published Friday on Wikileaks.com, which has been under fire from conservative commentators, including O'Reilly, for publishing Palin's messages.






Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack
Report: Tenn. legislator confirms son is at center of Palin hack chatter
Security researchers ponder possible Palin hacks






RIAA seeks sanctions against defense lawyer in copyright case







EFF files surveillance lawsuit against NSA, Bush, Cheney







Experts: US Is Not Prepared to Handle Cyber Attacks - 9/19/2008 5:06:00 PM
In Congressional testimony, authorities on cyber defense say neither government agencies nor private companies are ready for what may come






MSNBC: Here comes 'foreclosure rescue' fraud






Not Security, but maybe an interesting discussion point at coffee:
650 Million Year-Old Reef Discovered in Australian Outback





Data Security Gives IT Professionals Insomnia
Worry of data protection from theft or loss weighs heavily on IT executives' minds, a new study reveals.






October is right around the corner. Are you ready for Cyber Security Awareness Month? Surely some of you have your annual activities planned and ready. For those of you who don't, take a minute to consider your options. If you have a Security Awareness Program in your place, you already have some great tools readily available and with just a little effort, you can get ready. If you haven't started planning yet, don't worry, there are plenty of free resources out there to help.

One way to pass on the security wisdom is to wittle the "month" into a smaller time frame. Take a week, plan your activities, one per day. That makes only five smaller planning tasks.

Here is an example of an easily acheivable plan.

Day One: Monday - Send a IT Security email announcing the theme of the upcoming activities. Draw employees to your updated Intranet site during this week.

Day Two: Tuesday - Poster Blitz. Make them as interesting and informative as your web page. Match the theme of your week or use freely downloadable copies. Have them printed at one of the copy stores or some even come printable on your own color laser printer. Supplement with a flyer or brochure, again be creative and provide solid helpful information.

Day Three: Wednesday - Lunch and Learn. Announce a free 30-45 minute bring your lunch (or provide it if you have some budget) and hear a guest speaker. We all know someone who loves to talk about security, right? Giveaways and raffles are great way to draw a crowd. Use your imagination. Take reservations ahead of time if you need to plan for a room.

Day Four: Thursday - Provide a security oriented puzzle or other fun security word search materials in all the break rooms and on the Intranet site. Set up a colorful security table and provide copies of your policies, brochures and free cookies. Draw attention with balloons.

Day Five: Friday - Send another organizational email thanking everyone for their participation in the weeks activities and remind them where your website is located and that you are there all year to provide them the latest and greatest in security information.

Voila...Cyber Security Awareness Week! Get started with StaySafeOnline.org. Educause.edu is geared toward higher education, but is a very good site with lots of free resources. For those of you already set for activities, send in your ideas and I'll pass them along.






Two-thirds of firms hit by cybercrimeNews Brief, 2008-09-22
The Department of Justice releases survey data from 2005, finding that telecommunications companies and computer-system design businesses were hardest hit by online attacks.






"When you file your taxes online, you want to be sure that the Web site you visit — www.irs.gov — is operated by the Internal Revenue Service and not a scam artist. By the end of next year, you can be confident that every U.S. government Web page is being served up by the appropriate agency. That's because the feds have launched the largest-ever rollout of a new authentication mechanism for the Internet's DNS. All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites. DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption."






"Barack Obama has edited his official website on many issues, including a huge revision on the technology page. Strangely it seems net neutrality is no longer as important as it was a few months ago, and the swaths of detail have been removed and replaced with fairly vague rhetoric. Many technologists were alarmed with the choice of Joe Biden before, and now it appears their fears might have been well founded."






Microsoft refers to its anti-Linux playbook
Mary Jo Foley: In a move reminiscent of its "Get the Facts" anti-Linux campaign, Microsoft is waging war on VMware with a customer-focused Web site that provides the Redmondian spin on the competition.






EA Finally Realizes People Are Upset Over Spore DRM
from the taken-by-surprise? dept






Lap Dance Puts Lawyer's License In Limbo
By JOE HARRIS
CHICAGO (CN) - An attorney's license was suspended after he accepted a nude lap dance as payment for legal services. Scott Robert Erwin's 15-month suspension will begin Oct. 7.






http://www.scmagazineus.com/Cybercrime-bill-passes-House-awaits-Bush-signature/article/118213/
The U.S. House of Representatives this week approved a bill that would expand the scope of what constitutes a cybercrime, while also allowing victims to recoup costs associated with identity theft.

The Identity Theft Enforcement and Restitution Act, which received Senate approval on July 30, will be enacted into law if it receives a presidential signature.







Cyber attack launched on Shiite websites: Iran report AFP - Fri Sep 19, 3:03 PM ET
TEHRAN (AFP) - Sunni Muslim computer hackers have attacked hundreds of Shiite websites including Shia Islam's most popular site linked to the community's leader in Iraq, Iran's Fars news agency reported on Friday.







