Wednesday, December 31, 2008

More 2009 Security Predictions

"Host-based security becomes the focus for 2009. The imminent release of Windows 7 and the continued interest in Mac OS and Linux as alternative desktops are once again focusing attention on operating-system and endpoint security.

"Mobile security concerns and solutions continue apace. The Android and iPhone platforms continue to grow, and with them comes an ecosystem of independent application developers. With mobile devices truly becoming "platforms" for all kinds of new applications, security issues are not far behind. 2009 could be the year of the first widespread security scare on a mobile platform. Perhaps a rogue application? A Trojan?"

More at ComputerWorld...

Loony Zunes

"Several users are reporting that, for whatever reason, their original 30-Gbyte Microsoft Zune MP3 players crashed soon after midnight on the morning of Dec. 31.

"The affected users say that the Zunes lock up as the boot process almost completes, to the point that the progress bar reaches about the 90 percent mark. Joel Durham Jr., an analyst for ExtremeTech, was one of the users affected, as both of his Zunes died identically...

"A Microsoft representative did not immediately respond to requests for comment."

More at PC Rag...

The Cowboys of `08

"Security pundits are fond are characterising personalties in information security with reference to Westerns - hence hackers wear either a `black hat` or a `white hat` like their cowboy counterparts.

"More recently these analogies have been replaced by comparisons with the horror genre. Security firms (usually ill-advisedly) talk about `silver-bullet` security technologies and, of course, networks of compromised PCs are called zombie botnets. Call us old fashioned but we still prefer the Westerns and, in celebration of one of the few quintessential American art forms (alongside jazz), we'd like to take a look back at 2008 in information security through the lens of classic Westerns, with a few Vulture Central casting suggestions..."

Full report at The Register...

Thanks For Nothing

McAfee Reveals 12 Scams of Xmas... On Dec. 30th

"Bad Santas are making their lists and checking them twice, gearing up to rip off consumers online with common scams that take the happy out of the holidays.

"...McAfee reveals their dirty tricks to educate the millions of consumers worldwide who want to enjoy safe shopping this holiday season..."

Better late than never report from McAfee...

Tuesday, December 30, 2008

There Goes The Neighborhood

"Lockheed Martin Corp. and Boeing Co., the world’s biggest defense companies, are deploying forces and resources to a new battlefield: cyberspace.

"The military contractors, eager to capture a share of a market that may reach $11 billion in four years, have formed new business units to tap increased spending to protect U.S. government computers from attack.

"Chicago-based Boeing set up its Cyber Solutions division in August `because of a realization by the company that it’s a very serious threat,` Barbara Fast, vice president of the unit, said in an interview. `It’s not a question of if we’ll be attacked but when and so how will we be prepared.` Lockheed launched its cyber-defense operation in October."

More at Bloomberg...

Researchers Create Trusted Bogus CA

"We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

"Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats."

Read the full research paper here...

Monday, December 29, 2008

Dr. Dobbs on Security Best Practices

"As of 2009 the value of information is approaching the value of gold, platinum, oil and other expensive commodities. In fact as the global recession expands, the value of information is rising faster than the value of natural products such as metals or oil. As the value of information goes up, it is attracting more sophisticated kinds of thievery. In the past hacking and viruses were often individual efforts, sometimes carried out by students and even by high-school students sometimes just for the thrill of accomplishing the act.

"However in today's world theft of valuable information has migrated to organized crime, terrorist groups, and even to hostile foreign governments. Not only that but denial of service attacks and `search bots` that can take over computers are powerful and sophisticated enough to shut down corporate data centers and interfere with government operations. This situation is going to get worse as the global economy declines..."

Excellent article at

Evil Unemployed IT Worker of the Week

"Christopher Anthony Lavis, 42, has pleaded not guilty to murder, torture and other charges that trigger a life-without-parole sentence or capital punishment. He is to appear in court in February for a preliminary hearing.

"Investigators believe Lavis repeatedly stabbed his mother, Connie LaSalle, and tortured her with kitchen shears and what prosecutors have described only as a `Roman knife.` LaSalle's body was found wrapped in five blankets in the living room on Sept. 27, two weeks after friends began to worry about her because they couldn't reach her.

"After his arrest, Lavis admitted to Santa Rosa police Detective Mark Mahre that he killed his mother because she didn't want him staying with her any longer, according to court documents....

"Lavis is an unemployed computer technician who had a minor criminal history linked to drug use. He had stayed with his mother off and on for years, friends said...

"Lavis graduated from high school in Santa Rosa and attended classes at Santa Rosa Junior College before earning an associate degree in computer operations from the Computer Learning Center of San Francisco.

"He worked at National Bank of the Redwoods from 1998 to 2004, designing the bank's original Web site and helping troubleshoot computer problems for employees. Later, he worked short stints at several companies, including Kendall-Jackson Wine Estates, Santa Rosa Memorial Hospital and Barclays Global Investors."

The the Press Democrat...

Top Haxx of '08

"Data breaches continued to make their very public mark on cybersecurity news in 2008. And this time it wasn't TJX making headlines. Despite being PCI compliant, Hannaford Brothers supermarkets announced that 4.2 million credit and debit card numbers were pilfered from its servers. We also learned in 2008 that attackers aren't necessarily becoming more sophisticated. The cause of many data beaches and the deluge of phishing, spam and malware attacks suggest something else is going on. Automated toolkits are being bought and sold in online forums fueling the scope of many attacks. Although it's an old-school method, SQL injection attacks work and hackers use them to pull off hundreds of thousands of successful attacks against vulnerable websites and their visitors. And finally, Dan Kaminsky signaled a dire warning about a major DNS cache poisoning vulnerability. It wasn't the apocalypse, but the security researcher demonstrated that weaknesses exist in the fundamental way the Internet works."

More at SearchSecurity...

Sunday, December 28, 2008

9 Year Old Is Youngest MCP

"It might come as a surprise to many of us but a nine year old girl has been able to pass a Microsoft Certified Professional examination, and has become the youngest person to ever pass this test.

"M. Lavinashree, who belongs to the rural Tamil Nadu, cleared the exam, taken by techies for better job prospects, with very good marks. The exam measures problem-solving skills.

"She even broke the record held by Arfa Karim, a ten-year-old Pakistani girl.

"The nine year old Lavinashree has a photographic memory and she made news when she was just three as she recited 1,330 couplets of Universal Thirukural, a Tamil classical poem composed by a Tamil sage, Thiruvalluvar, 2000 years ago.

"Other than this, she has also been honored with the title, “Little Genius”, in the online test, conducted by Ankit Fadia and Reliance World.

"But it would be sad to know that while Lavinashree is listed in Wikipedia's child prodigies her own page on the site is up for deletion this week because the editors do not feel she is notable enough."

From TopNews India...

Saturday, December 27, 2008


"Zambia’s leading Internet Service Provider, has been Hacked. The site was hacked Saturday afternoon and at the time of writing the site had not been fixed. The Hackers who are calling themselves 3RqU (Turkish) have changed ZAMNETs landing page. 3RqU Turkish are a known notorious group of hackers.

"The hackers have gained unauthorised access to ZAMNET servers. According to the new landing page that has been put on ZAMNET, the hackers claim to have root access. Root access grants someone the ability to control all the resources on a server.With this access hackers can for example delete the whole server, read all confidential information on the server or make alterations to site.

"Most of the websites hosted by ZAMNET have been affected by this security breach and these include sites like Times of Zambia, Daily mail, ZNBC."

From the Lusaka Times...

Pud Denies Reviving FC

"People are urging Philip Kaplan to restart his FuckedCompany site that gathered so much attention earlier this decade. Clone sites are popping up to fill the void during this down market, and people sort of see the world of dead and dying startups as Kaplan’s territory.

"He strongly considered re-starting the site and even had a former Valleywag writer lined up to do the hard work. But on second thought, he said, that era is dead for him. He’s going to focus on the positive instead."

From TechCrunch...

Jailed SF Engineer to Stand Trial

"A judge has ordered a computer engineer to stand trial on tampering charges for allegedly taking over the cyberspace network he designed for the city of San Francisco and refusing to reveal the passwords to access the system.

"After an eight-day preliminary hearing, Superior Court Judge Paul Alvarado ruled Wednesday that prosecutors had produced enough evidence of Terry Childs' probable guilt to hold him for trial on four felony charges of tampering with a computer network, denying other authorized users access to the network and causing more than $200,000 in losses.

"Childs, 44, of Pittsburg has been held in jail since July 13 on $5 million bail. He is scheduled to be arraigned Jan. 13.

"Childs was a network administrator at San Francisco's Department of Telecommunication Information Services, where he worked for five years. The network he created and ran, FiberWAN, allows the city's computers to communicate with each other and handles 60 percent of the city's information, including sensitive law enforcement, payroll and jail booking records.

"Prosecutors said he locked his bosses out of the system, provided bogus passwords and rigged the network to fail during a scheduled power shutdown."

More at

Islamocyberhacktivists Attack

"MANILA, Philippines -- The Department of Trade and Industry (DTI)’s website has been defaced, has learned Saturday.

"Based on this screenshot of the agency’s website, the website has been vandalized by supposed foreign hackers.

"The website currently contains cryptic messages from a hacker called 'x55x'.

"The hacker has also placed 'General Palestine' in the defaced website and a flag of Palestine plus a message at the end of the page that says, 'Don’t forget Palestine.'

"Officials of the agency are currently unavailable for comment at this writing."


Hacking The Dead

"Two Samaritan North Health Center employees indicted on identity theft and money laundering charges used information from deceased patients to apply for online loans, police said Friday, Dec. 26.

"Linda McDermott-Dorsey and Lisa Kidd, both of Trotwood, were indicted Dec. 23. McDermott-Dorsey is charged with 11 counts of money laundering and one count of identity theft, Kidd with 19 counts of money laundering and one of identity theft.

"Englewood Police Sgt. Mike Lang said Samaritan North Health Center did an internal investigation and then called police, after being contacted by an on-line loan company the women are accused to trying to swindle...

"Lang said the women allegedly obtained a little more than $7,000 using information from 24 people over about a five week period, May-June 2007. They checked newspaper obituaries and used the hospital computer system to gather the personal information of deceased persons who had been Good Samaritan Hospital patients, Lang said.

"The money laundering charges stem from online bank accounts opened and used to transfer funds."

From the Dayton Daily News...

Friday, December 26, 2008

FBI On Hacker Hunt Road Trip

"America's crime hunters, the FBI, are on a worldwide computer-crime chase that has brought them to New Zealand.

"They are looking for a hacker who has headed up a global group using other people's computers as a vehicle for cyber crime.

"Since June last year, the group is thought to have attacked more than a million computers, ripping off victims to the tune of nearly $20 million...

"The FBI probe has seen a series of arrests around the world...

"Authorities in New Zealand, working in collaboration with the FBI Philadelphia office, conducted a search this week at the residence of an individual who goes by the cyber ID of akill.

"Akill is believed to be the ringleader of an elite international botnet coding group that is being blamed for infecting more than a million computers, making money for organised crime."

From TVNZ...

ITSec Industry: 2009 Full of Opportunities

"The 'Homeland Security Threat Assessment' for the next five years ought to be a must read for all our leaders as a new year begins. We can’t be complacent even during a recession.

"I’ll never forget the answer a top Homeland Security official during a North Carolina Technology Association event when I asked what threat caused to have nightmares. A homegrown group of unknown terrorist wannabes mixing a toxic bacteriological brew in a bathtub, he said. Operating below law enforcement’s radar, such a group could cause devastation and panic with an attack using some sort of infectious agent...

"Preventing terrorism from hackers as well as from other threats such as bioterrorism also remains continued opportunities for entrepreneurs seeking to develop tools and technology to keep us safe."

From localnewswire...

Hacking Life Itself

"The Apple computer was invented in a garage. Same with the Google search engine. Now, tinkerers are working at home with the basic building blocks of life itself.

"Using homemade lab equipment and the wealth of scientific knowledge available online, these hobbyists are trying to create new life forms through genetic engineering -- a field long dominated by Ph.D.s toiling in university and corporate laboratories."

More at the News & Observer...

Thursday, December 25, 2008

Tweakers Excell at Identity Theft

"Identity theft and methamphetamine use go hand in hand, according to a Colorado Bureau of Investigation agent who specializes in tracking down those who steal people’s names and personal data.

"John Zamora recently told the Parachute/Grand Valley Kiwanis Club that meth users are good at committing identity theft 'because they’ve got all this energy, at least at first. Fortunately, the more they use meth, they start making mistakes.'

"Identity theft is the fastest growing crime in America because 'there’s big money to be made and you can make it fast,' Zamora said."

From The Citizen Telegram...

Wednesday, December 24, 2008

IT Workers Are Evil

[NOTE: this blog post quotes a study of "office workers", yet the headline specifically fingers "IT ethics". I'm not sure how that follows, but considering the trade press has been demonizing IT workers lately it comes as no surprise that ZDNet would publish garbage like this. -HinkyDink]

"With a major recession in full-swing, someone had to come up with a survey covering the ethics of office workers in three countries. The punch line: a large percentage of folks surveyed would steal confidential company data in the event of layoff rumors. The results are fairly ugly, painting a negative picture of ethics in the workplace.

"Security firm, Cyber-Ark, conducted the survey, called The Global Recession and its Effect on Work Ethics. The company interviewed 600 workers in the US, UK, and the Netherlands.

"When asked how far respondents would go to keep their job, 15 percent of Americans said they would consider blackmailing their boss!"

From ZDNet Blogs...

I Never Make These Lists

Top 10 Most Famous Hackers of All Time

"The Internet abounds with hackers, known as crackers or 'black hats', who work to exploit computer systems. They are the ones you've seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile five of the most famous and interesting 'black hat' hackers..."

Blogspot post by terselubung...

