This section is devoted to featuring late-breaking cyber security news stories.
C Y B E R I S E C U R I T Y I N E W S
All text displayed in connection with these stories is quoted directly from the source.
Jan. 5, 2010 - Daphne Larkin
NORTHFIELD, Vt. – Norwich University officials announced today a program of collaboration with Adaptive Cyber Security Instruments, Inc. (ACSI) to provide real-world educational opportunities for NU students and resources to develop and test ACSI’s cyber situational awareness products.
NU also intends to create new courses in the emerging field of cyber conflict, information warfare and information operations. ACSI’s products were conceived to meet the challenges of this field including cyber intelligence, and the theory behind them will form the core of this curriculum.
Feb. 26, 2010 - Tony Romm
The president would have the power to safeguard essential federal and private Web resources under draft Senate cybersecurity legislation.
According to an aide familiar with the proposal, the bill includes a mandate for federal agencies to prepare emergency response plans in the event of a massive, nationwide cyberattack.
The president would then have the ability to initiate those network contingency plans to ensure key federal or private services did not go offline during a cyberattack of unprecedented scope, the aide said.
Feb. 26, 2010 - B. J. Lutz
The Twitter account for United Airlines on Friday morning was among several notable accounts that were hacked into and used to distribute sexually-explicit tweets and links to phishing Web sites.
In England, the accounts of two cabinet ministers and an online bank were also compromised.
Early Friday morning, a tweet went out from Chicago-based United's account which included an offer for "better sex" and a link to a Web site. The message was quickly deleted and an apology message followed.
Feb. 26, 2010 - Tony Halpin
To the horror of Latvia’s political establishment, a mysterious group of computer hackers is threatening to expose the incomes of top officials after stealing millions of government tax records.
The group, calling itself the People’s Army of the Fourth Awakening, claimed to have downloaded more than 7.5 million documents, including VAT receipts and income tax returns, from the State Revenue Service (SRS) after exploiting a security loophole on its website.
Feb. 25, 2010 - Andy Greenberg
How vulnerable would the U.S. be if a global cyberwar broke out today? Vulnerable enough, according to Richard Clarke, former anti-terrorism czar under Presidents Bush and Clinton, that he rates our odds behind even those of our most Luddite adversary: North Korea.
That's because, as Clarke writes in a new book, Cyberwar: The Next National Security Threat And What To Do About It, cyberwarfare preparedness isn't just a matter of training a crack team of superhackers. It's also a matter of how porous a nation's cyberborders are. American corporations and government agencies are more integrated into the Internet than their counterparts in North Korea, where most of the country has access to only a tightly controlled Intranet known as Kwangmyong.
Feb. 25, 2010 - Kelly Jackson Higgins
In a bizarre up-and-down -- literally -- series of events, the controversial site Cryptome.org was forced offline yesterday after posting a sensitive Microsoft document on its site, but was back online today.
It all started when Cryptome, which operates as a repository for freedom of speech, cryptography, spy, and surveillance information and documents, posted a Microsoft surveillance compliance document titled "Microsoft Online Services Global Criminal Compliance Handbook." Next Microsoft filed a Digital Millennium Copyright Act (DMCA) notice, and Cryptome refused to remove the document from the site.
(Click here to read news) (Related story)
Feb. 25, 2010 - Gregg Keiser
A prominent security researcher today said he doubts Microsoft's take-down of the Waledac botnet would have any impact on spam levels, as the company claimed.
"Waledac just is not a hugely prolific spammer," said Joe Stewart, director of malware analysis at SecureWorks and a noted botnet researcher. "So I don't think it's going to affect spam [volume]. What it does do lately..., what it's used for, is to install rogue antivirus software."
Feb. 24, 2010 - Peter Key
One of the three men charged with hacking into the Web site for Comcast’s Internet customers last year has pleaded guilty, the U.S. Attorney’s Office in Philadelphia said Wednesday.
Christopher Allen Lewis, whose hacker alias was EBK, pleaded guilty to conspiring to disrupt service on the comcast.net site on May 28 and 29.
Feb. 24, 2010 - Ryan Singel
Microsoft has managed to do what a roomful of secretive, three-letter government agencies have wanted to do for years: get the whistleblowing, government-document sharing site Cryptome shut down.
Microsoft dropped a DMCA notice alleging copyright infringement on Cryptome’s proprietor John Young on Tuesday after he posted a Microsoft surveillance compliance document that the company gives to law enforcement agents seeking information on Microsoft users. Young filed a counterclaim on Wednesday — arguing he had a fair use to publishing the document, a full day before the Thursday deadline set by his hosting provider, Network Solutions.
Feb. 24, 2010 - Brian Krebs
A New York marketing firm that as recently as two weeks ago was preparing to be acquired now is facing bankruptcy from a computer virus infection that cost the company more than $164,000.
Karen McCarthy, owner of Merrick, N.Y. based Little & King LLC, a small promotions company, discovered on Monday, Feb. 15 that her firm’s bank account had been emptied the previous Friday. McCarthy said she immediately called her bank – Cherry Hill, N.J. based TD Bank – and learned that between Feb. 10 and Feb. 12, unknown thieves had made five wire transfers out of the account to two individuals and two companies with whom the McCarthys had never had any prior business.
Feb. 24, 2010 - Xinhua
The New York Times, the Wall Street Journal, Financial Times and some other newspapers have published articles indicating that cyber attacks targeting Google and several other U.S. companies were from China. Such allegations are arbitrary and biased.
These articles take as evidence that hackers' IP addresses could be traced back to two schools in China. However, it is common sense that hackers can attack by hijacking computers from anywhere in the world. This fact also explains why hackers are hard to be tracked down.
(Click here to read news) (Related stories below)
Feb. 23, 2010 - Thomas Claburn
The Federal Trade Commission on Monday said that it had notified almost 100 organizations in both the public and private sector that they need to review their security practices.
In letters to these organizations, the FTC says that "at least one computer file containing sensitive personal information from or about your customers and/or employees has been shared from your computer network, or the network of one of your service providers, to a peer-to-peer file sharing (P2P) network."
Feb. 23, 2010 - Tim Wilson
Computer scientists at Rutgers University this week are demonstrating ways that rootkits can attack new generations of smart mobile phones.
The researchers, who are presenting their findings at a mobile computing workshop in Maryland, are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner's travels, or rapidly drain its battery to render the phone useless -- all without the user's knowledge.
Feb. 23, 2010 - Jaikumar Vijayan
A Texas manufacturing firm last week filed a counter lawsuit against PlainsCapital bank of Lubbock in connection with the cyber theft of some $800,000 from its online banking account.
In a complaint filed in U.S. District Court for the Eastern District of Texas, Hillary Machinery Inc. of Plano, charged that PlainsCapital failed to adequately protect the stolen money from online thieves. Just as it would not be "commercially reasonable" for the bank to keep cash unguarded from thieves, it was unreasonable that the bank did not have adequate online protections, Hillary's complaint said.
Feb. 23, 2010 - Kim Zetter
Intel is the latest U.S. corporation to acknowledge that it was hacked in January in a sophisticated attack that occurred at the same time that Google, Adobe and others were targeted.
The giant California-based chipmaker was rumored to have been among some 34 companies that were targeted, but said on Tuesday there was no evidence to tie its hack to the attack on Google and others.
Feb. 2010
The purpose of the SecArt workshop series is to bring together researchers with an interest in both Security and AI. The goals are to tease out common themes and differences, identify common problems and their solutions, share experiences with the applicability of techniques from one field to problems from the other, and to identify the key issues to be addressed in increasing the convergence between Security and AI. The workshop will welcome submissions on all ideas, research, experiments and tools that relate to both Security and AI.
(Click here for more information)
Feb. 22, 2010 - Chris Williams
A digital attack against the UK causing even minor damage would have a "catastrophic" effect on public confidence in the government, GCHQ has privately warned Whitehall.
The Cheltenham spy agency's new Cyber Security Operations Centre (CSOC) makes the prediction in a document prepared for Cabinet Office and seen by The Register.
Growing reliance on the internet to deliver public services will "quickly reach a point of no return", meaning "any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being", CSOC says.
Feb. 21, 2010 - John Burke
The five Irish passport numbers that were stolen by a team of hitmen who killed a senior Hamas figure in Dubai were all issued before 2005. Three of the Irish citizens whose passports were faked had never been to the Middle East.
The revelation indicates that the assassins had targeted passport numbers which would not be on any travel databases in the Emirates, or in any neighbouring state with which the UAE shared visa data.
Also, by using numbers that were issued prior to 2005, the passports would not include security enhancements that were added to Irish passports after that date, including biometric encryption and embedded images of the passport holder.
