This section is devoted to featuring late-breaking cyber security news stories.
June 30, 2008 - William Jackson
NIST Revises IT Security Guides
The National Institute of Standards and Technology has released final revisions to three of its 800 series of special publications on information technology security.
NIST calls SP 800-79-1, titled “Guidelines for the Accreditation of Personal Identity Verification Card Issuers,” a substantial improvement over the original version.
June 30, 2008 - Clement James
Antivirus Tools "Pave Way" for Malware
German IT consultancy N.runs has warned that antivirus products can actually open the door to attackers, enabling them to penetrate company networks and load destructive code.
Security specialists from the company claim to have discovered approximately 800 vulnerabilities in antivirus products during the past few months.
June 26, 2008 - Neon Kelly, Computing UK
Lloyd's Faces Up to Threat of E-Crime
The growing trend of organised gangs turning to e-crime has been confirmed by Lloyd’s of London, whose networks have been bombarded by structured and competent attacks.
Over the past 12 months the world’s largest insurance market has found that attacks on its systems have become more professional.
June 25, 2008 - Robert Westervelt
Microsoft Tools Won't Be Quick Fix for SQL Injection Attacks
Attackers will continue to find websites vulnerable to SQL injection vulnerabilities despite Microsoft's recent advisory identifying tools to help companies check if their websites are vulnerable and coding is secure.
June 25, 2008 - Antone Gonsalves
Another Security Threat Aimed at Macs Found on the Web
Another Trojan targeting the Mac has been found on the Web, as the number of malicious applications increases with the growing popularity of Apple computers.
Security vendor Intego discovered the latest malware masquerading as a program for Mac OS X called "PokerGame." The application is a script wrapped in an executable bundle that's distributed by e-mail as a Zip file.
June 24, 2008 - Craig Whitlock
Al-Qaeda's Growing Online Offensive
Early this year, a religious radical calling himself Abu Hamza had a question for the deputy leader of al-Qaeda regarding the Egyptian secret police. "Are they committing unbelief?" he tapped on his keyboard. "And is it permissible to kill them?"
A few weeks later, an answer came from a man with a $25 million bounty on his head, Ayman al-Zawahiri. Killing the police is justified, Zawahiri replied, because they are "infidels, each and every one of them."
June 24, 2008 - Kevin Poulsen
Stakeouts, Lucky Breaks Snare Six More in Citibank ATM Heist
Citibank officials monitoring their network for fraud on Thursday, May 8, noticed suspicious ATM transactions at 8:30 p.m., coming through the five cash machines in the vestibule of a Citibank branch at 65th Street and Madison Avenue in New York City's Upper East Side.
As luck would have it, a bank employee -- probably a corporate security official -- was already staking out the branch from across the street.
June 24, 2008 - Matthew Broersma
Ruby Creators Warn of Serious Flaws
The Ruby programming language, which has become popular as the basis for web 2.0 sites such as Twitter, contains serious security flaws that could allow attackers to take over an organisation's web server, according to the Ruby development team.
June 24, 2008 - Negar Salek
Does Cyber-Terrorism Exist?
Global security experts gathered in Malaysia last month to help ramp up the world’s defenses against cyber-terrorism
Dubbed by organisers as ‘the largest ministerial-level gathering ever organised about cyber-terrorism’, the World Cyber Security Summit (WCSS), was recenlty held in Malaysia.
June 24, 2008 - Cindy George
Fired Houston Organ Bank Worker Accused of Hacking Into System
The fired technology director of a Houston organ donation company has been accused of hacking into its computer system and deleting records.
A federal indictment alleges that over two days in November 2005, Danielle Duann illegally accessed and damaged LifeGift Organ Donation Center's database.
June 21, 2008 - Howard Fischer, Capitol Media Services
Universities Urged to Tighten Computer Security
PHOENIX — The computer systems at all three state universities are vulnerable to online attacks and hacking, the state Auditor General's Office has concluded.
In a report released Friday, Auditor General Debbie Davenport said her staff was able to access sensitive information in university computers by exploiting weaknesses in their security systems.
June 20, 2008 - Chuck Biedka
Computer with Software Stolen from RIDC Park Company
Police are investigating the theft from an RIDC Park company of a computer that contained software used to manage water and power plants.
An Emerson Process Management spokeswoman said the information is proprietary but it wouldn't help terrorists seeking to disrupt systems.
June 19, 2008 - China Daily
Four Admit Hacking Games Websites
Four employees of a Shanghai-based Internet security company appeared before a Beijing court on Tuesday accused of attacking the website of an online games operator.
At the hearing at Haidian district court, Luo Chun, general manager of the Shanghai Share Security Network Technology Co Ltd, and three of his employees, were said to have launched attacks on several online games operators in Beijing.
June 18, 2008 - Kevin Poulsen
Citibank Hack Blamed for Alleged ATM Crime Spree
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say.
June 17, 2008 - Elinor Mills
Internet-Connected Coffee Maker Has Security Holes
An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.
Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the Internet Connection software that links his Jura F90 coffee maker to his PC.
June 17, 2008 - Ola Al-Madhoun
Islamic Jihad's Cyber-War Brigades
GAZA CITY - The Palestinian Islamist movement, Islamic Jihad, has added a cyber-war division to its armed Al-Quds Brigades.
It was a response to years of attacks by Israeli hackers, and according to the Brigades spokesman, Abu Hamza, it equals the playing field in cyber-space.
June 17, 2008 - Owen Gibson, media correspondent
Dacre Promises New Look at Rules on Hacking by Journalists
The editor of the Daily Mail, Paul Dacre, has promised to re-examine the rules that prevent journalists hacking into computers to obtain personal information, to clarify and possibly tighten them, after becoming chairman of the body responsible for the editors' code that governs newspapers and magazines.
June 17, 2008 - By Zhang Yong, Shen Xing
Regulators Hack-Proof Chinese Funds
Site-wide blackouts, network intrusions, viruses, and other security breaches... it's been a busy several weeks for many Chinese fund companies who have had to demonstrate their resilience to these and other digital threats.
June 16, 2008 - Larry Seitzer
Guy Gets Fired and Ruined for Having a Virus on His Notebook
A report in the Boston Herald describes the sad story of Michael Fiola, a former investigator with the Massachusetts Department of Industrial Accidents. To make a long story short, Fiola's state-issued notebook computer became infected with malware, and subsequently overloaded with pornography, including child pornography. IT staff noticed, Fiola was fired and the matter turned over to the Massachusetts State Police who filed a criminal complaint. According to Fiola, his friends all ran.
June 16, 2008 - Parth Shastri, TNN
Big Bucks Drew Kid Hacker into Cyber Crime
AHMEDABAD: His face is cherubic and his mannerisms childish. But, when he talks to police officials, they find it hard to catch up with this whiz-kid. Ajay (16) is a perfect example of what parents should watch out for when they encourage their children to use computers.
June 15, 2008 - Simon Evans and Margareta Pagano
Exclusive: New Batch of Terror Files Left on Train
Secret government documents detailing the UK's policies towards fighting global terrorist funding, drugs trafficking and money laundering have been found on a London-bound train and handed to 'The Independent on Sunday'.
The government papers, left on a train destined for Waterloo station, on Wednesday, contain criticism of countries such as Iran that are signed up to the global Financial Action Task Force (FATF), an inter-governmental body created to combat financial crime and the financing of terrorism.
June 12, 2008 - Dan Goodin, San Francisco
SCADA Security Bug Exposes World's Critical Infrastructure
Gasoline refineries, manufacturing plants and other industrial facilities that rely on computerized control systems could be vulnerable to a security flaw in a popular piece of software that in some cases allows attackers to remotely take control of critical operations and equipment.
The vulnerability resides in CitectSCADA, a software product used to manage industrial control mechanisms known as SCADA, or Supervisory Control And Data Acquisition, systems. As a result, companies in the aerospace, food, manufacturing and petroleum industries that rely on Citect's SCADA products may be exposing critical operations to outsiders or disgruntled employees, according to Core Security, which discovered the bug.
June 12, 2008 - Thomas Claburn
Network Engineer Gets Five Years for Destroying Former Employer's Data
A San Diego network engineer, Jon Paul Oson, was sentenced to more than five years in prison this week for intentionally damaging computers at his former workplace.
The sentence issued Monday is one of the longest imposed to date in the United States for computer hacking, according to the Office of the U.S. Attorney in San Diego.
June 12, 2008 - Ambrose McNevin
UK Hacker Extradition Appeal Reaches Law Lords
The fate of UK hacker Gary McKinnon will be considered next week when he appears before the House of Lords on Monday (16 June).
In a case going back to 2002, McKinnon is appealing against his extradition to the US under hacking charges.
June 12, 2008 - David Kravets
Judge Weighing Ameritrade Hack Lawsuit Settlement - Update
A federal judge on Thursday put off approving a proposed settlement of a class-action representing as many as 6.3 million TD Ameritrade customers whose data was breached when hackers stole personal identifying customer information.
Among the reasons: The lead plaintiff, who signed the deal, opposed it in open court Thursday and said his lawyers coerced him into accepting the accord.
June 11, 2008 - Robert McMillan, IDG News Service
Obama Campaign Hopes for Better Web Security
Two months after their Web site was hacked, the organizers of Barack Obama's presidential campaign are looking for a network security expert to help lock down their Web site.
"Obama for America is looking for a network security expert who wants to play a key role in a historic political campaign," reads the ad, posted to the Barackobama.com Web site.
June 11, 2008 - Representative Frank R. Wolf
Wolf Reveals House Computers Compromised by Outside Source
Washington, D.C. -- Rep. Frank Wolf (R-10th) today will introduce a privileged resolution on the House floor calling for greater protection of congressional computer and information systems and will offer the following statement revealing that several computers in his Washington office have been compromised by an outside source:
"Madam Speaker, in August 2006, four of the computers in my personal office were compromised by an outside source. This source first hacked into the computer of my foreign policy and human rights staff person, then the computers of my chief of staff, my legislative director, and my judiciary staff person. On these computers was information about all of the casework I have done on behalf of political dissidents and human rights activists around the world. That kind of information, as well as everything else on my office computers - e-mails, memos, correspondence and district casework - was open for outside eyes to see.
June 11, 2008 - Dan Goodin, San Francisco
Congressmen Say Chinese Hacked Their PCs
Lawmakes are urging everyone on Capitol Hill to have their computers checked for malware after discovering that people working from inside China hacked into multiple congressional machines and accessed locations of Chinese dissidents and other sensitive data.
Virginia Representative Frank Wolf said four of his PCs were compromised, beginning in August 2006. New Jersey Representative Chris Smith, said two of his machines were hacked in December 2006 and March 2007. Both congressmen, who are long-time critics of China's record on human rights, said the PCs of other lawmakers had also been breached but declined to give names.
June 11, 2008 - Chad Pergram, Fox News and Associated Press contributed to this report.
Rep. Wolf: China Hacked Congressional Computers
WASHINGTON — Four of Rep. Frank Wolf's staff computers were hacked and the Virginia Republican is blaming sources working out of China.
Wolf was bringing up a resolution on the House floor on Wednesday to let his colleagues know about the dangers of computers being open to Chinese infiltration. He was joined at a press conference by Rep. Chris Smith, R-N.J., who also says two of his computers were compromised.
June 10, 2008 - Chris Strohm, CongressDaily
Appropriator Lists Grants, Cybersecurity Among Priorities
A key House Democrat Tuesday said appropriators will give priority to first responder grant programs, all-hazards preparedness and cybersecurity when they mark up the fiscal 2009 Homeland Security Appropriations bill Wednesday.
June 5, 2008 - John Leyden, Channel Register
Breach Disclosure Laws Hhave "No Effect" on Identity Theft
Widespread information security breach laws in the US have failed to do much to reduce identity theft. The finding, by researchers at Carnegie Mellon University, comes as calls are growing in Europe to enact laws that would oblige organisations to notify customers in cases where their personal details become exposed.
June 5, 2008 - Brian Krebs, washingtonpost.com
Cyber Incident Blamed for Nuclear Power Plant Shutdown
A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.
The incident occurred on March 7 at Unit 2 of the Hatch nuclear power plant near Baxley, Georgia. The trouble started after an engineer from Southern Company, which manages the technology operations for the plant, installed a software update on a computer operating on the plant's business network.
June 5, 2008 - David Dizon, abs-cbnNews.com
RP Computer Hackers Turning Into Syndicates
Authorities have been monitoring certain e-groups or "societies" that could be behind big, transnational cyber crimes, and these suspects could be your tech-savvy neighbors or seatmates at an Internet café.
Online identity thieves, who used to prefer working alone, have in recent years begun organizing as criminal syndicates, usually in connivance with foreign hacker groups, according to Alex Ramos, a computer forensics specialist of the Philippine National Police.
June 4, 2008 - Posted by Dancho Danchev, ZDNet
Privacy Flaw Exposes Paris Hilton, Lindsay Lohan's Private MySpace Photos
The recently introduced data availability initiative at MySpace allowing everyone to share their profile data with otherParis Hilton and Lindsay Lohan’s private MySpace photos community and social networking sites across the Web, has just suffered its first major privacy flaw exposing the private photos of Paris Hilton and Lindsay Lohan, prompting Yahoo and MySpace to disable the data availability between the services until they fix the flaw.
June 4, 2008 - Steven Schwankert, IDG News Service
Hong Kong Named "Most Dangerous" Net Domain
Hong Kong's ".hk" is now the world's most dangerous domain for surfing and searching, according to a report released Wednesday by security company McAfee.
The Hong Kong Special Administrative Region (SAR) moved from number 28 in 2007 to the top of the company's "Mapping the Mal Web" survey, edging out its northern neighbour China's ".cn," which placed second. Finland's ".fi" was the safest, followed by Japan's ".jp."
June 3, 2008 - Tim Wilson, Dark Reading
Army Hospital Breach May Be Result of P2P Leak
Peer-to-peer (P2P) applications may have been the culprit in a security breach that has exposed the personal information of more than 1,000 patients at Walter Reed Hospital, according to early reports.
Names, Social Security numbers, birth dates, and other information was exposed through a single computer file, hospital officials said Monday.
June 2, 2008 - Kevin Coleman, DefenseTech.org
Hezbollah's Cyber Warfare Program
Last week, Homeland Security Secretary Michael Chertoff warned that the Hezbollah resistance movement is the greatest threat to US national security. Hezbollah is known or suspected to have been involved in numerous terror attacks against the U.S., Israel or other Western targets, and includes the 1983 suicide truck bombings in Beirut that killed 241 U.S. Marines at their barracks and 58 at the French military barracks. Intelligence officials in the U.S. and Britain believe Hezbollah cells may use their computer expertise and capabilities to launch cyber attacks.
June 2, 2008 - Ryan Singel, Wired Blog Network
Hacker Hijacks Website of Hacking Tool Maker
Being one of the baddest security researchers on the net can't be an easy job.
Take H D Moore, the creator of Metasploit Framework -- a widely-used open-source tool which hackers and developers alike use to find vulnerabilities in remote servers. Monday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider.