Chinese hacker “Milk Rebellion”
As the scandal over melamine laced food products widens, Chinese hackers seem to be taking up the cause to punish guilty corporations. When we first reported the defacement of the Sanlu Milk Company website, 50 children had suffered kidney stones due to the additive melamine. Melamine is not meant for human consumption but if added to food stocks, will make it appear to be higher in protein. This is the same additive responsible for the death of many pets last year. The newest reports indicate that there are now over 6,000 children effected and three deaths.







September 22, 2008 Cyber crooks pose as businessmen
http://www.crime-research.org/news/22.09.2008/3589/
Commenting on the New Sunday Times' front-page report on cyber crooks yesterday, president of the Ma-laysian Chapter of the Association of Certified Fraud Examiners, Akhbar Satar, confirmed that many foreign cyber crooks were operating in Malaysia.

He said 74 advance-fee fraud cases, the latest type of cyberscam, were reported to the association from the beginning of last year till this month. Seventeen of them were Malaysians who had paid millions to the cyber crooks.

Akhbar said many cyber crooks made their base here because of the lack of enforcement, lenient visa procedures and good Internet service.







Al Franken's Saturday Night Live Return: Franken Helps Write SNL's McCain Skit








A Way to Find Hidden Fingerprints
By Brittany Sauser 09/04/2008 6 Comments
Scientists have developed a better way to identify fingerprints on bullets and fragments of explosives.







Very cool device:
Self Surveillance
By Kate GreeneWednesday, September 10, 2008
A new device tracks activity and sleep patterns 24-7.






SanDisk Teams with Music Industry on New Music Format
Storage company SanDisk and the four largest music companies are teaming to create a new physical format for music called slotMusic that the companies hope will one day replace the audio CD. Based on the microSD flash memory storage format that SanDiskWinInfo - Paul Thurrott







[September 22, 2008]
EU law to stem data leakage in light of security blunders
Most British IT admins would steal company data if they were laid off tomorrow, according to a new report. The stark warning comes as a seemingly never-ending roll-call of personal data blunders in Europe lengthens every month and EU legislation loomsWindows IT Pro Europe - Seamus Quinn

Friday, September 19, 2008

Security News Feed Friday 9/19/08

RIAA seeks sanctions against defense lawyer in copyright case The RIAA accused New York attorney Ray Beckerman of engaging in "vexatious litigation" in a case involving an alleged copyright violator. Read more...






Palin e-mail intruder left digital trailNews Brief, 2008-09-19One screenshot left by the attacker shows enough detail to likely foil any anonymization, while law enforcement authorities investigate a trail pointing to the son of a Democratic lawmaker.






Report: Tenn. legislator confirms son is at center of Palin hack chatter







EFF files surveillance lawsuit against NSA, Bush, Cheney






Security researchers ponder possible Palin hacks






Web proxy firm working with FBI to trace Palin e-mail hacker






NTSB: Train engineer in deadly crash was texting while on job






Facebook's Beacon 'returns' for some bloggers







Hacked Texas National Guard site serves up malware






EFF, Public Knowledge sue feds over secret IP pact







Researchers Discover Security Flaw in QuickTime Researchers at Intego have discovered a bug in Apple's recently released QuickTime 7.5.5 media software that could be used as...






Hacker posts QuickTime zero-day attack code








Pix Firewalls Out, Unified Threat Management In - 9/19/2008 12:45:00 PM
AirIQ selects Check Point UTM solution as its new perimeter security architecture







Porn Operators Hijack Pages on AARP Website - 9/18/2008 5:45:00 PM
Multi-pronged attack shows weakness in custom content management systems, researcher says






Hacking Tool Lets You Target Your Own End Users - 9/18/2008 4:25:00 PM
New open-source attack platform that performs email-based Web attacks debuts next week at OWASP conference






Five Trends Driving the Need for Better Mobile Security
Mformation Chief Marketing Officer Matt Bancroft outlines five mobile security trends keeping CSOs up at night.
Read more






EA relents, changes Spore DRM. Too little, too late?
arstechnica.com — The story of Spore has become the story of EA and DRM: the company is now loosening the install limit and working on ways to get your installs back after use them up. For many gamers, however, any limit remains intolerable.More…






http://www.fitbit.com/ is a cool gadget to help you lose weight.







Microsoft Live Mesh: What are the Security Implications?
by Deb Shinder
Articles / Web Application Security
The security implications of cloud computing in general and Live Mesh in particular, and what mechanisms Microsoft has built in to protect your "meshed" devices and data.






