EPIC Asks FTC to Investigate Google's Cloud Computing Services Security (March 18, 2009)
The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission (FTC) asking the agency to investigate whether Google's cloud computing services, including Gmail, are taking adequate steps to protect users' privacy...
Visa Sets Deadline for Bank Fraud Claims in Heartland Breach (March 16, 2009)Visa has established May 19, 2009 as the deadline for banks to file fraud claims resulting from the Heartland Payment Systems data security breach...
Jurors Admit to Accessing Internet to Research Cases (March 18, 2009)The pervasiveness of connectivity through Blackberrys, iPhones and other devices is causing problems in court cases around the country...
FBI Agent Allegedly Accessed Confidential Database Without Authorization (March 18, 2009)An FBI agent in New York has been suspended without pay following charges that he accessed a confidential law enforcement database without authorization...
IT Contract Worker Indicted for Sabotage (March 17 & 18, 2009)Mario Azar, who was formerly employed as an IT consultant at an oil and gas production company, has been charged with illegally accessing and compromising a computer system that was used to monitor offshore oil platforms...
Senate Committee Holds Hearing on Cyber Security Vulnerabilities and Defense (March 19, 2009)On Thursday, March 19, 2009, the US Senate Committee on Commerce, Science, and Transportation held a hearing titled Cybersecurity: Assessing Our Vulnerabilities and Developing an Effective Defense...
Kundra Reinstated (March 17, 18 & 19, 2009)Vivek Kundra is back at work as federal chief information officer (CIO)...
UK May Start Retaining Social Networking Site Data (March 18 & 19, 2009)UK Home Office Security Minister Vernon Coaker says that the EU Data Retention Directive does not go far enough because it does not include communications on social networking sites like Facebook and Bebo...
Critical Buffer Overflow Flaw in WordPerfect Library (March 18, 2009)The SDK Autonomy KeyView library used by the WordPerfect office suite is susceptible to a critical buffer overflow flaw...
Cyber Squatting and Brand Abuse a Growing Problem (March 17, 2009)A study from MarkMonitor found that the practice of cybersquatting increased 18 percent during 2008...
Microsoft Releases IE 8 (March 19, 2009)Microsoft has released Internet Explorer 8 (IE 8), the first major update for the browser since 2006...
Australian Internet Blacklist (March 17, 2009)People who hyperlink to websites on the Australian Communications and Media Authority's blacklist could find themselves fined AU $11,000 (US $7,600) a day...
Latest on Conficker, (Fri, Mar 20th)
The researchers at SRI International updated their Conficker paper today. This is by far one ...
Stealthier then a MBR rootkit, more powerful then ring 0 control, it's the soon to be developed SMM root kit. , (Fri, Mar 20th)Joanna Rutkowska founder and CEO of Invisible Things Lab along with Rafal Wojtczuk has released a ...
Browsers Tumble at CanSecWest, (Thu, Mar 19th)The three major browsers fell in quick succession at CanSecWest. The Pwn2Own competition prod ...
