Wednesday, March 31, 2010
Spam Site Registrations Flee China for Russia
Read more at KrebsOnSecurity.com ...
More C-Level Involvement Needed in Cybersecurity, says ANSI
Read more at Business Week ...
Separating April Fools’ From Fraud on the Web
Read more at the New York Times ...
Tuesday, March 30, 2010
Online Thieves Take $205,000 Bite Out of Missouri Dental Practice
Read more at KrebsOnSecurity.com ...
Technology Coalition Seeks Stronger Privacy Laws
Read more at the New York Times ...
FBI: Business Can Help Fight Cybercrime by Reporting Breaches to Law Enforcement
Read the story at DarkReading ...
Thanks to Michael Zweiback for this.
Apple Fixes More Than 90 Security Vulnerabilities in Mac OS X
Read more at KrebsOnSecurity.com ...
E-Mails of Activists, Academics and Journalists Hacked in China
Read more at the New York Times ...
Monday, March 29, 2010
Microsoft Releases Emergency IE Fix
Read more at KrebsOnSecurity.com ...
Facebook Proposes Changes in Privacy Policy to Share User Data with Other Sites
Read more at the Washington Post ...
Friday, March 26, 2010
New Inexpensive "Sniffer" Captures Keystrokes From Wireless Devices
Read more at The Register ...
Thursday, March 25, 2010
Would You Have Spotted this ATM Fraud?
Read more at KrebsOnSecurity.com ...
Cybercrime Law Update from Washington
Read more at KrebsOnSecurity.com ...
Wednesday, March 24, 2010
Cybercriminals Make $$$$$ Peddling Rogue Anti-Virus Products
Read more at KrebsOnSecurity.com ...
Tuesday, March 23, 2010
Riskiest Online Cities: The Emperor Has No Clothes
As novelist G.K. Chesterton once wrote “It’s not that they don’t know the answer. It’s that they don’t know the question.”
The report measured the online risk of a city by looking several pieces of data, including:
- Cybercrimes data from Symantec Security Response, including number of malicious attack, number of potential malware infection, number of spam zombies, number of bot infected computer, and level of Internet access
- Expenditures on computer hardware and software
- Wireless hotspots
- Broadband connectivity
- Internet usage
- Online purchases
The report leaves much to be desired for at least three reasons.
First, the data collected may not meaningfully relate to online risk. Expenditures on computer hardware and software may mean little or nothing since one large supercomputer can cost the same as zillions of PCs and actually lower risk.
Second, missing from this list are things that would serve to mitigate risk such as:
- Number of information systems security professionals in the City
- Average number of information security professionals per 1,000 computers and per company
- Percentage of computers who connect to hotspots using a VPN
- Percentage of companies ISO27001 certified
- Numbers of CISSPs, CISMs, etc
- Percentage of businesses / homes with professionally managed firewalls
My third objection may be the most fundamental of all. Just exactly what is "online risk" supposed to mean when applied to a city as opposed to an organization or individual. My online risk goes up or down as the total number of bot infected or spam zombie computers in the world goes up or down. My online risk is pretty much the same whether there are more bot infected or spam zombie computers in Seattle or Los Angeles; it’s the total number that matter, not where they happen to be located.
My risk is my risk: It depends on my specific online habits and the specific security measures I take, not whether I'm more likely to be attacked from down the street or halfway around the country [or even the world].
If a city’s online risk is to measure the likelihood of my being attacked by virtue of being online in that city — analogous to what physical risk measures when we say that one city is safer than another — than the factors Norton used in the survey are, I contend, simply the wrong factors.
As you see, my objections are less related to security than to the nature of the survey itself.
Nice try Norton. But you need to go back to the drawing board, if there's even a drawing board here.
Monday, March 22, 2010
More Online Bank Theft Victims
Read more from KrebsOnSecurity.com ...
Sunday, March 21, 2010
Banking laws leave business customers vulnerable to Internet fraud
Read more ...
Saturday, March 20, 2010
How Privacy Vanishes Online
Read more ...
Paper in China Sets Off Alarms in U.S.
Read more ...
In Bid to Sway Sales, Cameras Track Shoppers
Read more ...
Bad BitDefender Antivirus Update Hobbles Windows PCs
Read more ...
Friday, March 19, 2010
Google patches Chrome days before hacking contest
Mozilla confirms critical Firefox bug
Naming and Shaming ‘Bad’ ISPs
Read more ...
Wednesday, March 17, 2010
After weeklong fight, rogue ISP Troyak struggles for life
Read more ...
Measure would force White House, private sector to collaborate in cyber-crisis
Read more ...
Closing Down ISPs that Allow Malicious Activity
Read more ...
Revised Cybersecurity Bill Introduced in Senate
Read more ...
FCC Broadband Plan Calls For Enhanced Cyber Defenses
Google Attacks Highlight Growing Problem of Cyber Security Threats
Read more ...
Texan accused of disabling 100 cars over Internet
Read more ...
Researchers Map Multi-Network Cybercrime Infrastructure
Read more ...
Tuesday, March 16, 2010
The Snitch in Your Pocket
Read more ...
Thanks to Richard Greenberg for this.
MSE Users: Check for Updates, Piracy
Read more ...
eBanking Victim? Take a Number.