Analysis: new spying lawsuit asks "can computers eavesdrop?"
Ars analyzes EFF's lawsuit against President Bush and Bush administration officials who approved warrantless NSA wiretaps. EFF's chances for success hinge on a single question: can computers eavesdrop?
September 19, 2008 - 09:07AM CT - by Julian Sanchez







German Court Bans VoIP On The iPhone; Says It's Unfair
from the felony-interference-with-a-business-model dept

We've pointed to a bunch of stories that involved Apple somewhat arbitrarily forbidding or banning iPhone apps, but now it appears that the courts are getting in on the game as well. A German court has banned a VoIP iPhone app after T-Mobile, the mobile operator who offers the iPhone in Germany, complained. The court says that this VoIP app "makes use of unfair business practices," though it's difficult to see how. VoIP is a perfectly acceptable application, so why is it unfair? The court's explanation here seems a bit stretched as well. Apparently, the only way to run this particular VoIP app is on a jailbroken iPhone, and T-Mobile's contract forbids jailbreaking the phone. Of course, if that's true, isn't it an issue between T-Mobile and its customers who broke the contract? Why should the app maker be blamed? All it did was build a useful app? This seems like yet another case where a company is arguing that interference with a business model should be illegal.
25 Comments Leave a Comment..







Why Your Laptop Is Definitely Lost
...
I decided to blog on this subject because it was just yesterday that I was a speaker at the Eurosec’2008 conference in Paris. Just after my talk, someone working in the counterespionage and counterterrorism circles explained that data theft and reselling equipment on the black market were not the only targets of thieves. 30 percent of these thefts are dedicated to industrial espionage, he said. In 70 percent of the instances, they are stolen to attempt unlawful acts of software piracy, for downloading pedophilia images, browsing terrorist and extremist web sites, exchanging information via blogs and forums, and for sending terror email for intimidation or for claiming responsibility for bombings.

When a burglary occurs, thieves often use stolen cars. Some days after the crime, the police often find the charred car at the bottom of a forest. Now, the same method is being used by cybercriminals; after it’s been used, the computer is destroyed and never found again. And it’s far easier to steal a laptop than an automobile.







Report: 60 percent of businesses hit by cybercrime
Sue Marquette Poremba September 18, 2008
A recent U.S. Department of Justice survey indicates that the majority of American businesses have detected one or more cyberattacks.







DHS To Co-ordinate Protection Of "Federal Networks" Regarding National Cyber Security By Grey McKenzie 09/16/2008

Wednesday, September 17, 2008

Security News Feed Wednesday 9/17/08

Poor records organization at root of Palm Beach County recount woes In the wake of a voter recount controversy in a South Florida county, election officials are being advised to use better record-keeping and filing and additional oversight. Read more...






Microsoft looks to spread secure software expertise
September 16, 2008 (Computerworld) Microsoft Corp. said today it will export some of its expertise in writing secure code to developers outside the company with several new initiatives, including ones involving a pair of free tools it plans to unveil in November.

The company has distilled some of the experience gained during the past five years through its Security Development Lifecycle (SDL) process and philosophy into the Threat Modeling Tool 3.0 and the Optimization Model. It will make both available for free download in two months.






Forever 21 says nearly 99,000 cards compromised in data thefts






Apple releases Mac OS X 10.5.5, patches nearly 70 bugs






McAfee, Symantec ready VM security products
September 15, 2008 (IDG News Service) With VMware Inc.'s user conference in Las Vegas this week, security vendors Symantec Corp. and McAfee Inc. are readying new products designed to lock down the software running in virtual machine environments.





GPS Spoofing
Interesting:
Jon used a desktop computer attached to a GPS satellite simulator to create a fake GPS signal. Portable GPS satellite simulators can fit in the trunk of a car, and are often used for testing. They are available as commercial off-the-shelf products. You can also rent them for less than $1K a week -- peanuts to anyone thinking of hijacking a cargo truck and selling stolen goods.
In his first experiments, Jon placed his desktop computer and GPS satellite simulator in the cab of his small truck, and powered them off an inverter. The VAT used a second truck as the victim cargo truck. "With this setup," Jon said, "we were able to spoof the GPS receiver from about 30 feet away. If our equipment could broadcast a stronger signal, or if we had purchased stronger signal amplifiers, we certainly could have spoofed over a greater distance."

During later experiments, Jon and the VAT were able to easily achieve much greater GPS spoofing ranges. They spoofed GPS signals at ranges over three quarters of a mile. "The farthest distance we achieved was 4586 feet, at Los Alamos," said Jon. "When you radiate an RF signal, you ideally want line of sight, but in this case we were walking around buildings and near power lines. We really had a lot of obstruction in the way. It surprised us." An attacker could drive within a half mile of the victim truck, and still override the truck's GPS signals.







Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred - 9/16/2008 3:25:00 PM
Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack






Enterprises Gearing Up for Identity, Compliance Management Next Year - 9/16/2008 3:24:00 PM Security event management, database security also rank high among near-term plans






Snort Turns 10, Sourcefire Goes Virtual - 9/15/2008 6:30:00 PM
IDS/IPS vendor joins the ranks of VMWare partners, gears up for commercial rollout of next-generation Snort






Study: Hotel Networks Put Corporate Users at Risk - 9/12/2008 4:10:00 PM
The Center for Hospitality Research's survey and hack confirms worries of weak security on hotel networks






U.S. Port Security Earns a C-






100 groups demand to see secret anticounterfeiting treaty
arstechnica.com — More than 100 public interest groups from around the globe are demanding that Anti-Counterfeiting Trade Agreement negotiators open up their process to scrutiny. At stake could be new ISP monitoring rules, fair use issues, and a P2P crackdown.More…






Best Buy Puzzles With Napster Acquisition
techcrunch.com — Best Buy announced today that it has acquired Napster for $121 million in cash. The company said that it will keep Napster’s executive team and will leave the Napster service and its estimated 700,000 users in place without changing much in the near-term.More… (Software)






Student faces charges for hack-and-tellNews Brief, 2008-09-15
A 20-year-old college student faces charges after he allegedly broke into his school's network and sent network administrators a 16-page report on the security issues he discovered.






"Asus is accidentally shipping software crackers and confidential documents on the recovery DVDs that come with its laptops. The startling discovery was made by a PC Pro reader whose antivirus software was triggered by a key cracker for the WinRAR compression software, which was located on the recovery DVD for his Asus laptop. Along with the key cracker the disc also contained confidential Asus documents including a PowerPoint presentation that details 'major problems' identified by the company, including application compatibility issues. The UK reader is not alone, either — several users in the US and Australia have also found suspicious files on Asus discs."






New bill would tighten rules for DHS border laptop searches
After a public outcry about no-reason-needed searches of laptops and electronic gadgets by Border Patrol and Customs agents, Rep. Loretta Sanchez introduced a bill to slap a few more rules on the process. Also, you'll get a receipt when your laptop is taken away.
September 16, 2008 - 01:30PM CT - by Nate Anderson






Ars puts Spore DRM to the test—with a surprising result
While the DRM built into Spore is getting all the headlines, Ars decided to try to hit the install limit. Bumping into the limits of the DRM proved more difficult than we had thought, and EA also proved that yes, you can rent a PC game.
September 16, 2008 - 08:45AM CT - by Ben Kuchera, Mark DeSanto






Microsoft and Cray to unveil $25,000 Windows-based supercomputer
The pair is expected to tout the new offering as "the most affordable supercomputer Cray has ever offered," with pricing starting at $25,000.
Adrian Kingsley-Hughes: A quick look at the Cray CX1--it can cost $90,000.








Hey VMware--Windows isn't the competition
Mary Jo Foley: Microsoft archrival VMware announced the "Virtual Datacenter OS" that some are comparing with Windows Server 2008. The trouble is that VMware's competition won't be Windows Server 2008.
Paula Rooney: Maritz: VMWare better next-gen OS than Windows and Hyper-V
Dan Kusnetzky: Notes from VMworld
Paula Rooney: Citrix aims high with XenServer 5, cloud center







The Perils Of Leaving Wi-Fi Networks Unsecured
Monday September 15, 2008 at 7:23 am CSTPosted by Vinoo Thomas

People don’t seem to seriously care about Wi-Fi security yet. Inspite of oft-repeated warnings, ignorant folks with unlimited bandwidth plans believe that they are doing a social service by allowing neighbors to leach their Wi-Fi freely. What they fail to understand is that by doing so, they can become an unwitting accessory to cyber crime.








Google Docs flaw could allow others to see personal files
Dan Kaplan September 16, 2008
A security researcher claims to have discovered a vulnerability in Google Docs that could allow other users to intercept personal files.






Cybercriminals use celebrity names to lure victimsReuters - Tue Sep 16, 2:29 PM ET
NEW YORK (Reuters) - Looking for information about Brad Pitt or Beyonce on the Web? It could be risky.






We were pretty darn busy in April, so some things fell through the cracks and I missed this report on nationalist motivated hacking. If you recall, during that time period, there were calls in France to boycott the Beijing Olympics over the crackdown in Tibet. The French magazine Capital posted an online poll on whether or not France should participate in the games…Chinese hackers and nationalists were not pleased:

Capital publisher Jean-Joel Gurviez:

“On the first day, we had about 300 responses, which was normal for this type of poll, and they were 80 percent in favour of a boycott. The next day there were 20,000 responses, with 80 percent opposing a boycott,” he said.

Almost all of the responses arrived via Chinese servers, Gurviez said, leading technicians to initially think the influx was driven by Chinese sites directing patriotic fans to vote.

“But a few days later we had hackers operating off servers in China try to change our content, and there were 2.5 million attempts to access protected files. We had to shut down the site temporarily,” he said.

Monday, September 15, 2008

Security News Feed Monday 9/15/08

Do ISPs pose a bigger online privacy threat than Google? A research paper published by a university professor claims that ISPs could pose a bigger threat to online privacy than Google and other online advertisers do. Read more...





Google Bends to Privacy Critics on Chrome Tool
Reacting to criticism that its new Chrome browser was essentially acting as a keylogger, Google Inc. last week said it would render data anonymous within 24 hours of collecting information from the browser.





