Monday, September 22, 2008

Security News Feed Monday 9/22/08

McAfee to buy Secure Computing for $465M Security vendor McAfee said it plans to acquire network security specialist Secure Computing for $465 million. Read more...






Since we are looking at Secure Computing's WebWasher, I checked the announcements from the vendor:
http://www.securecomputing.com/news_display.cfm?nid=1549
http://www.mcafee.com/us/about/press/corporate/2008/20080922_080000_q.html
It looks like they plan on cross-selling to each other's customers, and maybe integrate some of McAfee's other products into the Secure Computing line. I think WebWasher is likely to be maintained as an ongoing product line.







Forever 21 Discloses Card Data Theft






Wikileaks posts Bill O'Reilly Web site data
September 19, 2008 (IDG News Service)

Just days after publishing vice presidential candidate Sarah Palin's personal e-mail messages, the Wikileaks Web site has published data about members who signed up for a section of Fox Television host Bill O'Reilly's Web site.

Hackers were able to obtain a list of Billoreilly.com premium members, including e-mail addresses, site passwords, and the cities and states where they live. Some of the information was published Friday on Wikileaks.com, which has been under fire from conservative commentators, including O'Reilly, for publishing Palin's messages.






Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack
Report: Tenn. legislator confirms son is at center of Palin hack chatter
Security researchers ponder possible Palin hacks






RIAA seeks sanctions against defense lawyer in copyright case







EFF files surveillance lawsuit against NSA, Bush, Cheney







Experts: US Is Not Prepared to Handle Cyber Attacks - 9/19/2008 5:06:00 PM
In Congressional testimony, authorities on cyber defense say neither government agencies nor private companies are ready for what may come






MSNBC: Here comes 'foreclosure rescue' fraud






Not Security, but maybe an interesting discussion point at coffee:
650 Million Year-Old Reef Discovered in Australian Outback





Data Security Gives IT Professionals Insomnia
Worry of data protection from theft or loss weighs heavily on IT executives' minds, a new study reveals.






October is right around the corner. Are you ready for Cyber Security Awareness Month? Surely some of you have your annual activities planned and ready. For those of you who don't, take a minute to consider your options. If you have a Security Awareness Program in your place, you already have some great tools readily available and with just a little effort, you can get ready. If you haven't started planning yet, don't worry, there are plenty of free resources out there to help.

One way to pass on the security wisdom is to wittle the "month" into a smaller time frame. Take a week, plan your activities, one per day. That makes only five smaller planning tasks.

Here is an example of an easily acheivable plan.

Day One: Monday - Send a IT Security email announcing the theme of the upcoming activities. Draw employees to your updated Intranet site during this week.

Day Two: Tuesday - Poster Blitz. Make them as interesting and informative as your web page. Match the theme of your week or use freely downloadable copies. Have them printed at one of the copy stores or some even come printable on your own color laser printer. Supplement with a flyer or brochure, again be creative and provide solid helpful information.

Day Three: Wednesday - Lunch and Learn. Announce a free 30-45 minute bring your lunch (or provide it if you have some budget) and hear a guest speaker. We all know someone who loves to talk about security, right? Giveaways and raffles are great way to draw a crowd. Use your imagination. Take reservations ahead of time if you need to plan for a room.

Day Four: Thursday - Provide a security oriented puzzle or other fun security word search materials in all the break rooms and on the Intranet site. Set up a colorful security table and provide copies of your policies, brochures and free cookies. Draw attention with balloons.

Day Five: Friday - Send another organizational email thanking everyone for their participation in the weeks activities and remind them where your website is located and that you are there all year to provide them the latest and greatest in security information.

Voila...Cyber Security Awareness Week! Get started with StaySafeOnline.org. Educause.edu is geared toward higher education, but is a very good site with lots of free resources. For those of you already set for activities, send in your ideas and I'll pass them along.






Two-thirds of firms hit by cybercrimeNews Brief, 2008-09-22
The Department of Justice releases survey data from 2005, finding that telecommunications companies and computer-system design businesses were hardest hit by online attacks.






