Friday, February 27, 2009

Time Warner DNS Servers Hammered

"During the past week, hackers have launched a series of attacks on Time Warner Cable's servers. Time Warner Cable is working with law enforcement agencies to resolve these crimes.

"As a result of these attacks, you may have experienced a temporary `outage` when attempting to surf the Web, including an intermittent `page cannot be displayed` error message. The outages did not result in services being 100% unavailable; and were limited to sporadic timeouts which appeared to be random events. Some users may have experienced a total disconnect, however. These types of attacks are not uncommon, especially for a network as large as ours. We suspect that the attackers are using `zombie computers,` or hijacking unsuspecting subscribers' machines to perpetrate the attack without its owner's knowledge.

"All of us at TWC take these attacks extremely seriously. As previously mentioned, we are working with the appropriate law enforcement agencies that specialize in investigating these types of crimes. We will pursue prosecution of all perpetrators to the fullest extent of the law. We apologize for the inconvenience that these attacks may have caused and encourage you to report any suspicious activity."


Most Oracle Shops Ripe For PWNAGE

"A continuing lack of corporate mandates to quickly install Oracle Corp.'s security patches may be leaving many Oracle database installations exposed to vulnerabilities for extended periods of time, according to survey results released on Wednesday.

"In a pair of online surveys that were jointly conducted between May and August of last year by the International Oracle Users Group (IOUG) and Oracle, only 26% of the 150-plus respondents said that their companies required the software vendor's quarterly patch updates to be applied on all systems as soon as they're released.

"Another 6% said they're required to install Oracle's Critical Patch Updates (CPU) on critical systems only, the IOUG and Oracle wrote in a report. Meanwhile, 30% said their companies didn't have any specific policies in regards to Oracle's patches, while 32% said their policies required database administrators to do either risk or cost-benefit analyses in order to justify the installation of patches in production databases."

More at ComputerWorld...

Thursday, February 26, 2009

Web Vandalism Still Lulzworthy - Report

"A study of 57 Web site hacks from last year showed that 24 percent were aimed at defacing a site rather than financial gain.

"The figures from the latest Web Hacking Incidents Database Annual Report suggest that stealing money and data is not always the overriding motivation for hackers, although it has been a rising trend in recent years.

"`While financial gain is certainly a big driver for Web hacking, ideological hacking cannot be ignored,` the report said, which was sponsored by vendor Breach Security with support from the Web Application Security Consortium.

"Although there were hundreds of thousands of Web site attacks in 2008, the report set a strict criteria for its analysis: It looked at only those incidents that were publicly reported, were associated with Web application security problems and had an identifiable impact on an organization.

"These criteria allow people to understand the potential business impacts as opposed to just the technical failure, which is important in order to manage risk, the researchers said.

"Web site vandalism may carry a lower risk for organizations than a financial attack, but still highlights insecure Web pages."

From PC World...

Wednesday, February 25, 2009

Heartland CEO: PCI Certification Sucks

"Heartland Payment Systems' top executives on Tuesday shed more light on the firm's massive data breach, and said that Heartland would fight ensuing lawsuits stemming from the incident.

"In an earnings call, the transcript of which has been posted online as well as summarized in the firm's fourth quarter 2008 financial report, Heartland chairman and CEO Bob Carr said the malware that infected the firm's systems could read and collect unencrypted data in motion, and that the attackers may have been able to `trade` from its network some of the data that was accessed.

"`Keep in mind that Heartland passed its PCI certification last April, and assessors are currently on-site for 2009 certification, which we are targeting to begin to complete by the end of April. In that regard, throughout the potential period of the breach, Heartland did have antivirus software installed on its payment processing network,` Carr said."

More at DarkReading...

Tuesday, February 24, 2009

Yet Another Reason To Hate PDFs

"Attackers inserted malware into ads in an apparent attempt to get users to download rogue antivirus. The malware authors attempted to exploit a patched vulnerability affecting Adobe Acrobat and Reader that is unrelated to reports last week of a zero-day bug. and other Ziff Davis Enterprise sites were affected, though the ads were taken down shortly after the situation was discovered and the site is now clean.