World Bank Burned by Offshoring

"For months, the World Bank has been stonewalling and denying a series of FOX News reports on a variety of in-house scandals, ranging from the hacking of its most sensitive financial data to its own sanctions against suppliers found guilty of wrongdoing.

"But last week the world's most important anti-poverty organization suddenly came clean — sort of — in its tough sanctions against a vitally important computer software service supplier that has been linked not only to financial wrongdoing but also to the ultrasensitive data heists.

"A top bank official, FOX News has learned, has admitted that a leading India-based information technology vendor named Satyam Computer Services was barred last February from all business at the bank for a period of eight years — and that the ban started in September.

"The admission confirms what FOX News reported from its own bank sources on October 10 — a report the World Bank officially disparaged at the time.

"The World Bank's revelation of the ban on Satyam comes at a watershed moment for the $2 billion (sales) outsourcing giant, which boasts more than 100 Fortune 500 companies as clients and which trades on the New York Stock Exchange. Last week, India's securities commission announced that it would investigate Satyam."

From FOX News...

Tuesday, December 23, 2008

Executive Hacker Gets Wrist Slapped

"The president of a U.S. software company has been sentenced to probation after pleading guilty to stealing password-protected files from a competitor.

"Jay E. Leonard, 61, was sentenced to 12 months supervised probation and a US$2,500 fine after pleading guilty to one count of unauthorized access to a protected computer, a misdemeanor charge.

"Leonard is the owner of Boulder, Colorado's Platte River Associates, a company that builds software used in petroleum exploration. He illegally accessed a password-protected area of the Web site belonging to his company's competitor Zetaware, according to a plea agreement filed in the U.S. District Court for the District of Colorado.

"One week later, he chaired a company staff meeting in which 'a tentative plan was discussed to exploit and to unlawfully utilize the downloaded Zetaware files for the economic gain of Platte River Associates,' the plea agreement states."

From PCWorld...

Security Breaches: Greatest Hits of 2008

"From Hannaford to Countrywide to the Bank of New York Mellon, 2008 has been a year of high-profile security breaches in or impacting the financial services industry. Here's our list of the top 10 - and lessons that should be learned, so we aren't back revisiting these issues in '09."

View the Top 10 at Bank InfoSec...

SQL Slammer 2.0?

"Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.

"Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time..."

See Microsoft Security Advisory (961040)...

Monday, December 22, 2008

Another Vendor Predicts Doom&Gloom for 2009

"The economy is on a downturn but the shadow Internet economy is booming. It's sad but true - cybercrime is on an upswing and will pose an ever-increasing threat to users in 2009. The cybercrime business demonstrated a huge growth rate in 2008, so what should be expected in the coming year? Magnus Kalkuhl, member of the Kaspersky Lab Global Research and Analysis Team (GReAT), gives an insight into the cybercrime trends of 2009.

"Do you think you're safe as long as you don't open an unknown email attachment or visit a dubious website? Think again. Today's threats aren't just spread via email, guestbooks and message boards but also via social networking sites...

"The volume of malicious code and number of variants is exploding. Statistics demonstrate the increased threat: at the beginning of 2008, Kaspersky Lab was using around 500,000 signatures to detect malware. Within the next few weeks, this will be over 1,500,000 signatures, meaning that the number has tripled in less than a year - a trend which will become even more threatening in 2009."

More at TMCnet...

Fishy-Looking Company Claims "Unbreakable Encryption"

[NOTE: this was an odd circular press release. Originally it was found at A link inside this story pointed to the Web site of a company called Praetorian Key. The entire content of Praetorian Key's Web site was the same, exact press release. The company appears to have come out of nowhere, and a Google search on "Praetorion Key, Inc." will get you (at the present time) seven links to this same press release. In other words, the very existence of the company is suspect, let alone the outrageous claims they make in their (poorly written) press release. -Hinky]

"Unbreakable Encryption?

"One company that claims to have created such a program is Praetorian Key, Inc. Their program, they claim, is better than an 'old style' alphanumeric encryption program, and that it prevents any chance of access to encrypted data via keyboard, mouse, or remote attacker using a network or the internet or a network.

"The only way to decrypt locked files is to use a separate 'key' on a CD, DVD, or USB drive. According to the company it would take nine trillion years to break the code without a key.

"CEO Howard Budwin issued an open challenge to hackers to see if anyone could decrypt the files encrypted by Praetorian Key, but no one has succeeded yet, not even the author of the program. 'Even if a team of hackers executed a brute force attack, it could not be done. It's like being protected by Brinks, the FBI, and the CIA combined.'"

From Praetorian Key, et. al.

Sunday, December 21, 2008

Sad Tale of Government Pwnage

"On October 26, 2006, computer security personnel from across the legislative branch were informed that the Congressional Budget Office had been hit with a computer virus. The news might not have seemed extraordinary. Hackers had been trying for years to break into government computers in Congress and the executive branch, and some had succeeded, making off with loads of sensitive information ranging from codes for military aircraft schedules to design specifications for the space shuttle.

"Employees in the House of Representatives' Information Systems Security Office, which monitors the computers of all members, staffers, and committee offices, had learned to keep their guard up. Every year of late, they have fended off more than a million hacking attempts against the House and removed any computer viruses that made it through their safeguards. House computers relay sensitive information about members and constituents, and committee office machines are especially loaded with files pertaining to foreign policy, national security, and intelligence. The security office took the information from the CBO attack and scanned the House network to determine whether any machines had been compromised in a similar fashion.

"They found one. A computer in one member's office matched the profile of the CBO incident. The virus seemed to be contacting Internet addresses outside the House, probably other infected computers or servers, to download malicious files into the House system. According to a confidential briefing on the investigation prepared by the security office and obtained by National Journal, security employees contacted the member's office and directed staffers to disconnect the computer from the network."

Full story PLUS audio slideshow at the National Journal...

Saturday, December 20, 2008

And You Thought Those "7 Habits" Classes Were Bad

"Alexander Godelman and Marc Le Shay, two Diskeeper employees have filed a complaint in the Los Angeles Superior Court alleging that Scientology training was a condition of employment and that their refusal to participate led to their dismissal. According to the complaint, 'the working conditions and work environment at DISKEEPER were inextricably intertwined with the Scientology religion such that a non-Scientologist cannot escape constant impositions of said religion.'

"When Godelman complained that these programs ran counter to his own religious belief, former Diskeeper CEO and current Chairman Craig Jensen told Godelman that his attendance at the 'training courses' was 'not negotiable,' adding that Godelman would become more intelligent and his personal life would 'improve drastically.' Jensen also warned Godelman to not 'complain about the process' in emails, which Jensen feared would be 'misconstrued' and/or 'taken out of context.' Le Shay was eventually fired after he refused to attend and participate in a course series entitled 'Basic Study Manual' and after Godelman interceded on Le Shay's behalf, Godelman was also terminated."


Do Never Blog

"A company should protect its reputation by setting up a code of conduct, especially for employees who communicate with customers using an open-forum blog, says John Sarno, president of the Employers Association of New Jersey.

In an era when one’s online presence can extend far beyond local borders, what gets said about a company on the Web can have lasting consequences.

"Employers and employees alike are exploring the world of blogging, a popular form of online journaling, for professional and personal use. Blogs can be used by businesses as a form of marketing, to share details with potential customers on products and services, but unregulated comments made online by employees have the potential to spread negative images, sensitive information and even misinformation about a company.

"The Employers Association of New Jersey in Livingston warns that many businesses have yet to address what is appropriate blogging activity by employees, including after work hours. John Sarno, president of EANJ, said while employees might assume the First Amendment allows them to blog without consequence, their words may land them in hot water.

"'Blogging is another form of off-duty conduct that may harm the reputation of the company,' Sarno said."

Read more at NJ Biz...

"STUDY": Hackers Put The Hammer Down

[NOTE: you always have to take vendor studies with a grain of salt. This month there have been dozens of reports bemoaning the fact that "the hackers are winning". The vendors pushing this viewpoint don't seem to realize it reflects badly on them. Of course, if they couldn't spread FUD, they'd have hardly any advertising at all. -HinkyDink]

"Zero-day malware accounted for 26 percent of blocked threats in November, says web security firm ScanSafe.

"In its monthly Global Threat Report, ScanSafe said the rate of zero-day malware blocks increased in November to 26 percent of blocks, compared to 16 percent in October. The number is also significantly higher than the 19 percent average reported for the year.

"In a zero day attack, hackers are faster than software vendors and security providers by exploiting vulnerabilities before vendors have time to fix them."

More at Feces PC World...

Friday, December 19, 2008

Analyst: Hackers are Overwhelming US Govt Computers

"Foreign hackers have accessed between half and all of the U.S. government and military computers they 'have an interest in,' according to one analyst. Many of the attacks are sanctioned by the Chinese government—something few top U.S. officials are willing to acknowledge, he said.

"John Tkacik, a senior research fellow at the Heritage Foundation, said his estimate was based on recent media and governmental reports along with personal interviews with U.S. officials. Chinese cyber attacks have grown so relentless and sophisticated they’ve become the 'single biggest military and intelligence threat the U.S. faces.' He was speaking at a Heritage discussion titled, 'Under Attack: Today’s Cyber Threat.'...

"There were 43,880 incidents of malicious activity from all sources against DoD and defense company computers in 2007, a 31 percent increase from the year before, according to a recent annual report from the U.S.-China Economic and Security Review Commission (USCC)."

From Security Management...

Thursday, December 18, 2008

Identity Theft Cases Baffle Itty Bitty Police Dept.

"PLAQUEMINE — City police say they are puzzled by a rash of identity theft cases in which thieves have run up bank debit card charges under the names of local residents.

"The victims include two members of the Board of Selectmen. Police say they are working with local banks to investigate the persistent and growing problem.

"Capt. Kenny Payne said Wednesday the first incident in the city was reported about 18 months ago. He said since then he has seen about 50 new cases from all three of the local banks.

"Payne said each fraudulent debit-card charge ranges from $20-$40, and they add up to about $500, rarely totaling more than $1,000."


Security "Researcher": 9/11 Was A Cakewalk

"A widely recognized computer security guru and cyber terrorism expert said cyber terrorism is more dangerous than any other form of terrorism.

"According to him, many countries these days rely heavily on their computers and related technology to carry out daily activities. He said cyber terrorism can involve attacks on computers that can make them inaccessible for weeks and intrusions into unauthorized sensitive personal data such as the bank accounts."

More nonsense at CXO Today...

Cry Me A River

"In filings with the U.S. Securities and Exchange Commission, companies that use H-1B and L-1 visas are alerting investors that it may become more difficult to obtain them in the future. Some firms are also noting that they don't know whether President-elect Barack Obama and the new Congress will help them get adequate numbers of visas.

"Bangalore, India-based Wipro Ltd., one of the largest users of H-1B visas, warned in an SEC filing shortly after the November presidential election that the "increasing political and media attention" directed at outsourcing may lead to legislation that restricts visa use or "imposes disincentives" to expanding offshore programs.

"During the presidential campaign, Obama repeatedly promised to 'stop giving tax breaks to companies that ship jobs overseas' and to provide incentives that help companies keep jobs in the U.S. [NOTE: That's why I voted for him -Hinky] Since his election, Obama has not unveiled a detailed plan for H-1B visas."

From ComputerWorld...

Evil Unemployed IT Worker Takes Down Network

Finjan Scores an "I Told You So"

"A federal grand jury in Charleston indicted a Kentucky woman Wednesday, saying she intentionally disabled the computer network of the multistate mattress company where she previously had worked.

"According to the indictment, Misty Dawn Evans, 33, of Ashland, worked as a network administrator for Innovative Mattress Solutions LLC, a Winfield-based company that provided business services to Mattress Warehouse and Sleep Outfitters affiliates in West Virginia, Kentucky, Ohio and Indiana."

From The Charleston Gazette...

Wednesday, December 17, 2008

Visa Introduces Chinese Passwords

Why Am I Not Filled With Confidence?

"Visa has partnered with banks in China and Taiwan to introduce an SMS-based one-time password system for cardholders to authenticate themselves when making online purchases.

"The service is based on the card network's Verified by Visa authentication system, which requires cardholders to punch in a secret PIN when paying for goods over the Internet.

"But instead of the customer using a fixed code, they are sent a one-time password to their mobile phone which is used to verify their identity.

"Visa is introducing the service with Chinatrust Commercial Bank in Taiwan and China Everbright Bank in China. To sign up, customers enroll their cards for Verified by Visa and register a designated mobile phone number on their bank's Web site."


Tuesday, December 16, 2008

Time To Unplug The Computer

Cisco: Threats from legitimate domains up 90%

"Described as one of the notable trends in the Cisco 2008 Annual Security Report that was released this week, Cisco security researchers said threats originating from legitimate domains grew 90%, nearly double the rate in 2007.

"Online criminals continue to create malicious websites-carefully designing them to look alluring and legitimate—to obtain sensitive personal information or distribute malware to site visitors.

"They hack legitimate websites from trusted organizations, such as news media or large retailers, to cause those sites to invisibly distribute malware to visitors; they also create or subvert existing Web applications and plug-ins for the same purpose."

From NetworkWorld...

Hot Scams For '09

"Every year the Identity Theft Resource Center (ITRC) shares its thoughts for the upcoming year. The following items are ITRC's predictions for 2009:

  • Real Estate-based scams
  • Credit Card scams
  • Job scams
  • Professional thieves and targeted attacks
  • Check Fraud
  • Breaches

"The ITRC projects an increase in the training of law enforcement regarding identity theft, from local to federal levels. Federal law enforcement will be even more aggressive in their actions against international syndicates especially in cybercrimes and international job scam operations. "

Full article at MarketWatch...

Monday, December 15, 2008

Your Facebook account May Be Worth More Than Your CC#

"Computer hackers are selling stolen Facebook social networking accounts to gangs for only 89p.

"The cyber thieves steal the account entry details from users before selling them on to gangs behind online fraud who in turn send viruses to other computer users.

"These gangs send 'spam' messages on to millions of other computer users, urging people to click on false video or photo links.

"By clicking on the links, people's computers become infected with spyware viruses that can track keystrokes and copy details such as passwords to online bank accounts.

"Other profiles being sought by the gangs include login details for MySpace and internet phone company Skype."


IT People are Downright SCARY

Fear the database admin, warns security report

"One of the best ways to improve database security is to carefully monitor the very people entrusted to manage them, database administrators (DBAs), a report has concluded.

"Perhaps not surprisingly, the Aberdeen Group study of 120 mostly large companies around the globe found a correlation between adopting a range of database security practices and frequency of data breaches.

"Companies ranked as using ‘best practice' suffered 8 percent fewer incidents of data loss compared to those not adopting such measures, and ended up with 10 percent fewer of a range of audit deficiencies."

Full article at TechWorld...

Spicy Pickle PWN3D!

"The theft of credit-card data from a local eatery highlights an international crime that experts say is likely to become more frequent.

"About 150 customers who paid with credit cards at Spicy Pickle, 3774 W. Centre Ave., Portage, between September and November discovered someone had made purchases using their credit-card information. Some of the transactions occurred as far away as Europe and the Middle East, according to officials.

"Police say they've ruled out the possibility of an inside job by the restaurant's employees. They also say owners of the local franchise had appropriate security in place to protect sensitive data that's collected in credit-card transactions.

"Yet sophisticated computer hackers, using the Internet, were able to navigate through the defenses to access Spicy Pickle's computers."

More at

Do These Things Happen in Threes?

Bugged laptop snares unwary burglar

"A BURGLAR has been caught in possession of a stolen laptop containing a tracking device.

"The Leeds man was arrested by police less than two hours after the theft of the 'honeytrap' laptop.

"The bugged laptop, provided by Safer Leeds, the city's crime and disorder reduction partnership, was stolen from a police 'capture' house in the Armley area of the city last week.

"Two hours later it was tracked to a nearby address and a 26-year-old local man was arrested on suspicion of burglary.

"Police tracking devices are currently installed in a variety of motor vehicles and electrical goods in different parts of Leeds, with the aim of deterring crime and catching criminals."

Source: Yorkshire Post...

20/20 Hindsight

The year in cybercrime

"One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices.

"Security software company Symantec became the latest company to raise red flags about what it called the "underground server" economy last month, when it issued a report estimating that roughly $276 million worth of goods and information is available on online black markets. Credit card data accounted for 59% of the information available for sale on underground servers, Symantec reported, with identity theft information (16%), server accounts (10%), financial accounts (8%) and spam and phishing programs (6%) trailing far behind."

More at Network World...

Bit9 Drinks MS Kool-Aid

Firefox Leads List Of Most Vulnerable Apps

"As part of its marketing effort to convince companies that they need more control over the potentially risky applications used by employees, Bit9 on Thursday published its list of the 12 most vulnerable applications commonly found behind corporate firewalls.

"Bit9 sells application whitelisting software and services, giving it some incentive to highlight applications that could be better controlled through its products.

"Firefox leads Bit9's list, followed by Adobe Flash & Acrobat; EMC VMware Player, Workstation, and other products; Sun Java Runtime Environment; Apple QuickTime, Safari, and iTunes; Symantec Norton products; Trend Micro OfficeScan; Citrix products; Aurigma and Lycos image uploaders; Skype; Yahoo Assistant; and Microsoft Windows Live Messenger.

"Bit9 ranks the applications according to popularity, the number and severity of vulnerabilities, and the difficulty of detecting and patching those vulnerabilities for IT administrators."

More of this nonsense is available at InformationWeek...

Sunday, December 14, 2008

Symantec: Traditional AV is Almost Useless

Then Why Do We Buy This Crap?

"Signature-based scanning is 'static, old school,' says Jerry Egan, director of product management at Symantec's security technology and response division. With 12,000 new malware specimens each day to detect and eradicate, 'we think that technique is reaching the end of its useful life,' Egan says.

Another complication is that malware is now so artfully designed, 'it spreads to 20 or 30 machines before it mutates,' Egan points out. That means 'your neighbor has one variant and you have another. The effectiveness of each signature has gone down.'"

From Network World...

PCI DSS? Never Heard of IT!!

"Hackers broke into a Merrimack [New Hampshire -Ed.] movie theater's servers and stole customers' credit card information, police said Wednesday.

"Investigators said that after receiving numerous reports of fraudulent use of credit cards, police determined that a majority of the victims used their credit cards over the summer and early fall at a Zyacorp Entertainment Cinemagic Stadium movie theater in Merrimack.

"Police and the Secret Service determined that a security breach was made into the company's server, allowing someone access to customers' information. The server has since been replaced, and new security measures put in place, police said.

"There was no indication how many customers' may have had their credit card information stolen."

From WMUR 9...

Bebo Gets (Koob)Faced

"A virus that's attacking Facebook users is also infecting other social networking sites, says ScanSafe.

"Koobface tricks social networkers into downloading malicious malware onto their PC. Users receive messages that look as if they're videos. Often they say something like "you look funny." When the user clicks to see the video, he is taken to a new website and asked to download special software in order to see the video.

"That software is malicious and once installed on a PC, the Trojan will direct users to hoax search engines and other websites, putting them at risk of ID theft.

"According to ScanSafe, Koobface has been identified on Bebo and could even spread to other social networking sites including - MySpace and Friendster. ScanSafe also claims that the virus accounts for one percent of all its blocked malware."

Source: PCWorld...

Old Skewl Hackers Hijack Microsoft Web Site

"Microsoft Ireland has been forced to review its online security after the company’s Irish home page was hijacked by a group of hackers last week.

"Visitors to the website last Tuesday were greeted with a message saying that the page had been hacked by a group calling itself the Terrorist Crew.

"A spokesman for Microsoft Ireland said that the incident was being investigated by the Gardai but it was unable to release any information on whether there were any leads on the identity or motives of the hackers. The hijacked web page listed the online nicknames of seven members of the group. Web searches reveal that several members have claimed credit for numerous hacking attacks on corporate websites in recent years."

From The POST.IE...

Friday, December 12, 2008

"You're All Screwed!" - Microsoft

"The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6, Microsoft Corp. said late yesterday.

"Today, a Danish security researcher added that Microsoft's original countermeasure advice was insufficient and recommended that users take one of the new steps the company spelled out.

"In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports -- IE5.01, IE6 and IE7 -- as well as IE8 Beta 2, a preview version that the company doesn't support through normal channels.

"Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said."

Full article at ComputerWorld...

Hackers Help Destroy Brazilian Rainforest

"Hackers in Brazil have managed to break into the computerized system that tracks quotas for logging companies, allowing for the illegal logging and smuggling of nearly 1.7 million cubic meters of wood.

"They haven't gotten away with it, however, as Brazil has been trying to crack down on illegal logging. Now there are 107 companies being sued for $833 million. In addition, 202 people are facing prosecution, including 30 'ringleaders' who brought the hackers and logging companies together."