Feb. 20, 2010 - Ellen Nakashima
Some of the computer codes used in the recent attacks on the networks of Google and dozens of other major U.S. companies were developed by a diverse group of Chinese hackers, including security professionals, consultants and temporary contractors, according to an industry source.
The series of attacks, disclosed Jan. 12 by Google, were routed in part through servers at technical schools in China, a commonly used tactic that allows hackers to obfuscate their identity, said the source, who is familiar with the investigation into the security breaches.
(Click here to read news) (Related stories below)
Feb. 19, 2010 - Jaikumar Vijayan
One of two Chinese academic institutions identified in a New York Times report Thursday as the apparent source of the recent attacks against Google, has also been linked to a hacker who may have been involved with the takedown of whitehouse.gov in 2001.
The Times yesterday reported that the recent cyberattacks against Google and more than 30 other organizations appeared to have originated from computers at two schools in China. One of the schools was identified as the Shanghai Jiaotong University; the other, as the Lanxiang Vocational School, an academic institution in China's Shandong Province with apparent ties to the country's military.
Feb. 19, 2010 - William Jackson
The National Institute of Standards and Technology has released two documents as part of its Cryptographic Key Management Project -- a summary of a key management workshop held in June that explored the risks and challenges of handling cryptographic keys in new technological environments, and a draft of recommendations for agencies on transitioning to new algorithms and keys.
Key management is one of the most difficult tasks in cryptography, because a cryptographic algorithm or scheme is only as secure as the keys used to encrypt and decrypt data. The scalability and usability of the methods used to distribute keys are of particular concern. NIST’s key management project is an effort to improve the overall key management strategies to enhance the usability of cryptographic technology, provide scalability and support a global cryptographic key management infrastructure.
Feb. 19, 2010 - Kelly Jackson Higgins
Attacks against the power grid are likely to rise and intensify during the next 12 months as smart grid research and pilot projects advance, according to utility security experts and a recently published report that analyzes threats to critical infrastructure.
The so-called Project Grey Goose Report on Critical Infrastructure points to state and/or non-state sponsored hackers from the Russian Federation of Independent States, Turkey, and China as the main threats to targeting and hacking into energy providers and other critical infrastructure networks.
Feb. 18, 2010 - James T. Areddy
Wuhan, China—Some of today's biggest cybersecurity worries trace their roots to this central Chinese city, where a hacker with a junior high school education slapped cartoon pandas onto millions of computers to hide a destructive spy program.
The Panda Burns Incense computer worm, created by 27-year-old Li Jun, wreaked havoc for months in China in 2006 and 2007, eventually landing Mr. Li in jail. Jumping one computer to another by tricking users into opening what appeared to be a friendly email message, the Panda funneled passwords, financial information and online cash balances from game Web sites to Mr. Li's cohorts—leaving a panda as its calling card.
Feb. 18, 2010 - John Markoff and David Barboza
SAN FRANCISCO — A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.
They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.
Feb. 18, 2010 - Siobhan Gorman
Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.
The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.
Feb. 17, 2010 - Bob Drogin
The crisis began when college basketball fans downloaded a free March Madness application to their smart phones. The app hid spyware that stole passwords, intercepted e-mails and created havoc.
Soon 60 million cellphones were dead. The Internet crashed, finance and commerce collapsed, and most of the nation's electric grid went dark. White House aides discussed putting the Army in American cities.
That, spiced up with bombs and hurricanes, formed the doomsday scenario when 10 former White House advisors and other top officials joined forces Tuesday in a rare public cyber war game designed to highlight the potential vulnerability of the nation's digital infrastructure to crippling attack.
Feb. 15, 2010 - Ellen Nakashima
More private computers were commandeered by hackers for malicious purposes in China in the last quarter of 2009 than in any other country, including the United States, according to a new study by an Internet security company.
These "zombie" computers are often grouped into "botnets," or armies of infected computers that can be used to send spam e-mail or attack Web sites, according to McAfee, a Silicon Valley security firm. The company, which said it collects information about Internet-based threats that target more than 100 million computers in 120 countries, said that in the last three months of 2009, about 1,095,000 computers in China and 1,057,000 in the United States were infected.
Feb. 12, 2010 - Robert McMillan, IDG News Service
A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers.
Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in U.S. District Court in Pittsburgh on charges of wire fraud and identity theft. In addition to his 13-year sentence, Butler will face five years of supervised release and must pay US$27.5 million in restitution to his victims, according to Assistant U.S. Attorney Luke Dembosky, who prosecuted the case for the federal government.
