Friday, November 27, 2009

Hinkyvision Coming SOON!

"Former national cyber czar Andy Purdy launched Cybercrime.TV today, an online development site for producers, directors, writers, experts, and others joining him in launching a television network that focuses on cyber criminals and those who enable them.

"`Cybercrime.TV is an online network for television people and computer people to work together,` said Purdy.

"The website provides tools to develop new projects and showcase them for production financing through Purdy and his associates. Membership is free, and members can upload videos and proposals, create groups, create forums, publish papers and articles, announce events, and publicize their programs.

"Cybercrime.TV, as a television network, will focus on all aspects of cybercrime in the form of news and talk shows, specials, movies, and original series.

"Topics of greatest interest to Purdy include cybersecurity, cyber terrorism, cyberstalking, encryption, financial crime, financial espionage, hackers, identity theft, information assurance, information warfare, Internet fraud, Internet privacy, Internet safety, malware, money laundering, network security, online predators, phishing, pirated software, social engineering, spamming, spoofing, spyware, and viruses."

More at PRWeb...

Wednesday, November 25, 2009

Push "da button", Frank

"Some Facebook users have been infected with a worm after clicking on an image of a scantily clad woman, which then redirects the victims to a pornography site, according to security researchers.

"The worm posts an image on a victim's Facebook Wall with a photo of a woman in a bikini and the message `click 'da button, baby.` Wall posts are viewable by a Facebook user's friends.

"If a friend clicks on the image and is logged into Facebook, the image is then is posted to their own Wall. Their Web browser will then open a Web page with a larger version of the same image. A further click on "da button" redirects the friend to a pornography site, according to Roger Thompson chief research officer for antivirus vendor AVG Technologies. Thompson posted a video of the attack on his blog."

From ComputerWorld...

Friday, November 13, 2009

Employed Programmers Can Be Crooks, Too

"Two computer programmers who worked for Bernard L. Madoff’s investment firm were accused Friday of helping to cover up the giant Ponzi scheme for more than 15 years.

"In a statement, the United States attorney’s office in Manhattan said the two programmers — Jerome O’Hara, 46, of Malverne, N.Y., and George Perez, 43, of East Brunswick, N.J. — were arrested Friday at their homes.

"The complaint accuses the two men of providing the technical support needed to produce false documents and trading records in defrauding investors in Bernard L. Madoff Investment Securities of billions of dollars.

"Jerome O’Hara and George Perez allegedly helped construct Bernie Madoff’s house of cards. The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff’s crimes,` Preet Bharara, the United States attorney for the Southern District of New York, said in a statement.

"In addition, Joseph M. Demarest Jr., the assistant director in charge of the F.B.I.’s New York office, said that when the two men told Mr. Madoff `they would no longer lie for him,` they were paid to keep the scheme quiet."

From The New York Times...

Saturday, November 7, 2009

Full Disclosure RULEZ!

"An unusual cloak-and-dagger operation being run by internet security experts has been exposed this week, after details of a flaw in the SSL protocol were made public.

"The problem with the Secure Sockets Layer standard that keeps e-commerce websites, mail servers and more safe from attack was first discovered in August by a phone-security firm called PhoneFactor.

"That company immediately set to work with the Industry Consortium for Advancement of Security on the Internet (ICASI) to fix the issue in secret so as not to alert hackers.

"However, an engineer working independent of ICASI found the flaw by himself this week and posted the details online in an effort to find a solution.

"Naturally, the buzz about SSL potentially failing spread like wildfire, prompting ICASI and PhoneFactor to go public immediately."

More at

Friday, November 6, 2009

Gumblar Rides Again!

"ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

"Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.

"When the Gumblar malware was found in March, it looked for instructions on a server at That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.

"Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another. Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.

"Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download."

More at ComputerWorld...

Old Passwords Never Die

"Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.

"Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.

"Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times."

From The Register...

Thursday, November 5, 2009

Surge In Security Newbs Predicted

"IT professionals are placing their bets on security as they plot their next career moves, according to a new study published earlier today.

"The survey of more than 1,500 IT workers, which was conducted by the IT trade association CompTIA, found that 37 percent intend to pursue a security certification over the next five years. Another 18 percent of IT workers said they will seek ethical hacking certifications during the same time period, while 13 percent identified forensics as their next certification target.

"`Given the growing reach of security, with threats becoming more pervasive and dangerous and with no business or industry immune to those threats, it makes sense that many IT professionals view this as a must-have for career advancement,` said Terry Erdle, senior vice president, skills certifications for CompTIA."

More at DarkReading...