Friday 06/26/09

Michael Jackson spam spreads, malware attacks likely
Within hours of the news of Michael Jackson's death, spam capitalizing on his demise hit in-boxes, a security firm said today as it warned that more junk mail was in the offing. Read more...

----------

FTC suspends heavy penalty against scareware defendants
More than $100,000 in assets were frozen after a federal court issued a temporary restraining order in December following the FTC complaint. Among other conditions, the court ordered six people and two companies to stop advertising so-called "scareware" security programs under the names WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus.

----------

PCI Security Council seeks industry comments on current standards
Retailers, financial institutions and others in the payment industry will be able to submit online comments between July 1 and Nov. 1 about how to improve the PCI DSS 1.2 standard, the PCI Security Standards Council (SSC) said this week. Over the next few months, the PCI SSC will hold two "community meetings" -- one in the U.S., the other in Europe -- where stakeholders can also weigh in.

Those comments will be reviewed to see what changes need to be made in the next version of the standard, which is due out in the fall of 2010, said Robert Russo, general manager of the PCI SSC. In addition, the PCI SSC has commissioned PricewaterhouseCoopers P(wC) to review technologies such as end-to-end encryption, chip and PIN and tokenization to see whether these technologies should be made part of PCI requirements in the future, Russo said.

----------

IBM touts encryption innovation
Network World - IBM today said one of its researchers has made it possible for computer systems to perform calculations on encrypted data without decrypting it.

The idea is a user could search for information using encrypted search words, and get encrypted results that they could then decrypt on their own. Other potential applications include enabling filters to identify spam, even in encrypted e-mail, or protecting information contained in electronic medical records.

----------

Windows installs updates without permission, researchers say
Numerous readers of the popular Windows Secrets newsletter have reported that they have watched their PCs install updates from the June 9 set of security patches as they've rebooted or when they've turned on their machines, said Brian Livingston, the newsletter's editorial director. Those users have set options in Windows Update (WU), the operating system's default update service, to require their okay before installing patches, or before downloading and installing updates.

----------

Reporters find Northrop Grumman data in Ghana market
... The data was unencrypted, Klein said in an interview. The cost? $40.

Northrop Grumman is not sure how the drive ended up in a Ghana market, but apparently the company had hired an outside vendor to dispose of the PC. "Based on the documents we were shown, we believe this hard drive may have been stolen after one of our asset-disposal vendors took possession of the unit," the Northrop Grumman said in a statement. "Despite sophisticated safeguards, no company can inoculate itself completely against crime."

----------

Security Essentials Does Its Job With No Frills
PC World – Thu Jun 25, 5:35 pm ET
People often turn to me for advice regarding what anti-virus package to get. Usually I recommend McAfee or AVG, but Security Essentials will be my go-to anti-malware package once it’s released from beta. For small-business and home users, the price, performance, and ease-of-use of MSE can’t be beat.

----------

Microsoft Security Essentials: The First Test Results Are In
PC World – Thu Jun 25, 12:50 am ET
The biggest question on everyone's minds with regard to Microsoft Security Essentials is how well it can detect and remove malware. The early returns are in, and Microsoft Security Essentials performed well overall in initial malware detection testing provided to PC World by AV-test.org.

----------

Jun 26, 10:21 am
Fake Online Harry Potter Movies Launch Malware Attack
Plus: A new password-stealing Trojan to guard against.

----------

Booming Underground Economy Makes Spam A Hot Commodity, Expert Says
Jun 25,2009
$10 might be enough to reach 1 million users, MessageLabs researcher warns

----------

Internet groans under weight of Michael Jackson traffic
June 26, 4:09 p.m. UTC - by Jacqui Cheng Posted in: The Web
The passing of pop icon Michael Jackson affected numerous services across the Internet in major ways Thursday evening. As fans and onlookers tried to locate and pass on news, various sites were pushed to their limits, with Google describing the incident as "volcanic."
Read more

----------

Australian 'Net filter to block video games, too
June 25, 7:34 p.m. UTC - by Nate Anderson Posted in: Law & Disorder
Australia's controversial Internet filter, now in testing, would block all material that has been "refused classification" by the government. Because the highest rating available to video games is MA 15+, any game intended for people over 15 will be blocked.
Read more

----------

Fake Receipts
For all of you who want to scam your company's expense reimbursement system.
I've heard of sites where you give them a range of dates and a city, and they give you a full set of receipts for a trip to that city: airfare, hotel, meals, everything -- but I can't find a website.

----------

“So here’s the low-down on pricing for Windows 7. The estimated retail prices for upgrade packaged retail product of Windows 7 in the U.S. are: Windows 7 Home Premium (Upgrade): $119.99; Windows 7 Professional (Upgrade): $199.99; and Windows 7 Ultimate (Upgrade): $219.99,” revealed Brandon LeBlanc, Windows Communications Manager on the Windows Client Communications Team (emphasis added). Just in case you are curios, the Windows Vista Home Premium (Upgrade) costs $129.99; the Windows Vista Business (Upgrade) is $199.99; while the Windows Vista Ultimate Ultimate (Upgrade) is priced at $219.99.

----------

Green Dam: China's porn obsession
Richard Koman: For the Chinese government, political dissent and pornography are two sides of a coin -- forces that disrupt "wholesome society." That's why Green Dam is so attractive -- it blocks porn and political speech.
Whose code was stolen for Green Dam?
U.S. ratchets up trade war over Green Dam
Remote exploit for Green Dam

----------