Cyberattack lifted Google password system code

'...When alleged Chinese hackers infiltrated Google's internal systems in December, they lifted source code for a password system that controls access to almost all of the company's web services, according to a report citing a person with direct knowledge of Google's investigation into the matter.

The New York Times [1] reports that the December attack nabbed code for the system that controls single-sign-on for millions of users across myriad Google services, including Gmail and the company's online business applications. Originally codenamed Gaia - a nod to the Greek godess of the earth - it is now known simply as Single Sign-On.

According to The Times, the attack began when an instant message was sent to a Google employee in China who was running Microsoft's Messenger client. When the employee clicked on a weblink in the IM, attackers gained access to the employee's PC, and from there, they tapped machines used by "a critical group of software developers" at the company's Mountain View headquarters. Eventually,
they also gained access to a software repository where source code for the Gaia system was stored....'

( Read More )

UK jobs site suffers hack attacks

"..Several job sites run by Trinity Mirror Group have suffered hack attacks, although the newspaper group does not believe any CVs were copied or accessed. and both suffered hack attacks on 19 May. Blog posts described a "concerted and sophisticated attempt to hack into user accounts".

( Read More )

Researcher shows how to strike back at web assailants

'....It has long been known that some of the exploit kits are themselves susceptible to attacks, and on Thursday Laurent Oudot, CEO of French security consultancy Tehtri-Security, detailed 13 bugs that can be exploited to turn the tables on the criminals running the software. They make it possible for law enforcement agents and other investigators of online attacks to destroy command and control servers, identify the miscreants, and in some cases even launch client-side attacks against the intruders....'

( Read More )

Cabinet Office Structural Reform Plan

'....  ICT Strategy (1/2) Reduce the cost structure of information and communications technology in central government, while supporting technologies which increase citizen involvement, transparency and localisation...'

( Read More )

10 US cities most at risk from cybercrime

"..They have named and shamed the US cities that they believe are most at risk from hackers and that are the worst for cyber-crime. With hackers updating their methods every time users update their online security settings, more and more people are becoming victims of identity theft and online theft and as such, this should be a wake up call for those Americans that take their online security lightly.."

( Read More )

Always practice safe software: a lesson from UnrealIRCd

"..It seems that the Unreal has been trojaned since last November on at least some of its official mirror sites.  The backdoor is very simple and allows anyone to run arbitrary system commands pre-auth.  I've already seen one group hit by this.

Interestingly, the Unreal team had apparently stopped GPG/PGP signing releases because they didn't think it was worth the trouble given how few people were verifying the signatures.  Oops!  They are now planning to re-implement that feature.."

( Read More )

Social networking popular among boomers

"..NEW YORK, June 11 — Social networking isn’t only for the under 40s. More than 25 per cent of Americans 50 years and older stay connected using sites such as Facebook, MySpace and Twitter, according to new research.

And nearly half of older adults, aged 50 to 64, say they are savvy about the Internet.

“The latest data tells us that more and more, social networking is becoming a part of everyday life for Americans 50 plus, and boomers in particular,” said Kevin Donnellan, the chief communications officer at AARP, which released the report.."" target="_blank">( Read More )

Want faster broadband? Try Mozambique

"..KUALA LUMPUR, May 26 — Malaysia ranks a lowly 102nd out of 152 countries in terms of its average download speed,according to analyses by leading internet speed testing website tests showed that Malaysia’s average download speed was 1.88 Mbps as compared with 1.92 Mbps in Mozambique.Malaysia’s broadband speed ranked behind number 101th placed St Kitts and Nevis (1.89 Mbps), Albania (100th, 1.91 Mbps)and Mozambique(99th).The nation’s download speed was also about 18 times slower than the top-ranked country, South Korea, which had an average download speed of 34.14 Mbps.Among its Asia counterparts, Malaysia placed behind number Korea, 4th placed Japan (20.29 Mbps), Singapore (31st, 8.51Mbps), Taiwan (36th, 6.95 Mbps), Thailand (63rd, 3.78 Mbps), China (76th, 2.94 Mbps) and Philippines (90th, 2.3 Mbps).It, however, came ahead of number India (121st, 1.33 Mbps), Indonesia (132nd, 1.01 Mbps) and Cambodia (134th, 0.81 Mbps).."

( Read More )

Vulnerability Assessment of Cybersecurity for SCADA Systems

"..This paper proposes a vulnerability assessment framework to systematically evaluate the vulnerabilities of SCADA systems at three levels: system, scenarios, and access points. The proposed method is based on cyber systems embedded with the firewall and password models, the primary mode of protection in the power industry today. The impact of a potential electronic intrusion is evaluated by its potential loss of load in the power system.."

( Read More )

Web sites crash under World Cup strain

"..ITV's web site crashed yesterday as millions went online to watch Mexico play South Africa in the first World Cup match of the 2010 tournament, highlighting the need for companies to invest more in back-end infrastructure.

The site was temporarily down and users experienced poor quality pictures when screens froze at frequent intervals during the match.."

( Read More )

S. Korean gov’t website hit by cyber attacks

"..SEOUL—South Korea's intelligence service is investigating a major cyber attack on the main government website by hackers traced to China, officials said Thursday.

The attacks on Wednesday evening lasted around three-and-a-half hours, slowing traffic on the site ( which provides information on policies and services, said the Ministry of Public Administration and Security.."

( Read More )

Next-generation Trojan plunders East European bank accounts

"..The Register reports that Stewart analyzed the Trojan and has presented his findings at the Forum of Incident Response and Security Team (FIRST) being held this week in Miami. He claims that the Trojan has been modeled upon BlackEnergy, the DDoS Trojan (mis)used in the Russian/Georgian conflict in 2008..."

( Read More )

420,000 scam emails sent every hour

"..More than 420,000 scam emails are sent every hour in the UK according to a report by CPP which estimates that Brits were targeted by 3.7 billion phishing emails in the last 12 months alone.."

( Read More )

A brief analysis of a malicious PDF file which exploits this week’s

'....I spent the last two days with a friend of mine, Frank Boldewin of, analyzing the Adobe Reader/Flash 0-day that’s
being exploited in the wild this week.   We had received a sample of a malicious PDF file which exploits the still unpatched vulnerability (MD5: 721601bdbec57cb103a9717eeef0bfca) and it turned out more interesting than we had expected. Here is what we found...'

( Read More )

Military leaders warn of NK cyber attack

'....In a speech at a cyber security conference in Seoul, Minister of National Defense Kim Tae-young said North Korea is focusing on cyber terror attacks against South Korea, including the distribution of false information to Internet sites to defame the South Korean government....'

( Read More )

"We're Not Getting Enough Education to the Right People"

"...Spafford is a professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy, a professor of Communication and a professor of Electrical and Computer Engineering. He serves on a number of advisory and editorial boards. Spafford's current research interests are primarily in the areas of information security, computer crime investigation and information ethics. He is generally recognized as one of the senior leaders in the field of computing.

In an exclusive interview, Spafford discusses:

-The single biggest influence on Information Assurance education this year;
-What encourages/discourages him most;
-Factors that could most improve education..."

( Read More )

What would your ultimate network security look like?

"..In designing CRASH, DARPA said it will be evaluating six critical technical areas:
1) Processor Architectures: 
2) Operating Systems
3) Machine Learning, Self‐Adaptation, Diagnosis, Recovery and Repair:  
4) Programming Languages and Environments
5) Formal Methods
6) Dynamic Diversification.."

( Read More )

Blogging and Social Media Policy Guidelines

'...Online Database of Social Media Policies...'

( Read More )

Mass hack plants malware on thousands of webpages

'....More than 100,000 webpages, some belonging to newspapers, police departments, and other large organizations, have been hit by an attack over the past few days that redirected visitors to a website that attempted to install malware on their machines.
Google searches on Tuesday indicated more than 100,000 pages were infected, Dede said, but that number had shrunk to about 7,750 at time of writing.

( Read More )
( Read More )

Smartphone Malware Multiplies

'....More than twice the number of malware and spyware hitting BlackBerry, Windows Mobile, and Android phones than six months ago.....'

( Read More )

The State Department's Worst Nightmare

"..Diplomatic and law-enforcement officials tell The Daily Beast their alarm stems from the arrest of a 22-year-old Army intelligence analyst based in Iraq who has reportedly admitted that he downloaded 260,000 diplomatic cables from government computer networks and was prepared to make them public.."

