Monday 05/18/09

Phishers harvest Facebook passwords for profit
Identity thieves who hit Facebook last week with another round of phishing attacks are harvesting users' passwords for profit, a security researcher said today. Read more...

----------

Heartland Breach Cost Firm $12.6M -- So Far
Heartland Payment Systems Inc. last week disclosed that it has so far spent or set aside more than $12.6 million to cover costs related to a major data breach that the credit card payment processor disclosed in January.

The company blamed the breach in part for a loss in its latest quarter.

----------

Google's Chrome was 'hackable' at Pwn2Own contest
Although Google's Chrome was the only browser left standing after March's Pwn2Own hacking contest, it was vulnerable to the same bug that a German college student used to bring down Apple's Safari, Google acknowledged this week.

Although Google patched the Chrome vulnerability May 7, it waited until last Wednesday to reveal that the bug was the same WebKit flaw that Apple patched the day before.

----------

McAfee to buy Solidcore for whitelisting technology
Security software vendor McAfee Inc. today announced it intends to acquire Solidcore Systems for about $33 million in cash and an additional $14 million if certain performance targets are met.

McAfee indicated its interest in the acquisition centered on Solidcore's whitelisting technology that can set controls on what applications are allowed to run on a computer. After the acquisition is completed, McAfee expects to bring Solidcore's whitelisting and compliance enforcement mechanisms into the McAfee product line under the management umbrella of the McAfee ePolicy Orchestrator (ePO) management console.

----------

McAfee, EMC team up vs. Symantec in online backup
Reuters - Mon May 18, 8:30 AM ET
BOSTON (Reuters) - McAfee Inc, the No. 2 computer security company, plans to team up with EMC Corp to offer online PC backup services, and announced the acquisition of a company that protects ATMs against hackers.

----------

Teens Hack Just for Fun
Curiosity, amusement fuel 'casual hacking' by teens, often on social networks, a study reports.

----------

Malware's Newest Threat: Fake URLs
Cybercrooks are flooding the Internet with URLs containing names of actual sites.

----------

Report: Over 60 Percent of Websites Contain Serious Vulnerabilities
May 18,2009
Newly released client data from White Hat Security finds organizations are slow to close known security holes in their Websites

----------

Cisco SAFE Security Reference Guide Updated
A number of years ago I found myself in a new role responsible for consulting on the security of a VoIP platform. Having never been responsible for VoIP security I went looking for Internet sources which I could use as a reference. What I discovered was the Cisco SAFE security guides. Although the SAFE VoIP security guide is long gone, the Cisco SAFE Security Reference Guide has recently been updated. The Reference Guide is the omnibus document containing design standards for all aspects of network security. Although Cisco-centric the Guide is a very complete and can be adapted to whatever technologies you choose to deploy in your networks. In addition to the Reference Guide, the SAFE home page contains other papers which may be of use in interpreting SAFE.
-- Rick Wanner rwanner at isc dot sans dot org

----------

Botnet Battle: How to Fight Back, Part 3
CSO Senior Editor Bill Brenner interviews Gunter Ollmann, vice president of research at Damballa, Inc., about what he sees as the largest and most insidious botnets -- and what security pros should be doing to keep them at bay.
Read more

----------

http://www.cnn.com/2009/TRAVEL/05/18/airport.security.body.scans/
ATLANTA, Georgia (CNN) -- Privacy advocates plan to call on the U.S. Department of Homeland Security to suspend use of "whole-body imaging," the airport security technology that critics say performs "a virtual strip search" and produces "naked" pictures of passengers, CNN has learned.

----------

Hackers crack flight sim community site, ruin it for everyone
May 17, 8:03 p.m. UTC - by Chris Foresman Posted in: The Web
Avsim, a popular website for flight simulator aficionados, was "destroyed" by hackers. The move is a blow to the flight sim community, and the senseless move will give more fodder for anti-hacking sentiment.
Read more

----------

DOE stimulus drops $2.4 billion on carbon sequestration
The past administration had helped foster a few pilot CCS projects, but its plans to build a large-scale demonstration project were shelved indefinitely. So, to an extent, the programs announced by Chu represent the nation's first real attempt at getting CCS technology off the ground.

----------

Citing $130K in legal bills, Jammie Thomas' lawyer withdraws
May 18, 2:01 a.m. UTC - by Eric Bangeman Posted in: Law & Disorder
With a copyright infringement retrial looming for Jammie Thomas-Rasset on June 15, her attorney Brian Toder has asked to withdraw from the case, citing nearly $130,000 of unpaid legal bills and the prospect of even more. It also appears that communications between Toder and Thomas-Rasset may have broken down in the wake of a failed settlement conference.
Read more

----------

How to get cheap(er) FiOS: buy it from someone else
May 17, 11:04 p.m. UTC - by Nate Anderson Posted in: Law & Disorder
Want that 50Mbps FiOS goodness but don't want to pay $144.95 for it? Verizon now sells wholesale fiber access to other ISPs, one of which is offering 50Mbps service over the same lines for only $99.95.
Read more

----------

Posted at 7:00 AM ET, 05/18/2009
MyIDscore.com Offers Free ID Theft Risk Score
Consumers trying to determine their risk of becoming an identity theft victim typically are told to check their credit report for signs of unauthorized or suspicious activity. But a new Web-based service aims to give users a view into tricks ID thieves use that credit reports often miss, such as when crooks use only parts of a victim's identity to fabricate a new one.
Permalink

----------

Pirate Terrorists in Chesapeake Bay
This is a great movie-plot threat:
Pirates could soon find their way to the waters of the Chesapeake Bay. That's assuming that a liquefied natural gas terminal gets built at Sparrows Point.

The folks over at the LNG Opposition Team have long said that building an LNG plant on the shores of the bay would surely invite terrorists to attack. They say a recent increase in piracy off the Somali coast is fodder for their argument.

Remember—if you don't like something, claim that it will enable, embolden, or entice terrorists. Works every time.
Posted on May 18, 2009 at 1:38 PM

----------

Kylin: New Chinese Operating System
Interesting:
China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies.

The secure operating system, known as Kylin, was disclosed to Congress during recent hearings that provided new details on how China's government is preparing to wage cyberwarfare with the United States.
...

----------

Spammers harvesting emails from Twitter - in real time
Dancho Danchev: If you're sending your e-mail to a friend on Twitter, there could be more recipients - and responders - than you intended.

----------

Should Police Be Arrested For Illegal Hacking For Setting Up Fake Facebook Profile?
from the we-should-be-fair,-right? dept
In the Lori Drew case, she was convicted for "computer hacking" because she violated MySpace's terms of service by setting up a profile of a fake person. And for this, she deserves years in jail? Well, if that's the case, reader Roni Evron wants to know if some police officers are going to face the same charges after they set up a fake Facebook profile in order to bust up an after-prom high school party. Apparently, they set up a fake Facebook profile and friended a bunch of the kids at school, who apparently were "cavalier about accepting people into their network of friends." That, of course, is fine... but it's basically the same thing that Drew was arrested and convicted of doing.

----------

California water company insider steals $9 million, flees country
Angela Moscaritolo May 15, 2009
An insider at the California Water Service Co. in San Jose broke into the company's computer system and transferred $9 million into offshore bank accounts and fled the country.

----------

Study: Majority of adolescents online have tried hacking
Greg Masters May 15, 2009
A new study from Panda Security found that 67 percent of teenagers surveyed admitted to having tried to hack into friends' instant messaging or social network accounts.