"The Big Bad Database of Senator Norm Coleman"

"Wikileaks has released detailed lists of the controversial Republican Senator Norm Coleman's supporters and donors. Some 51,000 individuals are represented.

"Although politically interesting in their own right, the lists, which are part of an enourmous 4.3Gb database leak from the Coleman campaign, provide proof to the rumors that sensitive information--including thousands of supporter's credit card numbers--where put onto the Internet on January 28 as a result of sloppy handling by the campaign.

"Senator Coleman collected detailed information on every supporter and website visitor and retained unencrypted credit card information from donors, including their security codes. Although made aware of the leak in January, Senator Coleman kept the breach secret, failing to inform contributors, in violation of Minnesota Statute 325E.61."

Good reading at WikiLieaks...

Watcha Gonna Do When They Tweet For You?

"Like unhip adults late to adopt a fad, police departments and other law enforcement agencies are jumping on the social networking bandwagon. They hope to break down bureaucratic boundaries between departments and jurisdictions and further the fight against crime.

"A few companies in the field are developing promising businesses, and supporters have given the trend a slightly cringe-inducing name: Law Enforcement 2.0.

"As in so many other realms where the use of technology has expanded in what seems an eye-blink, this crime-fighting method promises great improvements over traditional ways of getting things done. But it also challenges existing privacy protections, like limitations on the information investigators can share about people they may suspect of committing crimes..."

More at The New York Times...

Non-IT Worker Destroys Data Just For Funsies

"A promising engineering student who deliberately deleted crucial information from his employer's computer backup systems cost the company hundreds of thousands of dollars in lost business and data recovery.

"Gareth Pert, 23, nearly crippled Hamilton business Progressive Hydraulics while acting out of `pure vindictiveness`, said company director Rodney Sharp.

"And Sharp has warned other employers they stand to lose their life's work if they trust new staff and don't tighten computer security systems..."

Read more at stuff.co.nz...

McAfee Jumps On Anti-IT Worker Bandwagon

"If you think the IT guy at work is annoying now -- does he really have to roll his eyes when you ask him where to find to the power switch? -- just wait until he steals $5 million dollars from the company.

"As the recession unfolds and companies lay off an increasing number of employees, firms face a new and growing threat in the form of disgruntled technology workers with access to a corporation's best-kept secrets.

"Theft of intellectual property, fraud and damage of corporate networks cost corporations over a $1 trillion globally in 2008, according to a recent report by the security firm McAfee..."

More at ABC News...

Mad Scientists Release H5N1 Bug

"It's emerged that virulent H5N1 bird flu was sent out by accident from an Austrian lab last year and given to ferrets in the Czech Republic before anyone realised. As well as the risk of it escaping into the wild, the H5N1 got mixed with a human strain, which might have spawned a hybrid that could unleash a pandemic.

"Last December, the Austrian branch of US vaccine company Baxter sent a batch of ordinary human H3N2 flu, altered so it couldn't replicate, to Avir Green Hills Biotechnology, also in Austria. In February, a lab in the Czech Republic working for Avir alerted Baxter that, unexpectedly, ferrets inoculated with the sample had died. It turned out the sample contained live H5N1, which Baxter uses to make vaccine. The two seem to have been mixed in error.

"Markus Reinhard of Baxter says no one was infected because the H3N2 was handled at a high level of containment. But Ab Osterhaus of Erasmus University in the Netherlands says: `We need to go to great lengths to make sure this kind of thing doesn't happen.`"

Source: NewScientist

No Honor Among Cyberthieves

"Cyber-crooks are not only exploiting security flaws in popular software in order to steal from vulnerable and innocent users. Independent Security Consultant Dancho Danchev describes how vulnerabilities in unpatched releases of the Zeus crimeware kit are being exploited by hackers in order to steal resources from their fellow criminals.

"The security researcher has come across an interesting posting made by a botnet runner, who asks for help to secure his infrastructure after being compromised several times by other hackers. According to his own account, someone hijacked his botnet, composed of over 100,000 compromised computers, by exploiting a vulnerability in the Zeus kit, which allowed remotely injecting a high-level account into the administration panel of the crimeware..."

Read the full article at Softpedia...

Security "Pros" Shill For Web 2.0 At Conference

"Facebook, LinkedIn and Twitter, once viewed as high-risk, productivity-sucking applications, seem to have wiggled their way into the hearts of security teams nationwide. In fact, most organizations no longer block the popular web sites and allow employees to access these Web 2.0 applications at work, according to a new survey from the Security Executive Council.

"The research, which was released this week at the CSO Perspectives conference, reveals 86 percent of organizations who responded to an open poll on the council's web site said they do allow workers to use Web 2.0 applications, such as Facebook, LinkedIn and Twitter, while on the job and/or with a company-issued computer.

"The topic of social networking and work access was the subject of a spirited discussion among professionals who attended CSOP, a three-day event in Clearwater, Florida. Some in attendance pointed to Web 2.0 access as a necessary recruiting and retention tool..."

More at Network World...