Full Disclosure RULEZ!

"An unusual cloak-and-dagger operation being run by internet security experts has been exposed this week, after details of a flaw in the SSL protocol were made public.

"The problem with the Secure Sockets Layer standard that keeps e-commerce websites, mail servers and more safe from attack was first discovered in August by a phone-security firm called PhoneFactor.

"That company immediately set to work with the Industry Consortium for Advancement of Security on the Internet (ICASI) to fix the issue in secret so as not to alert hackers.

"However, an engineer working independent of ICASI found the flaw by himself this week and posted the details online in an effort to find a solution.

"Naturally, the buzz about SSL potentially failing spread like wildfire, prompting ICASI and PhoneFactor to go public immediately."

More at techradar.com...

Gumblar Rides Again!

"ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

"Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.

"When the Gumblar malware was found in March, it looked for instructions on a server at gumblar.cn. That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.

"Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another. Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.

"Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download."

More at ComputerWorld...

Old Passwords Never Die

"Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.

"Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.

"Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times."

From The Register...

Surge In Security Newbs Predicted

"IT professionals are placing their bets on security as they plot their next career moves, according to a new study published earlier today.

"The survey of more than 1,500 IT workers, which was conducted by the IT trade association CompTIA, found that 37 percent intend to pursue a security certification over the next five years. Another 18 percent of IT workers said they will seek ethical hacking certifications during the same time period, while 13 percent identified forensics as their next certification target.

"`Given the growing reach of security, with threats becoming more pervasive and dangerous and with no business or industry immune to those threats, it makes sense that many IT professionals view this as a must-have for career advancement,` said Terry Erdle, senior vice president, skills certifications for CompTIA."

More at DarkReading...

Contractor Of The Year

"A 27-year-old Brooklyn man used his job as a computer technician to appropriate the identities of more than 150 employees at the Bank of New York Mellon and steal more than $1.1 million from a wide array of nonprofit groups and other institutions, officials announced on Wednesday.

"The technician, Adeniyi Adeyemi, 27, of Crown Heights, was charged with grand larceny, identity theft, money laundering, scheme to defraud, computer tampering and unlawful possession of personal identification information in a 149-count indictment.

"The fraud started in November 2001 and lasted through April of this year, according to the office of the Manhattan district attorney, Robert M. Morgenthau, which is prosecuting the case.

"Using his position as a contract employee in the information technology department at Bank of New York Mellon, Mr. Adeyemi stole personal identifying information from dozens of employees, using the information to more than 30 bank and brokerage accounts in their names at E*Trade, Fidelity, Citi, Wachovia and Washington Mutual, Mr. Morgenthau said."

From The New York Times...

The REAL Threat: Unemployed Advertising Agents

"Remember when the global economic crisis was supposed to drive legions of desperate, unemployed computer programmers into cybercrime? It turns out the real threat comes from unemployed advertising agents.

"Scammers posing as the well known ad agency Spark-SMG tricked Gawker Media into running a fake Suzuki ad last week that served malicious code, according to a report in Silicon Alley Insider. A similar scam hit the New York Times in September, but unlike the newspaper, Gawker has released the e-mails it exchanged with the scammers, and the messages show just how confidently the perps navigated the ad-buy process..."

More at Wired...

Gartner: Newbz To Write 25% Of Business Apps

"By 2014, citizen developers will build at least 25 percent of new business applications, according to Gartner, Inc. Gartner said that this advance should both enable end users and free up IT resources. However, analysts warned that IT organizations that fail to capitalize on the opportunities that citizen development presents will find themselves unable to respond to rapidly changing market forces and customer preferences.

"Gartner defines a citizen developer as a user operating outside of the scope of enterprise IT and its governance who creates new business applications for consumption by others either from scratch or by composition.

"`Future citizen-developed applications will leverage IT investments below the surface, allowing IT to focus on deeper architectural concerns, while end users focus on wiring together services into business processes and workflows,` said Eric Knipp, senior research analyst at Gartner. `Furthermore, citizen development introduces the opportunity for end users to address projects that IT has never had time to get to — a vast expanse of departmental and situational projects that have lain beneath the surface.`"

From Businesswire...