March 29, 2007
ID theft threats have surged 200% since Jan. 1: "Identity theft threats jumped 200% in the first two months of 2007, a security company said today, noting that fraudsters have shifted to simpler, more effective tactics."
source
Security can boost privacy | The Register: "The academics and security consultants behind the Dilemmas of Privacy and Surveillance report, released this week, reckon it's wrong to believe that increased security means more collection and processing of personal information."
source
One in ten Brits is victim of online fraud | The Register: "More than on in ten (12 per cent) of UK internet users fell victim to fraud over the last 12 months."
source
ShmooCon: Bad Web 2.0 thinking imperils Web security: "JavaScript coding errors and Web developers who are inexperienced at working with emerging programming techniques represent serious threats to the security of many Internet sites and the people who visit them, according to malware researchers. "
source
March 28, 2007
Techworld.com - Unclog the SSL bottleneck: "'We wanted to be sure the data could be flushed as we required but also that it was securely being stored. In the end we were satisfied,' McKinney says. 'We wanted to be sure the data could be flushed as we required but also that it was securely being stored. In the end we were satisfied,' McKinney says. "
source
Techworld.com - Don't blame China - malware is a US problem: "'The results of this study shatter the myth that malicious code is primarily being hosted in countries where e-crime laws are less developed.' 'The results of this study shatter the myth that malicious code is primarily being hosted in countries where e-crime laws are less developed.' "
Hacker attacks getting more personal: "Over the past year or so, the number of malicious sites using personalization techniques has mushroomed and today represents a new and disturbing trend,"
source
Gozi Trojan leads to Russian data hoard: "All of the information was sent by Gozi to a server in St. Petersburg, where it was then sold on a subscription basis to an unknown number of individuals. The black market street value of the stolen data: $2 million. "
source
March 21, 2007
Techworld.com - Computer & Internet Security News - Criminals serve up identities over Net: "Sensitive data is sold on so-called 'underground economy servers,' used by criminal organiations to hawk information they've captured through hacking, Symantec said in its Internet Security Threat Report, which tracked online trends from June to December 2006. "
source
SunbeltBLOG: In Defense of Perimeters and Security through Obscurity: "because I'm about to question two sacred cows:
1) that there is no longer such a thing as a perimeter in network security, and
2) that 'security through obscurity' is practiced only by idiots. "
source
March 20, 2007
Six Ways To Stop Data Leaks: "But there are ways to mitigate the risks and keep track of what’s going on inside the firewall. Experts suggest taking the following steps:
1 Get a handle on the data
2 Monitor content in motion
3 Keep an eye on databases, which can contain a company’s informational crown jewels
4 Limit user privileges
5 Cover those endpoints
6 Centralize your intellectual property data"
source
Internal Snafus Cause of Most Breaches, Study Says: "And, the researchers said, the main culprit isn’t the oft-vilified malicious hacker. Instead, they blamed snafus inside companies as the biggest cause of data breaches. "
source
Computers Gone Wild - Forbes.com: "Bots aren't news, but they are multiplying, according to computer security firm Symantec (nasdaq: SYMC - news - people ), which estimates that the total of bot-infected computers increased by 29% to over 6 million in the second half of 2006. "
source
China displaces Britain as botnet epicentre | The Register: "China has displaced Britain as the home of the greatest concentration of compromised (zombie) PCs."
source
ITPro: Security: News: Biometrics tunnel to simplify security and ID checks: "'Human gait is to some level unique,' said Carter. 'This offers a degree of security without being invasive.'"
source
Big money in guarding secrets: South Florida Sun-Sentinel: "Wal-Mart Stores Inc. fired the employee, Bruce Gabbard, maintaining he acted alone and didn't receive authorization to eavesdrop. "
source
CEBIT: Malware to fight crime? AV companies say no: "German police officials have expressed interest in developing software tools to help them surveil computer users who may be involved in crime. "
source
Photocopiers: The newest ID theft threat: "Photocopiers are the newest threat to identity theft, a copier maker said today, because newer models equipped with hard drives record what's been duplicated."
source
Forget hackers; companies responsible for most data breaches, study says: "In the five minutes it might take to read this article, about 672 electronic records containing confidential information will be compromised. By year's end, more than 72 million records with Social Security numbers, credit card numbers, birth dates and other personal data will have been exposed. That rate is about 200,000 more records per month than last year. "
source
March 15, 2007
If you must pirate, use counterfeit Windows | The Register: "'If they're going to pirate somebody, we want it to be us rather than somebody else,'"
source
Nigerians launch fake Met Police site | The Register: "Nigerian 419ers operating from Amsterdam and Rotterdam even created copies of the websites of express transportation company DHL and Lufthansa Cargo to lure victims into paying transportation costs for used motorbikes and cars that were never delivered."
source
Popular P2P apps could expose sensitive files, report says: "It concludes that the distributors of the programs repeatedly deployed features 'that had a known propensity to trick users' into unknowingly sharing files on their computers with others."
source
McAfee maps malware risk domains | The Register: "The worst haven for malware belonged to the the tiny Pacific island of Tokelau (.tk), where 10.1 per cent of websites contained dodgy content."
source
March 12, 2007
Computer security battle moves to the Web | IndyStar.com: "Of the 2,249 new software vulnerabilities documented by Symantec Corp. in the first six months of 2006, 69 percent were in Web applications."
source
Seagate debuts the world's most secure laptop drive: "Seagate Technologies today announced the availability of the first laptop hard drive with native encryption capabilities, which is aimed at protecting data if a machine is lost or stolen. "
source
March 11, 2007
College glitch avails student information to public: "Matt Bishop, a computer science professor at the University of California-Davis, said that it's aggressive but not criminal. 'It's kind of crawling all over and looking under rocks,' he said. 'Occasionally, things you don't want to turn up, do turn up.'"
source
The TWiT Netcast Network with Leo Laporte: "Steve comments on the Federal Computer Week article Cyber officials: Chinese hackers attack 'anything and everything'."
source
Seven ways to keep your search history private: "
Tip No. 1: Don't log into search engines or their tools
Tip No. 2: Keep yourself safe from Google
Tip No. 3: Regularly change your IP address
Tip No. 4: Use ixquick
Tip No. 5: Don't include personal information in your searches
Tip No. 6: Do sensitive searches from a public hot spot
Tip No. 7: Avoid using your ISP's search engine"
source
March 10, 2007
ITPro: Security: News: Staff inductions lack security awareness: "The 'Employee Education Gap' report was carried out on behalf of anti-virus company McAfee. It found that major holes in company induction processes are leaving businesses vulnerable to unnecessary security risks."
source
AP Wire | 03/08/2007 | Military base busy fending off computer hackers"An average of 1,300 intrusive attempts from around the globe are made on the base's network each month."
source
SSRN-The Myth of the Superuser: Fear, Risk, and Harm Online by Paul Ohm: "The exaggerated attention to the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely-held fear of the Internet.
... The experts in computer security and Internet law have failed to deliver us from fear, resulting in overbroad prohibitions, harms to civil liberties, wasted law enforcement resources, and misallocated economic investment."
source
Essential Security: Firewalls - Small Medium Business (SMB) by PC Magazine: "Every time technology advances to create new business capabilities, opportunities arise to use that technology to harm your business. Hence the multibillion dollar security market."
source
Mozilla patches faulty patch | The Register: "The Mozilla Foundation has patched a faulty patch that was itself subject to a security vulnerability."
source
Premier 100: Yahoo gets 'Paranoid' about IT security: "'We felt strongly that security can become an afterthought if it's created as a separate organization,' said Rabbe in an interview ... 'We thought it was important to make it part of the process, so that security becomes part of the job, so that every developer looks at it and thinks about it.'"
source
Crack! Security expert hacks RFID in UK passport: "A security expert has cracked one of the U.K.'s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration."
source
Security flaws found in fix for Firefox, SeaMonkey | Tech News on ZDNet: "Security researchers say the initial fix, issued in mid-December, was designed to address vulnerabilities in Firefox, SeaMonkey and Mozilla's Thunderbird e-mail client. But that particular fix introduced a flaw that could allow JavaScript code from Web content to be exploited, then lead to the execution of arbitrary code."
source
March 08, 2007
Marcus P. Zillman. M.S., A.M.H.A. Abbreviated Bio: "A bot is short for 'robot' and refers to a program that operates as an agent for someone, often as a searcher of information or monitor of events."
source
Raffy’s Computer Security Blog » Research Papers: "I am reading a lot of papers again and I keep finding research which just doesn’t get it. Or at least they are not capable of cleanly communicating the research. If you are doing research on visualization, do that. Don’t get into topics you don’t know anything about."
source
March 07, 2007
BetaNews | EU Threatens to Fine Microsoft for Lack of Innovation: "'Microsoft has agreed that the main basis for pricing should be whether its protocols are innovative,' Commissioner Kroes' statement reads this morning. 'The Commission's current view is that there is no significant innovation in these protocols."
source
Law and Information » Blog Archive » Social Signaling Theory and Cyberspace: "Who will make the decisions about the degrees of required signal reliability in cyberspace? Who will make the choice among different reliability-enhancing mechanisms outlined above? Is it the platform designer, the Linden Labs of this world? If yes, what is their legitimacy to make such design choices?"
source
BankNet 360 - Ohio Banks Slow to Adopt Multifactor Authentication: "Regulatory officials are reportedly not cracking down on multifactor violations, because they recognize it takes time to design, test, and install the new software."
source
March 06, 2007
Killing risk, unifying data protection: "Some less obvious risk sources are the following:
* Undetected data loss -- ...
* Interdependency risk -- ...
source