Read more ...
Monday, March 15, 2010
Stopgap IE Fix, Safari Update Available
Read more ...
Sunday, March 14, 2010
Identity theft may be prelude to more serious crime
Read more ...
Saturday, March 13, 2010
FBI: Online Fraud Costs Skyrocketed in 2009
Read more ...
Friday, March 12, 2010
Apple plugs 16 holes in Safari as Pwn2Own looms
Thursday, March 11, 2010
ZeuS botnet code keeps getting better… for criminals
Read more ...
Thanks to Brad Maryman for this.
Massachusetts Data Security Rules to Have National Impact
Read more ...
Thanks to Bennet Kelley of ILC for this.
Zeus botnet temporarily disrupted, but back in full force
Read more ...
Crooks Crank Up Volume of E-Banking Attacks
Read more ...
Dozens of ZeuS Botnets Knocked Offline
Read more ...
Wednesday, March 10, 2010
Law Firms slow to awaken to cybersecurity threat
National Law Journal: Hackers delve for client secrets, litigation plans, negotiation strategies and details of pending transactions.
An oddly worded e-mail was the first sign of something amiss at Los Angeles firm Gipson Hoffman & Pancione. It didn't read like the messages the firm's attorneys usually sent each other — didn't pass the "smell test." ... His suspicions raised, the recipient, associate Gregory Fayer, picked up the phone and discovered that the colleague who supposedly sent the e-mail knew nothing of it. Other attorneys at the firm also received the bogus e-mail, which was eventually traced to China — where Gipson Hoffman is litigating a $2.2 billion copyright infringement suit against the government. Fayer was well aware that cyberattackers often use fake e-mail messages to break into computer networks.
Thanks to Dave Roberts and Leba Finklestein for this.
Security gaps exploited in grade scandal remain, may be difficult to close
Read more ...
Tuesday, March 9, 2010
Verisign: Security Solutions Overwhelming to Consumers
Source: eSecurity Planet
Monoprice.com Shuttered After Fraud Complaints
Read more ...
Microsoft Patch Tuesday: Two Bug Fixes, IE Warning
Microsoft released two patches for eight security holes in its March "Patch Tuesday" drop, but also issued an advisory about a recently discovered flaw in Internet Explorer. ... The bugs fixed by the two patches are rated "important," the second highest ranking on Microsoft's four-tier severity rating scale. ... One bug that Microsoft did not fix this time around is a zero-day flaw in the way older versions of Windows handles help files and scripting -- Microsoft sent out a Security Advisory regarding the hole last week. ... According to Microsoft, the zero-day help file hole affects Windows 2000 Service Pack 4 (SP4), Windows XP SP2 and SP3, as well as 64-bit versions of XP Professional SP2, and Windows Server 2003. More recent releases of Windows, including Vista, Windows Server 2008, and Windows 7, are not at risk, Microsoft said.
Source: eSecurity Planet
Cyber Crooks Leave Traditional Bank Robbers in the Dust
Read more ...
LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States That Identity Theft Prevention and Data Security Claims Were False
Read more ...
Energizer DUO: Trojan yourself for only $19.99
Read more ...
Source: CyberCrime & Doing Time
Monday, March 8, 2010
Victim Asks Capital One, ‘Who’s in Your Wallet?’
Read more ...
Fiserv to Banks: Stay on Outdated Adobe Reader
Read more ...
Friday, March 5, 2010
New Massachusetts Data Privacy Law
Read more ...
FBI to Private Sector: Cybersecurity Joint Effort
Read more ...
Source: eSecurityPlanet.com
Yep, There’s a Patch for That
Read more ...
Regulators Revisit E-Banking Security Guidelines
KrebsOnSecurity: Prodded by incessant reports of small- to mid-sized business losing millions of dollars at the hands of organized cyber criminals, federal regulators may soon outline more stringent steps that commercial banks need to take to protect business customers from online banking fraud and educate users about the risks of banking online. ... At issue are the guidelines jointly issued in 2005 by five federal banking regulators under the umbrella of the Federal Financial Institutions Examination Council (FFIEC). The guidance was meant to prod banks to implement so-called “multifactor authentication” — essentially, to require customers to provide something else in addition to a user name and password when logging into their bank accounts online, such as the output from a security token.
Thursday, March 4, 2010
Homeland Security Chief Details Cyber Threats
Read more ...
Source: eSecurityPlanet.com
Criminal investigation opened in grade-changing scandal at Churchill High
Read more ...
New BlackEnergy Trojan Targeting Russian, Ukrainian Banks
Read more ...
SECURITY ALERT: Citadel has begun seeing attacks in the US using the new BlackEnergy Trojan.
Thanks to Brad Maryman for this.
Wednesday, March 3, 2010
RSA panel: No easy solution for Zeus Trojan, banking malware
Read more ...
Source: SearchFinancialSecurity.com
Thanks to Brad Maryman for this.
Tuesday, March 2, 2010
White House: Comprehensive National Cybersecurity Initiative
- To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions.
- To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies.
- To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace.
Download the CNCI Overview with a link to the CNCI ...
Information on U.S. website for medical data thefts is bare-bones
Read more ...
Monday, March 1, 2010
Wyndham computers hacked into again for credit card names, numbers
Read more ...