"Attackers infected some advertisements on the Web site in an apparent attempt to get readers to download a rogue antivirus. eWEEK has found the exploit and removed any infected code from its Web site.

"Although the exploit involved a bug affecting Adobe Reader and Adobe Acrobat, it is not related to the zero-day bug publicized last week, and is detected by Symantec as `bloodhound.exploit.213.`

"The infected code was found early Feb. 24 and the infected ads were removed from the eWEEK site within a short time. The eWEEK Web site is now working without any problems."

Read more - if you dare - at eWeek...

Top Twenty "No Brainer" IT Security Controls Revealed

"A coalition of public and private organizations, including U.S. military and intelligence agencies, today will release a preliminary set of baseline IT security controls intended to become a foundation for a standardized approach to securing the nation’s critical information infrastructure.

"The Consensus Audit Guidelines (CAG) are being released initially for public comment, but plans call for them to be piloted in several agencies later this year. Eventually the federal Chief Information Officers Council will evaluate the recommendations to decide whether it makes sense to adopt them as a standard throughout government.

"The value of the guidelines is not so much in providing new security controls for systems administrators, but in standardizing the priority security efforts. The project is headed by former Air Force and Energy Department CIO John Gilligan, who called the approach a `no brainer.`"

Read the full article at Government Computer News...

Talking Heads Bemoan State Of IT Security

"This is the worst time in recent memory for potential security breaches, according to a British Computer Society video debate.

"IT security should remain one of the highest priorities during the economic downturn, especially for companies that may have to make redundancies over the coming months, the BCS debate concluded.

"The Financial Services Authority (FSA) has urged firms to keep on top of operational controls and risk management because of the danger that criminals may target increasingly desperate employees.

"As they are under financial and job pressures as the downturn deepens, they may be tempted to commit data theft, among other crimes.

"The video debate panel, which comprised Rik Ferguson of security firm Trend Micro, Hamid Jahankhani of the University of East London, and Louise Bennett of the BCS Security Forum, agreed that large organisations need a better understanding of which specific person has access to what information."

More at ComputerWeekly...

Official: "Less Than 80%" of Nigerians Involved In Cybercrime

"A 2008 Internet Crime report listed Nigeria as number three on the list of the world’s top 10 online crime spots.

"Although, the Federal Government and a number of other stakeholders are campaigning against cybercrime in the country, the prevalence of young people involved in Internet scam, now known all over the world as advance fee fraud or ‘419’, has battered the image of the youths so much that an average Nigerian is perceived as a potential scammer.

"Experts said reversing the trend was not just timely, but exigently necessary for the Nigerian youths.

"Speaking on the issue, the Chief Operating Officer, Computer Warehouse Group, Mr. Phillip Obioha, said, `I do not agree with the statistics that 80 per cent of Internet users engage in illicit activities. Most transactions are done online; online banking alone is an example. No one can say that is illicit.`

"Although there may be a few bad eggs that use the Internet for online fraud, but, according to Obioha, they are less than 80 per cent."

Full article at Punch On The Web...

Banking Trojans Outrun Anti-Virus

"The ease of online banking is putting more Internet hackers on easy street.

"A report Monday in USA Today indicated the number of programs designed to gain access to bank accounts had increased from almost 17,000 in January 2008 to more than 59,000 by the end of the year...

"The latest advances in Internet bank theft include the use of trojan programs that can slip onto an unsuspecting computer's hard drive through a viral link on a greeting card or in e-mail spam.

"The trojan then hides out on the hard drive and waits until the computer user logs onto a banking Web site. The program then acquires user names and passwords or copies the log-on page.

"One Internet security expert says banking trojans are more advanced and evolving faster than anti-virus solutions."