Microsoft defends IE8 'phone home' feature, clarifies privacy policy
Microsoft Corp. today defended the Internet Explorer 8 (IE8) tool that suggests sites based on the URLs typed into its address bar, saying that the browser "phones home" only a limited amount of information to Microsoft and that the company discards all user IP addresses almost immediately.





Social Security Numbers Exposed on Iowa Web Site
In yet another example of a data privacy controversy affecting county governments across the U.S., documents containing the Social Security numbers of Iowa residents have been posted since January 2005 on a Web site maintained by the Iowa County Recorders Association (ICRA).





Tab for Lockup of City's WAN May Reach $1M
Related stories:
Terry Childs: One risky point
How to protect your network from rogue IT employees
Why San Francisco's network admin went rogue
Photo essay: Terry Childs appears in court






Court overturns Virginia spam law, conviction
The Virginia Supreme Court has overturned a state antispam law and the 2004 conviction of long-time spammer Jeremy Jaynes, saying the law is an overly broad prohibition on anonymous free speech.

The Supreme Court, in a decision released Friday, said the 2003 Virginia spam law didn't distinguish between commercial e-mails and those with political messages, and thus was an overly broad prohibition on free speech protected by the First Amendment of the U.S. Constitution.





Cloud computing could prompt government action
Cloud computing will soon become a hot topic in Washington, with policy makers debating issues such as the privacy and security of data in the cloud, a panel of technology experts said Friday.

There are "huge challenges" facing policy makers in the next year or two as cloud computing becomes increasingly popular, said Mike Nelson, visiting professor for the Center for Communication, Culture and Technology at Georgetown University and a former technology policy adviser to President Bill Clinton.

The major policy questions to be worked out include: Who owns the data that consumers store on the network? Should law enforcement agencies have easier access to personal information in the cloud than data on a personal computer? Do government procurement regulations need to change to allow agencies to embrace cloud computing?






Scammers Making Smart Use of the PR Machine?
CSO blogger Dan Lohrmann is convinced the bad guys are using PR firms to help them decide what kinds of mayhem to launch next.
Read more





iPhone: Big trouble in the App Store
apple20.blogs.fortune.cnn.com — Last month, Apple triggered a minor rebellion among iPhone developers when it was revealed that the company was rejecting submissions to its App Store retail outlet without explaining why.More…





Posted at 07:00 AM ET, 09/13/2008
iPhone Update Plugs Eight Security Holes
http://blogs.washingtonpost.com/securityfix/
Apple on Friday issued an update for the iPhone that includes a bundle of at least eight security fixes.

The update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site.

Details about the security holes plugged by this release, version 2.1, are available here.






Sep 14, 1:10 pmCybercrime 'Major Business Risk'
Data theft outpaces concern about downtime from malware, IT managers report.





Sep 13, 11:04 amJapan Jumps to Lead in Cyberattacks
One-third of all Internet attacks came from Japan in the second quarter of the year, surpassing the U.S. and China.





Sep 13, 6:00 amGuilty Plea Entered in TJX Data Theft
Sentencing is due in December for one of the hackers charged in a data breach case involving several major retailers.






"The website of popular magazine BusinessWeek has been attacked via SQL injection in an attempt to infect its readership with malware. Hundreds of pages in a section of BusinessWeek's website which offers information about where MBA students might find future employers have been affected."






"Popsci.com has a writeup on 3M's new pocket projector, the 3M MPro 110, set to launch on September 30. 'In a dark room, it could project a big enough image to be the ultimate cheap-o home theater. The projector will sell for a mere $359. It doesn't have a speaker, so you'll have to get that separately. But really, how good could a microscopic speaker jammed into this thing sound, anyway?'"






Perpetrator of biggest data heist in history pleads guilty
Damon Patrick Toey, a hacker accused of participating in the theft of over 40 million credit card numbers from TJX, has entered a guilty plea and agreed to cooperate with authorities.
September 15, 2008 - 08:24AM CT - by Ryan Paul






AT&T will "temporarily reduce" speeds for U-verse customers
"High bandwidth" U-verse users should prepare for "temporary reductions" in throughput speeds, AT&T tells the FCC.
September 15, 2008 - 05:45AM CT - by Matthew Lasar






Best Buy acquires Napster; Eyes digital music distribution






Google wants your Hotmail, Yahoo and AOL contacts






UN Agency Working On Tech Standards To Get Rid Of Anonymity






CTO defends researcher's decision to reveal SCADA exploit
Dan Kaplan September 12, 2008
One technologist wants the public to understand why releasing exploit code for a dangerous vulnerability is sometimes the right thing to do.






Turkish Police Arrest Alleged ATM Hacker-Kidnapper





Yahoo opens its doors to hackersAFP - 2 hours, 56 minutes ago
SUNNYVALE, California (AFP) - Hackers armed with laptop computers, camping tents and dreams of software glory invaded Yahoo during the weekend as the Internet pioneer opened its strategy and its doors to outside developers.






