Monday, March 9, 2009

Monday 03/09/09

California bill spells out what companies have to say about data breaches A co-author of California's landmark data-breach notification law has introduced a new bill that would set specific requirements on what companies have to say in breach notices. Read more...

----------

Charges beefed up against alleged Sarah Palin e-mail hacker
The University of Tennessee college student accused of illegally accessing Alaska Gov. Sarah Palin's Yahoo e-mail account was formally charged today on new fraud and obstruction-of-justice charges.

David Kernell was arraigned in U.S. District Court for the Eastern District of Tennessee, five months after a federal grand jury first handed down charges against him. He had been facing just one count of illegally accessing a protected computer, but prosecutors are now accusing him of three counts of computer fraud and one count of obstruction of justice. All four charges are felonies.

Kernell pleaded not guilty to the charges, according to court records.

----------

No more CeBIT police raids: European, Chinese companies talk on tech licensing

----------

Excel Bug Will Be Ignored on Patch Tuesday
... The company acknowledged, however, that it will not deliver a fix for an Excel flaw that attackers are now exploiting.

Microsoft didn't disclose details of the patches, other than to say which versions of Windows will be affected.

----------

Visa Backtracks on Breach Disclosure
Visa and MasterCard have probably been slow to identify the cause of a breach that they warned banks about in mid-February because they want to complete an investigation into the incident, analysts say.

However, the lack of candor sparked rampant speculation that a new, major breach had occurred, forcing Visa to later say that the warning referred to an expanded investigation of a previously known incident.

----------

Hackers update Conficker worm, evade countermeasures
The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.

----------

Federal cybersecurity director quits, complains of NSA role
Cybersecurity chief Beckstrom resigns
Reuters - Fri Mar 6, 11:46 PM ET
NEW YORK (Reuters) - The U.S. government's director for cybersecurity resigned on Friday, criticizing the excessive role of the National Security Agency in countering threats to the country's computer systems.

----------

Google Docs Glitch Exposes Private Files
Only a few users were affected, and the problem appears to be solved.

----------

Build Security into Every Product, Coders Advised
Security experts suggest security should be "baked into" every software development project.

----------

Behind the Estonia Cyber Attacks
Radio Free Europe / Radio Liberty ran a story on Friday that we just discovered. According to the article, a Russian official has admitted that Russia was responsible for the cyber attacks on Estonia in April/May 2007. We don't have any other data to correlate this with, so we ask our readers if you know of any other independent reporting of this please let us know via our contact form.

If this story is true, it adds yet another twist to the "truth" of what happened in Estonia in 2007 and perhaps also with respect to the alleged Russian cyber attacks against Georgia last year. There is no internationally accepted formal definition of "cyber warfare" even though many in the media like to use that term freely when describing denial of service attacks, website defacements, or other activities that otherwise would be labeled as criminal behavior. I don't personally believe that any hostile activity we have seen so far in cyberspace can be labeled "warfare" but rather is either criminal or espionage related.

----------

Hypocrisy or necessity? RIAA continues filing lawsuits

---------

Swindlers using new CSS method attack eBay
Swindlers are using XSS in conjunction with the XML Binding Language (XBL), allowing elements in an HTML document to be linked to another web site. Whether the error lies with eBay or in the browser is still unknown more…

----------

McAfee Monthly Spam Report for March
Key findings include:
Spam campaigns are taking advantage of “partitioning” to increase their effectiveness and combat the efforts of security tools to reduce their reach.

Replica-watch spam has taken over the number one position for holiday spam.

Business leaders and legislatures have promised to stamp out spam, yet the plague persists. Does reputation-based security hold the key?

Putting a dollar value on productivity lost due to spam.

Download a copy here.

----------

Copying our attorney's verdict?

Ex-NFL Player Sues Over Madden NFL Games
By KARINA BROWN
LOS ANGELES (CN) - Former Cleveland Browns running back and NFL Hall of Famer Jim Brown says Electronic Arts illegally used him as a character in several versions of its Madden NFL video games.

----------

Who should Software Freedom sue on FAT32?
Microsoft owns FAT32, but it didn’t appear to pursue its rights against companies that supported FAT32 in their Linux thumb drives and consumer electronics.

Until the TomTom case. At which point Jeremy Allison of Samba says Microsoft had secret cross-licensing deals with all those other guys which violate the GPL.

So the question becomes, who should Software Freedom sue?

No comments: