This section is devoted to featuring late-breaking cyber security news stories.
C Y B E R I S E C U R I T Y I N E W S
Late-breaking cyber security news stories:
See also: Articles and White Papers
Sept. 30, 2008
The USA's National Cybersecurity Initiative
Recent years have seen cyber-security rise as a defense industry and national security issue. The frequency of cracking attempts against security-related systems from Chinese sources has grown to the point where it is being acknowledged in the Pentagon’s annual “Military Power of the People’s Republic of China” publications. Estonia found itself the subject of politically motivated cyberattacks from Russia in May 2007. In 2008, cyber-assaults on Georgia operated in tandem with a buildup of Russian troops within Georgian territory, prior to the recent invasion.
Governments respond slowly, but responses are now beginning to get underway.
Related Stories:
FCW.com:
Unlocking the National Cybersecurity Initiative
Defense Industry Daily: China's Official Military Budget to Grow by 17.6% in 2008
WindsOfChange.net: China's Stresses, Goals, Military Buildups...and Futures
Information Week: Under Cyberattack, Georgia Finds "Bullet-Proof" Hosting With Google and Elsewhere
Oct. 10, 2008 - Express News Service
Two Reasons To Worry About City's WiFi Connections
Pune, India – The recent hacking of Wi-Fi connections by terrorists has underscored the difficulty in securing such networks. “Unlike bomb blasts carried out by terrorists, hacking is a hidden and difficult-to-trace activity. Tampering into others’ computer systems does not leave any tangible trace,” said Sudam Choure, chief coordinator of Pune police’s cyber committee.
“There is nothing like ‘ethical hacking’. People with a criminal intent can easily get trained in ‘ethical hacking’ and use their knowledge for criminal activities,” Choure said.
Oct. 8, 2008 - Jabulani Leffall
Jury Is Out On Virtualization Security
Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.
Virtualization security appeared to be a doubtful matter for nearly half of respondents in a survey released on Monday by San Francisco-based network security firm nCircle Inc.
Oct. 8, 2008 - A. Ahmed Ali, TNN
Foreigners Gave Hacking Lessons, Says Peerbhoy
The Mumbai crime branch, which is investigating the hacking of Internet Protocol (IP) addresses by suspected IM terrorists, have now got the names of at least three other persons besides Mohammed Mansoor Asgar Peerbhoy, a principal software engineer with Yahoo.
Sources in the Intelligence Bureau (IB), who were the first to interrogate Peerbhoy, said the lecture on hacking which they had attended in Hyderabad had been held in the second week of May 2007.
Oct. 8, 2008 - Robert McMillan
Accused Palin Hacker Has a History of Intrusion
The college student charged with illegally accessing Alaska Governor Sarah Palin's e-mail has been accused of computer intrusion before, although last time he faced only an afternoon detention.
David Kernell allegedly broke into a school server about eight years ago while studying at Eastern Hills Middle School in Harker Heights, Texas, one of his former teachers said Wednesday.
(Click here to read news.) (Related Story)
Oct. 8, 2008 - Kelly Jackson Higgins
Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks
Heightened concern over the growing financial crisis is making banks more vulnerable to targeted social engineering and spear-phishing attacks, researchers said this week.
Penetration testers who work with bank clients say the fragile state of the banking community is making it easier for them to dupe understandably anxious bank employees. Bank employees are overly eager or easily coerced into cooperating with “auditors,” or into clicking on links purportedly from the bank about its own financial welfare.
Oct. 7, 2008 - Ofri Ilani
Israeli Hacker Said Behind Global Ring That Stole Millions
The United States will ask Canada to extradite Israeli computer hacker Ehud Tenenbaum, better known as the "Analyzer," so that he can be indicted as one of the masterminds of a worldwide ring of hackers that allegedly stole millions of dollars.
Prosecutors say that the ring hacked into financial institutions in Russia, Turkey, Holland, Sweden, Germany and other countries.Ten years ago, Tenenbaum became famous for having hacked into the Pentagon's computers.
Oct. 4, 2008 - SGGP
Shortage Of Security Experts Leaves Hackers Ruling the Roost
Viet Nam faces a huge shortage of network security experts even as a string of hacking incidents has shown that computer security in the country is seriously flawed.
Vo Do Thang, training manager at a center for network administration and network security, said while there are thousands of banks and brokerages, the number of experienced network security experts remains small.
Oct. 3, 2008 - Elinor Mills
Hack and Tell: Teen Hacker Mafiaboy Writes Memoir
Michael Calce, aka "Mafiaboy," has written a memoir about how he temporarily shut down a handful of major Web sites and led the FBI and Royal Canadian Mounted Police on a manhunt when he was 15.
Due out next week, "Mafiaboy: How I Cracked the Internet and Why It's Still Broken," is a tell-all book and "cautionary tale" about how the teen (now 23) learned to hack from other "online rebels," according to The National Post.
Oct. 3, 2008 - The Canadian Press
Slick Hackers Wormed Their Way Into Alberta's Computers, Report Says
Weak computer security across the Alberta government allowed sophisticated hackers to worm their way into the system, Auditor-General Fred Dunn reported yesterday.
Mr. Dunn says the hackers, possibly criminals from Asia or Eastern Europe, left signs that they had been inside Alberta's computer network.
Oct. 3, 2008 - Tim Wilson
Targeted Attacks, DNS Issues Hit Home in New CSI Report
Enterprises are beginning to feel the heat from two emerging classes of exploits that have emerged over the past year: targeted attacks and DNS vulnerabilities, according to a new study scheduled to be released next week.
The Computer Security Institute is preparing to release its 13th annual Computer Crime and Security Survey, which outlines the attitudes and experiences of more than 500 enterprise security professionals over the course of the last year. The full CSI report will be revealed in a webcast to be held on Oct. 8.
Oct. 3, 2008 - Job Jackson
Beware of Hotel Internet Connections
Jetsetting federal workers should be careful about how they use the Internet connections supplied by hotels, as most are not secured properly, according to a new study from the Cornell University School of Hotel Administration.
"Hotels in the U.S. are generally ill-prepared to protect their guests from network security issues," concluded the study, titled "Hotel Network Security: A Study of Computer Networks in U.S. Hotels."
Oct. 3, 2008 - John E. Dunn
Encrypted Image Backups Open To New Attack
Bitmaps stored inside encrypted backup files could be vulnerable to a sophisticated ‘comparison' attack, a German security researcher has discovered.
In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data 'leaks'.
Oct. 3, 2008 - Gregg Keizer
Researcher Finds Evidence of Massive Site Compromise
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
Oct. 2, 2008 - Brian Grow, Chi-Chu Tschang, Cliff Edwards and Brian Burnsed
Dangerous Fakes - How Counterfeit, Defective Computer Components From China Are Getting Into U.S. Warplanes and Ships
The American military faces a growing threat of potentially fatal equipment failure—and even foreign espionage—because of counterfeit computer components used in warplanes, ships, and communication networks. Fake microchips flow from unruly bazaars in rural China to dubious kitchen-table brokers in the U.S. and into complex weapons. Senior Pentagon officials publicly play down the danger, but government documents, as well as interviews with insiders, suggest possible connections between phony parts and breakdowns.
Oct. 2, 2008 - Elinor Mills
All the News That's Fit To Exploit – Google Trends
Caution: Web sites about the Tampa Bay Rays baseball team and the U.S. vice presidential debate may cause serious harm to your computer.
Cybercriminals who want to steal data and take control of computers are doing so by luring victims to sites with hidden malware. But how do they attract unsuspecting victims?
The answer: Google Trends.
(Click here to read news.) (Related story below)
Oct. 2, 2008 - Dancho Danchev
Cybercriminals Syndicating Google Trends Keywords to Serve Malware
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
Oct. 2, 2008 - Jeremy Kirk, IDG News Service
Gaping Security Hole Found in RFID Chips
Data on radio chips can be cloned and modified without detection, according to a security researcher, raising question marks over the use of so-called e-passports that use RFID chips.
Upwards of 50 countries are rolling out passports with embedded RFID (radio frequency identification) chips containing biometric and personal data. The move is intended to cut down on fraudulent passports and strengthen border screenings, but security experts say the systems have several weaknesses.
Oct. 2, 2008 - Brian Krebs
October Is Cyber Security (Un)Awareness Month
October is Cyber Security Awareness Month, and it seems many people are in need of some serious awareness-raising on this front. A recent survey indicates that while more than 80 percent of computer users thought they had firewall software installed, follow-up inspections found that only half of those users actually had the software installed or running on their PCs.
The data comes from a poll of 3,000 Americans conducted by Zogby International, with security vendor Symantec conducting follow-up manual computer scans on computers belonging to 400 of those surveyed.
Oct. 1, 2008 - Dan Goodin
DoS Attack Reveals (Yet Another) Crack in Net's Core
Security experts say they have discovered a flaw in a core internet protocol that can be exploited to disrupt just about any device with a broadband connection, a finding that could have profound consequences for millions of people who depend on websites, mail servers, and network infrastructure.
The bug in the transmission control protocol (TCP) affords attackers a wealth of new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points on the internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and has the ability to paralyze a server or router even after the flood of malicious data has stopped.
Oct. 1, 2008 - Dave Hodges
Tallahassee Ranks Well in Computer Security
Tallahassee's rank at the bottom of the 100 U.S. cities with the most computer security threats and virus threats means the community is the safest of those analyzed, but experts say that is no reason to relax security.
Advertisement
Software company PCTools officially released Tuesday a list of the most targeted cities from members of its Threatfire community, made up of about 450,000 users of that security software in the United States.
Oct. 1, 2008 - Brian McCartan
Myanmar On the Cyber Offensive
MAE SOT, Thailand - The distributed denial of service attacks, or DDoS, that hit and disabled several exile media websites between September 17 to 19, are widely held to be the latest attempt by Myanmar's military regime to silence its legion of critics.
The cyber-attacks, which flood a website with information requests which block regular traffic and eventually overload and crash it, coincided with the run-up to last year's "Saffron" revolution, in which soldiers opened fire and killed Buddhist monks and anti-government demonstrators.