Cyber Criminal Toolkit - Beware of Emails Inviting You To View Movie Clips By Grey McKenzie 09/12/2008

Friday, September 12, 2008

Security News Feed Friday 9/12/08

Microsoft defends IE8 'phone home' feature, clarifies privacy policy Microsoft is defending the IE8 tool that suggests sites based on the URLs typed into its address bar, saying that the browser only sends a limited amount of data to Microsoft -- and all user IP addresses are tossed almost immediately. Read more...





Former Intel engineer charged with stealing trade secrets





Hackers Hit Large Hadron Collider site





Cloud computing could prompt government action





Investigations: Merge Ahead
In the enterprise setting, there's no such thing as a digital investigation. Or a physical one. Searching for clues and resolutions requires a blend of disciplines governed by a flexible forensic mind-set.
Read more






Why Can't I Open Vista's Cookies Folder? Lamar Redmon wants to know why he can't access Vista's Cookies folder typing "cookies" and selecting it.






Blast from the future?
Published: 2008-09-12,Last Updated: 2008-09-12 15:31:22 UTCby Mark Hofman (Version: 1)

It is 1995 and users are complaining that a weird dialog box is popping up in their word document. The first macro virus was doing the rounds. Fast forward to September 2008 and yes you guessed it new word macro viruses are doing the rounds. They have been updated somewhat. Rather than pop up a little dialog box it is behaving more like the traditional downloaders and the road to pain afterwards. Rechnung.doc has been around for a few days now and detection rates are pretty good, 23/36

(http://www.virustotal.com/analisis/0fc3a70eff0b9ec447794acbda2402e7 ). So far seems to be mostly Europe. However that is not the only one doing the rounds, Michael passed one along that seems to have fairly bad detect rates, which we've passed on to the AV vendors so detect rates should improve.







The Doghouse: Tornado Plus Encrypted USB Drive
Don't buy this:
My first discussion was with a sales guy. I asked about the encryption method. He didn't know. I asked about how the key was protected. Again, no idea. I began to suspect that this was not the person I needed to speak with, and I asked for a "technical" person. After a short wait, another sales guy got on the phone. He knew a little more. For example, the encryption method is to XOR the key with the data. Those of you in the security profession know my reaction to this news. For those of you still coming up to speed, XORing a key with data to encrypt sensitive information is bad. Very bad.







http://blogs.washingtonpost.com/securityfix/
Web Fraud 2.0: Fake YouTube Page Maker Helps Spread Malware
A new Web Fraud 2.0 tool makes it a cakewalk for criminals to create fake YouTube pages in a bid to trick people into installing malicious software.








IT: Virginia Supreme Court Strikes Down Anti-Spam Law






The_AV8R writes
"Jonathan Zdziarski showed that every time you press the Home button on your iPhone, a screen capture is taken in order to produce a visual effect. This image is then cached and later deleted. Zdziarski says that there have been cases of law enforcement looking up sex offenders' old data and checking recovered screenshots." This revelation occurred in the midst of a webcast on iPhone forensics, demonstrating how to bypass the iPhone's password security (not trivial but doable). Video from the talk is not online yet but is promised soon over at O'Reilly.






Microsoft Live Mesh: What are the Security Implications?
by Deb Shinder
Articles / Web Application Security
The security implications of cloud computing in general and Live Mesh in particular, and what mechanisms Microsoft has built in to protect your "meshed" devices and data.






Anonymization: A Google farce?
Garett Rogers: Google says its "anonymizing" their log files after just 9 months instead of the previous 18, without anonymized cookie data, scrubbed IP addresses could be useless.






More Windows-specific consumer ads coming soon
Mary Jo Foley: If you liked the first Bill Gates/Jerry Seinfeld ad for Microsoft, you'll probably love the second. If you didn't, there's hope: A more Windows-centric one will air in a matter of days.






Fake 'anti-virus' campaigns continueSeptember 12, 2008
Malicious spam campaigns from Srizbi and Pushdo promoting fake 'anti-virus' continue.






University Bans Access To Facebook; Claims It's A Security Issue






Text Message Monopoly Alleged
CHICAGO (CN) - The price of cell-phone text messages has doubled since 2005 because Verizon, AT&T, Sprint-Nextel and T-Mobile conspired to fix prices, an antitrust class action claims in Federal Court. The four companies control more than 90 percent of the U.S. market.






Pirate Bay Boycotts Press After Television Ambush
The Pirate Bay, the controversial BitTorrent tracking site in Sweden, has become ensnared in a grisly, high-profile scandal involving the circulation of autopsy pictures of two murdered children online.








The negative spiral of false-postitves identified by e-mail filters
A study on messaging and Web security we conducted earlier this year asked messaging-oriented... ...4

Thursday, September 11, 2008

Security News Feed Thursday 9/11/08

U.S. sees six 'disruptive technologies' by 2025
September 10, 2008 (Computerworld) WASHINGTON -- In December, the president-elect will get a report detailing threats to the U.S. that will most likely include a list of emerging technologies that will have a major impact on the U.S. and the world. This report, called Global Trends 2025, is a forecast prepared by U.S. intelligence agencies.

