Sunday, May 10, 2009

Around The Horn vol.1,97

Botnet master hits the kill switch, takes down 100,000 PCs

By jacqui@arstechnica.com (Jacqui Cheng) on Zeus

Botnets aren't just dangerous because they can steal massive amounts of personal data and launch denial-of-service attacks—they can also self-destruct, leaving the owners of affected machines in the dust. The controllers of one such botnet recently hit the kill switch for one reason or another, taking down some 100,000 infected computers with it.

The Washington Post recently profiled the case of Zeus/Zbot—a software kit that sprung up in March that harvests financial and personal data from PCs through the use of a Trojan. Zeus, unlike many other malware programs, managed to make each installation appear different to virus trackers so that it would be more difficult to remove. But Zeus had another interesting feature—one that isn't terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or "kill operating system"—and it was apparently executed some time last month.

Microsoft Patch Tuesday for May 2009: one bulletin

By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday

According to the Microsoft Security Response Center, Microsoft will issue one Security Bulletin on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (May 13 at 11:00am PST, if you're interested). The single vulnerability is rated "Critical," and earned its rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. The patch may require a restart.

The list of affected software includes Microsoft Office 2000, Office XP, Office 2003, Office 2007, the PowerPoint viewer, and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Researchers release Win 7 rootkit

By Robert A. on Security Tools

"Security researchers have released a proof-of-concept rootkit for Windows 7, in the hopes that its availability will assist in the prompt development of an antidote. Indian security researchers Vipin Kumar and Nitin Kumar demonstrated the toolkit, dubbed Vbootkit 2.0, at the Hack In The Box security conference in Dubai last month....

UC Berkeley computers hacked, 160,000 at risk

By Michelle Meyers

This post was updated at 2:16 p.m. PDT with comment from an outside database security software vendor.

Hackers broke into the University of California at Berkeley's health services center computer and potentially stole the personal information of more than 160,000 students, alumni, and others, the university ...

Yet another reason why Macs need security software

By Jon Oltsik

As expected, my blog this week about Macintosh security generated a lot of comments. Some were personal in nature (author's note: I really do know the difference between a Trojan and a virus but typos happen), some were quite thought-provoking.

I did receive some interesting data from a colleague ...

Researchers Find Missile Defense Data On Used Hard Drive

Study reveals sensitive data from missile defense system, major businesses not properly erased from hard drives

Building work starts on SBInet

The construction of 17 permanent towers for the SBInet system at the border of Arizona and Mexico started May 4.

In China, $700 puts a spammer in business

It's a great deal, if you're a spammer.

HK Hospital Authority steps up patient data security

To enhance the awareness among public hospital staff in protection of personal data of patients, the Hospital Authority (HA) and the Office of Privacy Commissioner for Personal Data (PCPD) has launched the 'Care for Patients - Protect their Personal Data' campaign.

160,000 student, alumni accounts breached at UC Berkeley

The University of California, Berkeley has begun notifying more than 160,000 students, alumni and others about the potential compromise of sensitive personal data, following a database intrusion at the university.

Govt agencies losing portable data: Privacy Commissioner

Many Australian government agencies do not have appropriate controls covering the use of portable storage devices (PSDs) for the handling of personal information.According to new research by the Office of the Privacy Commissioner, this personal information is being lost at an alarming rate.

How to secure your home network

Reader Steve Hawley is all too typical. His home network houses a mix of Macs and Windows PCs, an old 802.11b Linksys router connected to a cable modem, and a couple of Airport Expresses connected to sound systems around the house. He wrote to us, seeking some advice on how to configure that network so he could

Offshore Contract Tactics to Protect Against Threats

In the wake of events such as the admission of fraud by Satyam's CEO and recent terrorist attacks, sourcing professionals have been forced to consider whether they really enjoy the protections they thought they had already established contractually with their providers.

Phished Facebook accounts become spammer's tool

Cybercriminals who went after Facebook users with a number of phishing attacks last week have now turned around and begun sending spam messages from the Facebook accounts they cracked.

Site schools world+dog in browsing history pilfering
A defect as old as the web

A new website aims to draw increased attention to one of the web's longest-running privacy defects: The ability for any site owner to effortlessly steal a compete copy of your recent browsing history.…

XSS flaws poke ridicule at entertainment industry
MPAA spanked by Pirate Bay backlash

Cheeky crackers used a cross-site scripting flaw on the web sites of the Motion Picture Association of America (MPAA) to inject listings from controversial torrent links site The Pirate Bay.…

Researchers release Win 7 rootkit exploit code
Should we? Shouldn't we? Oh, go on then...

Security researchers have released a proof-of-concept rootkit for Windows 7, in the hopes that its availability will assist in the prompt development of an antidote.…

Shared SQL Injection Lessons Learned blog item, (Sat, May 9th)

...(more)...