Read more at the Topeka Capital-Journal...

Monday, February 23, 2009

More Payment Processor PWNAGE

"Just weeks after Heartland Payment Systems Inc. disclosed what may be one of the largest breaches of payment card data thus far, news is emerging of what could be another major breach involving a payment processing company.

"The identity of the payment processor is still unclear, as is the number of credit and debit cards that were compromised in the breach. What is known is that attackers broke into systems at a U.S-based company and that the breach exposed the account numbers and expiration dates of payment cards used in so-called card-not-present transactions between last February and this January.

"The breach is the third affecting a payment processor to come to light since late last year, following the one that Heartland acknowledged last month and another that RBS WorldPay Inc. disclosed in December. The latest incident underscores concerns within the financial industry that attackers are increasingly targeting payment processors, which typically handle far more card data than individual retailers do."

Read more at ComputerWorld...

Friday, February 20, 2009

Another Reason To Hate PDF Files

"Hackers have been exploiting a critical bug in Adobe Reader, the popular PDF-viewing software, for at least nine days, researchers said Friday, but a patch may not be ready for another three weeks...

"In a security advisory released yesterday, Adobe acknowledged the bug and the ongoing attacks, and said that both Reader and Acrobat, an advanced PDF-creation and edit application, are vulnerable. Versions 7, 8 and 9 of both programs, and on all platforms, contain the flaw, the company confirmed..."

More at ComputerWorld...

Researcher: DNS Sucks Major Ass

"Exploits for a serious cache-poisoning vulnerability discovered in the Domain Name System (DNS) last year have begun to appear in the wild, and they have made security researcher Dan Kaminsky a believer in DNS Security Extensions (DNSSEC).

"Kaminsky, director of penetration testing at IOActive, Inc., last year discovered the vulnerability in the DNS that underpins the Internet and helped to engineer the release of a patch for it. The patch, which introduced more port randomization into DNS servers, was merely a quick fix and Kaminsky said he has come to the conclusion that no security technology except DNSSEC can scale well enough to fix the problem.

"The problem with DNSSEC is that it is difficult to deploy and manage, and it has been adopted only slowly and reluctantly..."

Read more at GCN...

Conficker 2.0 Debuts

"The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates.

"The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines..."

Read more at ComputerWorld...

Thursday, February 19, 2009

Trojan Knocks Out School Computers

"A nasty virus has been going around the Mounds View public schools, but the only thing it's infecting is computers.

"This particular virus effectively shuts a computer down and renders it useless. Officials say about 3,500 computers in the Mounds View school district have been infected...

"The district is now in the process of erasing the hard drives, and reinstalling the operating system and software on every computer. A 12-person team has been working up to 15-hour days to fix the problems."

Source: Star Tribune...

Wednesday, February 18, 2009

Hackers In Your Face

"Nguyen Minh Duc, manager of the application security department at the Bach Khoa Internetwork Security Center at Hanoi University of Technology, is scheduled to demonstrate at Black Hat DC this week how he and his colleagues used multiple methods to hack top biometric facial recognition products and gain easy access to systems.

"He and his colleagues hacked Lenovo's Veriface III, ASUS' SmartLogon V1.0.0005, and Toshiba's Face Recognition systems, which come on the companies' webcam equipped laptops. These Windows XP and Windows Vista laptops use the webcams to scan the user's face, and if it matches the stored image, analyzed by an algorithm, it will log the user on. Facial recognition is considered by many in the security world to be less of a hassle then fingerprints and more secure than passwords..."

More at DailyTech...

Tuesday, February 17, 2009

US Government Systems "Under Constant Attack"

"Reports of cyberattacks on U.S. government computers jumped by 40 percent in 2008, records indicate.

"U.S. Computer Emergency Readiness Team figures show reports of attacks by people trying to plant malicious software intended to allow them to control or steal sensitive government data have been climbing steadily, USA Today reported Tuesday.

"`Government systems are under constant attack,` Joel Brenner, counterintelligence chief in the U.S. Office of the Director of National Intelligence, told the newspaper. `We're seeing a dramatic, consistent increase in cybercrime (and) intelligence activities.`"

Source: MarketWatch...

Monday, February 16, 2009

Hotel Hack Exposes 21,000 To ID Theft

"Up to 21,000 Floridians may have been affected by a data breach at Wyndham Hotels & Resorts last year, prompting Attorney General Bill McCollum to ask consumers to keep a close eye on their credit statements.

"According to a statement released today, Wyndham reported to the Attorney General's Office that it contacted affected consumers in December and notified them that unauthorized access to Wyndham systems had potentially compromised their personal data on their debit and credit cards. The data breach has since been disabled."

More at Sun Sentinel...

Zone-H Gets 'Faced

"Defacement archive has itself been defaced.

"The hack - claimed in the names of Cyber-Terrorist, HeLL cYbEr, and Jurm - involved posting a link to a YouTube video and dancing babies on the site's altered home page. The Arab language video, featuring an ad promoting nappies, replaced the site's usual content of information security commentary and a defacement archive.

"A message that came with the defacement suggested hackers pwned the site for want of something better to do..."

More at The Register...

Friday, February 13, 2009

Mexican Phone Company Hacked

"The Taco Bell chihuahua may have to cover his ears. Police in Sedalia, Mo., are looking for someone who hacked into a Taco Bell's drive-through radio system. Authorities say the pranksters shouted obscenities at customers. Police figure the hacker must have been pretty close to interfere with the drive-through frequency. Taco Bell isn't laughing, though. Employees say they'll press charges if the hackers are caught."

From VolunteerTV...

Another Heartland In The Works?

"Banks around the country are reportedly receiving warnings, and perhaps even new lists of cards to replace. This is apparently regarding another credit card processor, unrelated to Heartland Payment Systems, having a significant breach.

"OSF has received multiple tips from multiple sources, and has spoken with the good people over at who have confirmed they too are hearing the exact same thing.

"From what we've heard, this second breach is significant in scale, but we have not as of yet been told who the processor is."

Source: DATALOSSdb...

Thursday, February 12, 2009

Nosocomial Data Leakage

"Over a two-week period, Dartmouth College researchers, in collaboration with P2P monitoring vendor Tiversa, searched file-sharing networks for key terms associated with the top ten publicly traded health care firms in the country, and discovered numerous sensitive documents for example, a spreadsheet from an AIDS clinic with 232 client names, including Social Security numbers, addresses and birthdates.

"The researchers also discovered databases for a hospital system that contained detailed information on more than 20,000 patients, including Social Security numbers, contact details, and insurance records, along with diagnosis information."

Source: SC Magazine...

Wednesday, February 11, 2009

Microsoft Jumps On "Evil Unemployed IT Worker" Bandwagon

"The world's biggest software maker has warned companies to expect an increase in `insider` security attacks by disgruntled, laid-off workers.

"Microsoft said so-called `malicious insider` breaches are on the rise and will worsen in the present downturn.

"`With 1.5 million predicted job losses in the US alone, there's an increased risk and exposure to these attacks,` said Microsoft's Doug Leland.

"`This is one of the most significant threats companies face,` he said."

More at BBC News...

Tuesday, February 10, 2009

Low Tech "Manilla Envelope Gang" Implicated In ID Theft

"A car burglary led investigators to a meticulously organized identity-theft and burglary ring with at least 100 victims, sheriff's deputies said yesterday.

"Deputies seized hundreds of stolen items and arrested three men and one woman, all from Lakeside.

"The investigation began Jan. 30 after a woman's purse was stolen from a car near a Chinese restaurant in Santee.

"Investigators traced one of the stolen credit cards to a 29-year-old woman and went to her home Thursday to arrest her. She wasn't home, but her boyfriend, 27, was there. A records check revealed he was a parolee at large, and deputies took him into custody, sheriff's Sgt. Tom Poulin said.

"The woman arrived in a stolen car and was arrested, he said.

"Inside her home, detectives found a filing system of identity theft, Poulin said. `She would set up files on individuals for whatever info was stolen from them, manila-envelope files,` Poulin said, adding that she used that information to make purchases."

Source: SignOnSanDiego...

Kaiser Permanente Break A Fluke

"Police in the city of San Ramon, Calif. found personal information of thousands of people on the hard disk of a computer taken from the apartment of a suspect arrested for possession of stolen property and involvement in various fraud cases.

"On realizing that about 30,000 of the people listed in files on the computer were employees of the northern California offices of health care services provider Kaiser Permanente, the police notified Kaiser, Lt. Dan Pratt, public information officer at the San Ramon Police Department [said].

"`We don't know how she got that information, and we're working with Kaiser and other investigation agencies on her case,` Pratt said."

From InternetNews...

Heartland Body Count Swells

"By the latest count, the number of institutions that have informed their card customers and members that they were hit as a result of the Heartland Payment Systems (HPY) data breach has swelled to 124.

"Heartland, the sixth-largest payments processor in the U.S., announced on Jan. 20 that its processing systems were breached in 2008, exposing an undetermined number of consumers to potential fraud. Since then, scores of banks and credit unions from across North America have stepped forward to say their customers are among those whose cards were compromised in the breach.

"While Heartland and the credit card companies remain tight-lipped about the total number of institutions and card account numbers involved, Heartland has said that, at the time of the breach, it processed an average of 100 million transactions per month for more than 250,000 different retailers and merchants."

More, including complete coverage, at BankInfoSecurity...

Monday, February 9, 2009

Big Surprise: Employees Abuse Internet

"FaceTime Communications says employee Web 2.0 usage in corporate networks has exceeded IT Managers estimates by over 10 times. The company has cited actual network data from usage of apps like Instant Messaging,IPTV, VoIP and Social Networking...

"The company collected traffic data from the USG units deployed in web based companies around the world and compared it over the data (the amount of Web 2.0 applications in the establishment) they had requested from the IT Managers in those companies. One third of the managers estimated the number at less than eight. In reality, FaceTime's actual network data had shown an average of 49 Web 2.0 applications installed across all reporting locations.

"According to the company, the reason for such a rise in Web 2.0 apps is that employees are under the impression that they have the right to download and use any app available to them to make their jobs easier."

More at

Hey Now I'm A Rock Star

"Security practitioners used to be seen as propeller-hat wearing introverts hunched over computers in dark, cold basements for weeks on end, shunning daylight and anyone who tried to start a conversation with them. But times have changed.

"Thanks to the blogosphere, social networking sites and podcasting made easy, many security pros are taking on a much more public persona, becoming near-rock stars. Evidence of this can be seen in abundance at the ShmooCon 2009 security gathering in the nation's capital this weekend.

"One example was a Friday lunch gathering of the Security Twits -- a growing group of security pros who communicate with each other and the rest of the world via the Twitter micro blogging site. Another example was an evening meet-up of security podcasters.

"True, many security pros still prefer the quiet, isolated life. It's also true that the introvert tag was never a fair fit for many people. But several conference attendees acknowledged theirs has become a much more public profession. It's a necessity, they say. To truly improve security, people need to be out there communicating the threats computer users face and how to take the proper defenses..."

More at

Best Buy Hacked By Employee With USB Drive

"An employee at Best Buy's 1880 Palm Beach Lakes Blvd in West Palm Beach, Florida allegedly stole credit card information during November and December 2008 using an unauthorized personal device. Best Buy learned of the theft on Jan. 5, 2009. With the cooperation and assistance of store management, the employee was identified and taken into federal custody by the Secret Service on Jan. 7, 2009. That person is no longer employed by Best Buy.

"Although none of Best Buy's electronic systems were compromised by this former employee's actions, Best Buy believes that approximately 4,000 people could have been affected by this former employee's unlawful skimming of customer credit card information. State and federal law enforcement authorities and all relevant payment card brands have been notified of the incident and Best Buy is fully cooperating with all investigations."

Source: CBS 12...

French Air Force Surrenders To Conficker

"French fighter planes were unable to take off after military computers were infected by a computer virus, an intelligence magazine claims.

"The aircraft were unable to download their flight plans after databases were infected by a Microsoft virus they had already been warned about several months beforehand.

"At one point French naval staff were also instructed not to even open their computers.

"Microsoft had warned that the `Conficker` virus, transmitted through Windows, was attacking computer systems in October last year, but according to reports the French military ignored the warning and failed to install the necessary security measures..."

More at The Telegraph...

Sunday, February 8, 2009

"Security" Company HACKED

"A security lapse at Kaspersky has exposed a wealth of proprietary information about the anti-virus provider's products and customers, according to a blogger, who posted screen shots and other details that appeared to substantiate the claims.

"In a posting made Saturday, the hacker claimed a simple SQL injection gave access to a database containing `users, activation codes, lists of bugs, admins, shop, etc.` Kaspersky has declined to comment, but two security experts who reviewed the evidence said the claims appeared convincing."

Source: The Register...

Saturday, February 7, 2009

Heartland Dominoes Continue To Fall

"At least two local financial institutions reissued new credit and debit cards to customers in recent weeks after Visa and MasterCard discovered a security breach at a New Jersey card processor.

"Heartland Payment Systems, which processes 100 million transactions a month for 175,000 merchants, learned Jan. 20 that someone outside the U.S. had hacked into its system, said spokesman Jason Maloni.

"Dollar Bank reissued an undisclosed number of cards in late January, said vice president Jim Carroll Jr.

"Elliott Federal Credit Union, Jeannette, issued new cards to about 100 of its 500 cardholders, said CEO Jim Benson.

"Neither institution reported cardholders were defrauded. Only cardholder names and account numbers were compromised, not Social Security numbers, addresses or phone numbers, said Maloni. He could not estimate how many cardholders were affected."

From TribLive...

What Would Jesus Do?

"A local pastor’s day was turned upside down Friday after hackers stole his e-mail identity and sent a distress message to all his contacts.

"The Rev. Darren Demaree, pastor of Legacy Church in Loveland [StreetView], said Friday that his Hotmail e-mail account had been hacked into. Hotmail is an Internet-based e-mail service that allows its users to access their accounts from anywhere in the world.

"Apparently, someone somewhere in the world has done just that.

"An e-mail plea was sent to everyone in his address book saying he had taken an unplanned trip to England to take part in a program called `Empowering the Youth to Fight Racism, HIV/AIDS, and Lack of Education.`

"It further reads: `Unfortunately, all my money and traveling documents were stolen in my hotel room during a robbery incident in the hotel where I lodged.`

"It then asks for recipients to send him money — 2,500 British pounds, or about $3,700.

"`This has been awful,` Demaree said from Loveland on Friday. `Everyone’s been calling.`

"Demaree, who didn’t travel to London for any such conference, said he cannot even access his own e-mail account, so his wife has been trying to send messages to everyone from hers.

"He has tried to get the provider of the e-mail account to help him but has been unsuccessful, he said."

From The Reporter-Herald...

Friday, February 6, 2009

Government Twit Implicated In Security Breach

"A congressional trip to Iraq this weekend was supposed to be a secret.

"But the cat’s out of the bag now, thanks to a member of the House Intelligence Committee who broke an embargo via Twitter.

"A delegation led by House Minority Leader John A. Boehner , R-Ohio, arrived in Iraq earlier today, and because of Rep. Peter Hoekstra , R-Mich., the entire world — or at least readers—now know they’re there.