More at Gizmodo...

HP to Employees: SUX 2 B U

HP stolen laptop has employees' data on it

"Hewlett Packard has written to members of its HP benefits programme, including current employees, to alert them that their personal data may be at risk.

"Scott Taylor, chief privacy officer at HP, wrote to members on the 8th of December and said while he has no evidence the laptop has been misused, 'HP has been working closely with law enforcement authorities to recover the laptop, which was stolen several months ago.'"

From the IT Examiner...

Thursday, December 11, 2008

If You Can't Beat 'Em...

Jobless techies turning to crime

"Impoverished techies and IT workers who have been made redundant will go rogue in 2009, selling corporate data and using crimeware, reports predict.

"The credit crunch will drive IT workers to increasingly use their skills to steal credit card data using phishing attacks and to abuse their privileged corporate computer access to sell off valuable financial and intellectual information, forensic experts have warned.

"Both PricewaterhouseCoopers (PwC) and security vendor Finjan are forecasting that the recession will fuel a significant rise in insider fraud and cyber crime in 2009."

More at

Teacher allegedly looked at porn with students present

"A substitute teacher who allegedly looked at pornographic images, which students also saw, on a computer at a St. Paul charter school last week was arrested Wednesday at his home, police said.

"Michael Anthony Johnson, 40, of St. Paul, was being held in the Ramsey County jail on suspicion of distributing pornographic images to children, said Peter Panos, St. Paul police spokesman. He has not been charged.

"The incident happened Friday at Community of Peace Academy, Panos said.

"Johnson reportedly was looking at sexually explicit material on a school computer while students were present, police said. Two boys, ages 14 and 15, saw the material, which was not child porn, Panos said.

"It wasn't clear whether the students inadvertently saw the images or Johnson showed them, Panos said."


Checkpoint VPN1 Code For Sale

"Hello world,

"Checkpoint VPN1 is currently one of the most comercial wide used firewall in the market.

"Checkpoints products are currently protecting (hehe right...) from medium and small business to highest corporative and government systems.

"Secure Plataform is a linux based system, developed by checkpoint, it incorporates all the checkpoint firewall and perimeter security products in one system, Secure Plataform is wide used, and recently is being deployed in appliances.

"In a few words what i mean is, some of the most SENSATIVE SYSTEMS and important organizations, are running checkpoint VPN1.

"Like cisco was, checkpoint has been owned for some time, we have all the source code CVS REPOSITORY for sell, lot's bugs waiting for somebody to exploit, will not be need a magnific hacker to find and exploit vulnerabilities in their code.

"We include with the source code cvs tree a special bonus, a remote root expoit for smartcenter on secureplataform (you can port the code to any other plataform too, because the product is the same on any OS, the vuln exists in all), This exploit is prepared to own all versions of checkpoint from R55 TO R65 on splat.

"All negociation by email ."

From FullDisclosure Mailing List
[Link not available at press time -Ed.]

Are Social Networks Sinking?

"The air seems to be coming out of the Web 2.0 bubble, squeezed by the economic downturn and the absence of many solid short-term business plans.

"Dire market conditions have forced virtually all social-networking firms to scale back. In October, Hi5, the third most popular social-networking site, announced that it would cut between 10 percent and 15 percent of its staff. And in November, the business-focused networking sites LinkedIn and Jive said that they would slash their work forces by 10 percent and 40 percent, respectively."

Full report at abc News...

Wire-Transfer Shops May Provide Hackers An Easy Target

"According to a study to be released on Thursday, nearly 60 percent of PCs examined in 300 wire-transfer businesses in Los Angeles and Las Vegas were infected with viruses capable of stealing financial information.

"Panda Security, a Spanish software vendor, conducted the study and found various malicious viruses on the computers including keyloggers that record keystrokes, allowing hackers backdoor access to compromised machines.

"Some of the examined machines held private data including Social Security numbers, and credit card numbers.

"The study was unable to determine if any of the information had been successfully stolen. According to researchers, the study served to show that there are still significant weaknesses in the wire-transfer shops.

"'It's a disaster waiting to happen,' said Carlos Zevallos, who led the study."

More at RedOrbit...

Chinese team mistakenly released IE7 exploit

"Chinese security researchers mistakenly released the code needed to hack a PC by exploiting an unpatched vulnerability in Microsoft's Internet Explorer 7 browser, potentially putting millions of computer users at risk -- but it appears some hackers already knew how to exploit the flaw.

"At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team.

"The problem in Internet Explorer 7 means a computer could be infected with malicious software merely by visiting a Web site, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP, regardless of the service pack version.

"Microsoft has acknowledged the issue but not indicated when it will release a patch."

More at NetworkWorld...

Wednesday, December 10, 2008

Microsoft warns of new Windows bug, says attacks under way

"On the same day that Microsoft Corp. released its biggest batch of security patches in more than five years, the company also warned Windows users of a critical bug that it didn't get around to fixing.

"In an advisory posted yesterday, Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. The flawed converter handles Microsoft Word 97 files on Windows 2000 Service Pack 4 (SP4), XP SP2, Server 2003 SP1 and SP2.

"Newer versions of Windows -- XP SP3, Vista and Server 2008 -- are not vulnerable to the bug, however."

Full article at ComputerWorld...

Web site-based crimeware hits all-time high

"The use of malware on Web sites to steal passwords and other sensitive information is skyrocketing, according to a new report from the Anti-Phishing Working Group.

"The number of URLs with hidden code for stealing passwords nearly tripled between July 2007 and July 2008, to a record high of 9,529, while the number of malicious-application variants hit a high of 442 this May, the APWG reports in its quarterly report (PDF) issued this week.

"The increase is primarily due to malicious code being used in SQL injection attacks, in which a small malicious script is inserted into a database that feeds information to the Web site. Typically, the host site is legitimate such as BusinessWeek's, not a phishing site created for the sole purpose of stealing consumer data."

More at cnet...

Court Halts Bogus Computer Scans

"At the request of the Federal Trade Commission, a U.S. district court has issued a temporary halt to a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and illegal pornography on consumers’ computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of those responsible for the scheme, to preserve the possibility of providing consumers with monetary redress."


FBI SPAM Rides Again

"Consumers continue to be inundated by spam purportedly from the FBI. As with previous spam attacks, the latest versions use the names of several high ranking executives within the FBI and even the IC3 to attempt to defraud consumers.

"Many of the spam e-mails currently in circulation claim to be an 'official order' from the FBI's Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars. To claim the large sum, recipients are instructed to furnish their personally identifiable information (PII) and are often threatened with some type of penalty, such as prosecution, if they fail to do so. Specific PII information requested includes, but is notlimited to, the recipient's name, banking information, telephone number, and a copy of their passport.

"The spam e-mail allegedly from the IC3 states that the recipient has extorted moneyand will be given a limited amount of time to refund the money or face prosecution.

"Do not respond. These e-mails are a hoax."

Full Intelligence Note at the IC3...

FBI investigates hackers who accessed a town's phone system

"It apparently happens more often than you might think. A group of computer hackers get access to a town's entire phone system and use the access to make overseas calls.

"The latest instance happened in the town of Hillsborough, New Hampshire. Authorities say hackers got into the system and made hundreds of hours worth of calls to countries on six continents.

"Town officials say some of the calls last month reached as far away as Libya, Egypt, Pakistan, Nepal and elsewhere. Because some of the calls involved countries where terrorist groups are known to operate, the town contacted police, the FBI and the U.S. Department of Homeland Security. Those agencies are now investigating.

"A professor who teaches about homeland security issues says terrorists often use the Internet to hack into phone systems so they can mask their identities and locations."

Source: WNDU

Another Stolen Laptop Phones Home

"Police at the University of Nevada, Reno are looking for a person of interest in Dayton whose photo was taken by a stolen laptop when he tried to use it because the computer was connected to the LoJack security system.

"The MacBook Pro, valued at $2,500, was in a student's backpack that was stolen Oct. 29 near the Down Under Cafe in Argenta Hall, said UNR Detective Warren Conley.

"'We're looking for the person in the photograph because we want to talk to him," he said. "He was in possession of the laptop at one time. He might have bought it from someone else or was looking to buy it, so we want to know who he got it from.'"

Full story & perp pic at

Websense predicts the future of web security

"The cloud will become dangerous, good sites will be used to hide bad data, and rich internet applications will turn on their users. These are some of the predictions from Websense Security Labs, which has compiled a security forecast for 2009...."

I predict you will read the article at ITNews...

Hackers Successfully Install Linux on a Potato

"Amsterdam, Netherlands – Hackers from the Web site successfully installed Linux on a potato. It's the first time the operating system has been successfully installed on a root vegetable.
"After weeks of trying the group got a Linux kernel specially modified for a potato loaded, and were able to edit a small text file in vi. Linux was loaded onto the potato using a USB thumb drive and commands were sent in binary to the potato using a set of red and black wires."

Full story at

Tuesday, December 9, 2008

Hidden camera catches laptop-theft suspect

"An anti-theft program may help Sacramento police find the person who stole a laptop from Hiram Johnson High School.

"On Oct. 14, between 4 p.m. and the next morning, someone got into the office at Hiram Johnson High, located at 6870 14th Ave and, and stole a laptop, according to the Sacramento Police Department.

"Police said the school's computers have an anti-theft program that allows them to be tracked and photos to be taken of people using the stolen item.

"Sacramento police released two photos [One shown at left -Editor] of the person using the stolen laptop.

"Anyone with information about the laptop is asked to call (916) 808-3722."

From Sacramento Bee Crime Blog...

MS Patch Tuesday "Biggest in Five Years"

Microsoft Corp. today patched 28 vulnerabilities, nearly all of them marked "critical," in the biggest batch of fixes it has issued since it switched to a regular monthly update schedule more than five years ago.

Of the 28 bugs quashed today, Microsoft ranked 23 of them critical, the top rating in its four-step scoring system. Of the five others, three were judged to be "important," the next step down, and two were pegged as "moderate." The patches were issued in eight updates for Windows, Internet Explorer, Office, SharePoint, Windows Media, and the company's most popular development tools, Visual Basic and Visual Studio.

Full story at ComputerWorld...

Web 2.0 Huge Threat - Expert

The Web and the growing popularity of Web 2.0 applications will continue to pose a huge threat to both consumers and enterprises, according to security firm Sophos plc.

"We're finding over 15,000 new Web pages being infected every day and 90% of Web threats reside on legitimate hacked sites while, about 1% of all Web searches deliver an infected Web page. So what you've got are these legitimate Web sites, how then do people protect themselves against this?" said Jim Dowling, director of sales for Asia at Sophos.

Read the full article at ComputerWorld...

Predictions 2009: Greatest Risks to Banks

10 Faces of Fraud: The Greatest Risks to Banks in 2009
ATMs, Checks Top List of Key Vulnerabilities

From Hannaford Brothers to Countrywide, this year has been full of stories of criminal activity on the Internet, with hackers and phishers wreaking havoc on computer systems and consumers, causing credit and debit fraud numbers to soar.

What does next year hold for fraud against financial institutions? Here are 10 of the new and old ways criminals will be looking to commit fraud in 2009.

1. ATM Network Fraud

2. Check Fraud

3. 'Laser-Guided' Precision Strikes

4. Phishing Attacks To Continue

5. Check Image Fraud

6. Zero Day Attacks

7. Low 'N Slow Attacks

8. Drive-By Attacks Deliver

9. Phones Will Be Ringing

10. Insider Threat

Full article at Bank Info Security...

Even "The Good Guys" are Crooks, Part III

Ex-agent admits hacking into FBI

"A former FBI agent pleaded guilty Monday to charges that he hacked into his agency’s computer to help his girlfriend, actress Linda Fiorentino [shown at left -Ed.], obtain key information on the federal case against a Hollywood private investigator."

Full story at The Examiner...

Penis pill botnet awakens after McColo shutdown

"One of the three botnets cut off by the shutdown of rogue ISP McColo is back in business. The Mega-D botnet is back on its feet and throwing off huge volumes of spam, net security firm Marshal8e6 reports.

"The botnet - best known for spamvertising adverts for penis pills - has been linked back to a network of compromised zombie PCs through a new command and control infrastructure. Analysis of where these systems are located is ongoing and neither Marshal8e6 or its competitors are prepared to point the finger of blame just yet. What's not in any doubt is that junk mail from compromised systems is on the rise."

More at The Register...

ICANN's Panties in Bunch Over CheckFree DNS Hack

Phishers now hijacking websites, warns ICANN

"Domain name owners are being warned by the Internet Corporation for Assigned Names and Numbers about a new phishing scam that may already have seen the largest bill payment website in the US being hijacked by cyber criminals."

More at ITBRIEF (no pun intended)...

Monday, December 8, 2008

Self-PWNAGE Rampant

Vulnerabilities play only a minor role in malware spread

"Computer users are their own worst enemies, a security company warned today, as it released data that shows software bugs were the source of just 5% of the past year's infections.

"The majority of the attacks carried out by 2008's top 100 pieces of malware were caused by users surfing to malicious sites and then accepting some kind of download, Trend Micro Inc. researchers said today.

"From Jan. 1 to Nov. 25, the top 100 attack programs infected 53% of their victims by duping them into downloading something from the Internet. An additional 12% of the infections tracked globally were caused by users opening e-mail attachments."

More at ComputerWorld...

French Windows Users Targeted

"Websense® Security Labs™ ThreatSeeker™ Network has discovered a ploy by scammers to trick users into executing a supposed fix for a Microsoft Security Advisory.

"The fraudulent email message references a real Microsoft Security Advisory 951306 (also known as CVE-2008-1436). The email provides instructions in both French and English.

