Google's Credit Card Cache

"A defunct payment gateway has exposed as many as 19,000 credit card numbers...

"The discovery by a local IT industry worker was made by mistake and appears to be caused by a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone."

More at iTnews...

Hackers Gasping For Adobe AIR

"Adobe has released their new AIR product with much fanfare about letting developers "use proven Web technologies to build rich Internet applications that deploy to the desktop and run across operating systems." The grand vision that's being promoted is that AIR is pioneering the application development model of the future, where cross-platform applications will be developed using a platform-independent tool such as AIR, and then deployed across the Web as downloadable gadgets that can be installed on any computer...

"The designers of AIR obviously wanted to play in the desktop application space, so AIR applications have full access to the machine they are running on. But it seems that the AIR designers were unwilling to give up on also being a platform for casually loaded Internet gadgets, even though they did not see fit to give AIR a sandbox for running untrusted applications...

"The resulting situation will be a bonanza for criminal hackers. AIR will become the first truly cross-platform tool for distributing malicious applications. Macintosh and Windows, home and business computers will all be equal-opportunity targets for Trojan horse attacks, keystroke loggers, etc., truly realizing the dream of `write once, hack everywhere!`"

More at AjaxWorld...

Hackers PWN Ticketmaster

"If you're hoping to score tickets to Coldplay's Vancouver concerts when they go on sale Saturday, you could find yourself up against computer hackers who can order up hundreds and even thousands of tickets in the time it would take you to punch in a single order.

"Scalpers looking to jump the online queue can program a computer to circumvent Ticketmaster's website security and automatically order tickets at speeds far beyond ones the ordinary buyer could hope to match...

"`Maybe it takes you a minute-and-a-half to click through to buy a ticket, in that minute-and-a-half the hacker could have made 100,000 ticket requests," said Ryan Purita, a forensic examiner and security specialist with Sherlock Forensics. "You cannot beat a hacker script...`"

Source: Vancouver Sun...

Cyberbullies Steal Lunch Money

"Bank officials are beginning to recover some of the $200,000 that computer hackers are suspected of transferring out of the Carl Junction school district's account.

"The Joplin Globe is reporting that the amount recovered totals at least $80,000.

"Superintendent Phil Cook says a computer virus that struck on Feb. 26. allowed someone to access the district's bank account.

"He says about $200,000 was transferred earlier this month from the district's account to a number of banks nationwide in increments of about $8,000.

"The bank noticed the problem March 6 and contacted the southwest Missouri school district.

"Cook says the FBI is investigating."

From KSPR...

McAfee's Business Partners Are Evil

[See also this post. Is the pot calling the kettle black or does it simply take one to know one? -Hinky]

"Federal law enforcement officials filed bribery charges today against the District of Columbia's acting chief security officer, along with a one-time D.C. government employee who owns an IT outsourcing company that runs offshore operations in India. Both were later arraigned in federal court.

"Arrested this morning was Yusuf Acar, who currently is the District of Columbia's acting chief security officer; police said they found $70,000 in cash in his Washington home. Acar's annual salary is $127,468, according to court documents.

"The second suspect arraigned on bribery charges is Sushil Bansal, CEO and founder of Advanced Integrated Technologies Corp. (AITC), a Washington-based outsourcing vendor that has won a number of contracts from the district's IT department.

"In what the government officials described as the `McAfee Software Scheme,` Bansal's firm submitted a purchase order for 2,000 units of McAfee Foundstone software, which is used to provide automated scanning and vulnerability assessments, for $104,166. McAfee generated a quote for AITC for the purchase of 500 units of the software at $36,845, but AITC, the provider in this case, charged the D.C. government for 2,000 licenses."

Full article at ComputerWorld...

FBI Rounds Up Evil IT Workers In Nation's Capitol

"FBI agents have arrested a District of Columbia government worker and another man while they search the offices of the city's chief technology officer.

"The head of that city office, Vivek Kundra, recently left to take a White House technology post.

"A law enforcement official, speaking on condition of anonymity because charges had not yet been unsealed, said worker Yusuf Acar was arrested Thursday. Another man, Sushil Bansal, was also arrested. A court appearance is expected later in the day.

"Katherine Schweit, spokeswoman for the FBI's Washington field office, said the search was being conducted as part of an ongoing investigation.

"Schweit declined to give the subject of the investigation, or comment further on the case."

Source: Yahoo!...

"Customers will write us bigger checks."

"The behemoth of Redmond, Wash., is methodically rolling out business software that's sold as an online service. There's a very compelling reason: For Microsoft, selling software-as-a-service means more revenues, and eventually profits, out of each transaction.

"Microsoft Senior Vice President Chris Capossela puts it bluntly: `Customers will write us bigger checks.`"

Full article at Forbes...