( Read More )

Cyberattacks still top security priority

"..USIS released a study that identified key issues facing government and industry security personnel and identified a key issue in terms of security vendor structure and organization. USIS surveyed more than 250 government and industry leaders in the safety, security, and law enforcement market.Survey respondents were asked to rate the top threats to U.S. national security. Cyberattacks ranked the highest, followed by terrorist activity. Tied for third place were insider threats and information security breaches.."

( Read More )

Two Mexican botnets taken down

"..A week ago, Trend Micro was alerted to a phishing attack that was aimed at Spanish-speaking users and was discovered to be originating from a Mexican botnet.

The attack was using the news of a missing girl and her violent death to try to get the visitors to download a video. Of course, the video in question was no such thing, but a client program of a bot.."

( Read More )

What every CEO should know about advanced persistent threats & industr
ialized hacking

"..The world of hacking has evolved into two major varieties: industrialized attacks and advanced persistent threats (APT). There has been a lot of discussion around the validity of APT recently, but APT is a real threat. So, what’s the difference between APT and industrialized hacking, and how should you respond?.."

( Read More )

114,000 iPad owners' emails and account IDs exposed

"..News that vulnerabilities on the AT&T network allowed a group calling itself Goatse Security to harvest emails and AT&T authentication IDs of 114,000 early-adopters of Apple's iPad shocked potential victims.."

( Read More )

Malaysia To Host OIC Computer Emergency Workshop In October

"..Malaysia will host the third Organisation of the Islamic Conference - Computer Emergency Response Team (OIC-CERT) Workshop on Oct 28, in conjunction with the CyberSecurity Malaysia Award, Conference and Exhibition (CSM-ACE) 2010.
The first workshop was held for three days in Egypt, beginning Tuesday, to cater to OIC member countries in the Middle East region.
It was conducted by CyberSecurity Malaysia, in collaboration with the Ministry of Communications and Information Technology of Egypt, with support from IDB.

The second workshop will be held in Morocco from June 24 to 25, for member countries within the African region.
CyberSecurity Malaysia represents the country as Chair of the OIC-CERT, which is an affiliated institution of the OIC. It formed the OIC-CERT which currently has 18 OIC countries in its membership..."

( Read More )

Network Forensic and Vulnerability Organizations

'...The following compilation contains a structured global list of identified network forensic and vulnerability organizations. It is subject to continual change as new organizations and activities are discovered.


Global Intergovernmental
Global Non-Governmental
Regional Governmental
Regional and Other Non-Governmental
National Governments.....'

( Read More )

Banks increase information security budgets as threats evolve

'....Despite the global economic downturn over the last two years, most financial institutions increased their information security budget in 2010 as they faced up to new, often internal, threats, according to a global survey from Deloitte......'

( Read More )

The HacKid Conference: A kid-friendly idea whose time has come

'......I go to a lot of security conferences, almost always without my family in tow. The logistics and money involved with trekking them from one part of the country to the next is usually beyond my resources. But when a conference is local and there's something in it for the kids, I'm in 100 percent.

Last month's SOURCE Boston and Security B-Sides conferences coincided with school vacation, which put me in a bind. Fortunately, the security community is very kid-friendly, and nobody minded when I brought Sean and Duncan to B-Sides. In fact, I think the hackers enjoyed their antics.

At B-Sides one of the first speakers was a young security practitioner talking about the challenges of people his age breaking into the industry and finding the right combination of employment and respect. While I was getting inspired to write "How young upstarts can get their big security break in 6 steps" during that talk, Cisco cloud security guru Chris Hoff was getting a blast of inspiration from his children's adventures at SOURCE a couple days before. The result is a concept any security practitioner-parent should embrace......'

( Read More )

Social engineering techniques: 4 ways criminal outsiders get inside

'.....It doesn't matter how many locks you put on the door that is your security plan, because criminals who use social engineering techniques will still sail right in. Why bother breaking down the door if you can simply ask the person inside to let you in? That is the question posed by Lenny Zeltser, head of the security consulting team at Savvis and a SANS Institute faculty member.

"There is often a debate about what is more prevalent and more dangerous: Is it the outsider threat or the insider threat?" said Zeltser. "Once you accept the success of social engineering, you will recognize there is no distinction anymore. If you have an outsider, and they use a social engineering technique, they become an insider.".......'

( Read More )

Gartner: IT security spending to remain steady, but not a top CIO prio

'.....A top research firm predicts that IT security spending will remain steady through 2011 with identity management as the top focus, but also suggests that CIOs still don't rank security projects among their high-priority initiatives.

Stamford, Conn.-based Gartner Inc. will announce Thursday that during the next 12 months, it expects that enterprises will spend approximately 5% of their total IT budgets on information security technology. While that percentage is down slightly from 6% last year, Gartner forecasts that overall IT budgets will increase by nearly 2%, meaning security spending will largely hold its ground.....'

( Read More )

Wireless world demands tighter security

'...I think people probably stay longer because of it. So they come to a cafe for a meeting and then think: 'I might work from here,' she says.

Gregan understands what it means to customers to lose information, having once left a BlackBerry in a taxi.She is also an advocate of people taking responsibility for their online safety and for the safety of customers. "The threats are always there and the viruses are always out there," she says.

Indeed, they are. A nationwide survey of 510 Australian small and medium businesses found 56 per cent had been the victims of cybercrime in the past year. Two years ago, 46 per cent reported an attack....'

( Read More )

IT Governance smoothes the way to IS027001 certification

'..... As IMS had no existing internal knowledge of ISO27001 certification, in early 2007 it appointed IT Governance to undertake an initial appraisal of its needs and advise on a course of action.  As IMS’s IS027001 compliance project manager Chris Lofts confirms, the company was quickly convinced of IT Governance’s expertise in the area:  “Through our phone calls and subsequent meeting, it became apparent that IT Governance had a real depth of expertise in ISO27001 and practical experience that was very relevant to our situation.”

Guided by IT Governance’s outline recommendations, IMS initially set about pursuing ISO27001 compliance as an in-house project.  The work of the IMS team was aided by two products from IT Governance’s range of specialist compliance tools:  risk assessment software tool, RA2, the Art of Risk, which is designed to enable businesses to undertake an information security risk assessment that is compliant with the Standard; and the ISO27001 ISMS Documentation Template Toolkit, which supplies prewritten policies and procedures designed to fast-track any ISMS project.  The company also called in a consultant from IT Governance on an occasional basis, to discuss and advise on particular aspects of their programme.  The consultant also advised IMS on how to make best use of its RA2 software and ISMS Toolkit, helping to tailor these to the specific needs of the organisation to speed the compliance process.....'

( Read More )

FTC cracks down on spyware seller

'....The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling "100 percent undetectable" keylogging software.

Under the terms of the settlement, announced Wednesday, CyberSpy can keep selling its RemoteSpy spyware but must take new steps to prevent it from being misused or advertised as a tool for spying on someone else's computer. ....'

( Read More )

"We're Not Getting Enough Education to the Right People"

'....As the 2010 school year draws to a close, what is the state of Information Assurance education?

We asked Eugene "Spaf" Spafford, noted professor from Purdue University, for his insights. "I still have some reservations," says Spafford, who says simply: "We don't have enough qualified people entering the field." ....'

( Read More )

Military leaders warn of NK cyber attack

'....Military leaders called North Korea's cyber threat "real," Tuesday, and said there was a high possibility it will conduct an attack on South Korean communication networks during the G-20 Summit to be held in Seoul in November.

In a speech at a cyber security conference in Seoul, Minister of National Defense Kim Tae-young said North Korea is focusing on cyber terror attacks against South Korea, including the distribution of false information to Internet sites to defame the South Korean government.

"Though an investigation showed the Navy ship Cheonan was sunk by a North Korean military provocation and more than 50 countries support the results of the probe, North Korea continues to distort the truth and try to discredit our government and military in the online community," Kim said. ....'

( Read More )

What would your ultimate network security look like?

'....The analog of the innate immune system will include combinations of hardware and software elements that constantly enforce basic semantic properties such as type safety, memory integrity, code/data distinctions, information flow, and access control constraints. The innate subsystem will render impossible attacks based on vulnerabilities stemming from violations of these basic properties. As with biological systems, significant resources should be dedicated to this task. Since hardware resources are now plentiful, it would be reasonable to use hardware mechanisms where this will lead to more complete enforcement or to better runtime performance,"......' DARPA stated.

( Read More )

Turkish Hackers Defacing Israeli Facebook Accounts

'....This attack is special because it is the first active attack of Facebook accounts for the purpose of propaganda (that I know of), but it is in no way technologically innovative or shocking in concept.

Whenever there are political, ethnic, or religious tensions, the online aftermath follows in short order.

Then if the other side in this conflict has not yet attacked (whichever it may be), it gets upset by the attacks and responds in kind.

Truths to be remembered:

1. The sites attacked (or, in this case, Facebook accounts) on both sides are in the vast majority of cases not affiliated with the country in question and are, in fact, likely to be Jim's Shoes or Mumma's Orphanage.

2. This is because these are targets of opportunity found in bulk via Google search for sites in that country or by certain keywords.

3. The country in question is in the vast majority of cases not related in any fashion whatsoever to these actions taken by citizens.

4. Reciprocal attacks always happen until attacks on both sides subside a few day to weeks later.

Facebook is where many of us spend less-than-quality time with our friends these days, so that activism, as well as criminal activity in hacktivism, are likely to continue.....'

( Read More )

Nato warns of strike against cyber attackers

'....A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country “may well come down a fibre-optic cable. 
Nato is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked....' 

( Read More )

Pro-Gaza hackers target Israeli websites

'....Here are a few of the SEVERAL THOUSAND websites defaced since those actions went down, and a few notes about some of the defacers that are attacking them: 
1) Islamic Ghosts Team 
2) Ma3str0-Dz 
3) Jurm-Team (RealFaciaXXX) 
4) 1923Turk 
5) Team Hitman Hacker 
6) BobyHikaru 
7) H4X0R-x0x 
8) Arumbia Team.....' 

( Read More )

Zombie PCs to be quarantined under new ISP code

'....The Code calls on ISPs to undertake at least one of four activities: greater education of their customers, increasing network detection activity, taking action to address a compromised PC on their network, or greater reporting of malicious activity. 

While beneficial to an ISP’s wider customer base, taking action to address a compromised PC, commonly known as a “zombie”, is likely to be controversial as the action would allow providers to apply an “abuse plan” where the customer’s Internet speed is throttled....' 

( Read More )

1000 Israeli websites hacked since Flotilla attack

'....The Israeli radio reported today that hackers hacked 1000 Israeli websites since the Israeli attack of Freedom Flotilla on last Monday......' 

( Read More )

Buster Sandbox Analyzer 1.23 has been released

"....Version 1.23 introduces the automatic malware analysis mode. 
This mode allows the analysis of multiple files without any user intervention....' 

( Read More )

Introduction to Computer Security

'....This page contains links to slides developed for classes in computer security taught using Introduction to Computer Security....' 

( Read More )
( Read More )

Hackers target Windows-based phones

'....Viruses are being planted in games running on some Windows-based smartphones, according to security experts. 

The games are bundled with malicious software that automatically dials premium-rate telephone services in Somalia, Italy and other countries, sometimes ringing up hundreds of dollars in charges in a single month. 

Victims generally do not realise they have been infected until they get their phone bills and see hundreds of dollars of unexpected charges for those premium-rate services, he said......' 

( Read More )

Massive data theft leads investigators to India hackers, New York businessman 

'....A massive data theft from the e-commerce company Digital River has led investigators to hackers in India and a 20-year-old in New York who allegedly tried to sell the information to a Colorado marketing firm for half a million dollars......' 

( Read More )

Europe finds search data retention policies inadequate

"..The Article 29 Data Protection Worki ng Party (an independent European Commission advisory body) has lately been much in the news, owning to their interest towards protecting European internet users from privacy breaches and the misuse of information regarding their internet use.

After making its opinion known to Facebook and other social-networking platforms, the party has turned to search engine giants like Google, Yahoo and Microsoft and expressed its disappointment regarding their data retention policies..." 

( Read More )

Text Mining and Cybercrime

"..Cyberbullying and Internet predation frequently occur over an extended period of time and across several technological platforms (i.e., chat rooms, social networking sites, cell phones, etc.). Techniques that link multiple online identities would help law enforcement and national security agencies identify criminals, as well as the forums in which they participate. The threat to youth is of particular interest to researchers, law enforcement and youth advocates
because of the potential for it to get worse as membership in continues to grow [Backstrom et al. (2006); Kumar et al. (2004); Leskovec et al. (2008)] and as new social networking technologies emerge [Boyd and Ellison (2007)]. Much of modern communication takes place via online chat media in virtual communities populated by millions of anonymous members who use a variety of chat technologies to maintain virtual relationships based on daily (if
not hourly) contact [Ellison et al. (2007); O’Murchu et al. (2004)]. MSN Messenger, for example, reports 27 million users and AOL Instant Messenger has the largest share of the instant messaging market (52% as of 2006) [IM MarketShare (n.d.)]; however, Facebook, the latest social networking craze, reported over 90 million users worldwide [Nash (2008)].

