Identity Theft 02/28/2009

Ignacio Carlos Flores-Figueroa, an undocumented worker from Mexico, made a curious and undeniably bad decision. After working under an assumed name for six years, he decided to use his real name and exchanged one set of phony identification numbers for another. The change made his employer suspicious and the authorities were called in. The old numbers were made up, but the new ones he bought happened to belong to real people. Federal prosecutors said that was enough to label Flores-Figueroa an identity thief. The Supreme Court will hear arguments Wednesday on prosecutors aggressive use of a new law that was intended to strengthen efforts to combat identity theft. In at least hundreds of cases last year, workers accused of immigration violations found themselves facing the more serious identity theft charge as well, without any indication they knew their counterfeit Social Security and other identification numbers belonged to actual people and were not made up.

Auction Add On Infecting Thousands 02/27/2009

A third-party add-on for eBay used by thousands of sellers is being flagged by Google as potentially malicious, after it became infected with a trojan. Auctiva provides tools for sellers on the popular auction website. The company confirmed a virus had attached itself to files on its servers but remedied the problem soon after.

Virus Reviews 02/26/2009

It is always interesting to watch what little hooks and schemes the malware industry has cooked up in an attempt to better bait the public and the new Anti-Virus-1 package does not disappoint. AV-1 is a cute mixture of scareware and malware, and while we've seen XP Antivirus playing this turf for years, AV-1 adopts a few new tactics of its own. Once run, the program installs its particular Trojan of choice (Zlob and Vundo are apparently popular options), then makes certain modifications to the hosts file. BleepingComputer.com has assembled a list of these changes, a sample of which is included below. If a user attempts to visit any of the links listed, he or she is directed to a site under the control of the botnet controllers. a1.review.zdnet.com www.reviews.download.com reviews.download.com reviews.pcadvisor.co.uk reviews.pcmag.com Once redirected, users are served up with what appears to be an actual, legitimate review of Anti-Virus-1 from a reputable source.

Hacker Talks About SQL Security Bug 02/25/2009

A Romanian hacker who has spent the past few weeks exposing a common, but dangerous, Web programming error on security vendors Web sites says he has found a SQL injection flaw on Symantecs Web site. But Symantec says it is not a security issue.

List of Top Security Threats 02/24/2009

The Secure Enterprise 2.0 Forum has just released its 2009 industry report outlining the top Web 2.0 security threats. These security threats are not so much specific to Web 2.0 companies as much as they are to browser-based applications. List of Top Security Threats

Federal Security 02/23/2009

President Obamas recent order of an immediate two-month review of the federal governments cybersecurity plans apparently ca not come fast enough. The federal government, dogged by computer security issues over the years, was hit by two more incidents this week. One occurred at the Federal Aviation Administration (FAA), where data of 49,000 people were stolen during a data breach. The other occurred at the Los Alamos National Laboratory (LANL) in New Mexico, which is undergoing a security shakeup following the discovery that a total of 90 computers were reported missing or stolen over the past year. Experts have been calling for an overhaul of federal computer security practices.

Facebook Owns Photos 02/22/2009

According to Facebooks terms of service they can use any photos posted to Facebook in any way they deem appropriate....

Locking Down Firefox 02/21/2009

Firefox has a great add on called NoScripts that locks it down and prevents malicious website scripts from infecting computers.

Apple Insecure 02/20/2009

Apple last week issued security updates to plug more than 50 security holes in its OS X operating system and other software. The patches, which affect Mac OS X 10.4 and 10.5, Java for the Mac and Safari for Windows systems, are available through Apple Downloads or via the companys automatic update program.

Long Island Schools Adding Dogs to Payroll 02/19/2009

At a time when incidents of drug and weapon possession are on the rise, at least 15 Long Island school districts have been adding four-legged operatives to their security forces. The Sachem district is the latest to use dogs to periodically sniff hallways, lockers and classrooms in an effort to keep schools safe and drug-free. Officials have been introducing the canines to students in its four middle schools and two high schools in a series of assemblies. Mount Sinai has set aside funds in its 2009-10 budget for dog patrols.

Software Industry Conference Boston July 16-18th 02/18/2009

Registration is open for the Software Industry Conference in Boston, MA July 16-18th. Early bird registration is discounted for a limited time. The conference attracts software industry experts, developers, internet marketers, software publishers and software marketers for 3 days!

Security Rock Stars 02/17/2009

Security practitioners used to be seen as propeller-hat wearing introverts hunched over computers in dark, cold basements for weeks on end, shunning daylight and anyone who tried to start a conversation with them. But times have changed. Thanks to the blogosphere, social networking sites and podcasting made easy, many security pros are taking on a much more public persona, becoming near-rock stars. Evidence of this can be seen in abundance at the ShmooCon 2009 security gathering in Washington DC this month. One example was a lunch gathering of the Security Twits — a growing group of security pros who communicate with each other and the rest of the world via the Twitter micro blogging site. Another example was an evening meet-up of security podcasters.

Surveillance Cameras 02/13/2009

High-tech surveillance cameras introduced by government organisations are liable to being hacked by cyber criminals unless top security precautions are made, internet experts have warned.

Webmaster Tools and Resources 02/12/2009

Web Elements is a premier collection of resources for webmaster, search engine marketers and others interested in online marketing. Web Elements is designed to help both beginner webmasters and experienced search marketers. We have compiled lists of useful resources and submission sites. We have compiled a collection of resources from Search Engine Optimization, Press Release Submissions, DoFollow Lists, Webmaster Scripts, Webmaster Blogs, and Forums. Webmaster Tools and Resources

British Terrorists are Biggest Threat 02/11/2009

Barack Obama has been warned by the CIA that British Islamist extremists are the greatest threat to US homeland security.

Kansas Security Breach 02/11/2009

Kansas State University says personal information of 45 students was inadvertently exposed on the Internet.

Valentines Security Logos 02/10/2009

Check out security logos with a romantic flare!

Security Questioned 02/09/2009

Downtown Washington resembled a militarized zone last week for the inauguration of President Barack Obama, but some major contributors who had direct contact with Obama said they were surprised to find what they viewed as porous security surrounding the president-elect and vice president-elect. Three contributors who raised $300,000 or more for the inauguration said they were never asked to show identification to retrieve dozens of tickets, including VIP passes that allowed them and their guests to meet privately with Obama. One of the three said ticket checks were so lax that no one noticed when, after a breakfast for contributors, a friend whose name had not even been submitted for a background check tagged along into a VIP room to take pictures with Vice President-elect Joseph Biden.

Privacy Laws 02/08/2009

A group of U.S. companies, led by technology giants Microsoft, Hewlett-Packard and eBay, is set to outline recommendations for new federal data-privacy legislation that could make life easier for consumers and lead to a standard federal breach-notification law. The recommendations, which were developed by a group of industry players called the Consumer Privacy Legislative Forum, are set to be released at an upcoming privacy conference six weeks from now, according to Peter Cullen, Microsofts chief privacy officer. The companies have been working for the past three years to encourage the adoption of federal consumer data-privacy laws and to answer the question of what federal legislation should look like, Cullen said in an interview. Other forum members include Google, Oracle, Procter & Gamble and Eli Lilly.

Chinese Porn Crack Down 02/07/2009

Chinese authorities have shut down 1,507 pornographic websites in an online clean-up that has included ordering Internet giants like Google to sever links to vulgar sites, state media said Wednesday. The campaign was continuing despite week-long Lunar New Year celebrations, Chinas biggest holiday, with authorities blocking another 55 sites since Monday, Xinhua news agency said.

Transient Threat Increase 02/06/2009

Anti-malware company AVG has released research that indicates the number and volatility of web sites serving malicious code is increasing dramatically. In the last three months the number of new malicious sites they observe has increased from 100,000 to 200,000 per day to 200,000 to 300,000. AVG also shows a surprising velocity of change in the compromised sites. Part of the effect is that they are being cleaned up quickly, but the attacks are also changed frequently to redirect to different sites, Almost 60% of these sites are up for less than one day. The goal of these techniques seems to be to defeat blacklist-based protections. AVG calls them transient threats.

ICANN Attempts to Lockout Phishers 02/05/2009

The overseer of the Internets addressing system is soliciting ideas for how to fix a problem that is enabling spammers and fraudulent Web sites to flourish. The Internet Corporation for Assigned Names and Numbers ICANN has issued an initial report on fast flux, a technique that allows a Web sites domain name to resolve to multiple IP - Internet protocol addresses. Fast flux allows an administrator to quickly point a domain name to a new IP address, for example if the server at the first address fails or comes under a denial-of-service attack. It is legitimately used by content distribution networks such as Akamai to balance loads, improving performance and lowering data transmission costs.

Spokeo An Internet Stalker 02/04/2009

Do not look now, but you are being watched. And now that I have signed up for Spokeo.com, I could be the one watching you. Spokeo is a search engine that uses email addresses to find people across the social Web. Give the site your log-on info for Gmail, Hotmail, Yahoo Mail, or AOL -- or just upload your personal address book; Spokeo will scour 41 social networks and collect all information associated with each email address. Blog entries, Linked In profiles, Flickr photostreams, Twitter tweets, Digg comments, Amazon wish lists -- and a whole lot more -- all on one tidy little Web page. And every time they add new content, Spokeo lets you know.

Google Takes Security Too Seriously??? Google Goof 02/03/2009

It looks like Google is marking all of its search results with this warning: This site may harm your computer. If you click on a Google result link in spite of the warning, you get an interstitial page with an additional warning: Warning - visiting this web site may harm your computer! Clicking the warning itself will take you to this page, which explains: This warning message appears with search results we have identified as sites that may install malicious software on your computer. Needless to say after about 45 minutes the problem was resolved.

Iraq Elections Peaceful 02/03/2009

Iraqis voted Saturday for local representatives, on an almost violence-free election day aimed at creating provincial councils that more closely represent Iraqs ethnic, sectarian and tribal balance. By nightfall, there were no confirmed deaths, and children played soccer on closed-off streets in a generally joyous atmosphere.

UK Not Protecting IP 02/02/2009

The UKs Intellectual Property minister David Lammy has said the government will not force internet service providers to pursue file sharers. There had been mounting speculation about government legislation on the issue as the music industry steps up its fight against the pirates. Other countries, such as France, have supported tough action on file-sharers, who the industry claims cost them dear.

Software Industry Conference Call for Papers 02/01/2009

If you are interested in speaking at the Software Industry Conference, please submit an abstract. The details of speaking requirements can be found in the following paper. The Software Industry Conference is scheduled July 16-18, 2009 in  Boston, Massachusetts at the Boston Marriott Quincy.

DOD Security Problems 01/31/2009

Last year, the Department of Defense suffered an estimated 80,000 network attacks. On government networks alone, a new software vulnerability is exploited every 82 minutes. Meanwhile, attacks on US federal agencies computer systems are increasing at alarming rates. Furthermore, utilities are being hit by an estimated 500 to 1000 attacks from hackers and malicious code every year. The financial and economic impact of a one day cyber sabotage effort that disrupts US credit and debit card transactions is estimated at being about $35 billion USD. For 2009, the national cyber budget will exceed $6 billion USD.

Apple Security Update 01/30/2009

Apple has issued a critical security update for QuickTime media player, aimed at resolving vulnerabilities that could potentially allow a malicious attacker to take control of a persons computer, according to an Apple advisory released this week. People running QuickTime 7 for Windows and for Mac OS X, are affected, as well as those who are using Mac OS X 10.4 or Mac OS X 10.5, according to Apple. Apple is advising people to update to QuickTime 7.6 for Windows, QuickTime 7.6 for Leopard, or QuickTime 7.6 for Tiger.

Current Blog

2009 Securty Blog Archive
February Archive
January Archive

2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive