Posted by peter on June 23, 2009 – 1:46 pm
Security experts from PC Tools have pinpointed November 24 as potentially the peak of malicious activity for 2008. They reached their conclusion on the specific date after analyzing well over 500,000 machines from around the world.
Guardian.co.uk states that “the number of people shopping online this Christmas is expected to grow again this year, with internet sales in the UK alone predicted to hit £13.16bn – an increase of 15% over 2007.”
It should be noted that November 28 will be the busiest shopping day of the year, a day so popular in fact that it even has its own name, “Black Friday”.
So logically thinking
the increase of malicious attacks, spam, spyware, and everything else evil should be expected to climb just mere days before people start entering in their private data for online purchases.
Spam and all the other wrongdoing of others shouldn’t sway anyone from shopping online, as this stuff is going on everyday. Just remember to use your common sense
if something sounds fishy, it probably is.
Posted by peter on June 18, 2009 – 9:40 pm
Filed under Security News
Tagged as attorney, autism, British government, Gary McKinnon, hacker, mental illness, NASA, U.S. military, UK High Court, United Kingdom, United States
Justices for the UK High Court have agreed to hear on July 14th an application for a judicial review of the extradition of British national Gary McKinnon, who has confessed to hacking the networks of the U.S. military and NASA, according to ZDNet UK.
Attorneys for McKinnon have been fighting his extradition to the U.S., saying that sending McKinnon to the U.S. to face trial could result in him committing suicide because of his mental illness.
McKinnon, the 42-year-old man who U.S. authorities say compromised the network security of the Army, Air Force, Navy and NASA and caused close to $1 million in damages, was diagnosed last August with Asperger's syndrome, a type of autism.
His attorney, family and supporters say he should be tried in the UK and contend his diagnosis was not properly considered by the former UK home secretary who ordered his extradition in October.
The National Autistic Society, a UK advocacy group, has petitioned the British government to keep McKinnon in the UK, based on his condition.
He could face up to 70 years in prison in the U.S. if found guilty. McKinnon reportedly said he was searching high-security networks for evidence of extraterrestrial life.
Posted by peter on June 16, 2009 – 9:29 pm
Cyber-scammers are jumping on the popularity of the UK version of the reality-TV show Big Brother in phishing emails that attempt to get recipients to divulge personal information, according to researchers at security vendor Symantec.
The new season of Big Brother, now in its 10th season on BBC4, began June 4th in the UK. The phishing emails invite recipients to apply to participate in a new version of the show called "Big Brother World" and offers details of how to get cast in the fake program.
The scammers ask recipients to reply with their full name, address, age and telephone number.
As the Symantec researcher observed, "even a casual look at the email reveals several spelling mistakes that start right from the subject line and continue on throughout the message," which should tip off users that it is not an official Big Brother contest.
However, a recent study by web security researchers from VeriSign found that 88 percent of study participants failed to spot spelling mistakes that would have alerted them to a phishing website.
Posted by peter on June 16, 2009 – 7:53 pm
In spite of high profile examples of terminated employees using their IT access to steal from or sabotage their former employers, a new survey finds that more than one-third of companies take a week or longer to be "completely certain" that ex-workers no longer can access company systems.
Courion Corporation said its survey results revealed that 93 percent of organizations are confident that terminated employees pose no risk to their network security, even though many have limited or no knowledge of the systems to which their active and terminated employees have access.
Courion said companies show "unwarranted confidence" that their systems are secure from former employees gaining access through "zombie accounts."
The survey of 243 business managers from large enterprises with at least 10,000 employees also found that 30 percent of companies still manually provision user accounts, which Courion said increases the likelihood of human error or delays when de-provisioning departing workers.
This survey dovetails with another recent survey regarding the insider threat that shows an apparent lack of awareness on the part of companies about the severity of the threat from current and former employees.
A survey by Cyber-Ark found that 74 percent of IT administrators and staff in the U.S. and UK said they could get around security controls intended to prevent access to sensitive internal information.
Posted by peter on June 11, 2009 – 9:29 pm
A recent survey of IT security staff has found that 35 percent admit to having snooped on sensitive insider information such as HR records, customer databases and merger and acquisition plans, according to security vendor Cyber-Ark.
The survey of 400 IT administrators and staff in the U.S. and UK also found 74 percent who said they could get around security controls to prevent access to internal information and data theft. Asked what they would take if they were fired by their company, 47 percent said they would take M&A plans, as opposed to 7 percent who said so in the 2008 survey.
One in five companies in the survey admitted to cases of insider sabotage or IT security fraud, 36 percent of which said they suspect their competitors received sensitive information or intellectual property as a result.
According to a report from the Carnegie Mellon Computer Emergency Readiness Team (CERT), insider threats extend beyond the organization itself - half of insiders who stole or modified information for financial gain were recruited by outsiders, including by business partners or organizations looking to acquire the insider's company.
The 2007 E-Crime Watch Survey conducted by the U.S. Secret Service and the CERT Coordination Center found that, in cases where respondents could identify the perpetrator of an electronic crime, 31 percent were committed by insiders.
Posted by peter on June 10, 2009 – 8:49 pm
Filed under Security News
Tagged as .mil, Air Force, Army, Asperger's syndrome, attorney, autism, British government, Gary McKinnon, home secretary, National Aeronautics and Space Administration, National Autistic Society, prison, U.S. military, UK High Court, United Kingdom, United States, USD, Washington D.C.
An attorney for a British man indicted for hacking into the U.S. military's computer networks in 2002 told the UK High Court that extradition to the U.S. could result in psychosis and suicide because of his mental illness.
Gary McKinnon, the 42-year-old man U.S. authorities say broke into the networks of the Army, Air Force, Navy, NASA and other sensitive computers, was diagnosed last August with Asperger's syndrome, a type of autism. His attorney, family and supporters say he should be tried in the UK.
The National Autistic Society, a UK advocacy group, has petitioned the British government to keep McKinnon in the UK, based on his condition.
The group says his late diagnosis meant his mental condition - which can cause obsessive behaviors - was not considered in legal proceedings prior to last August. His extradition was ordered in October by the British home secretary.
The indictment alleges that McKinnon scanned a large number of computers in the .mil network to access computers and obtain administrative privileges.
The indictment said McKinnon caused a network in the Washington D.C. area to shut down for three days and caused close to $1 million in damages. He could face up to 70 years in prison in the U.S.
Posted by peter on June 8, 2009 – 10:07 pm
A recent report from web security researchers identifying the domain Beladen.net as having infected 40,000 websites appears to have been overblown. According to the Google security blog, Google has identified only 3,500 sites infected by Beladen.
Google said its scans of the web have uncovered more than 4,000 sites that appear to have been set up for distributing malware - 1,400 of which are located in China.
The top 10 domains included Gumblar.cn, which infected 60,000 websites before the domain was moved to a UK site called Martuz, which has infected another 35,000.
All of the domains on Google's top 10 list have compromised more than 10,000 websites. The domain googleanalytics.net, which like several other malware sites spoofs a legitimate Google site, had infected around 20,000 sites.
Researchers said Beladen also uses a domain name similar to the legitimate Google Analytics domain to record the users' browsing statistics for the attacker. Beladen's 3,500 infected sites ranked it only 124 on the list, Google said.
Security researchers last week likened these mass infection sites to botnets of infected websites.