( Read More )

Security Awareness Programs: Now Hear This!

"..Since this magazine's inception, our CSO friends and sources have bemoaned the prevalence, throughout the enterprise, of wrong-headed views on what constitutes an excellent security mission and program. Frequently, the complaints have pointed explicitly to the upper organizational reaches—CEOs, other O's, boards of directors. But the problem of wrong-headed notions about security in general is often acknowledged to be both deep and widespread.

Some years ago, CSO interviewed famously colorful consultant Thornton May (see Why Security Needs to Blow Its Own Horn). May generalized about security executives: "These guys are gifted nonbranders! They couldn't sell water to a man on fire!" 

( Read More )

10 Security Reasons to Quit Facebook (And One Reason to Stay On)

"..That's according to data published last year by the site Inside Facebook. After a huge growth in Facebook membership among the over-55 age group took place at the end of 2008 and the beginning of 2009, that same demographic began to defect in large numbers, just months after signing up.

Boomers were the the only shrinking age demographic on the site. What do Boomers know that others don't? Boomers have discretion, according to Scott Wright, a security consultant based in Canada who also researches and writes about social media and security awareness on his site

While the numbers certainly continue to indicate that more people are joining Facebook than quitting, certain web sites that help people "kill" your online self have gained popularity, too. Facebook recently issued cease and desist orders to several of these sites, including one called Web 2.0 Suicide Machine."

( Read More )

Report: Social media, web access more important than pay to today's .

"..Most employees value trust, and the permission to use the Internet at work whenever they please, over compensation, according to a new report that examines how social media and the web are impacting the workplace.

The research, conducted by security firm Clearswift, surveyed over 1,600 managers and employees in USA, UK, Germany and Australia during January and February this year.."

Also see Social media risks: The basics

"..The report, titled 'Web 2.0 in the Workplace,' found 79 percent of respondents said over and above job role and pay, the most important thing to them in a job included being trusted to manage their own time, and being trusted to use the Internet as they wish. Additionally, 62 percent of employees feel they should be able to access Web/social networking content from their work computer for personal reasons (compared to 51 percent of managers) in order to complete personal tasks (Read 4 tips for writing a great social media policy).."

( Read More )

School Boards Hit with Cash-Stealing Trojan

"..The U.S. Federal Bureau of Investigation is probing a rash of reported online computer intrusions that have resulted in hundreds of thousands of dollars being stolen from school districts in Illinois.

FBI investigators are working on a computer intrusion case at the Crystal Lake School District in Crystal Lake, Illinois, said Ross Rice, a spokesman with the FBI's Chicago office. But several other school districts also believe that they have been hit by the same malicious software, Rice said.

The FBI believes that the Clampi virus, already associated with a rash of banking thefts throughout the U.S., may be to blame, Rice said.."

( Read More )

A Daily Dashboard for security and business continuity

"..The Daily Dashboard is a collection of key feeds designed to provide you with an at-a-glance view of developments that could affect the security and continuity of your organization.

This includes:

software vulnerabilities and network threats
business continuity threats including weather, disaster alerts, and health news
news events affecting physical locations, employee travel, and international operations
legal developments pertaining to privacy and intellectual property law
A few notes about the dashboard:

- It's mobile-friendly. View the page with an iPad, iPhone, BlackBerry or Droid, and you should get a version that's easy to navigate even on a small screen. This gives you a convenient snapshot of security and continuity news and events if you're sitting in a meeting or a conference.."

( Read More )

Cyberattacks: Top threat to U.S. power grid

"..Cyber attacks, pandemics and electromagnetic disturbances are the three top "high impact" risks to the U.S. and Canadian power-generation grids, according to a report from the North American Electric Reliability Corp. (NERC).

The specific concern with respect to these threats is the targeting of multiple key nodes in the system, if damaged, destroyed or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria," states the report, "High-Impact, Low-Frequency Risk to the North American Bulk Power System."