"When the email's malicious attachment (MSC003-WIN.scr) is run, it connects via IRC to a BOT Controller, [removed] This connection is not through the default port, but through port 81. The application binds to startup, ensuring it will be run automatically when the computer is restarted (as instructed in the email). Major antivirus vendors are not detecting the malicious attachment."

Full alert at Websense...

Even "The Good Guys" are Crooks, Part II

Former police officer gets 10 years in theft from evidence locker

"Former Alton police officer Mick Dooley was sentenced today to 10 years in prison for a case in which he was accused of stealing thousands in cash from the department's evidence locker.

"Federal judge G. Patrick Murphy minced no words in the ruling, saying he was particularly disturbed by Dooley's attempts to blame his fellow officers for the crimes he committed."

More plus earlier report on

Even "The Good Guys" are Crooks

Fugitive Danish IT chief surrenders to LA police

"The head of a Danish software company who was sought by Interpol on alleged fraud and conspiracy charges turned himself in Saturday at a Los Angeles police station, according to a newspaper report.

"... early last week, following investigative reports about the company by Computerworld Denmark, IT Factory filed for bankruptcy. Chairman Asger Jensby estimated that 90 percent of the company's turnover had been fictitious.

"IT Factory allegedly created contracts for nonexistent products with companies that did not exist, and sold the contracts to banks and other investors."

Full story at ComputerWorld...


Tech commission suggests new cybersecurity post

The Department of Homeland Security has failed to ensure the nation's cybersecurity, a new report to be released Monday concludes, because the threat of cyberattacks is too vast for any one agency to tackle and must be addressed by a new White House office, as well as revised laws and government practices.

From cnet news...

Mal Wars

Thieves Winning Online War, Maybe Even in Your Computer

"Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.
"With vast resources from stolen credit card and other financial information, the cyberattackers are handily winning a technology arms race."

Read the full article at the New York Times...

Sunday, December 7, 2008

More Crystal Gazing for 2009

Predictions 2009: Paul Ducklin of Sophos

  • Compromised, infected PCs (bots), both at home and at work, will continue to remain the primary source of spam.
  • Web insecurity, notably weakness against automated remote attacks such as SQL injections, will continue to be the primary way of distributing web-borne malware.
  • Malicious emails will include an increasing proportion of attachments or web links to non-program (non-EXE) files.
More bullets at SearchSecurity...

FBI: Copper Thefts Threaten US Critical Infrastructure

"Copper thieves are threatening US critical infrastructure by targeting electrical substations, cellular towers, telephone land lines, railroads, water wells, construction sites, and vacant homes for lucrative profits. Copper thefts from these targets have increased since 2006; and they are currently disrupting the flow of electricity, telecommunications, transportation, water supply, heating, and security and emergency services, and present a risk to both public safety and national security."

More at

21 million German bank account details on black market

"The details of bank accounts held by 21 million Germans are for sale on the black market for 12 million euros (15 million dollars), a German magazine reported Saturday.

"In an investigative report, two reporters for the Wirtschaftswoche magazine met last month with two individuals, arranged through an intermediary, who offered to sell a CD-ROM containing the names, addresses, bank name and account numbers of 21 million people, the magazine said."

More at Breitbart...

British ISPs filtering Wikipedia

"Internet service providers in the U.K. have begun filtering access to Wikipedia after the site was added to the Internet Watch Foundation's blacklist.
"The content being filtered is apparently deemed to meet the Internet Watch Foundation's criteria for child pornography--in one case, this involves a 1970s LP cover art which, although controversial, is still widely available."

More at cnet...

[Hinky Note: the objectionable content mentioned in the article can be found on this page. -HD]

CheckFree PWN3D via NetSol Spear Phish Attack

Network Solutions phishing came before Web attack

A late October phishing campaign may have given online criminals the information they needed to seize control of payment processor CheckFree's Internet domain this week.

On the morning of Dec. 2, attackers logged into CheckFree's domain name registration account at Network Solutions and redirected Internet traffic away from CheckFree's systems to a rogue server located in the Ukraine. During an incident that lasted just under five hours, CheckFree customers trying to connect with the company's Web site were attacked with code that exploited a bug in Adobe's Reader software.

More at NetworkWorld...

Young workers' use of social networking sites concerns IT staffs

"Social-networking sites such as Facebook and MySpace are being targeted so often by cybercrooks and other mischief-makers that half of the information-technology specialists surveyed recently by Intel expressed concern about workers under 30, who disproportionately use such sites.

"Of the 200 corporate and government IT professionals in the United States and Canada who were surveyed, 13 percent said they regard so-called Generation Y employees as "a major security concern," and 37 percent tagged them as "somewhat of a security concern." The biggest worry they mentioned was the tendency of many Gen Yers to frequent social-networking sites like Facebook and MySpace."

More at MercuryNews...

Everything Old is New Again

FBI: Criminals Auto-dialing With Hacked VoIP Systems

Criminals are taking advantage of a bug in the Asterisk Internet telephony system that lets them pump out thousands of scam phone calls in an hour, the U.S. Federal Bureau of Investigation warned Friday.

The FBI didn't say which versions of Asterisk were vulnerable to the bug, but it advised users to upgrade to the latest version of the software. Asterisk is an open-source product that lets users turn a Linux computer into a VoIP (Voice over Internet Protocol) telephone exchange.

More at PCWorld...

IC3 Intelligence Note...

Insiders Pose New Threats In Down Economy

By Tim Wilson

Rene Rebollo was strapped for cash. One day, while working in his office at the Pasadena branch of Countrywide Home Loan, he noticed one computer in the building whose USB port hadn't been disabled by the company's IT department. Then, according to FBI affidavits, Rebollo got an idea.

Every Sunday night for approximately two years, Rebollo went over to that workstation and downloaded confidential data on as many as 20,000 Countrywide customers to a small USB drive that he could carry out of the office in his pocket. He then sold the valuable data for as little as $500 to an accomplice, who fenced it. Over the two-year period, Rebollo may have sold as many as 2 million records, according to some estimates.

More at DarkReading...

Koobface computer virus attacks Facebook users

Facebook's millions of users are in the crosshairs of a computer virus dubbed Koobface that is being spread through the social networking site's messaging system.

Users whose computers are infected may have their credit card numbers stolen or their searches on Google, Yahoo and MSN diverted to fraudulent Web sites.


[Hinky NOTE: see also my commentary at the UT Blog -HD]

National Handwashing Awareness Week December 7-13, 2008

It's that time of year again, folks! If you think handwashing has nothing to do with security, think again. MRSA is an often deadly superbug that can close down schools, firehouses, hospitals, anywhere people congregate, causing a crisis of availability when such facilities are shut down for disinfecting.

"Spread the Word not the Germs!"

10 Security Predictions For 2009

1. Not Your Mama's Malware

2. 'You Just Lost Your 401(k),' And Other Attacks Exploiting The Failing Economy

3. Malware Writers Go Social

4. Locally Owned Attacks

5. Let's Get (More) Unified

6. More Activity From The Cyber Underworld

7. Inside Jobs

8. Information Lockdown

9. Let The Games Begin

10. Security Goes To The Cloud

From: Channel Web