Unusable, Unreadable, or Indecipherable? No Breach reporting required, (Sat, May 9th)

Recent HIPAA legislation promised guidance identifying the Technologies and Methodologies That ...(more)...

NERC Board Approves Revised Cyber Security Standards (May 6, 2009)

The board of the North American Electric Reliability Corporation (NERC) has approved changes to cyber security standards for the North American power system.......

DOT Inspector General's Audit Report Criticizes FAA Cyber Security (May 4, 6 & 7, 2009)

According to an audit report from the US Department of Transportation Office of the Inspector General, the country's air traffic control systems have been breached and continue to be vulnerable to cyber attacks.......

Heartland Payment Systems Regains PCI DSS Compliance (May 5 & 7, 2009)

Heartland Payment Systems is once again compliant with the Payment Card Industry Data Security Standard (PCI DSS).......

Alleged Cisco Source Code Thief Indicted (May 5, 2009)

A Swedish man has been indicted in a US court on charges that he allegedly stole Cisco source code.......

NSA Director Calls for Cyber Security Partnership (May 5 & 6, 2009)

In prepared testimony before the US House Armed Services Committee, National Security Agency (NSA) director Lt.......

Closing Arguments in RealDVD Case Expected on May 8th (May 5 & 7, 2009)

The case regarding the legality of RealNetworks' DVD-copying software is drawing to a close; Judge Marilyn Hall Patel expects to hear closing arguments on Friday, May 8.......

Windows 7 Release Candidate Has Disappointments and Improvements (May 6, 2009)

Microsoft's Windows 7 release candidate, which was made available earlier this week, is already disappointing some for not implementing certain changes that would improve security.......

Microsoft Will Offer Fix for PowerPoint Vulnerability on May 12 (May 7, 2009)

Microsoft's will release just one security bulletin on Tuesday, May 12.......

Google Updates Chrome Twice in One Week (May 7, 2009)

Google released two updates for its Chrome browser in two days.......

Virginia Dept. of Health Professionals Says Stolen Data Were Backed Up (May 7, 2009)

The Virginia Department of Health Professions has issued a statement saying that the data an attacker claims to have encrypted were backed up and the files secured, so the data have not been lost.......

FBI Agent Talks About Dark Market Under Cover Case (May 6, 2009)

FBI agent J.......

Google study backs browser silent auto update feature

By Robert Westervelt

A recent study found that manual browser updates resulted in less secure browsers. Experts say software patching needs continued improvements. Mozilla responds.

Microsoft to patch critical PowerPoint zero-day flaw

By Robert Westervelt

Attackers are actively targeting a remote code execution vulnerability in PowerPoint to take complete control of an affected system.

Hackers Swipe Student Data at UC Berkeley

Officials at the University of California, Berkeley, confirmed today that hackers broke into their databases in October and accessed data until last month. The data includes social security numbers and non-treatment medical information going back as far as 1999.
- Hackers broke into databases at the University of California, Berkeley, and got access to student and alumni records, the university admitted today. According to school officials, the data theft began Oct. 9 and went undetected until early April, when campus administrators performing routin...

Virginia DHP Urges Caution After Hacker Claims of Data Breach

As Virginia DHP officials await the completion of an investigation into reports of a massive data breach affecting 8 million records from the Virginia Prescription Monitoring Program, people are urged to be vigilant for signs of identity theft. On April 30, a message demanding a $10 million ransom for the data was posted on the Prescription Monitoring Program's Website.
- While law enforcement officials investigate reports of a data breach, the Virginia Department of Health Professions are urging anyone who could be affected to watch vigilantly for signs of identity theft for the next 12 to 24 months. On April 30, the Website of the DHP's Prescription Monitor...

Brief: Air traffic systems vulnerable, IG states

Air traffic systems vulnerable, IG states

In China, $700 Puts a Spammer in Business (PC World)

In technology

PC World - It's a great deal, if you're a spammer.

Hackers breach US air traffic control computers (AFP)

In politics

AFP - Hackers broke into US air traffic control computers on several occasions over the past few years and increased reliance on Web applications and commercial software has made networks more vulnerable, according to a government audit

Hackers breach UC Berkeley computer database (AP)

In technology

AP - University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

Lance Spitzner, The Honeynet Project, founder

Lance Spitzner of Honeynet fame has agreed to a Thought Leadership interview and we certainly thank him for his time.

Hackers Break into University Health Records

The University of California at Berkeley says its health services databases were breached, and begin warning students, alumni.

Heartland Comes Out Swinging After Data Breach

In the months following the disclosure of what may be the largest data breach in US history, Heartland's CEO has been pointing the finger at the payment industry.

Windows 7 RC Gets a Nasty Bug, Microsoft Issues Patch

Just days after it launched Windows 7 Release Candidate, Redmond issues a fix for a major flaw.

UC Berkeley Hit With Major Data Theft

Tens of thousands of current and former students have been impacted by a massive security breach.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

My Blog List