June 22, 2007
Hackers compromise 10k sites, launch 'phenomenal' attack: "Attackers armed with an exploit tool kit have launched massive attacks in Europe from a network of at least 10,000 hacked Web sites, with infections spreading worldwide, several security companies warned today. "
Source: computerworld
Humans, not tech, are the greatest security risk | The Register: "Just over one third recorded their password or security information by either writing it down or storing it somewhere on their computer
Nearly two thirds never changed their password
One in five people used the same password for non-banking websites as well as their online bank "
Source: theregister:
Anti-hacking laws 'can hobble net security' | The Register: "The silence weighs heavily on the web security researcher. While ideally he would like to find flaws, and help companies eliminate them, the act of discovering a vulnerability in any site on the internet almost always entails gaining unauthorised access to someone else's server - a crime that prosecutors have been all too willing to pursue."
June 14, 2007
FBI Plans Huge Anti-Terror Data-Mining | Chron.com - Houston Chronicle: "The FBI wants to compile a massive computer database and analyze it for clues to unmask terrorist sleeper cells.
Two congressmen are worried about whether the bureau will protect the privacy of U.S. citizens."
Source: chron
10 reasons why the Black Hats have us outgunned | The Register: ".
1. The Black Hats form a well integrated community that shares knowledge effectively.
2. Becoming a Black Hat is a career option even for those who are not super geeks.
3. There are even specialist virus tools designed to circumvent specific AV products.
4. There are SDKs for the more advanced hackers.
5. There's a market for your data.
6. There are botnets to rent.
7. ... 10. "
Source: theregister
Techworld.com - Five ways to not get hacked: "ChoicePoint, the background check company that allowed personal data on 163,000 people to be stolen by hackers two years ago, has advice for anyone wanting to avoid a similar embarrassment. "
June 08, 2007
Chinese user sues Symantec over dodgy updates | The Register: "But security experts are skeptical of the possibility of the action succeeding because of Symantec's limited warranty."
Source: theregister
Technology Review: New Record for Quantum Cryptography: "If they can extend the reach of their signal a little further, they'll be able to use satellites to send perfectly secure data around the world."
Source: technologyreview
Using industry best practices for effective security training - IT Security News - SC Magazine US: "Improved employee understanding of appropriate behaviors and best practices for enhanced information security reduces security risks and helps ensure compliance with regulations such as Sarbanes-Oxley, HIPAA, the Payment Card Industry Data Security Standards (PCI DSS) and others."
Source: scmagazine
Consumers' Fear Increases Cost of Online Security: "Consumers' inflated fear of fraud adds millions to the cost of online crime. While the dollar damages are still significant, the number of victims has steadily declined. Yet consumers' behavior online doesn't reflect that decline. US Internet users are adjusting their behavior by visiting fewer sites, avoiding online banking and spending less money online, according to eMarketer's report 'Online Security: Counting the Cost of Fear.'"
Source: marketwire
Security Threats - Computer Security 2007 Threats: "
88.4 percent of 2006 vulnerabilities could be exploited remotely.
...
The government sector accounted for 25 percent of all identity-theft-related data breaches, more than any other sector.
...
More than 6 million distinct bot-infected computers worldwide were detected during the second half of 2006, representing a 29 percent increase from the previous period.
..."
Source: spyware-escape
Online shoppers will pay for security: "Many people say privacy is important yet few bother to read the dense policies posted on Web sites. Some studies have even shown consumers willing to give up private information in return for small prizes."
Source: post-gazette
June 07, 2007
tssci security » Hacking Techniques for Law Enforcement - A good idea or asking for trouble?: "Mikko @ F-Secure made a post on their blog about whether or not law enforcement organizations should be permitted to utilize security tools and hacking techniques in investigations that got me thinking. To me the answer to this question is very clear — NO WAY JOSE! — not unless proper oversight can be implemented and safe guards to protect our privacy are devised. EFF, help us on this one!"
Source: tssci-security
The Identity Corner » On Identity Claims, Unlinkability, and Selective Disclosure (part 3): "these properties are trivially achievable for self-generated identity claims, even when accompanied by self-generated cryptographic data."
Sourse: idcorner
Kim Cameron’s Identity Weblog » Keys, signatures and linkability: "Consider a user who self-generates several identity claims at different occassions, say “I am 25 years of age”, “I am male”, and “I am a citizen of Canada”. The user’s software packages these assertions into identity claims by means of attribute type/value pairs; for instance, claim 1 is encoded as “age = 25”, claim 2 is “gender = 0”, and claim 3 is “citizenship = 1”. Clearly, relying parties that receive these identity claims cannot trace them to their user’s identity (whether that be represented in the form of a birth name, an SSN, or another identifier) by analyzing the presented claims; self-generated claims are untraceable. Similarly, they cannot decide whether or not different claims are presented by the same or by different users; self-generated claims are unlinkable."
Source: identityblog
June 05, 2007
Schneier on Security: Cyberwar: "I haven't posted anything about the cyberwar between Russia and Estonia because, well, because I didn't think there was anything new to say. We know that this kind of thing is possible. We don't have any definitive proof that Russia was behind it. But it would be foolish to think that the various world's militaries don't have capabilities like this."
Source: shneier
"Getting Tough" With Information Security Is Really Just Getting Smart - Realtime IT Compliance: "U.S. Department of Energy (DOE) is going to start actually enforcing their security practices by accurately inventorying and tracking their mobile computing devices after having 'lost' 1,415 laptops in the past 6 years. The DOE also indicates they are going to start enforcing their security policies and procedures."
Source: realtime-itcompliance.com
Stiffer Cyber Laws to Crack Down on Botnets, Spyware: "WASHINGTON -- Federal lawmakers confronting a plague of botnet infections, denial-of-service extortion schemes and spyware are going on the counter-offensive with two new bills that would make it easier for federal prosecutors to charge cybercriminals, while bringing computer intrusion under the ambit of the mob-busting RICO Act. "
Source: wired
Storage 2.0 -- Web-based storage is coming: "Combine open-source software, distributed storage running on low-cost hardware and the World Wide Web, and what do you get? Storage for as little as 15 cents per gigabyte per month, and another 10 to 20 cents for each gigabyte users upload or download."
Source: computerworld
June 03, 2007
Cat owner protests against privacy-invading Google | The Register: "Oakland California resident Mary Kalin-Casey complained to the advertising giant after she found a picture of her flat on Street View, in which she could see her cat, who was sitting inside at the time, the New York Times reports."
Source: theregister"i dont see the difference between someone on the street looking thru your non-shaded windows or someone on the internets."
Source: gizmodo
June 01, 2007
Spammers establishing use of artificial intelligence: "And while filtering technologies have improved significantly and can thwart the ability of most image spam to force its way onto corporate networks today, some experts believe that the fight against the use of such AI (artificial intelligence) tactics on the part of spammers is only just getting underway."
Source: computerworld
heise Security - News - Germany passes Anti-Hacking laws: "It becomes an offence to create, sell, distribute or even aquire so called Hacker Tools that are built to conduct criminal acts like aquiring illegal access to protected data."
Source: heise-security
