|
 |
 Topic: SecurityThe new items published under this topic are as follows.
|
|
|
|
SAN DIEGO (AP) -- The creator and several buyers of a computer program designed to allow jealous lovers to snoop on their sweethearts' online activities have been indicted for allegedly violating federal computer privacy laws.
Carlos Enrique Perez-Melara, 25, was indicted Friday on 35 counts of manufacturing, sending and advertising a surreptitious interception device and unauthorized access to protected computers.
The Loverspy program, disguised as an electronic greeting card showing images of puppies and flowers, was sent as an e-mail. When it was executed, it would begin recording victims' e-mail messages and the Web sites they visited, prosecutors said. The information would be transmitted to computers operated by Perez-Melara and relayed to customers, authorities said.
|
|
|
|
|
|
|
|
|
Investor's Business Daily (08/19/05) P. A4; Tsuruoka, Doug
Mark Rasch, chief security counsel for Solutionary, Inc. and former head of the Justice Department's computer crime unit, reports that foreign governments and terrorist organizations such as al-Qaida are attempting to hire Internet hackers to break into commercial and federal computer networks, with an eye toward sabotage or information theft. He says a massive assault against our cyberinfrastructure would disrupt services but not inspire terror; much more effective would be a combination cyberattack and physical attack, which would spread fear as well as hinder response strategies. Rasch says al-Qaida has formulated plans to attack U.S. networks controlling the supervisory control and data acquisition (SCADA) systems underlying the country's utility infrastructure. Terrorists can contact hackers in a variety of ways, including through Internet relay chat channels, anonymous outsourcing, and anonymous remailers that hide the original source of messages. Rasch suggests a number of precautions to defend against cyberterror attacks, such as the installation of disaster recovery and business continuation technology and redundant systems. So that people can understand and identify attack precursors, he recommends an exchange of information. Rasch also suggests improving information sharing networks following an attack.
|
|
| (177 Reads) |
  |
|
|
|
|
|
|
A flood of malware-based attacks against U.S. media companies and other corporations this week has prompted security analysts to warn that the window between the disclosure of vulnerabilities and their exploitation by hackers is shrinking. "These guys have gotten a lot faster...they are doing it faster than managers can keep up with," stated F-Secure virus researcher Eno Carrera. Analysts said the interim between advisories of flaws in Microsoft's Windows operating system and the release of exploitative viruses was several weeks or months a few years ago. However, hackers authored and released exploits of three Windows security vulnerabilities mere days after Microsoft notified users of their existence last week. The malware caused thousands of vulnerable machines to restart repeatedly, and potentially exposed computers to hackers who could hijack a system as a launch-pad for future virus attacks and steal personal data while the user is unaware. Also troubling is the fact that virus writers often release malicious code faster than computer system safeguards can be updated. Hackers have additionally started exploiting instant messaging's popularity among office workers as a vehicle for delivering viruses.
Click Here to View Full Article
|
|
| (174 Reads) |
|
|
|
|
|
|
|
ABC News (08/17/05); James, Michael S.
The attack earlier this week that slowed systems at The New York Times, The Associated Press, and other media outlets may have been an example of battling worms competing for control of major computer networks. The culprit was identified as different strains of the Zotob worm, which targets computers running Windows 2000, though if unprotected, Windows 2003 and XP are also vulnerable. In the latest attacks, the hackers were attempting to seize control of the computers to create botnets, and posted death threats aimed at antivirus companies. The pursuit of unlawful computer armies has led to a virtual turf war, where rival hackers delete each other's worms to clear the way for their own in an effort to build the largest botnet. The recent trend in hacking has been toward personal greed, as simply defacing a Web site or launching a denial of service attack no longer motivates hackers: "Destroying the Internet is not really useful if the Internet is the means to your financial goals," noted Art Manion of the U.S. CERT center at Carnegie Mellon. Botnet operators use the expropriated computers to send out torrents of spam or access personal information, though there is also an underground economy that pays to rent botnets for various purposes, most commonly to send out spam. The use of multiple third-party computers makes it difficult to track the originator of botnet spam. Cybertrust's David Kennedy believes poor laptop security may have facilitated the recent attacks, and cautions businesses to keep security patches updated, and use a special router to manage the connection between the notebook and the providing pipeline; he adds that users should power their notebooks down completely before connecting to the network.
Click Here to View Full Article
|
|
| (183 Reads) |
|
|
|
|
|
|
|
WASHINGTON (CNN) -- A computer worm shut down computer systems running the Windows 2000 operating system across the United States on Tuesday, hitting computers at CNN, ABC and The New York Times.
Around 5 p.m. computers began crashing at CNN facilities in New York and Atlanta. ABC said its problems began in New York about 1:30 p.m.
The Caterpillar Co. in Peoria, Illinois also was reportedly affected.
David Perry of Trend Micro said that the attack seems to have been triggered by a new worm, called worm--rbot.ebq. He said the symptoms -- computers repeatedly shutting down and rebooting -- was consistent with that virus.
Johannes Ullrich, director of the Sans Institute, a network security firm in Jacksonville, Florida, said the outage also may have been caused by the Zotob worm, which was released last weekend.
The complete story here
|
|
| (147 Reads) |
|
|
|
|
|
|
|
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS05-023
* MS05-032
|
|
|
|
|
|
|
|
|
Summary:
========
This advisory contains information about all security updates released this month. It is broken down by security bulletin severity.
Critical Security Bulletins
===========================
MS05-038 - Cumulative Security Update for Internet Explorer (896727)
MS05-039 - Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
MS05-043 - Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
Important Security Bulletins
============================
MS05-040 - Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
Moderate Security Bulletins
===========================
MS05-041 - Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
MS05-042 - Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
|
|
|
|
|
|
|
|
|
eWeek (08/03/05); Dyszel, Bill
Voice prints are quickly replacing typed passwords and PIN numbers for user-friendly and more effective user authentication, according to a recent panel at SpeechTEK 2005. However, Diaphonics CEO Andy Osburn explains that voice prints are suitable for only certain situations. The technology is beneficial for law enforcement agencies who need to provide field-based officers with quick access to data and also for banks who need to provide mobile workers with access to wire transfers. Sometimes, the technology's simplicity will sometimes lead users to fear the safety of their data and therefore decrease usage of the system, says Intervoice design specialist Jennifer Wilmer.
Click Here to View Full Article
|
|
| (166 Reads) |
|
|
|
|
|
|
|
IDG News Service (08/11/05); Gross, Grant
Speaking at the InfraGard National Conference on Aug. 10, Department of Homeland Security (DHS) Secretary Michael Chertoff urged businesses to devote more attention to cybersecurity, noting that the private sector needs more enticements to develop and/or enhance cybersecurity products; one such incentive would be to set up laws that protect businesses from product lawsuits. Chertoff said there is already sufficient motivation for private companies to fortify their infrastructures: "In today's threat environment, active security measures are critical to businesses themselves, because the cost of an attack will very, very greatly outweigh the cost of protection," he argued. The bulk of the U.S. critical infrastructure, as identified by the DHS, is computer-controlled, and private companies own most of that infrastructure. Chertoff said a "21st-century style of organization" where government agencies closely collaborate with private companies to secure national assets is needed. The DHS Secretary said his agency will study cybersecurity from all angles in the coming months as it recruits an assistant secretary for cybersecurity, and work to forge more private-sector alliances to shield cybersecurity. Furthermore, he promised that cybersecurity will be a key ingredient of a national infrastructure protection plan the DHS is devising. Chertoff's cybersecurity-oriented discussion at InfraGard stood out from past DHS initiatives, which have primarily concentrated on physical security. Microsoft's David Aucsmith made another InfraGard presentation in which he advised the IT industry to conduct more "threat-based" software development, as traditional bug testing does not account for hackers discovering unintended uses of software that lie at the heart of most security problems.
Click Here to View Full Article
|
|
| (169 Reads) |
|
|
|
|
|
|
|
Investor's Business Daily (08/09/05) P. A4; Howell, Donna
Internet and computer security continues to face heavy criticism four years after Sept. 11, with industry organizations and the Government Accountability Office (GAO) urging the allocation of more federal resources to tech security. A CSO magazine poll of 389 security professionals finds that roughly 59 percent of respondents doubt the government can secure the U.S. information infrastructure, while 45 percent expect hackers or terrorists to launch the digital equivalent of a Pearl Harbor-style attack against the nation's critical infrastructure. The GAO has issued several studies finding fault with federal cybersecurity efforts, and Ron Ross with the National Institute of Standards and Technology says his organization has been developing a set of standards and guidelines designed to help agencies construct improved information systems and safeguards. "There's no long-term vision for what we ought to be doing in cybersecurity research and development," notes Cyber Security Industry Alliance (CSIA) executive director Paul Kurtz. "In the long term, we need to think about our information systems constantly being under attack...And the need to transfer over to other systems." In July, CSIA recommended the development of a 10-year federal plan to enhance the security, reliability, and resiliency of information technology, as well as additional funding for the issue. A recent restructuring of the Homeland Security Department resulted in the creation of an assistant secretary for cybersecurity and telecommunications; both CSIA and the ITAA praised this maneuver, though ITAA President Harris Miller still laments that some federal IT agencies' budgets remain flat. Unisys' Greg Baroni points to increased security audits encouraged by security guidelines mandated by the Federal Information Security Management Act, which will soon obtain a "compliance component."
|
|
| (170 Reads) |
|
|
|
|