The report will be a grim assessment, with warnings about economic challenges, an aging work force, climate change and U.S. adversaries, according to emerging details, which most recently surfaced in a speech by Thomas Fingar, deputy director of the Office of the Director of National Intelligence, the body that oversees all U.S intelligence agencies. Fingar spoke this month before a gathering of intelligence analysts at a conference in Orlando.






Get ready for mobile social networks CTIA participants see advantages in having social networking capability on a smart phone or other wireless device, but say issues over profitability and privacy remain. Read more...







Mozilla adds privacy mode to Firefox 3.1 plans






After a frustrating year in Congress, tech groups plan merger
ITAA, AeA are in talks to consolidate






San Francisco hunts for mystery device on city network
September 11, 2008 (IDG News Service) With costs related to an alleged rogue network administrator's hijacking of the city's network now estimated at $1 million, San Francisco officials say they are searching for a mysterious networking device hidden somewhere on the network.

The device, referred to as a "terminal server" in court documents, appears to be a router that was installed to provide remote access to the city's Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven't been able to log into the device, however, because they do not have the username and password. In fact, the city's Department of Telecommunications and Information Services (DTIS) isn't even certain where the device is located, according to court filings.






iTunes 8 takes down Vista with 'blue screen of death'







Tribune blames Googlebot for United Air Lines stock crash






Irate Ark. man posts county e-mail records in privacy fight






Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
Update: September 9th, 2008
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml






September 10, 2008 Google, police take cyber crime lessons to schools
http://www.crime-research.org/news/10.09.2008/3566/
With youngsters becoming Internet savvy in the rapidly emerging world of computer technology, cyber crimes and misuse of Internet have also taken an upward curve.

To help put a check on this, Google India, as a part of their BeNetSmart awareness initiative, carried out an awareness campaign in nine schools in Kolkata on Tuesday.

“We decided to start a campaign to help students know how to avoid misuse of the internet and inculcate in them the best cyber practices,” said Rishi S Jaitly, policy analyst, Google India Pvt Ltd. The team interacted with 5,000 students in the city, added Jaitly.

The nationwide programme first took off from Mumbai and Chennai after which it came to Kolkata. In this campaign, Kolkata Police assisted Google India in educating school students about proper internet usage.







Enterprises Struggle to Identify Sources of Risk - 9/11/2008 5:45:00 PM Security remains top priority, but businesses wrestle with business case, BT study says







New 'On/Off Switch' Protects RFID Cards From Hacks - 9/11/2008 5:20:00 PM Technology would let cardholders activate RFID transmission only when card goes through a reader







'Password Recovery' Services May Be Hackers for Hire - 9/10/2008 4:40:00 PM Services that promise to help you find your lost passwords may make their living by cracking the passwords of others, IBM researcher says






Report: In-Depth Analysis Finds More Severe Web Flaws - 9/10/2008 4:30:00 PM Web Application Security Consortium (WASC) report suggests automated scanning alone isn't as thorough when it comes to serious bugs







Data Breaches Spark Hard Drive Shredding Boom
This is a great time to be in the hard-drive shredding business, as companies scramble to destroy data before the bad guys have a chance to steal it. A look inside the belly of the beast (includes video).
Read more







Dog Calls: Company Trains K-9s to Sniff Out Contraband Cell Phones
A California company has developed a niche training dogs to detect illicit cell phones in correctional facilities.(So what does a cell phone smell like, you ask?)
Read more








September 2008 Monthly Bulletin Release
Posted Tuesday, September 09, 2008 9:50 AM by MSRCTEAM
I'm Simon, Release Manager in the MSRC. The September 2008 release contains 4 new bulletins, all with maximum severities of "Critical".

MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)

MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)

MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

For a technical deep-dive regarding these bulletins, please visit our Security Vulnerability Research and Defence blog.






Sep 10, 12:20 am
Computer Threat for Industrial Systems Now More Serious
A security researcher has released easy-to-use attack code that targets industrial SCADA systems.







Sep 11, 11:22 am
Why Can't I Open Vista's Cookies Folder?
Lamar Redmon wants to know why he can't access Vista's Cookies folder typing "cookies" and selecting it.






CookieMonster is coming to Pown (err, Town)
Last month at Defcon, Mike Perry gave a talk about a vulnerability with sites that use SSL to secure the traffic if the site saves a cookie on your machine but does not set a flag indicating it is to be used only with encrypted sessions only. If some one can place themselves so they see your web traffic, they can inject arbitrary content to the data for sites not requiring cookies to set 'Encrypted Sessions Only' and force your browser to provide the saved cookies in a cleartext response. For more information about his tool from last month, see here.

On Tuesday, Mike posted more information including documentation for the tool, a sample configuration file and some code snippets. The tool itself has not yet been made available to the general public.