Feb. 12, 2010 - Vijay Mohan, Tribune News Service
Computer networks at sensitive establishments have experienced a second wave of cyber attacks from foreign-based hackers. Sources in the intelligence reveal that fresh attacks began on January 28 and about 25 computers were targeted.
Computers used by individuals associated with the National Security Council (NSC) Secretariat and the National Security Advisory Board (NSAB) were the target of the new attacks, according to sources at the National Technical Research Organisation (NTRO).
Feb. 11, 2010 - Ben Bain
A bipartisan group of former senior government officials plans to stage a return to service exercise Feb. 16 as part of a simulation designed to show how the government would respond to and recover from a devastating cyberattack.
The event, known as Cyber ShockWave, was co-created by former CIA Director Michael Hayden and a national security group that is part of the Bipartisan Policy Center (BPC), the organization that’s hosting the event at the Mandarin Oriental Hotel in Washington.
Feb. 10, 2010 - Kelly Jackson Higgins
The targeted attacks that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 or so reported by Google and others.
Security experts who have worked on forensics investigations and cleanup of the victim organizations from the attacks that originated out of China say they are also getting closer to identifying the author or authors of the malware used to breach Google and others.
(Click here to read news) (Related story)
Feb. 9, 2010 - Nick Farrell
Former US Army computer insecurity specialist Christopher Tarnovsky showed the Black Hat Technical Security Conference exactly why the US cannot handle a cyber war.
Speaking before the throngs of hackers, he hacked into a computer chip called a "Trusted Platform Module" or TPM. TPM chips are supposed to be the industry's highest standard of security and are present in more than 100 million computers sold to businesses and individuals.
When he managed it he had access to all the highly sensitive documents in government and business and almost everything on the PC.
(Click here to read news) (Related story)
Feb. 9, 2010
Although Internet banking cybercrimes are still at a manageable level, the country still needs to produce more information security experts, according to CyberSecurity Malaysia.
"I do not want to claim we have a lack of experts or our experts are enough to solve problems but we need to collaborate to produce more experts," said its chief executive officer Lt Col (Rtd) Husin Jazri.
He said with the number of Internet users rising and the trend moving into an advanced level such as mobile banking, the country needed to be prepared in all areas, particularly with information security experts.
Feb. 8, 2010 - Tim Greene
Three respected security professionals have issued a call for developers to learn and practice secure programming in an effort to reduce the number of exploits directed at applications.
Called the Rugged Manifesto, the document encourages developers to adopt characteristics that will lead them to write more secure applications. The three authors of the manifesto are Josh Corman, an analyst with The 451 Group; David Rice, formerly with the National Security Agency and author of Geekonomics, a book about the real cost of insecure software; and Jeff Williams, the chairman of OWASP, an organization focused on Web application security. The trio announced the project at the SANS Institure AppSec Conferenc in San Francisco Monday.
Feb. 8, 2010 - Jordan Robertson
Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.
The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc.
Feb. 8, 2010 - David Kravets
Swedish investigators are probing a hacker U.S. authorities accuse of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division, the authorities said Monday.
Philip Gabriel Pettersson, known in the hacking world as “Stakkato,” allegedly seized computer code that controls internet traffic. After the 2004 breach of Cisco, the proprietary source code for Cisco’s IOS operating system was discovered on a Russian website.
Feb. 8, 2010 - Jaikumar Vijayan
The theft of $378,000 from the town of Poughkeepsie, N.Y., is prompting questions about the responsibility of banks to protect customer accounts from online criminals.
In a statement last week, a Poughkeepsie town official revealed that thieves had broken into the town's TD Bank NA account and transferred $378,000 to accounts in the Ukraine.
The thefts took place over a two-day period in mid-January during which a total of nine attempts were made to steal money. In the end, four of the attempts were successful, resulting in the lost money.
Feb. 8, 2010 - Wu Yiyao
What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province.
Three people were also arrested, local media reported yesterday.
The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.
Feb. 7, 2010 - Bill Brenner
Many CSOs view ShmooCon as an event of small importance. You don't see the suits and ties that are on display at RSA. In fact, to those who haven't attended, this conference is just a place where twenty-something hackers come to get drunk and throw TVs out hotel windows. Another crazy Black Hat/Defcon-caliber conference, more than one high-level security exec has told me in the past.
