Criminals may have stolen more than half a million credit card numbers from merchant servers hosted by Networks Solutions, the Internet hosting company warned Friday.
In a letter sent to merchants who use its Ecommerce Hosting services, the company said that someone illegally installed software on company servers used handle credit card transactions initiated by 573,928 people between March 12 and June 8, 2009.
The code "may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant Websites outside the company," Network Solutions said in the letter, signed by company chairman and CEO Roy Dunbar and sent to merchants on Friday.
----------
Microsoft to rush out emergency IE patch
Microsoft is taking the unusual step of rushing out two emergency security patches ahead of its regularly scheduled updates on Aug. 11.
The patches will include a critical fix for Internet Explorer as well as a related Visual Studio patch rated "moderate" urgency by Microsoft.
"The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin," Microsoft said in a blog posting late Friday.
The patches are set to be released on Tuesday at 10:00 a.m. West coast time.
----------
Security certificate warnings don't work, researchers say
They say things like "There is a problem with this Web site's security certificate." If you're like most people, you may feel vaguely uneasy, and -- according to a new paper from researchers at Carnegie Mellon University -- there's a good chance you'll ignore the warning and click through anyway.
In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users).
...
In the Firefox 3 browser, Mozilla tried to use simpler language and better warnings for bad certificates. And the browser makes it harder to ignore a bad certificate warning. In the Carnegie Mellon lab, Firefox 3 users were the least likely to click through after being shown a warning.
The researchers experimented with several redesigned security warnings they'd written themselves, which appeared to be even more effective. They plan to report their findings Aug. 14th at the Usenix Security Symposium in Montreal.
----------
Teamwork crucial to fighting cyber crime: Microsoft
AFP – Mon Jul 27, 9:08 am ET
AFP/File
SAN FRANCISCO (AFP) - Longtime computer security rivals are joining forces to battle increasingly sophisticated online attacks by cyber criminals.
----------
RSA Software Boosts iPhone Security
The encryption company finds a way to turn the iPhone into an authenticator, addressing enterprise concerns.
RSA, The Security Division of EMC, announced the availability of the RSA SecurID Software Token for iPhone Devices that enables an iPhone to be used as an RSA SecurID authenticator, providing convenient and cost-effective two-factor authentication to enterprise applications and resources. The RSA SecurID Software Token App is now available on the App Store at no charge. The required RSA SecurID software token seed as well as RSA Authentication Manager -- the software that powers the RSA SecurID system -- are both available for purchase worldwide.
----------
Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
Earlier this month, Missouri passed a breach notification law as part of on omnibus package of laws under HB 62, It's the a few paragraphs after the law that bans beer-bongs on rivers in Missouri [1]. It is a slightly different variant than most other breach laws but not by much. Here is a brief synopsis of the law with the usual disclaimers [2]. There is still the encryption immunity (if you lose encrypted data you don't have to report). Other than that, it defines private information as name plus and of the following:
- Social Security Number
- Driver's License Number
- Health Information
- Insurance Information
- Financial Account Number (with whatever other information gives access to account)
- "Unique Electronic Identifier" or Routing Code (with whatever other information gives access to account)
Aussie 'Net filtering trial deemed a success despite problems
July 27, 11:18 a.m. UTC - by Eric Bangeman Posted in: Law & Disorder
A round of testing for Australia's Internet filters has concluded. Five of the nine participating ISPs are happy with the results, even though only 15 customers from one decided to take part in the test.
Read more
----------
Network Solutions was PCI compliant before breach
Angela Moscaritolo July 27, 2009
Web hosting firm Network Solutions on Friday announced that, despite its being PCI compliant, a breach had compromised approximately 573,928 individuals' credit card information.
----------
Malware served up thanks to solar eclipse
Chuck Miller July 24, 2009
In a reprise of an old trick, cybercriminals are using SEO poisoning to attract victims to a rogue software site, according to Trend Micro.
----------
Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt. Cybersecurity Plan
The Senate Intelligence Committee is demanding that the Obama administration supply it with the legal justifications it has produced for conducting government cybersecurity operations, or face losing funding for the projects, NextGov reports.
“During the next three years, the executive branch will begin new and unprecedented cybersecurity programs with new technology,” the senators write in a report (.pdf) released Wednesday, which accompanies the senate’s version of the FY2010 Intelligence Authorization Act, which will be voted on at an undetermined date.
----------
Verizon: 3.1 Million FiOS Customers
Verizon issued their second quarter earnings this morning, reporting that they saw reduced net income of $1.48 billion, down from $1.88 billion one year earlier. Verizon added 1.1 million new wireless subscribers compared to AT&T's 1.4 million, bringing Verizon's wireless subscriber total to 87.7 million. Despite the lure of the iPhone, Verizon retains the wireless industry's lowest postpaid customer defection (churn) rate of 1.01 percent.
----------
802.11N Becomes Official In September
Last Friday, Bob Heile, the chairman of the IEEE 802.15 working group on Personal Area Networks, noted that the 802.11N Wi-Fi standard has finally been sent on to the Standards Review Committee. That means, assuming no further hiccups, that the standard will become finalized by September. The ratification process stems back nearly five years, slowed by a factionalized debate over competing technologies. A a draft version of 802.11n was approved in January 2006, and the first wave of 802.11N hardware hit the market -- with all subsequent evolutions (supposedly) applied by firmware update.
----------
Adobe Flash zero-day attack underway
Ryan Naraine: Malicious hackers have found a new vulnerability in Adobe's ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets.
----------
No comments:
Post a Comment