( Read More )

No escape for McAfee as hoodies taunt over false positive


"... about half a dozen men arrived at the Earls Court conference wearing black hoodies with a message on the back which said "You're only meant to blow the bloody virus up", an obvious reference to the Italian Job movie.

On the front of the hooded jumpers it said 'DAT 5958', a reference to an update that the firm released last Wednesday which resulted in the 'blue screen of death' and DCOM errors after applying it......'

( Read More )

Hacking the Smart Grid One researcher shows how your house's power could be shut down remotely, but the threat is only theoretical

"..One researcher shows how your house's power could be shut down remotely, but the threat is only theoretical--for now.

Components of the next-generation smart-energy grid could be hacked in order to change household power settings or to spoof communications with a utility's network, according to a study of three pilot implementations.

The problems were highlighted in a presentation given last week by security researcher Joshua Wright of InGuardians, a consulting firm with many infrastructure companies among its clients. Vulnerabilities discovered by Wright could let attackers remotely connect to a device or to intercept communications with the managing power company.."

( Read More )

Energy Efficiency Globally Must Start Locally

"..New York State is currently facing some difficult challenges including rising energy prices, an aging electricity delivery infrastructure, an imbalanced electricity generation portfolio and climate change.  According to a 2007 EPA study conducted by Lawrence Berkeley National Laboratory and sponsored by AMD, New York’s data centers – home to second largest concentration of data centers in the country – consume an average 4.5 billion kilowatt hours a year. This is the equivalent of nearly 700,000 single family homes with a year’s supply of electricity — at a cost of roughly $594 million.  To meet these challenges, energy efficiency must play a central role in reducing consumption and improving reliability.

With that in mind, NYSERDA, AMD, New York State, HP and GLOBALFOUNDRIES have all come together to address these issues head on, discussing them at the latest NY State Performance Computing Seminar on October 28.."

( Read More )

4G Wireless: It's Not Just for Phones Anymore

"..Verizon says its next wireless network technology could link up cars, home appliances, and more.

Verizon is gearing up to launch its next wireless network technology, called Long Term Evolution (LTE), by the end of this year. While Verizon will, of course, still sell phones for this fourth generation (4G) network, it is also pushing to have it built into many other types of devices.

LTE will run on the spectrum formerly used to send television signals, which Verizon licensed from the U.S. government in 2008. The company expects to be able to support about 100 million users by the end of the year. But the saturation of the cell-phone market means that Verizon is also hoping to see the wireless technology used for many other kinds of devices. "We want to get to 500 to 600 percent penetration," says executive vice president and CTO Richard Lynch. This would mean an average of five or six wireless devices per person.."

( Read More )

Can Social Networks Be Generated Automatically?

"..When Google launched Buzz, a microblogging social network, several months ago, the company boasted that the network had been generated automatically, by algorithms that could connect users to each other based on communications revealed through Gmail and other services.

Linked in: Researchers from Yahoo examined e-mails from a university (top) and from Enron (below); the shape of each network changed a great deal depending on how connections were defined.

However, many users balked at having what they perceived as mischaracterized social connections, forcing the company to frantically backpedal and make the Buzz service less automated and more under users' control.."

( Read More )

Achieving Fiber-Optic Speeds over Copper Lines

"..A 100-year-old networking trick could boost transmissions over telephone infrastructure.
Alcatel-Lucent has developed a prototype technology that could dramatically increase the speed of data communications over the copper wires that make up the majority of the world's telephone infrastructure. The technology combines three existing techniques, known as bonding, vectoring, and DSL phantom mode. It can reach speeds of 300 megabits per second at a distance of 400 meters from a communications hub, and 100 megabits per second at one kilometer.."

( Read More )

High-Performance Electronics without the High Price

"..A method for printing exotic semiconductors brings down the cost of high-performance solar cells and microchips.

Compared to silicon, semiconductors like gallium arsenide can be made into solar cells that convert more sunlight into electricity and transistors that are faster than their silicon counterparts. But devices made from these materials are expensive.

Now a new method for making large-area devices from gallium arsenide promises to bring down costs by eliminating manufacturing steps and wasting less materials. Researchers have used the method to make high-performance image sensors, transistors, and solar cells. Semprius, a Durham, NC, company, is using it to make solar modules that should be on the market by the end of the year.."

( Read More )

Mobile Data: A Gold Mine for Telcos

"..Cell phone companies are finding that they're sitting on a gold mine--in the form of the call records of their subscribers.

Researchers in academia, and increasingly within the mobile industry, are working with large databases showing where and when calls and texts are made and received to reveal commuting habits, how far people travel for public events, and even significant social trends.

With potential applications ranging from city planning to marketing, such studies could also provide a new source of revenue for the cell phone companies. "Because cell phones have become so ubiquitous, mining the data they generate can really revolutionize the study of human behavior," says Ramón Cáceres, a lead researcher at AT&T's research labs in Florham Park, NJ.

( Read More )

Digital Activism Decoded

"..Why Use the Term “Digital Activism”?
Just as the mechanics of digital activism are clouded, so is the terminology. In fact, the phrase “digital activism” is not even the consensus term for the use of digital technology in campaigning.If the term “digital activism” is contested, why do we use it in this book? Because the speed, reliability, scale, and low cost of the digital network are what enable the great scope and reach of contemporary activism. This phenomenon is what we focus on. We want a term to refer to this set of digitally networked campaigning activities—or practices—that is both exhaustive and exclusive. Exhaustive in that it encompasses all social and political campaigning practices that use digital network infrastructure;exclusive in that it excludes practices that are not examples of this
type of practice.."

( Read More )

High-Impact, Low-Frequency Event Risk to the North American Bulk Power

"..The High-Impact, Low-Frequency (HILF) Event Risk Effort
To facilitate the development of a sector-wide roadmap for further public/private collaboration on these issues, the North American Electric Reliability Corporation (NERC) and U.S. Department of Energy (DOE) jointly sponsored a workshop on HILF risks in November, 2009. The approximately 110 attendees at the closed session included representatives from the U.S.’s Congressional Staff, Department of Defense (DOD), Department of Homeland Security (DHS), DOE, Department of Health and Human Services (HHS), EMP Commission, and Federal Energy Regulatory Commission (FERC). Representatives from each of the North American electric industry’s major sectors, including investor owned utilities, cooperatives, and municipal utilities
were also in attendance, as were many risk experts.."

( Read More )

Number of internet threats from the UK rising

"..Imon Heron, internet security analyst for Network Box, says: "PROXIEX-NET had advertised itself as being impossible to shut down. But, like the McColo shutdown in November 2008, it is always possible to shut down these hubs of criminal activity. The result is that it makes it harder for criminals to find a place to host their servers.
"However, it does not mean that cyber crooks won't be back up and running in fairly swift order. We saw a dramatic fall in spam as a result of the McColo shutdown, but levels returned to pre-shutdown highs the following month.."

( Read More )

Met lab claims 'biggest breakthrough since Watergate

"..electrical network frequency analysis" (ENF), is now attracting interest from the FBI and is considered the exciting new frontier in digital forensics, with power lines acting as silent witnesses to crime.."

( Read More )

Revealed: CISO's top security concerns

"..The top issues for CISOs in Australia and New Zealand in no particular order were:

1. Managing mobile users & mobile devices
2. Communicating risk to the rest of the organisation
3. DLP
4. Cybercrime & cyber-terrorism
5. Managing complexity
6. Managing the perimeter
7. Virtualisation and security
8. Managing information
9. Identity management
10. Managing vendors
11. Firewalls and architecture
12. Cloud and SaaS.."

( Read More )


Source: San Francisco Sentinel
Date Published: 31st May 2010

( Read More )

Fighting cybercrime? All you need is love!

"..There are a set of remarkable documents have been released, all addressing the fight against cybercrime.

1) The first document is the message from the Octopus Conference of the Council of Europe, released on 25th March. Organized every year
2)The second document is the Salvador Declaration published on 19th April at the closure of the 12th United Nations Crime Congress
3)On 26th April, the Council of the European Union released its Conclusions concerning an Action Plan against cybercrime, which look at ways to obtain more data on online crimes
4) 6th of May, the European association eNACSO made public its paper “The right click: an agenda for creating a safer and fairer online environment for every child”, prepared by the ubiquitous child safety advocate John Carr.BUT The one thing we miss to combat cybercrime is Love.."

( Read More )


419 scammers kidnap US woman

"..Johannesburg - The Hawks arrested four people implicated in a 419 scam at the weekend after they allegedly held a US woman hostage for nearly a month, an official said on Monday.."

(Read More )