Updates to ISC BIND, (Sat, Mar 21st) (InternetStormCenter)ANSI Panel to Standardize Identity Theft Tracking (NetworkWorld Security)
Crooks Flock to Rogue Antivirus Apps (NetworkWorld Virus/Worms)
CVE-2008-6496 (expertpdfeditorx) (Natl. Vulnerability Database)
CVE-2009-1023 (phpcomasy) (Natl. Vulnerability Database)
Bugtraq: SECURITY DSA 1748-1 New libsoup packages fix arbitrary code execution (SecurityFocus Vulnerabilities)
Rogue Antivirus Distribution Network Dismantled (SecurityFix Blog)
Researchers make wormy Twitter attack (NetworkWorld Security)
Intel Chip Vulnerability Could Lead to Stealthy Rootkits (E-Week Security)
Romanian police arrest Pentagon hack suspect (The Register)
(3) MODERATE: GNOME glib Base64 Functions Mutiple Integer Overflow Vulnerabilities (SANS @Risk)
Why People Steal Rare Books (Schneier blog)
A Search Is Launched for Conficker's First Victim (PC World) (Yahoo Security)
Antivirus2009 Holds Victim's Documents for Ransom (SecurityFix Blog)
Vuln: Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities (SecurityFocus Vulnerabilities)
Visa: Post-breach criticism of PCI standard misplaced (NetworkWorld Security)
CVE-2008-6498 (Natl. Vulnerability Database)
Visa pilots new payment card security initiatives (NetworkWorld Security)
Brief: Researchers aim low to root hardware (SecurityFocus News)
CVE-2009-1027 (Natl. Vulnerability Database)
Latest on Conficker, (Fri, Mar 20th) (InternetStormCenter)
Flaw makes Twitter vulnerable to serious viral attack (The Register)
CVE-2008-6485 (phpimagegallery) (Natl. Vulnerability Database)
Bloginator v1a (Cookie Bypass/SQL) Multiple Remote Vulnerabilities (milw0rm)
Bugtraq: GLSA 200903-32 phpMyAdmin: Multiple vulnerabilities (SecurityFocus Vulnerabilities)
Intel chip flaw gets double exposure (The Register)
The CCTV Project Planner (NetworkWorld Security)
Tech Insight: A DIY Security Testing Lab
How to set up an in-house, do-it-yourself security testing lab
Small Business: The New Black In Cybercrime TargetsSecurity experts say hackers are turning away from stiff defenses of banks and large enterprises and turning toward small businesses
Indian Credit Card Fraud Exposed - Linked to SymantecBy Darknet on symantec credit card scam
In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions. I guess it’s hard to control a 3rd party call center though and who
Webshag 1.10 Released - Free Web Server Audit ToolBy Darknet on webshag
Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version...
Stimulus Package Includes New HIPAA Security RulesPosted by InfoSec News on Mar 20
http://www.aafp.org/online/en/home/publications/news/news-now/government-medicine/20090318hipaa-security-rules.html
By Sheri Porter
AAFA News Now
3/18/2009
The recently passed federal stimulus package includes changes to federal
health information privacy and security provisions under the...
Posted by InfoSec News on Mar 20
http://www.hindustantimes.com/StoryPage/StoryPage.aspx?sectionName=HomePage&id=99ed5976-6d8d-4402-abe0-e43a70e1c603&Headline=%E2%80%98Yahoo!+paid+for+Peerbhoy%E2%80%99s+training+to+hack+networks%E2%80%99
[Playing connect-the-dots with this story below, e2 Labs, was started in
2003 in...
Posted by InfoSec News on Mar 20
http://news.cnet.com/8301-1009_3-10200631-83.html
By Elinor Mills
Security
CNet News
March 19, 2008
VANCOUVER, B.C. -- Presenters at the CanSecWest security conference
detailed on Thursday how they can sniff data by analyzing keystroke
vibrations using a laser trained on a shiny laptop...
Posted by InfoSec News on Mar 20
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=215901301
By Tim Wilson
DarkReading
March 19, 2009
WASHINGTON, D.C. -- Visa Security Summit 2009 -- Hacking banks and large
businesses? That's sooo 2008.
Hackers and computer criminals this year are taking a new aim...
A hacking tool gets updated for the MacPosted by InfoSec News on Mar 20
http://www.networkworld.com/news/2009/031909-a-hacking-tool-gets-updated.html
By Robert McMillan
IDG News Service
03/19/2009
Two well-known Mac hackers are updating a widely used hacking toolkit,
making it easier to take control of a Macintosh computer.
Over the past few days, the...
Chinese spy who defected tells allPosted by InfoSec News on Mar 20
http://washingtontimes.com/news/2009/mar/19/exclusive-chinese-spy-who-defected-tells-all/
By Bill Gertz
The Washington Times
March 19, 2009
EXCLUSIVE:
A veteran Chinese intelligence officer who defected to the United States
says that his country's civilian spy service spends most of its...