"`Just landed in Baghdad,` messaged Hoekstra, a former chairman of the Intelligence panel and now the ranking member, who is routinely entrusted to keep some of the nation’s most closely guarded secrets...

"Not only did Hoekstra reveal the existence of the lawmakers’ trip, but included details about their itinerary in updates posted every few hours on his Twitter page, until he suddenly stopped, for some reason, on Friday morning."

More at CQPolitics...

Thursday, February 5, 2009

You Gotta Know When To PWN 'Em

"Online gambling sites are being hit by hackers who are using botnets that fix the odds to ensure large winnings.

"Guri Geva, regional director UK, Northern Europe and Israel at Radware, claimed that by using scripts, scammers are simulating the actions of legitimate gamblers and gathering information that can be used to increase the odds of winning bets.

"Since the scripts simulate real user behaviour, they are very hard to track by regular security tools and can even be used for money laundering purposes."

More at SC Magazine...

Wednesday, February 4, 2009

The Script Kids Are BACK!

"Increasing numbers of teenagers are starting to dabble in hi-tech crime, say experts.

"Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.

"The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.

"Youth workers added that any teenager getting a criminal record would be putting their future at risk.

"`I see kids of 11 and 12 sharing credit card details and asking for hacks,` said Chris Boyd, director of malware research at FaceTime Security.

"Many teenagers got into low level crime by looking for exploits and cracks for their favourite computer games.

"Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data.

"Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way."

More at BBC News...

Google Kills Bambi

"Gathering ground-level images for Google's voyeuristic Street View application one of the search giant's mobile camera cars hit and killed a baby deer while snapping on a rural road in upstate New York.

"The incident was recorded on Google Maps (here), but has since been blacked out by Google.

"A sorry Google commented: `Gathering the imagery for Street View requires quite a bit of driving; as such, we take safety very seriously. Unfortunately, accidents do happen - as some people have noticed, one of our Street View cars hit a deer while driving on a rural road in upstate New York. Due to several user requests using the 'Report a concern' tool, these images are no longer available in Street View.`"

From PCWorld...

Barnum's Law Aids Cybercrime

"Optimistic and kind-natured people are more likely to fall victim to cybercrime than those who are greedy and materialistic, according to an organisation set up to help victims of e-crime.

"E-Victims says that cybercrime is a growing problem because criminals are getting more sophisticated and manipulative.

"...Online dating scams, where a criminal deceives victims by feigning an emotional bond before asking for money, are common. ...this is because although people often suspect that they're being scammed, they don't really believe it because they've invested time and effort into this individual online.

"And in some cases, particularly with young people, victims aren't used to encountering people with malicious intent, and are therefore easily taken in by official-looking logos and job titles that scammers use in their emails..."

More at PC Pro...

Government Security Contractor PWN3D

"Employees at federal security agencies are being notified that their personal information may have been compromised after hackers planted a virus on computer networks of government contractor SRA International Inc...

"The breach is embarrassing for SRA, a 6,600-employee technology consulting company that sells cybersecurity and privacy services to the federal government. The company wouldn't say which federal agencies were affected by the breach, but in U.S. Securities and Exchange Commission filings, it lists intelligence agencies and the U.S. Department of Defense, the U.S. Department of Homeland Security and the U.S. National Guard among its clients..."

More at ComputerWorld...

Monday, February 2, 2009

Study: Incompetent Idiots Cause Most Data Breaches

"A just-released study concludes that the cost of data breaches to businesses is rising from both internal negligence and the actions of third parties.

"The overall cost of data breaches is also rising. In 2008, the overall average cost to respondents was more than $6.6 million per breach, compared to $6.3 million in 2007 and $4.7 million in 2006, the study found. Actual costs ranged from $613,000 to almost $32 million.

"The fourth annual U.S. cost of data breach study conducted by the Ponemon Institute detailed the dangers. The study, which covers 2008, was funded by encryption vendor PGP. It found that 88 percent of data breaches are caused by simple negligence on the part of staff."

From InternetNews...