Crooks Flock to Rogue Antivirus Apps
PC World - Fri Mar 20, 1:28 PM ET
Chasing massive profits, crooks have unleased a flood of rogue antivirus programs that attempt to fool or scare unsuspecting PC users into forking over cash for an app that does nothing worthwhile.
----------
A Search Is Launched for Conficker's First Victim
PC World - Fri Mar 20, 4:20 AM ET
Where did the Conficker worm come from? Researchers at the University of Michigan are trying to find out, using a vast network of Internet sensors to track down the so-called "patient zero" of an outbreak that has infected more than 10 million computers to date. (Here's how to protect yourself.)
----------
A scholarly paper on the Conficker worm from SRI International:
http://mtc.sri.com/Conficker/addendumC/
A sample line from the report: "One interesting and minimally explored aspect of Conficker is its early and sophisticated adoption of binary encryption, digital signatures, and advanced hash algorithms to prevent third-party hijacking of the infected population."
----------
Microsoft's IE8 Catches Most 'Social Malware'
PC Magazine - Fri Mar 20, 11:23 AM ET A study by NSS Labs of 6 major web browsers shows a large difference in their ability to block "socially engineered malware." The study was funded by Microsoft.
----------
A Hacking Tool Gets Updated for the Mac
PC World - Thu Mar 19, 6:10 PM ET
Two well-known Mac hackers are updating a widely used hacking toolkit, making it easier to take control of a Macintosh computer.
----------
Mar 23, 12:30 am
Symantec Says Credit Card Data May Have Leaked From India
Security firm tops routing calls to Indian call center after BBC report of data theft.
----------
Mar 22, 10:12 am
Diebold Admits Voting Machine Flaw
Software errors may have lost votes in California election.
----------
Mar 21, 12:06 pm
Online Fraud Hits Airlines Hard
A report finds airlines worldwide lost more than $1.4 billion to fraudsters in 2008.
----------
Mar 20, 1:44 pm
Doctors Say Effort to Digitize Medical Records Is Not Worth It
Harvard Medical School doctors warn that the shift to electronic medical records is not worth $19 billion of the stimulus pie.
----------
Small Business: The New Black In Cybercrime Targets
Enticed by poor defenses of mom-and-pop shops, hackers turn away from hardened defenses of banks and large enterprises
----------
One of several articles about building a "cheap" security lab:
http://www.darkreading.com/security/management/showArticle.jhtml;jsessionid=TVBA1NCUEKJQUQSNDLOSKHSCJUNN2JVN?articleID=215901457
----------
A group has formed to combat the latest worm. The "Conficker Cabal" has the stated purpose to block, defeat and uninstall all copies of this worm. The announcement of the start of this group is here from Feb 12th, 2009:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212
----------
Good article from SANS on Incident Handling. They break the process into six steps:
Preparation
Identification
Containment
Eradication
Recovery
Lessons learned
This article is on Preparation: Making the most of your runbooks
----------
Kentucky e-voting fraud manipulated voters, not machines
about 19 hours ago - by Jon Stokes Posted in: Law & Disorder
Six people have been indicted in a Kentucky scandal that involves rigging an election by manipulating vote totals in electronic voting machines. But the folks allegedly behind the scam relied not on high-tech hacking skills, but on old-fashioned southern charm.
Read more
----------
Web Fraud 2.0: Data Search Tools for ID Thieves
Permalink
Posted at 11:30 AM ET, 03/23/2009
...
For a payment of $3 each, I was able to find full Social Security numbers on four of the volunteers, as well as their most recent street addresses and birthdays.
Another set of three $3 payments allowed me to gather the mother's maiden name (MMN) on half of the volunteers. For both the SSN and MMN lookups, all that is required is the target's name, street number, and ZIP code.
...
Using the service pictured above, customers can check the available balance on a credit card for a $1 payment, by including just the credit card number, the name of the cardholder, and his or her address. According to one source who is investigating the back-end technology behind this credit card balance-checking service, the site's operators are dialing in to the automated voice response units at various card issuers, using Skype.
...
Other data points that users can query the target's date of birth (50 cents per lookup); mother's date of birth ($6); drivers license number ($8); background report ($15); and credit report ($24). The site also offers a service that automates the changing the billing address on a target's credit or debit card ($35).
----------
Justice Department Increasingly Looking Like The RIAA/MPAA's Legal Team
from the change-the-riaa-can-believe-in dept
It seems that the Obama administration is basically hiring the entire RIAA/MPAA/BSA legal team these days. It started off with the RIAA's favorite lawyer, then it hired the BSA's antipiracy enforcer, and now it's brought on two more of the entertainment industry's favorite lawyers, including Don Verrilli, who was one of the main guys arguing the entertainment industry's side in the infamous (and terribly decided) Grokster case. He also was the guy who argued the RIAA's case that the Jammie Thomas verdict shouldn't be thrown out (on that one, he lost, thankfully). Of course, if you're thinking things would have been any better had McCain won, just note that one of his legal advisors is gleefully cheering on these appointments. Still, as Ray Beckerman notes, Obama's own rules should preclude these guys working on issues related to those they used to represent. We'll see if that actually happens, though.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment