Friday, September 18, 2009

Friday 09/18/09

HHS guts health-care breach notification law, groups warn
Privacy and civil rights advocates accused the U.S. Department of Health and Human Services of trying to neuter a landmark data breach notification law for health care organizations that is scheduled to go into effect next week.

The law would require any organization covered under the Health Insurance Portability and Accountability Act (HIPAA) to notify patients of a data breach involving their personal health information. Companies that used encryption and data destruction methodologies to render sensitive health information unusable and unreadable to unauthorized individuals were exempt from the breach notification requirement.

----------

Man gets 15 months for E-Trade skimming scam
A California man was sentenced to 15 months in prison Thursday after pleading guilty to opening tens of thousands of bogus online brokerage accounts and then pocketing the tiny test deposits made by companies like E-Trade Financial and Charles Schwab.

Michael Largent, 22, of Plumas Lake, California, pleaded guilty to two computer fraud charges in May. He had been facing a possible five-year prison sentence.

He will also pay $200,000 US in restitution to the banks and will be restricted from using computers and the Internet for three years following his release.

----------

Sophisticated botnet causing a surge in click fraud
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.

The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.

Click Forensics is calling this the "Bahama botnet" because it was initially redirecting traffic through 200,000 parked domains in the Bahamas, although it is now using sites in Amsterdam, the U.K. and Silicon Valley.

----------

Microsoft sues scareware scammers
Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.

The company is suing DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter, saying that these companies have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users," according to a blog posting by Tim Cranton, associate general counsel with Microsoft.

----------

Software company fined for trading with the enemy
A Colorado software vendor has been fined of $14,500 on a charge of trading with the enemy for selling oil- and gas-exploration software to a company drilling in Cuba, the U.S. Department of Justice and U.S. Immigrations and Customs Enforcement announced.

In addition, Jay Leonard, president of Platte River Associates, will serve 12 months of supervised probation for unauthorized access of a protected computer in an unrelated case, the DOJ said.

----------

Misdirected spyware infects Ohio hospital
A 38-year-old Avon Lake, Ohio, man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at Akron Children's Hospital.

In late February 2008, Scott Graham shelled out $115 for a spyware program called SpyAgent and sent it to the woman, according to a plea agreement filed in the U.S. District Court for the Northeastern District of Ohio.

He allegedly sent the spyware to the woman's Yahoo e-mail address, hoping that it would give him a way to monitor what she was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department, creating a regulatory nightmare for the hospital.

----------

Firefox's Flash check drives 10M to Adobe's download
Mozilla said yesterday that Firefox's check for outdated editions of Adobe's Flash Player convinced 10 million users to go to Adobe's Web site and grab the latest software.

About a third of the Firefox users who were warned last week that they were running an old, and vulnerable, version of Flash followed the link to update the Adobe software, said Mitchell Baker, the former CEO of Mozilla and current chairman of the Mozilla Foundation.

"This is a very high response rate," said Baker in a post to her blog. "A typical response rate for this [landing] page is around 5%."

"Those results have been nothing short of awesome," echoed Johnathan Nightingale, of Mozilla's security team, in an entry on the company's security blog yesterday.

----------

Sep 17, 2:59 pm
Vista, Windows 7 Are More Secure than Snow Leopard
A prominent security researcher claims that released Snow Leopard is less secure than either Vista or Windows 7.

----------

An Amazing Laptop Recovery Story
Using remote access software, a Miami man helps cops track down and recover his two stolen laptops.

----------

Can You Catch Spam from Chat Rooms?
Spam and malware dominate comment sections of blogs and message boards, study shows.

----------

DNS Cloud Security Services Arrive
Sep 14,2009
OpenDNS offers new subscription-based secure DNS service; other vendors' DNS services to follow

----------

Why is Rogue/Fake AV so successful?
Rogue AV programs have become increasingly common in last two years. We at the SANS Internet Storm Center get messages from our readers about new rogue AV sites daily.

It is obvious that the bad guys are making (serious?) money with this scamming scheme. There are couple of things interesting about rogue AV programs...

----------

Microsoft Rushes Out Office Web Apps Preview
Today Microsoft launched a limited beta test of its Office Web Apps, the company's first public unveiling of its rival for Google's Web applications. Dubbed a 'technical preview' by Microsoft to denote that it's by invitation only, Office Web Apps will be available on the company's Windows Live site via a special 'Documents' tab. 'Tens of thousands have been invited to participate in the Technical Preview,' said a spokeswoman in a reply to questions. An analyst with Directions on Microsoft is quoted: 'This is earlier than I expected. I thought we wouldn't see this until the SharePoint conference at the end of October. Maybe the recent Google moves had some bearing on Microsoft's timing.' The reference was to Google's announcement Tuesday that it will offer online services next year, including Google Web Apps, that are specially designed for US government agencies.

----------

Standard offers best practices for ISPs to fight botnets
Chuck Miller September 17, 2009
A group charged with developing and promoting internet standards has published a new draft standard calling for measures that internet service providers can use to defeat botnets.

----------

Security considerations critical in the cloud
Angela Moscaritolo September 17, 2009
IT departments are increasingly realizing the benefits of cloud security, but businesses must ask themselves a few questions before handing over control to a third-party.

----------

Search-Engine Manipulation Evolves as Trust Abuse Grows
I revisited the topic of search-engine manipulation (a.k.a. blackhat SEO) in two recent posts. Something caught my eye while investigating cases of search-result poisoning–a shift away from tactics used by the attackers earlier in the year.

Previously, attackers mostly registered free websites to pull off their attacks. They would create a bunch of new sites, cross-link them, and use other tricks to get their pages indexed and ranked high on relevant search result pages (again, largely targeting the most popular search terms of the day, such as those found on Google Trends.) I blogged earlier in the year about how the user forum on democrats.org was leveraged to link a high-ranking site with newly created malicious sites.

It seems now that attackers are combing various elements of different attacks to achieve blackhat SEO.

----------

High-tech adoption happening faster, driving economic growth
about 17 hours ago - by John Timmer Posted in: Law & Disorder
Some economists have attempted to measure the spread of technology within various nations, and discovered it's not just our imagination: newer tech is being adopted faster, and appears to account for some of the differences in GDP growth.

----------

Songwriters want to get paid for 30-second song previews
about 19 hours ago - by Chris Foresman Posted in: Infinite Loop
Songwriters, composers, and music publishers are lobbying Congress to legislate the payment of performance fees into downloaded music. If music publishers get their way, they'll be able to extract additional licensing fees from music downloads, movies, and TV shows containing their music, and even 30-second previews.

----------

Remote exploit released for Windows Vista SMB2 worm hole
Ryan Naraine: Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft's dominant Windows operating system.

----------

Win 7 upgrade deal: $30 for students
Mary Jo Foley: For a limited promotional period, students may purchase one copy of either Windows 7 Home Premium or Windows 7 Professional at $30 each. Bet there are more students today than yesterday.

ERIC SAYS: Any students out there that can help me grab two copies of Home Premium?

----------

Pushdo delivers downloader trojan
September 17, 2009
The downloader trojan Bredolab is being heavily spammed by the Pushdo botnet using the usual social engineering tricks.

----------

Swine Flu Near You? IPhone App Will Let You Know
Apple's increasingly popular App Store has been flooded with a wide number of applications related to Swine Flu since the initial H1N1 outbreak in March, but very few of the apps were actually useful.

----------

The History of Hacking
http://www.focus.com/fyi/it-security/history-hacking/

----------

Is It Too Much To Expect Judges In Tech Related Cases To Understand Tech?
Eric Goldman highlights yet another case where basic technology illiteracy leads a judge to make very questionable statements. In this particular case, a judge declared that because a specific phrase ("spoiled brats") was not found in the metatags of a website, someone who searched on that phrase "would likely not encounter" the page in question. Yes, the actual terms did appear on the page itself -- just not in the metatags. As Goldman notes: ...

----------

No comments: