Internet mistake reveals UK nuclear submarine secrets




'....The Ministry of Defence has admitted that secret information about the UK's nuclear powered submarines was made available on the internet by mistake.

A technical error meant blacked-out parts of an online MoD report could be read by pasting into another document. Details were reported to include expert opinion on how well the fleet could cope with a catastrophic accident. The MoD said a secure version had now been published and it was working to stop such an incident happening again.....'





ENISA issues final report & video clip on 'Cyber Europe

the 1st pan- European cyber security exercise



'....The European Union's cyber security agency, ENISA has issued the final report on the first Pan-European cyber security exercise for public bodies, 'Cyber Europe 2010'. The report underlines a need for....'





Combating Robot Networks and Their Controllers




'....This report is written as a comprehensive reference 'how to' Combat Robot Networks and Advanced Persistent Threats on a national scale. It should serve as an excellent resource to anyone involved in cyber security and high-tech crime. It is of particular relevancy for police, intelligence & threat analysts, security architects, and policy makers.....'





Iran accuses Siemens over Stuxnet virus attack




'....An Iranian military commander has accused German engineering company Siemens (SIEGn.DE) of helping the United States and Israel launch a cyber attack on its nuclear facilities, Kayhan daily reported on Sunday......'




Anonymous hacker claims he broke into wind turbine systems

Robert McMillan



'....Claiming revenge for an "illegitimate firing," someone has posted screenshots and other data, apparently showing that he was able to break a 200 megawat wind turbine system owned by......'




Congress Demanding Epsilon Release More Details About Data Breach

Fahmida Y. Rashid



'....Each day, a new company is added to the list of clients affected by the massive data breach at email marketing provider Epsilon. Now, several U.S. senators and House representatives are demanding more details about the magnitude of the breach......'


Chase Bank Phish Emails May Be First Post-Epsilon Scam

Fahmida Y. Rashid



'....The first post-Epsilon phishing emails have been spotted. In this case, cyber-crooks are targeting bank customers with a phony warning and a malicious link.

An email purporting to be from Chase Bank that tells users that their account will be deleted unless prompt action is taken is currently making the rounds, the Better Business Bureau warned on April 6. Users are encouraged to click on the link provided to get to the "profile page" to update their information.

"Although the email sounds urgent since it appears to be from your bank, do not click on the link and input your bank account number or Social Security number," BBB president Tom Bartholomy said in a statement......'


US Needs Cyber-Emergency Response, Lawmaker Says

Grant Gross



'....The U.S. needs a cybersecurity emergency response capability to help businesses under major attacks, a U.S. senator said Monday.

"Who do you call if your CIO is overwhelmed, if you're a local bank or utility?" Senator Sheldon Whitehouse said during a forum on cybersecurity at the University of Rhode Island (URI). "How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?"

Whitehouse, a Rhode Island Democrat, didn't lay out details of a cybersecurity emergency response unit, but he said he hopes the U.S. Senate will pass a comprehensive cybersecurity bill this year......'


Computer stalking outstrips face-to-face harassment

Patrick Sawer



'....Cyberstalking is now more common than face-to-face harassment with many victims finding themselves pursued by complete strangers online......'


Epsilon breach used four-month-old attack

Brett Winterford,epsilon-breach-used-four-month-old-attack.aspx



'....A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal.

The world's largest email service provider, Epsilon, disclosed on April 1, 2011 that the data it manages on behalf of a subset of its 2500 global clients had been accessed by hackers the day prior.

Today iTnews can reveal that Epsilon has been aware of the vulnerability behind this attack for some months......'


Security firm learns limits of security tech

Jordan Robertson



'....Top-level data breaches often start at the bottom of the ladder. That's a lesson RSA, learned the hard way......'


Hyundai Capital admits to unprecedented information leak

Jung Hyuk-june



'....Hyundai Capital announced Friday that the personal information accessed through the hack consisted of name, email, and cell phone information for 420 thousand people, approximately 23 percent of all customers, and that it bore no direct connection with financial transactions. However, Vice President Hwang Yoo-no said Sunday that there was "a possibility that some secret information was hacked, including customer passwords and credit ratings," indicating that it appeared likely that passwords were leaked for around 13 thousand customers.......'


Securing IPv6

Earl Carter



'....In this post, we'll talk about some of the things to consider when securing IPv6 compared to IPv4. Before digging into this topic, however, it is important to remember that while IPv6 may have different security concerns than IPv4, it is not necessarily any more secure than IPv4. Furthermore, the post will focus on those aspects that are different or unique to IPv6, since many of the common best practices for IPv4 networks also apply to IPv6 networks......'


CPP loses Barclaycard business over FSA investigation




'....Shares in CPP plummeted yesterday after Barclaycard decided to stop using some of its services because of an FSA investigation......'


