Wednesday 07/08/09

Online attack hits US government Web sites
A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government...

----------

Washington Post, White House, FAA, DoD, Others, Targeted in Online Attack

Washingtonpost.com and Security Fix readers may have noticed that our site was a bit slow and occasionally unreachable today. Turns out, the site has been under attack by about 60,000 compromised PCs around the globe for several hours now.

We weren't the only site reportedly picked on, though. According to several security researchers who asked to remain anonymous because they are still helping to investigate the assault, the same attackers targeted Web sites for the White House, the Department of Homeland Security, the Department of Defense and the Federal Aviation Administration, with varying success.

The culprit is a piece of malicious software that orders infected PCs to visit the Web sites on its hit list over and over again, all in an apparent bid to render the targets unreachable to legitimate visitors.

Permalink

----------

Google Drops A Nuclear Bomb On Microsoft. And It’s Made of Chrome.

Wow. So you know all those whispers about a Google desktop operating system that never seem to go away? You thought they might with the launch of Android, Google’s mobile OS. But they persisted. And for good reason, because it’s real.

In the second half of 2010, Google plans to launch the Google Chrome OS, an operating system designed from the ground up to run the Chrome web browser on netbooks. “It’s our attempt to re-think what operating systems should be,” Google writes tonight on its blog.

But let’s be clear on what this really is. This is Google dropping the mother of bombs on its chief rival, Microsoft. It even says as much in the first paragraph of its post, “However, the operating systems that browsers run on were designed in an era where there was no web.” Yeah, who do you think they mean by that?

----------

Gartner Videocast: Web Application Security Challenges
The weakest link for any organization is Web application security. In this Videocast, Gartner details the newest challenges for Web application security, dynamic and static testing, how virtualization can help, the role SaaS plays and best practices to ensure your Web applications are consistently secure and compliant. View this video. (Registration required)

----------

From http://zerodayinitiative.com/advisories/upcoming/

Some samples from advisories that have not yet been addressed by the software manufacturers:

ZDI-CAN-252 RealNetworks High 2007-11-07, 609 days ago
ZDI-CAN-246 Symantec High 2007-11-07, 609 days ago
ZDI-CAN-244 Borland High 2007-09-14, 663 days ago
ZDI-CAN-233 Computer Associates High 2007-09-14, 663 days ago
ZDI-CAN-206 Hewlett-Packard High 2007-07-17, 722 days ago
ZDI-CAN-200 IBM High 2007-05-22, 778 days ago
ZDI-CAN-174 Symantec High 2007-05-22, 778 days ago
ZDI-CAN-186 Microsoft High 2007-03-29, 832 days ago
ZDI-CAN-177 Hewlett-Packard High 2007-03-19, 842 days ago
ZDI-CAN-175 Microsoft High 2007-03-19, 842 days ago
ZDI-CAN-105 Hewlett-Packard High 2006-10-10, 1002 days ago

----------

Protecting Your Children From Identity Theft

By Rachel James, Author and Cybercrime Authority at ID Experts
As a result of this kind of identity theft, victims are sometimes turned down for college loans, denied welfare or other benefits, denied a driver’s license and occasionally arrested because of the fraud.

----------

IT security pros are wary of cloud services
The adoption of cloud computing services is likely to follow the same path as virtualization and to mirror..

----------

More Copyright Oddities: Why Does Yoko Ono Get To Hold Copyright On Lennon Videos Others Purchased
Michael Scott points us to a story about a copyright battle involving Yoko Ono and some video footage of John Lennon. I can only assume that the AP report summarizing the case is leaving out some important details, because otherwise the ruling doesn't make much sense.

----------

Citizen Tries to Break Logjam in Albany
By JONATHAN PERLOW
BUFFALO (CN) - A political blogger fed up with the stalemate in Albany seeks a court order stopping the paychecks of state senators who "refuse to work." John Rus Thompson claims, "The senators are failing to perform their required constitutional duties and as a result, any payment of their salaries would be an illegal and unconstitutional disbursement and expenditure of taxpayer funds."

----------

Spammers exploiting trust in shortened URLs
Angela Moscaritolo July 08, 2009
Shortened URLs could potentially lead to sites hosting malware, phishing exploits or other spam-related content, security experts warn.

----------

FTC website experiencing "technical problems"
Dan Kaplan July 07, 2009
A distributed denial-of-service attack is a potential cause of Federal Trade Commission website problems during the past two days.

----------

FBI trying new ways to stem cybercrime tide
Angela Moscaritolo July 07, 2009
Cybercriminals may never be totally stopped, but federal agents and attorneys are getting better at catching and prosecuting them.

----------

Programmer charged with stealing code freed on bail
Chuck Miller July 07, 2009
A software programmer charged with copying secret financial-trading code from Goldman Sachs computers is out on $750,000 bail.

----------

Recent South Korean and US attacks linked?
It appears recent DDoS attacks on South Korean and US government websites are linked. The attacks occurred over the 4th of July weekend and continued for several days after the US holiday. Speculation has fallen squarely on either North Korean or Chinese hackers as the main culprits; perhaps even a combination of the two.

As I recall, the attacks coincide with the launch of a number of North Korean short-range missiles. I haven’t looked into this, so just a guess but my money would be on the North Koreans. Rather risky for China to be involved in cyber attacks on both South Korea and the US while the North is busy launching missiles all over the place.

----------

8 July 2009
Google announces winner of the Native Client Security Contest
The Native Client system is designed to give web applications access to the client processor's full performance. In Google's recent competition, security specialists went through the code looking for security holes and design flaws more…

----------

Predicting Social Security Numbers

The Washington Post today carries a story I wrote about new research, which found that it is possible to guess many -- if not all -- of the nine digits in an individual's Social Security number using publicly available information, a finding experts say compromises the security of one of the most widely used consumer identifiers in the United States.

The full story is here. I'm mentioning it in the blog to call attention to some resources and additional information on this subject for readers who are interested in digging deeper.

The researchers have published a list of answers to the most frequently asked questions about their research. That list is available here. The full report is at this link.

Permalink

-----------

Solving the DLP Puzzle: 5 Technologies That Will Help
Before embarking on a Data Loss Prevention program, enterprises must first determine what the essential ingredients are. Here are five technological pieces of the puzzle. (Part 1 in a series)
Read more

----------

Newest IE bug could be next Conficker, says researcher The critical flaw that Microsoft confirmed on Monday -- but has yet to patch -- is a prime candidate for another Conficker-scale attack, a security researcher said. Read more...

----------

US authorities extradite Indian on hacking charges

----------

Minnesota woman appeals $1.9M music piracy fine

----------