Posted by InfoSec News on Mar 20
========================================================================
The Secunia Weekly Advisory Summary
RampD work vulnerable to cyber threatsPosted by InfoSec News on Mar 20
http://fcw.com/articles/2009/03/19/cybersecurity-economy.aspx
By Ben Bain
FCW.com
March 19, 2009
Cyber vulnerabilities could threaten research and development efforts,
and action is needed to stop the commercial losses caused by cyber
attacks, cybersecurity experts told a Senate committee...
Crash, bang, analyze
CanSecWest Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it's still under development.
Websense mistakes Cisco.com for hack siteIPs of ill repute
Websense briefly classified the home page of networking giant Cisco as a hacking site earlier this week.
Romanian police arrest Pentagon hack suspect'Wolfenstein' cuffed
Romanian police have arrested a hacker suspected of breaking into Pentagon systems and planting malware.
Indian call centre credit card 'scam' exposedSymantec renewal details end up on black market
An undercover investigation by the BBC has exposed evidence of the theft of credit card details by workers at an Indian call centre used by security giant Symantec.
Flaw makes Twitter vulnerable to serious viral attackSon of Samy?
Updated Micro-blogging site Twitter suffers from a potentially devastating vulnerability that forces logged-in users to post messages of an attacker's choice simply by clicking on a link. It could be used to spawn a self-replicating worm.
Boffins sniff keystrokes with lasers, oscilloscopesI know what you typed last summer
CanSecWest Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks.
Richardson death used to bait scareware trapsOff-piste
Criminal hackers are exploiting interest in news of the tragic death of actress Natasha Richardson on Wednesday to bait scareware traps.
Intel chip flaw gets double exposureSecurity researchers converge on cache vuln.
Security researchers are due to publish research on how an Intel chip flaw might be used for potentially malign purposes on Thursday.
IT contractor charged over US oil rig hackRoughneck cracker charges
An IT contractor has been charged with sabotaging offshore oil rig computer systems.
Air France trials biometric boarding cardsFingerprints and smart cards
Air France has started trialling RFID-equipped smartcards which store passenger fingerprints to allow automated boarding.
March Madness-related SEO Poisoning Leads To Rogue AVBy Robert A. on Worms
"With only a few days left before the tournament starts, if a user searches for popular March Madness-related terms in Google, malicious URLs as high as the first result are returned. Search terms that currently exist within the Top 10 of Google's Hot Trends (the most popular search results) return these...
Web Application Security Spending Relatively Unscathed By Poor EconomyBy Robert A. on Metrics
"First the good news: Despite the global recession, two-thirds of organizations either have no plans to cut Web application security spending, or they expect their spending to increase this year. Now the bad news: Spending for security applications is less than 10 percent of the overall security budget in 36 percent...
Malware installing rogue DHCP serverBy Robert A. on Worms
Sans published an entry about a new piece of malware that installs a rogue DHCP server that specifies a rogue DNS server, presumably for phishing and malware deployment. I wouldn't be surprised if this concept is fairly old but it appears to be the first time a common piece of malware...
Oliver Day: Time to Shield ResearchersTime to Shield Researchers
Brief: China more friend than foe, says white hatChina more friend than foe, says white hat
Brief: Researchers aim low to root hardwareResearchers aim low to root hardware
By Robert Westervelt
Hackers failed to crack mobile devices during the Pwn2Own contest at the CanSecWest conference, but a security team later demonstrated a way in with a simulated flaw.
Internet Explorer 8 includes a bevy of security featuresBy Robert Westervelt
Experts praise the IE 8 security features, but say browser makers have a long way to go in preventing the browser from being a hacker's favorite mode of attack.
Latest Apple iPhone features prompt security concernsBy Eric Ogren
Push notification, copy/paste and Bluetooth peer-to-peer communication features give hackers new areas to target.
Security incident response 101By Robert Westervelt
Even the best procedures fail to overcome the stresses in the initial throes of an incident. Security consultant Lenny Zeltser explains how to run a well coordinated response.
ANSI Panel to Standardize Identity Theft TrackingKnow the difference between 'identity theft' and 'identity fraud'? Don't feel bad if you don't. Even within the security industry, within the government, and within law enforcement, the terms are used interchangeably although they are in fact different.
Crooks Flock to Rogue Antivirus AppsChasing massive profits, crooks have unleased a flood of rogue antivirus programs that attempt to fool or scare unsuspecting PC users into forking over cash for an app that does nothing worthwhile.
Pin Down Your PasswordsYou know better. You know you should have complicated, hard-to-guess passwords with numbers and both uppercase and lowercase letters. The problem is, they're so hard to remember. As your business uses more web applications and your password collection grows unruly, look to password tools as a way to manage security for you and your employees.
Report links Russian intelligence to cyber attacksA follow-up report authored by a group of cyber-security experts claims that Russian intelligence agencies were probably involved in the 2008 cyber attacks on Georgia.
BBC says U.K. credit card information for sale in IndiaReporters from the BBC posing as fraudsters claim they bought names, addresses and valid credit card details of U.K. residents from a man the BBC identified as Saurabh Sachar in Delhi.
iWonder Surf offers managed browsing on iPhone, iPod touchParents concerned that their iPhone and iPod touch-touting kids might be visiting unsavory Web sites now can install an application that will help them. It's called iWonder Surf, and it's available for US$15 from the App Store.
Researchers make wormy Twitter attackComputer security researchers have devised a new Twitter attack that they say could spread virally, much like a worm on the microblogging service.
Visa pilots new payment card security initiatives
Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior Visa Inc. executive Thursday described two new initiatives to reduce payment card fraud being tested by the company.
A search is launched for Conficker's first victimWhere did the Conficker worm come from? Researchers at the University of Michigan are trying to find out, using a vast network of Internet sensors to track down the so-called "patient zero" of an outbreak that has infected more than 10 million computers to date.
Security researchers hack Safari in contestFor the second year running, security researcher Charlie Miller has taken home the top prize at security conference CanSecWest in Vancouver, after successfully hacking a MacBook via Safari. Miller exploited a vulnerability in Safari that allowed him to take control of the computer by having the user click on a malicious link.
A hacking tool gets updated for the MacTwo well-known Mac hackers are updating a widely used hacking toolkit, making it easier to take control of a Macintosh computer.
Protect Your Data With Whole-Disk EncryptionIn my last post, I talked about some of the tools that claim to recover your stolen laptop. This time I want to review another series of tools that can be useful protection as well: doing whole-disk encryption of your hard drives across your enterprise. The idea that even if your laptop falls into the wrong hands, no one besides yourself will be able to read any of the files stored on it. When you boot your PC, you need to enter a password, otherwise the data in each file is scrambled, and no one else can gain access to your files.
Expert: Hackers penetrating control systemsThe networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said Thursday.
Researcher hacks just-launched IE8Just hours before Microsoft Corp. officially launched the final code for Internet Explorer 8 (IE8), a German researcher yesterday hacked the browser during the PWN2OWN contest to win $5,000 and a Sony Viao laptop.
Visa: Post-breach criticism of PCI standard misplacedVisa Inc.'s top risk management executive Thursday dismissed what she described as "recent rumblings" about the possible demise of the PCI data security rules as "premature" and "dangerous" to long-term efforts to ensure that credit and debit card data is secure.
Is IE8 Actually Safer?Internet Explorer 8 hits the wires Thursday with a bevy of new security features, including more protection against hacked sites, ActiveX lockdowns, and a private browsing mode. And if you're wondering whether you should get it, then here's your short answer: Yes.
Chinese high-tech spy case inches closer to trialDid software engineer Hanjuan Jin steal thousands of confidential documents from Motorola to share with the People’s Republic of China? The strange and complex case is expected to go to trial in Chicago.
Microsoft releases IE8, stresses securityMicrosoft plans to make its Internet Explorer 8 browser available on Thursday, along with a company-commissioned report claiming IE8 is more secure against malware than rival browsers from Mozilla and Google.
IE 8 released, made available on WebMicrosoft Thursday released Internet Explorer 8, the next version of its Web browser that includes a number of corporate features, including tools to customize and control the software via centralized policies.
NAC remediation optionsWhen NAC was conceived, it had everything to do with finding out if endpoints met security checks, but not so much about what to do about it.
Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5KCharlie Miller, the security researcher who hacked a Mac in two minutes last year at CanSecWest's PWN2OWN contest, improved his time Wednesday by breaking into another Mac in under 10 seconds.
Brits stuff mobiles with risky ID dataThe data stored by Brits on their personal mobile phones can be easily used for ID theft purposes, especially because of the minimal security measures they take to guard the data, warned Credant Technologies.
The CCTV Project PlannerThis article provides an overview of the video surveillance system planning and implementation process, and focuses on end-user perspectives. Successful CCTV projects are difficult to accomplish. Success factors are endogenous and exogenous to individual systems. Both are equally important to understand when planning for system implementations. The best way for an end-user to find success is first to gain insight into a few key issues in the CCTV industry.
Top Internet Threats: Censorship to Warrantless Surveillance
By David Kravets
In celebration of Sunshine Week, Wired has compiled a list of top threats to the internet — ranging from censorship to warrantless eavesdropping.
Wizzywig Cartoonist Inks a Phreakin' Comic Book
By Steven Levy
Ever since Kevin Mitnick's notorious exploits of the early 1990s, commentary inspired by the dark-side hacker has proliferated like a well-crafted computer virus. There have been six books, one feature film, a documentary, and endless hagiography in the quarterly phreaker bible 2600. The latest entry in the canon: Wizzywig, a four-part graphic novel by Ed Piskor.
Why did Piskor—a 26-year-old Pittsburgh cartoonist best known for his work with cranky comic god Harvey Pekar—choose the greasy-fingered milieu of the computer underground for his solo debut? Certainly not out of technolust: He's a self-described semi-Luddite. Instead, he was seduced by the funky phreak culture. Over the course of 14 months, Piskor devoured the archives of 2600, Phrack, TAP/YIPL, and other tech prankster zines; read a shelf's worth of computer-crime tomes; and listened to the entire run (via podcast) of Off the Hook, a radio show hosted by 2600 editor Emmanuel Goldstein. In the process, he found not only a fascinating subculture but also himself. "Cartoonists have a lot in common with hackers," he says. "Both lead very solitary existences."
Wizzywig is a delight, wryly rendered and packed with dead-on details of the hacker life. Though the narrative of protagonist Kevin Phenicle tracks Mitnick's life and crimes, Phenicle (aka Boingthump) is a composite drawn not just from Mitnick but other geek malfeasants like Mark Abene (Phiber Optik) and Wired's own Kevin Poulsen (Dark Dante). Famous incidents and hacker luminaries also make Ragtime-style cameos: the 1971 Esquire article about phone phreaking, Captain Crunch's "war dialer" gizmo, and Robert Morris' 1988 Internet worm. Piskor even brings in Apple's cofounders (below), in a hilariously drawn depiction of the time the two Steves almost got busted selling blue boxes—devices that let phreakers make free long-distance calls. With the publication of volume 2, Hacker, late last year, Wizzywig is now half complete. Volume 3 (Fugitive) is pegged for late 2009.
Piskor is self-publishing Wizzywig and sells it at Edpiskor.com. He prints 100 copies at a time and spends his mornings processing orders and shipping. (It's also a kind of fitness routine: "A lot of cartoonists get really fat, so I walk to the post office every day.") By examining the PayPal paper trail, he has discovered that one of his customers is Mitnick's mother. So far, nothing from Mitnick himself. Better yet, no denial-of-service attacks on his site. The dark-siders must like him.
Gmail's New 'Undo Send' Feature Saves You From Outbox Regret
By Michael Calore
Ever say something in an e-mail that got you into serious hot water? Google now gives users a five second window to "undo" any Gmail message before it's sent out over the tubes.
First Look: IE8 Is Microsoft's First Truly Modern Browser
By Michael Calore
Microsoft has released the latest version of Internet Explorer, the most-used web browser in the world. IE8 shows significant improvements in most areas, and while it still lags behind more forward-looking browsers like Firefox, its sure to please users upgrading from older versions of IE.
If you've not yet leapt into the great abyss of social networking, then you haven't created any accounts that can be compromised, and you're safe, right? Not!
Researchers hunting for Conficker's Patient ZeroBy jhruska@arstechnica.com (Joel Hruska) on patient zero
The Conficker worm has been making headlines for several months, thanks to periodic refresh cycles that have shifted both its attack vectors and its behavior once inside a system. Part of what makes the worm unique is that it takes advantage of a security flaw Microsoft had actually patched several months prior; any system with the MS08-67 security update was immune to Conficker.A's initial attack. It's been theorized that the worm initially latched on to a relatively small group of enterprise computers with long patch update cycles; researchers are now combing through data from the earliest stages of the worm's existence, attempting to find the system or group of simultaneously infected systems that represent a digital Patient Zero.
New FOIA rules official—let the data flood beginBy julian.sanchez@arstechnica.com (Julian Sanchez) on transparency
Since 2001, the rule of thumb for government agencies responding to Freedom of Information Act requests has been "when in doubt, leave it out." A month after the 9/11 attacks, a directive from then-Attorney General John Ashcroft urged agencies to carefully consider all possible grounds for withholding information before making disclosures, and promised the Justice Department's backing for any decision to withhold with a plausible legal basis. On Thursday, new Attorney General Eric Holder reversed that order, instructing executive branch officials that "an agency should not withhold information simply because it may do so legally." The new guidelines could potentially affect a slew of pending cases concerning secretive copyright treaties, warrantless wiretapping, and military interrogation practices.
This is the way the Internet ends: not with a bang, but DPIBy nate@arstechnica.com (Nate Anderson) on network neutrality
Does deep packet inspection mean the end of the Internet?
Deep packet inspection (DPI) gear has always been marketed to ISPs as a way to earn more money by scanning Internet traffic and charging more for various services. Want to game online? Better upgrade to the "Gaming Xtreme!" plan. Want to use VoIP? Prepare to open your wallet. Watch much streaming video? Well, it would be a whole lot smoother if you just paid another $2.99 a month.
DPI vendors haven't tried to hide this; one company's marketing literature suggests that it can help "reduce the performance of applications with negative influence on revenues" (e.g. competitive VoIP services).
Chrome only browser left standing after day one of Pwn2Own
By segphault@arstechnica.com (Ryan Paul) on safari
Browser vendors often make strong claims about their responsiveness to vulnerability reports and their ability to preemptively prevent exploits. Security is becoming one of the most significant fronts in the new round of browser wars, but it's also arguably one of the hardest aspects of software to measure or quantify.
A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during the Pwn2Own competition that took place at the conference. Google's Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.
Intel CPU-level exploit could be tempest in a teapotBy jhruska@arstechnica.com (Joel Hruska) on Trusted Computing
Johanna Rutkowska of Invisible Things Lab has been making headlines ever since she announced her development of a seemingly undetectable rootkit she dubbed "Blue Pill." While that project is now defunct, Rutkowska has continued her research into hardware virtualization technology. Her more recent efforts have focused on Intel platforms and the company's Trusted Execution Technology; Intel released a BIOS update to fix several security vulnerabilities Invisible Things Lab discovered back in August of 2008. On Thursday, March 19, Rutkowska and fellow team member Rafal Wojtczuk released details of yet another Intel-focused exploit—is the CPU manufacturer's security sandbox not up to snuff?
Save the children? ICANN opens debate on CyberSafety charter
By jhruska@arstechnica.com (Joel Hruska) on internet filtering
ICANN has been soliciting a lot of comments on its governance and future of late, including one petition to form a CyberSafety Constituency (CSC) within the Non-Commercial Stakeholders Group. (NCSG). The petition (PDF) as filed with ICANN is fairly innocuous and harmless-sounding, but the woman doing the filing—Professor Cheryl B. Preston, of Brigham Young University—has ties to other nonprofit organizations that should have been disclosed at some point within the application procedure.
Sentencing commission ponders extra jail time for proxy users
By julian.sanchez@arstechnica.com (Julian Sanchez) on privacy
I'm betting Michael DuBose, chief of the Justice Department's Computer Crime & Intellectual Propety Section, is a Steven Seagal fan. At a hearing held Tuesday by the US Sentencing Commission, Dubose warned that "cyber-criminals are increasingly using sophisticated technological tools like 'proxies' to evade detection and prosecution." Naturally, I immediately thought of Under Siege 2: Dark Territory, in which the flabbifying action hero must track down nefarious hacker Travis Dane (playwright Eric Bogosian slumming for a paycheck), who has seized control of a government satellite weapon. Just when the grim-faced folks in the government command center think they've got a lock on the hijacked bird—bang!—the screens are filled with 50 "ghost" satellites Dane has created to throw them off the trail. Proxies!
In reality, of course, proxy servers and anonymous routing are not l33t haxx0r tools, but rather a feature of modern Internet use so commonplace and banal that Web surfers in corporate or university environments routinely make use of proxied connections without even knowing it. But the Justice Department is urging the Sentencing Commission to recognize proxies as "sophisticated means" automatically meriting stiffer penalties when used in the course of a computer crime.
Internet Explorer 8 released, progress unmistakable
By emil.protalinski@arstechnica.com (Emil Protalinski) on Internet Explorer
The final build of Internet Explorer 8 has been released in 25 languages. You can also grab the download directly from these links: Windows XP 32-bit (16.1 MB), Windows XP 64-bit (32.3 MB), Windows Server 2003 32-bit (16.0 MB), Windows Server 2003 64-bit (32.3 MB), Windows Vista 32-bit (13.2 MB), Windows Vista 64-bit (24.3 MB), Windows Server 2008 32-bit (13.2 MB), and Windows Server 2008 64-bit (24.3 MB). The final build number is 8.0.6001.18702.
The public Windows 7 beta is not being updated, and although Microsoft released an update for IE8 for Windows 7 in February, the next update is not likely to arrive until the Windows 7 Release Candidate next month. For everyone else, in the coming weeks Microsoft will put IE8 out as an optional download on Windows Update and then later roll it out to users via Automatic Updates. A quick note to all the IT administrators out there reading this post: the IE8 blocker toolkit is already available, so make sure you get acquainted with it if you're planning on avoiding IE8 when it's released via Microsoft's update channels.
Connecticut Man Sentenced for E-card Scam
His phishing scheme targeted AOL subscribers
BBC Says UK Credit Card Information for Sale in India
Three of the victims had used their cards to buy Symantec software
Also in the report, an employee at a major North American wireless carrier is said to be part of a hacker group
Doctors say better EHRs and better interoperability are also needed
IPod Scammer Brought up on Federal ChargesProsecutors have just brought federal charges of fraud and money laundering against Nicholas Arthur Woodhams of Kalamazoo...
Oracle Offering Scaled-down Version of Database MachineOracle claims strong demand for its Exadata product line but declines to offer numbers
Crooks Flock to Rogue Antivirus AppsThe number of fake security programs pushed by the bad buys to trick victims out of their cash has leapt dramatically.
In an attempt to simplify the tracking of identity theft and identity fraud for law enforcement, ANSI is working to clearly define these terms.
With Google Chrome poised to become the new, hot open-source browser, the increasingly bloated Firefox could be in trouble.
Researchers Make Wormy Twitter Attack
A cross site scripting attack on Twitter could leave it vulnerable to a fast-spreading viral attack.
A Search Is Launched for Conficker's First VictimThe outbreak has infected more than 10 million computers to date
Hackers are making the Mac a 'first-class target' for the popular Metasploit toolkit.
Is IE8 Actually Safer?Microsoft is touting new security features in today's IE8 release. Should you get it?
Expert: Hackers Penetrating Control SystemsOne attack caused US deaths, a security consultant testified to the Senate
Security Researchers Hack Safari in ContestFor the second year running, security researcher Charlie Miller has taken home the top prize at security conference CanSecWest...
Caleido AG, parent company of online storage service Wuala, announced Thursday it has merged with computer peripheral maker...
Cloud Provider 3Tera Announces 'five Nines' SLACustomer accounts will be credited automatically if availability drops.
No comments:
Post a Comment