As with any security event, things can get rough around the edges. The security podcasters' meet-up on Saturday night was more like a Motley Crue concert than anything else. The podcasters on stage resembled the head table at a Klingon wedding. But drunken antics conference-wide were minimal, and some decent food for thought came out of the podcasting event despite the rowdiness.
Feb. 7, 2010 - Elinor Mills
We've heard a lot about security issues with the iPhone, but the BlackBerry isn't immune to threats from malicious apps.
Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that allowed me to shoot an SMS command to his phone and have his contact list forwarded to my e-mail address in a demonstration. With another short text command, I was able to get his BlackBerry to e-mail me any SMS messages he sends.
Feb. 7, 2010 - Yaakov Katz
When Barack Obama was elected president of the United States, he was told he could no longer use his personal BlackBerry to receive e-mails, as it is not secure. Shortly after he took office, though, press reports emerged that one of America’s government agencies had succeeded in creating an encrypted BlackBerry specially designed for Obama.
The IDF is considering doing the same and in the coming year plans to choose a new phone model to be used by commanders for the “Mountain Rose” encrypted military cellular network.
Feb. 6, 2010 - Bill Brenner
We've heard much about how our PCs and laptops can be compromised through malware and insecure wireless access points and often comfort ourselves with the knowledge that our smart phones are safe from such things.
But the smarter these phones become, the more susceptible they become to those same dangers, and more. That was the warning at ShmooCon 2010 this morning from Trevor Hawthorn, founder and managing principal at Stratum Security.
Feb. 4, 2010
The United States is at risk of a crippling cyber attack that could "wreak havoc" on the country because the "technological balance" makes it much easier to launch a cyber strike than defend against it, Director of National Intelligence Dennis Blair said Wednesday.
Blair, speaking to the House Intelligence Committee, said U.S. tools are not yet up to the task to fully protect against such an attack.
Feb. 4, 2010 - Kim Zetter
Google is teaming up with the National Security Agency to investigate the recent hack attack against its network in a bid to prevent another assault, according to The Washington Post.
The internet search giant is working on an agreement with the controversial agency to determine the attacker’s methods and what Google can do to shore up its network.
Feb. 3, 2010 - Dan Goodin
A Miami hacker has admitted he pocketed more than $1m by selling millions of minutes of voice over IP calls and surreptitiously routing them through the networks of telecommunications companies.
Edwin Andrew Pena pleaded guilty to two felonies in connection with the hacking spree, which spanned the years 2004 through 2006, according to court documents. He was apprehended last year in Mexico after skipping out on a $100,000 bond secured by the mother of his then girlfriend.
Feb. 3, 2010 - Byron Acohido
Tech-security companies are poised to become Wall Street darlings this year, thanks in part to Google's tiff with China.
Last month, the search giant threatened to pull out of China because of censorship and a distinctive cyberespionage attack on itself and some two dozen other tech, financial and media companies.
The Google-China affair has reinforced an already positive outlook for 2010 stock price performance of major security vendors, such as McAfee, Symantec (SYMC) and Check Point (CHKP), says Daniel Ives, analyst at FBR Capital Markets.
Feb. 3, 2010 - Pacific Air Forces Public Affairs
As the cyberspace battlefield broadens, Pacific Air Forces leadership created the Directorate of Information Protection to effectively protect information across the enterprise.The structure is mirrored at each wing across the area of responsibility.
The organization goal is to provide an enterprise-wide approach to prevent compromises, loss, unauthorized access, disclosure, destruction, distortion or non-accessibility of information over the life cycle of information and ensure commanders have effective processes and the right people in place to provide a focused, seamless, functional and supportive environment for protecting information at all levels to conduct effective air, space and cyberspace operations.
Feb. 3, 2010
Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries.
Feb. 3, 2010 - Brian Krebs
Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation’s largest charities.
Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization’s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers. Feb. 3, 2010 - Kim Zetter
It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies.
Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. About 34 mostly undisclosed companies were breached.
Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack.
Feb. 2, 2010 - Warren Giles
Swiss banks are discovering that the biggest threat to client privacy is their own workers.
German Chancellor Angela Merkel said yesterday her government may buy stolen data on Swiss bank accounts as French authorities comb information acquired from an employee of HSBC Holdings Plc’s private bank in Geneva. The cases come two years after Germany paid 5 million euros ($7 million) for details filched from LGT Group in neighboring Liechtenstein.
Feb. 2, 2010 - John Leyden
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.
Online security firm Trusteer reports that 73 per cent of bank customers use their online account password to access at least one other, less sensitive website. Even worse, around half (47 per cent) use the same online banking username and password for other website logins.
Feb. 2, 2010 - Elizabeth Montalbano
The Department of Homeland Security is looking to invest nearly $900 million in fiscal 2011 on technology projects that include bolstering cyber security and continued work on a data center consolidation project that's already underway.
Other IT priorities listed as part of the department's proposed $56.3 billion budget, unveiled Monday, include improvements to an existing Internet-based verification program that lets employers check that someone is legally allowed to work in the United States and technology for airport security.
Feb. 2, 2010 - Ben Bain
Malicious cyber activity is growing at an unprecedented rate, severely threatening the nation's public and private information infrastructure, the government's top intelligence official said today.
Dennis Blair, the director of national intelligence, told members of the Senate Select Intelligence Committee,that “in the dynamic of cyberspace, the technology balance right now favors malicious actors rather than legal actors, and is likely to continue that way for quite some time.”
Feb. 2, 2010 - John E. Dunn
German encryption firm SecurStar has strenuously denied being behind an apparently independent test of voice encryption products that found many of its rivals could be hacked using a $100 phone-tapping program.
In a blog on the subject, Fabio Pietrosanti, founder and CTO of Swiss encryption startup Khamsa, alleges that a supposedly independent test of 15 encryption products was in fact a marketing exercise designed to publicise one of only three products to pass the hacking test, SecurStar's PhoneCrypt.
Feb. 2, 2010 - Andy Greenberg
In 2001, Larry Ellison brashly proclaimed in a keynote speech at the computing conference Comdex that his database software was "unbreakable." David Litchfield has devoted the last nine years to making the Oracle chief executive regret that marketing stunt.
At the Black Hat security conference Tuesday afternoon, Litchfield unveiled a new bug in Oracle's 11G database software, a critical, unpatched vulnerability that would allow a hacker to take control of an Oracle database and access or modify information at any security level. "Anything that God can do on that database, you can do," Litchfield told Forbes in an interview following his talk.
Feb. 2, 2010
The Asia Pacific Computer Emergency Response Team (APCERT) completed its annual drill to test the response capability of leading Computer Security Incident Response Teams (CSIRTs) from Asia Pacific economies recently (28 January).
The theme of the drill was Fighting Cyber Crimes with Financial Incentives. The objective of the drill is for participating teams to exercise incident response handling arrangements, locally and internationally, to mitigate the impact of ongoing internet based attacks and to enable better coordination of teams in the region in tackling cyber incidents.
Feb. 1, 2010 - David Barboza
With a few quick keystrokes, a computer hacker who goes by the code name Majia calls up a screen displaying his latest victims.
“Here’s a list of the people who’ve been infected with my Trojan horse,” he says, working from a dingy apartment on the outskirts of this city in central China. “They don’t even know what’s happened.”
Feb. 1, 2010 - Nikolaus von Twickel
Novaya Gazeta's web site was paralyzed by a hacker attack for a sixth day Sunday in what editors called the strongest assault ever to hit the opposition newspaper's online edition.
The denial of service attack started Tuesday morning and peaked Thursday when the site recorded 1.5 million visits per second, said Sergei Asriyants, the newspaper's web editor.
"We had hacker attacks before but never as strong as this," he told The Moscow Times.
Feb. 1, 2010 - Brian Prince
Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge.
Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in Washington.
Feb. 1, 2010 - Jeremy Kirk, IDG News Service
More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet, according to security researchers.
The U.S. Federal Bureau of Investigation, Twitter and PayPal are among the sites being hit, although it doesn't appear the attacks are designed to knock the sites offline, said Steven Adair, of The Shadowserver Foundation, a group that tracks botnets.
Feb. 1, 2010 - Elizabeth Montalbano
The U.S. Navy has followed the Air Force and the Marine Corps in setting up a command center dedicated to overseeing and protecting its presence in cyber space.
The U.S. Fleet Cyber Command is aimed at defending the Navy's IT systems against cyber attack and to use information systems and the Web to achieve military objectives, according to the Navy.
(Click here to read news) (Related story)
Feb. 1, 2010 - Rosalie Marshall
MI5 has warned UK companies that the Chinese government may have gained access to their computers with the intention of remotely monitoring their online activities.
A leaked document seen by The Sunday Times claims that Chinese security officials have been offering free computer devices that contain Trojan software to high profile business users in the banking, defence and energy industries.
The devices include camera equipment and USB memory sticks that have been given out at trade events.