Turning off Fire Hydrants in the Name of Terrorism
This really pegs the stupid meter:

He explains all the district's hydrants, including those in Alexander Ranch, have had their water turned off since just after 9/11 -- something a trade association spokesman tells us is common practice for rural systems.

"These hydrants need to be cut off in a way to prevent vandalism or any kind of terrorist activity, including something in the water lines," Hodges said.

But Hodges says fire departments know, or should have known, the water valves can be turned back on with a tool.

One, fires are much more common than terrorism -- keeping fire hydrants on makes much more sense than turning them off. Two, what sort of terrorism is possible using working fire hydrants?

Three, if the water valves can be "turned back on with a tool," how does turning them off prevent fire-hydrant-related terrorism?

More and more, it seems as if public officials in this country have simply gone insane.






http://blogs.washingtonpost.com/securityfix/
Fake Antispyware Purveyor Doubles as Domain Registrar

A cyber gang known for aggressively spreading fake anti-spyware programs through hijacked and malicious Web sites has become an authorized reseller of domain names. Security Fix has learned that this gang is using its access as a registrar to ease the process of creating new Web sites used to push their invasive software.






Court protects cell-phone location recordsNews Brief, 2008-09-11
A federal judge rules that information on which base stations a cell-phone customers uses is protecting information requiring a search warrant.







"CareerBuilder's new survey finds: 'Of those hiring managers who have screened job candidates via social networking profiles, one-third (34 percent) reported they found content that caused them to dismiss the candidate from consideration.' Some red flags: content about applicant using drugs or drinking, inappropriate photos and bad-mouthing former bosses."







Hacking POTS lines:
Joseph Vaccarelli, a former Verizon Technician, has been charged with racking up $220,000 in phone-sex calls by tapping into the land lines of nearly 950 customers. Authorities say that he made approximately 5,000 calls, resulting in 45,000 minutes of call time. Verizon estimated that out of a 40-week period, Vaccarelli spent 15 weeks talking on sex lines. How in the world do you have this much phone sex, period, but especially at work, and not have anyone notice?







Microsoft to VMware: You're surrounded
Larry Dignan: The Novell move to offer Microsoft virtualization in mixed source environments is just the latest item this week showing that Microsoft is flexing its distribution muscles.
Mary Jo Foley: Microsoft keeps banging the virtualization drum
Larry Dignan: VMware: CEO Greene out; Revenue light
Sam Diaz: Virtualization software revives dumb terminals, cuts IT costs







Zango's Latest Trick: Pitching Fake Batman MMORPG To Get People To Download Adware






McCain Campaign Ignores Cease-And-Desist; Keeps Playing 'Barracuda'







IP Attorneys Increasingly Getting Their Own Patents And Suing
from the joining-in-the-party dept
A year ago, the story of patent attorney Scott Harris started making headlines. While being an IP attorney at a prestigious law firm, on the side, Harris had been getting his own patents, and then using a shell organization to sue companies for infringing. Some of the companies sued were represented by the firm that Harris worked for. Talk about a conflict of interest, right? Well, reporter Joe Mullin has discovered that these sorts of things are increasingly common. Various IP attorneys involved in patent hoarding lawsuits are seeing how lucrative it can be to just get a patent and sue -- and so they're eagerly jumping into the game themselves. Mullin dug up a bunch of cases of IP lawyers getting their own patents, and then suing over those patents, outside of their day job. Not surprisingly, many of the patents seem highly questionable (a patent on a car entertainment system that has a radio in front with DVD video in back.)







U.S. intellectual property protection goes worldwide
Sue Marquette Poremba September 11, 2008
Legislation has been introduced in the Senate aimed at reducing intellectual property theft around the world.







Researchers uncover new tool for building fake YouTube pages
Dan Kaplan September 11, 2008
A new tool makes it easier for malware spreaders to create bogus YouTube pages.








Health information security standard issued
Sue Marquette Poremba September 10, 2008
A new standard spells out detailed controls for managing health information security.







Senate Committee Expands Justice Department Copyright Enforcement Powers; Biden Doesn't Vote







Cyber crooks set email trap with bogus Obama sex videoAFP - 2 hours, 58 minutes ago
SAN FRANCISCO (AFP) - Cyber crooks are trying to cash in on fascination with the US presidential race by sending trick email promising a sex video starring candidate Barack Obama, according to Sophos computer security firm.







87 MILLION gamers really upset with Chinese hackers
Chinese hackers have long specialized in writing trojans and other malicious software to steal accounts from MMORPGs (massively multi-player online role-playing games). The people over at MapleStory have had enough and are starting to block IP addresses from China:

According to AsiaSoft Online, the game’s publisher and regional distributor, the game has 87 million accounts worldwide, with2 million accounts from Singapore alone.

AsiaSoft marketing director Ng Kok Khwang said the online attacks took place in August. “We were under attack by Chinese hackers from China, and we have since blocked IP addresses from China and are monitoring the situation,” Mr Ng said.