The $100 USB Stick Your Boss Can Use To Find Your Porn

Marc Weber Tobias



'....A new device, literally called the Porn Stick, from Paraben Corp., makes the task of identifying abusers much simpler. It will search for, identify, display, tag and even wipe images from a computer for a fraction of the cost and required expertise of the more sophisticated professional forensic programs. The software will even retrieve deleted images and Internet cache files. With the Porn Stick there is no software installed on the target machine, so there is no evidence of an intrusion and nothing is altered.

While the primary use for this device may be in business and government, parents, schools, churches, law enforcement and corrections will also find it a valuable tool because it requires no expertise and is inexpensive. It is fast: the system can search a 500 GB hard drive with more than 70,000 images in about an hour. Virtually all storage media can be analyzed, including DVDs, CDs and MicroSD cards; you are not limited only to hard drives......'


Sophisticated cyber thieves behind Epsilon attack

Associated Press



'....Epsilon, which sends out over 40 billion emails a year on behalf of 2,500 companies, has not identified the firms whose customers' names and email addresses were stolen but dozens of US companies have come forward.

They include Hilton and Marriott hotels, telecom giant Verizon, drugstore chain Walgreens, the Home Shopping Network and retailers Best Buy, Kroger, New York & Co. and Target. Among the banking and financial firms that have notified customers of the breach are Citigroup, JPMorgan Chase, Capital One, US Bank, Barclays Bank of Delaware and Ameriprise Financial.

Computer security experts said tens of millions of names and email addresses may have been stolen in what they said was one of the largest data thefts in US history......'


Tech firms appeal over France's "shocking" password law

Stewart Mitchell



'....A coalition of high-tech heavyweights – including Google, Microsoft, Facebook and Spotify – has gone to the courts to challenge the French government's recent hard line on data retention.

The move comes in the wake of a parliamentary decree issued last month that demands e-commerce sites, video platforms and online music services keep a record of the full personal details of all subscribers - including "the password and the information needed to verify or modify" an account......'


Cyber Criminals Adapt As Threat Landscape Changes




' we bring you images from the world of illegal online pharmacies. These organizations put lives at risk by offering prescription medications without a prescription, or worse, by sending fake medications that can cause great harm. Moreover, consumers' credit card numbers are sometimes stolen......'


First U.S.-Russian Report On Critical Cyber Terms

Karl Frederick Rauscher and Valery Yaschenko



"....EastWest Institute and the Information Security Institute released the first joint Russian-American report to define critical terms for cyber and information security..."


Iran says it has detected second cyber attack

Ramin Mostafavi



'....Iran has been targeted by a second computer virus in a "cyber war" waged by its enemies......'



Insecure Mail Server Offers Chinese Government Accounts To The Masses


Kaspersky Lab



'....A security researcher has issued a new warning to that country's CERT about insecure Web infrastructure, including an e-mail server that allows any Web user to create their own Chinese government mail account......'


US trains activists to evade security forces

Lachlan Carmichael



'....The United States is training thousands of cell phone and Internet pro-democracy campaigners worldwide to evade security forces in what it calls a "cat-and-mouse game" with authoritarian governments.The US government is sponsoring efforts to help activists in Arab and other countries gain access to technology that circumvents government firewalls, secures telephone text and voice messages, and prevents attacks on websites.......'



Israel mulls creation of elite counter-cyberterrorist unit

John Leyden



'....Israel is mulling the creation of a counter-cyberterrorism unit designed to safeguard both government agencies and core private sector firms......'


Is Hacker TV sitcom a true reflection of computer security industry?

Carole Theriault



'....Tonight, TV network FOX will be launching an ethical hacker comedy called 'Breaking In'. From everything I see online about it, it sounds like, FINALLY, we have a show that gives you .....'


Tracking the internal threats

Mark Ward



'....Its mere existence and the appearance of many copycat sites is starting to occupy the minds of those who oversee security in every large company.In most cases, he said, those secrets are just details of deals that are about to be signed, products under development or strategy changes. But also, he said, many firms have "dirty laundry" that would damage their reputation if it became public......'


Why, for a Class of Bribes, the Act of Giving a Bribe should be Treated as Legal

Kaushik Basu



'....This paper puts forward a new idea about the control of one kind of corruption, namely, bribery. Bribery is rampant in India. It is a scourge that deserves to be banished. Tackling this is a problem that has to be a joint effort of all wings of the government and also of all political parties and even civil society. While it is not possible for a single person or even a single ministry to cure this malaise, one can think of small steps which, taken together, can add up to something substantial.......'


Robbins v. Lower Merion School District



'....Robbins v. Lower Merion School District is a federal class action lawsuit, brought in February 2010 on behalf of students of two high schools in the Philadelphia, Pennsylvania suburbs.In October 2010, the school district agreed to pay $610,000 to settle the Robbins and parallel Hasan lawsuits against it........'


Pirated Android app uses shame as tool



'....First, pirated music and movies inspired lawsuits. Now, a smartphone app is teaching digital bootleggers a lesson with a high-tech version of a public shaming.......'


Porn Star HIV Test Database Leaked

Adrian Chen!5787392/porn-star-hiv-test-database-leaked



'....Members of Porn Wikileaks have made a sport of sorts out of violating porn performers' privacy, often to avenge some personal slight. Many entries in their massive porn star wiki contain not just performers' real names, but their addresses, family members' information, copies of state identification—even Google Maps pictures of their homes. So far, no test results have been posted, probably to avoid violating patient privacy laws......'


Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1

Mark Russinovich



'....Keep in mind that Stuxnet is an incredibly complex piece of malware. It propagates and communicates using multiple methods and performs different operations depending on the version of operating system infected and the software installed on the infected system. This look at Stuxnet just scratches the surface and is intended to show how with no special reverse engineering expertise, Sysinternals tools can reveal the system impact of a malware infection......'


The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns

Brett Stone-Gros; Thorsten Holzz; Gianluca Stringhini, and Giovanni Vigna



'....In this paper, we present a comprehensive analysis of a large-scale botnet from the botmaster's perspective, that highlights the intricacies involved in orchestrating spam campaigns such as the quality of email address lists, the effectiveness of IP-based blacklisting, and the reliability of bots. This is made possible by having access to a number of command-and-control servers used by the Pushdo/Cutwail botnet.......'


CA lures RSA customers with 1-for-1 swap

Suzanne Tindal



'....CA Technologies has announced that it's offering RSA SecurID customers a one-for-one swap: RSA SecurID tokens......'


Serbia: Gaddafi's Cyber Army Oppose Rebels and NATO

Sasa Milosevic



'....A Facebook page entitled "Support for Muammar al-Gaddafi from the people of Serbia" has become a show of support for the controversial Libyan leader, with over 62,500 members. Libyan opposition activists have also reported cyber attacks on opposition websites coming from Serbia.......'


RSA hack – a lesson in how not to handle a PR disaster!

Yvonne Eskenzi



'....From where I'm sitting,resellers, distributors, customers as well as bloggers, tweeters and journalists are running around speculating about what's happened and panicking about what to do – with no clear advice or guidance from RSA's internal or external experts. It's almost like they've battened down the hatches, stuck their heads under their duvets and hoped this whole nasty incident would shut-up and go away, so that they could start the week afresh as though nothing had happened......'


Detecting Certificate Authority compromises and web browser collusion



'....With these certificates, the attacker could impersonate the identities of the victim web sites or other related systems, probably undetectably for the majority of users on the internet......'


Does RSA SecurID have a US gov't-authorized back door?

Ellen Messmer



'...."RSA cut a deal with the government to provide a back door for surveillance work," say some industry analysts, who asked not to be identified. They say the trade-off let RSA export SecurID. RSA today would not confirm or deny this, indicating it was limiting its discussion of SecurID since last week's disclosure of a network breach where "certain information" about SecurID was stolen......'


Dozens of exploits released for popular SCADA programs

Dan Goodin



'....The vulnerability dump includes proof-of-concept code for at least 34 vulnerabilities in widely used SCADA programs sold by four different vendors. Auriemma said the majority of the bugs allow code execution, while others allow attackers to access sensitive data stored in configuration files and one makes it possible to disrupt equipment that uses the software......'


Moscow hacker who put porn on billboard gets jail term



'....Speaking to journalists before his sentence, Blinnikov said he had hacked into the billboard "just for something to do" and, when asked how he had managed to do it, replied: "It would take too long to explain." .....'


Hackers pwn EC on eve of Libya, nukes conference

Dan Raywood,hackers-pwn-ec-on-eve-of-libya-nukes-conference.aspx



'....An EC spokesman said its staff were warned that remote access to emails was cut. And they confirmed that pages from European Union websites, notably those from the European External Action Service that handled diplomatic relations for its 27 states around the world, were also down......'


How Barrett Brown Helped Overthrow Tunisia's Government

Tim Rogers



'....he's organizing a worldwide collective of hackers......'


Anti-Virus Vendor Accused of Installing Viruses Onto Mobile Phones

Ian Mansfield



'....It is also being claimed that the Netqin software removed any other anti-virus software the user may have running on their handset so that its actions would not be detected. China's three mobile network operators have already blocked sales of the NetQin software through their own App Stores, and it is reported that they have shut-down the company's ability to charge customers for software upgrades directly though their phone bill......'


Analysis: How and got hacked

Woody Leonhard



'....The sites were the victims of an as-yet-unidentified "blind" SQL injection technique -- the exact type of attack you'd think the devs and admins at MySQL would know how to protect against.Apparently, you'd be wrong......'


Hackers hit PM, senior ministers

Simon Benson



'....Government sources confirmed to The Daily Telegraph newspaper the spying occurred over more than a month, beginning in February.Four separate government sources confirmed that they had been told Chinese intelligence agencies were among a list of foreign hackers under suspicion......'