Wednesday 09/02/09

Five indicted in long-running cybercrime operation New York prosecutors indicted five Eastern European men in an extensive credit-card fraud operation that netted the defendants at least $4 million from some 95,000 stolen card numbers. Read more...

----------

Microsoft Security Advisory 975191 Released

New vulnerability in IIS5 and IIS6

After code released, Microsoft to patch IIS bug
One day after a security researcher published attack code for a flaw in Microsoft's IIS server software, Microsoft said it plans to patch the issue.

Microsoft also released a security advisory describing the problem and detailing technical workarounds that system administrators can implement while they're waiting for a patch. "We’re currently investigating the issue... and working to develop a security update," Microsoft said in a note on its Web site. " This update will be released once it reaches an appropriate level of quality for broad distribution."

----------

EMC to acquire e-discovery vendor Kazeon
EMC Corp. today announced it has signed an agreement to acquire privately held Kazeon Systems Inc., a provider of electronic discovery software. The deal is estimated to be valued at around $75 million.

"Becoming part of EMC is the right strategic move for us -- giving us the resources of a world-class leader in information management to effectively take our market vision to the next level. We are excited about this acquisition," Sudhakar Muddu, founder and CEO of Kazeon, said in a statement.

----------

Web hosters ordered to pay $32M for contributing to trademark infringement
In what's being called a landmark decision, a federal jury in California has found two Web hosting companies and their owner liable for contributing to trademark and copyright infringement for hosting sites selling counterfeit Louis Vuitton goods.

----------

Privacy, consumer groups want news laws to protect Web users
A coalition of 10 U.S. privacy and consumer groups has called for new federal privacy protections for Web users, including a requirement that Web sites and advertising networks get opt-in permission from individuals within 24 hours of collecting personal data and tracking online habits.

----------

VMware publishes its virtualization security guidelines
As it kicks off the second day of its VMworld conference, VMware is sharing newly published security and compliance recommendations for virtual environments. The vendor's guidelines focus primarily on optimizing use of management and security tools available from VMware parent company EMC and EMC's RSA security division.

----------

Instant messaging speeds up data theft danger
According to security company RSA, the Zeus Trojan -- blamed for enabling countless online bank account heists -- now uses an instant messaging component that alerts hackers immediately when they've captured someone's authentication credentials. That can enable fast use of time-sensitive information, such as one-time passwords now often employed in online banking.

----------

Judge won't lower $5M bail for SF IT administrator
A Bay Area man who has spent nearly 14 months in jail after refusing to hand over administrative passwords to San Francisco's city network is likely to remain incarcerated after a county judge denied his motion for reduced bail on Monday.

----------

Privacy Office approves laptop searches without suspicion at U.S. borders
The Department of Homeland Security's Privacy Office has approved the controversial searches, copying and retention of laptops, PDAs, and other digital devices without cause at U.S. borders.

Travelers could soon start seeing notices from the Privacy Office, which last week released a report supporting the right of customs agents to conduct such searches.

The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.

----------

Users abandon XP for Vista, Windows 7
Windows 7, increased by 0.3 of a percentage point to close the month at 1.2%

Together, all versions of Windows accounted for approximately 93% of the operating systems running machines that connected to the Internet last month.

Apple's Mac OS X, on the other hand, remained stalled -- it gained a mere 0.01 point -- to end August as it did July, with a 4.9% share.

----------

Happy Birthday, Internet!
It all started 40 years ago today, when a couple of computers were connected by a long gray cable in order to pass some data. The experiment was funded by the Advanced Projects Research Agency (ARPA) and the project was called the ARPANET. By the end of the year, four sites were connected. Today it's hundreds of millions of computers and we call it the Internet. National Geographic has a story and some video here. Wikipedia has a nice timeline for the ARPANET here.

----------

2 September 2009
Mandatory update for Microsoft Live Messenger
All users are to be updated to new versions, because Live Messenger also uses the vulnerable ATL libraries more…

----------

Court Dismisses Case Against Yahoo From Woman Upset How She Appeared In Results
Earlier this year, we wrote about a woman named Beverly Stayart, who had sued Yahoo over what she found when she did a search on her name. Her complaint was that some of the links advertised porn sites and possibly contained malware, and that this was a violation of her trademark and privacy rights.

----------

Ruling Reverses MySpace Suicide Conviction
By BILL GIRDNER
(CN) - A jury's conviction of a Missouri woman who helped create a fake MySpace account that caused a young girl's suicide has been overturned by a federal judge who found that criminalizing the MySpace terms of use would allow prosecutors much too great a latitude in putting people behind bars.

----------

Task Manager Still Working? Can You Change Your Windows Password?
We’ve heard about malware that reduce a computer’s state of security. These malware might, for instance, disable your access to the registry, lower Internet Explorer’s security configuration, delete system files, or manipulate the system’s DNS settings. Each of these steps exposes the victim to graver malware infections or system compromise.

Yesterday we ran into a Trojan that weakens the victim system’s security by making registry changes. The malware disables Task Manager, Windows Update, and toolbars in Internet Explorer. Further, it does not let you lock your machine or change your password.

----------

Is US-CERT Ready for a Cyber Attack? by Jon Oltsik
According to GAO, US-CERT may not be capable of fulfilling its mission. Yikes!

----------

Health privacy undermined: Worst breaches of 2009
Hospitals, pharmacies and health insurance companies are among the hardest hit when it comes to...

----------

Security vendor Marshal8e6: Call us M86 Security
Web and messaging security products provider Marshal8e6 this week announced a name change to M86...

----------

Microsoft vs. Chinese hacker hero
More on Tomato Garden and the arrest of Hong Lei, the author of the pirated software. Online polls show massive support for Hong Lei as a nationalist hero:

The Chinese IT community is abuzz with news of the arrest of Hong Lei, distributor of the popular “Tomato Garden” pirate version of Windows XP, which means the popular unlocked version of the Microsoft software will no longer be available.

According to Sina.com, more than 90 percent of users they surveyed are or were users of Tomato Garden pirate editions. And 79 percent said they were on Tomato Garden’s side. Less than 5 percent said they supported Microsoft.

The Wall Street Journal has some interesting interviews with people inside China concerning the case and the drivers behind the software theft.

----------

Despite Winning $675,000, RIAA Fears Defendant is File Sharing
The Recording Industry Association of America took the offensive Tuesday against a college student whom a jury concluded in July must pay $675,000 for file sharing 30 songs.

----------