"When you file your taxes online, you want to be sure that the Web site you visit — www.irs.gov — is operated by the Internal Revenue Service and not a scam artist. By the end of next year, you can be confident that every U.S. government Web page is being served up by the appropriate agency. That's because the feds have launched the largest-ever rollout of a new authentication mechanism for the Internet's DNS. All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites. DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption."






"Barack Obama has edited his official website on many issues, including a huge revision on the technology page. Strangely it seems net neutrality is no longer as important as it was a few months ago, and the swaths of detail have been removed and replaced with fairly vague rhetoric. Many technologists were alarmed with the choice of Joe Biden before, and now it appears their fears might have been well founded."






Microsoft refers to its anti-Linux playbook
Mary Jo Foley: In a move reminiscent of its "Get the Facts" anti-Linux campaign, Microsoft is waging war on VMware with a customer-focused Web site that provides the Redmondian spin on the competition.






EA Finally Realizes People Are Upset Over Spore DRM
from the taken-by-surprise? dept






Lap Dance Puts Lawyer's License In Limbo
By JOE HARRIS
CHICAGO (CN) - An attorney's license was suspended after he accepted a nude lap dance as payment for legal services. Scott Robert Erwin's 15-month suspension will begin Oct. 7.






http://www.scmagazineus.com/Cybercrime-bill-passes-House-awaits-Bush-signature/article/118213/
The U.S. House of Representatives this week approved a bill that would expand the scope of what constitutes a cybercrime, while also allowing victims to recoup costs associated with identity theft.

The Identity Theft Enforcement and Restitution Act, which received Senate approval on July 30, will be enacted into law if it receives a presidential signature.







Cyber attack launched on Shiite websites: Iran report AFP - Fri Sep 19, 3:03 PM ET
TEHRAN (AFP) - Sunni Muslim computer hackers have attacked hundreds of Shiite websites including Shia Islam's most popular site linked to the community's leader in Iraq, Iran's Fars news agency reported on Friday.







Chinese hacker “Milk Rebellion”
As the scandal over melamine laced food products widens, Chinese hackers seem to be taking up the cause to punish guilty corporations. When we first reported the defacement of the Sanlu Milk Company website, 50 children had suffered kidney stones due to the additive melamine. Melamine is not meant for human consumption but if added to food stocks, will make it appear to be higher in protein. This is the same additive responsible for the death of many pets last year. The newest reports indicate that there are now over 6,000 children effected and three deaths.







September 22, 2008 Cyber crooks pose as businessmen
http://www.crime-research.org/news/22.09.2008/3589/
Commenting on the New Sunday Times' front-page report on cyber crooks yesterday, president of the Ma-laysian Chapter of the Association of Certified Fraud Examiners, Akhbar Satar, confirmed that many foreign cyber crooks were operating in Malaysia.

He said 74 advance-fee fraud cases, the latest type of cyberscam, were reported to the association from the beginning of last year till this month. Seventeen of them were Malaysians who had paid millions to the cyber crooks.

Akhbar said many cyber crooks made their base here because of the lack of enforcement, lenient visa procedures and good Internet service.







Al Franken's Saturday Night Live Return: Franken Helps Write SNL's McCain Skit








A Way to Find Hidden Fingerprints
By Brittany Sauser 09/04/2008 6 Comments
Scientists have developed a better way to identify fingerprints on bullets and fragments of explosives.







Very cool device:
Self Surveillance
By Kate GreeneWednesday, September 10, 2008
A new device tracks activity and sleep patterns 24-7.






SanDisk Teams with Music Industry on New Music Format
Storage company SanDisk and the four largest music companies are teaming to create a new physical format for music called slotMusic that the companies hope will one day replace the audio CD. Based on the microSD flash memory storage format that SanDiskWinInfo - Paul Thurrott







[September 22, 2008]
EU law to stem data leakage in light of security blunders
Most British IT admins would steal company data if they were laid off tomorrow, according to a new report. The stark warning comes as a seemingly never-ending roll-call of personal data blunders in Europe lengthens every month and EU legislation loomsWindows IT Pro Europe - Seamus Quinn

No comments: