September 22, 2009
"Yes, Linux servers have been broken into manually. There is not, I repeat, is not, any malware that automatically convert Linux desktops or servers into virus-spreading boxes. All that has happened is that someone, as many others have in the past, has busted into improperly secured Linux servers.
I've said it before. I'll say it again. Security is a process, not a product."
Source:
itworld
September 20, 2009
"Researchers from security firm Click Forensics have tied the Bahama botnet to a recent attack that resulted in pop-up ads punting rogue anti-virus software appearing via the New York Times website. The scam attempted to trick surfers into purchasing software called Personal Antivirus by falsely warning that their systems were infected with non-existent threats."
Source:
theregister
"Not everyone is happy – IT Security people are cynical people. Same problems in a different guise. From a security standpoint though, we as security professionals need to know about it. The business wants the cloud, so we have to work with it."
Source:
c22blog
September 19, 2009
"Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.
By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.
According to Candid W?est, threat researcher with security firm Symantec, around 10 percent of the Trojan market is now open source."
"A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.
The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.
Click Forensics is calling this the "Bahama botnet" because initially it was redirecting traffic through 200,000 parked domains in the Bahamas, although it now is using sites in Amsterdam, the U.K. and Silicon Valley."
"Most organizations are focusing their patching efforts and vulnerability scanning on the operating system (OS) -- but 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications, such as Microsoft Office and Adobe Flash, according to actual attack data gathered for the report. Meanwhile, enterprises are taking twice as long to patch their applications than to patch their OSes, the report says."
Source:
darkreading
September 18, 2009
"Facebook's ranking is a five-spot improvement over a consumer survey released by the Ponemon Institute last December. In that survey, Ponemon and TRUSTe asked roughly 6,000 people to list out the companies they trust most for privacy. Facebook made the top-20 list for the first time, landing spot No." 15.
Source:
forbes
September 16, 2009
"As we move more of our data onto cloud computing platforms such as Gmail and Facebook, and closed proprietary platforms such as the Kindle and the iPhone, deleting data is much harder.
...
Vanish is a research project by Roxana Geambasu and colleagues at the University of Washington. They designed a prototype system that automatically deletes data after a set time interval. So you can send an e-mail, create a Google Doc, post an update to Facebook, or upload a photo to Flickr, all designed to disappear after a set period of time."
"Eric Johnson at Dartmouth's Tuck School of Business has been studying the problem, and his results won't startle anyone who has thought about it at all. RBAC is very hard to implement correctly. Organizations generally don't even know who has what role. The employee doesn't know, the boss doesn't know -- and these days the employee might have more than one boss -- and senior management certainly doesn't know. There's a reason RBAC came out of the military; in that world, command structures are simple and well-defined."
The US as Keeper of a 'Free' Internet?: "The immanent expiration date (September 30) of the joint project agreement between ICANN and the US government, establishing the US as unilateral supervisor over Internet's addressing and Domain Name System (DNS) operations, has rejuvenated the call for an internationalization of Internet oversight. The average Internet user, however, is unlikely to benefit from a change in the current status quo as both alternatives, full privatization and intergovernmental oversight, are bound to affect both the Internet's innovative power and the personal liberties enjoyed by its users."
Source:
circleid
September 09, 2009
Trapped Girls Updated Facebook Status Instead of Calling For Help Too much social media can be a bad thing. Two girls lost in a stormwater drain in Adelaide, Australia, updated their Facebook (Facebook) status instead of calling emergency services on Sunday night, in a situation authorities called “worrying”.
Source:
mashable
September 08, 2009
Use of social networking sites to groom and abuse children has DOUBLED in the last year - International Business Times: "The Child Exploitation and Online Protection Centre (CEOP) has released figures suggesting that the use of social networking sites like Bebo and Facebook to groom children for sexual abuse has doubled in the last year."
Source:
ibtimes
Facebook virus leads to gold for hackers at Internet Danger Report: "ews of a new virus, called “Facebook Fan Check Virus”, is sending a lot of people to Google to search for information, and those searches are leading them right into hacker traps. Click on one of those websites and the most likely result is that you’ll download scareware, an urgent notice that your PC has been infected."
September 07, 2009
20 Years of Malware – Panda Security Ranks the Worst « Bill Mullins’ Weblog – Tech Thoughts: "In celebration of their anniversary, Panda has created the following list of the most dangerous threats – for home users and for businesses – of the last 20 years."