Saturday, September 05, 2009

Image of The Day: RSS is Dead (Not)



Via The Inquisitor.


- ferg

We've Been Here Before: Remember Enron?



The latest example of Wall Street greed, which is responsible for the current recession we're all trying to dig out from, is only the latest example of Wall Street greed.

It was business as usual then, and apparently no lessons were learned -- it's been business as usual since.

I finally got around to watching "Enron: The Smartest Guys in the Room" tonight at home on DVD -- and I was reminded yet again why these mega-corporations & the greedy bastards on Wall Street must be regulated. And closely.

That's the real Inglorious Basterds.

- ferg

Friday, September 04, 2009

Skype Update Responds to Trojan Security Threat

Phil Muncaster writes on v3.co.uk:

Skype has addressed two security issues in its telephony service aimed at reducing spam and limiting the damage caused by the newly disclosed Peskyspy Trojan.

The firm announced in a blog posting yesterday that a new version of Skype for Windows has been designed to reduce spam by ensuring that "links are not clickable in contact authorisation requests".

"The new release is a bugfix release which resolves many of the problems you have been telling us about," read the post. "We recommend everyone to update to this build now."

The update to version 4.1 will also resolve video freezing issues, and Skype said that PCs which do not support legacy technology will no longer crash on startup.

More here.

Natural Disaster Could Enable Hackers

A UPI newswire article by Shaun Waterman, via The Washington Times, reports that:

A new security assessment of the nation's private-sector computer networks from the Department of Homeland Security says some of the most worrisome vulnerabilities reflect the open structure of the Internet itself.

The assessment, produced jointly by the department and private companies that own much of the country's information-technology infrastructure, also says that a major natural disaster such as an earthquake or a pandemic could be a "force multiplier" for any cyber-attacker, because it likely would impede the ability of officials and IT specialists to respond.

The concern is that "a malicious actor... could wait for a natural disaster and then use it as a force multiplier for an attack," said Jerry Cochran, a security strategist at Seattle-based Microsoft Inc., to The Washington Times.

Mr. Cochran, who helped produce the assessment, said the concern was not the damage such a disaster could do to the physical infrastructure. "The focus... was more on the disruption of human resources and the ability to detect, respond to and recover from [a] cyber-incident during a natural event."

More here.

Facebook Scam Leads Woman To Wire $4K Abroad

An AP newswire article by Betsy Taylor, via The Boston Globe, reports that:

A Missouri woman was tricked into wiring about $4,000 to someone in England after receiving faked messages from a friend on Facebook asking for help, police said Wednesday.

Jayne Scherrman of Cape Girardeau wired the money through Western Union after receiving what she believed were several requests for help from her friend, Sgt. Jason Selzer said.

Police were notified about the scam on Aug. 26, Selzer said. They believe someone took over the Facebook account of a Cape Girardeau County resident, Grace Parry, changed the password so she couldn't access it and sent out messages saying she and her husband had been detained in London and needed money.

Scherrman said received a message last Tuesday from Parry saying she needed help. Scherrman, a pediatric dentist, said Parry and her minister husband go on mission trips, so she didn't think it unusual that they might be in England.

She figured they really needed assistance if they could only reach her electronically, and expected they'd quickly pay her back. She originally was told electronically they needed $600 for a hotel and taxis. Then she was told it wasn't enough with the exchange rate. Finally, she was told by a caller that the couple had been detained and more money was needed to help them fly home.

More here.

Security Fix: More Business Banking Victims Speak Out

Brian Krebs writes on Security Fix:

Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I've heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs.

David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country.

"Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount," Johnston said. "What we're looking at really is the bank robber of 2009. They don't use a gun, they have lots of helpers, their [profits] are huge, and the likelihood anyone will catch them seems to be extremely slim."

It's not certain what malicious software was responsible for the stolen credentials, but the attack bears similarities to methods used in the $415,000 fraud perpetrated against Bullitt County, Ky. in July, which involved a notorious strain of data-stealing malware called "Zeus," or "Zbot."

More here.

Thursday, September 03, 2009

Classic xkcd: Spambot Suspicion


Click for larger image.


We love xkcd.

Especially this one. :-)

- ferg

Mark Fiore: Cash For Karzai



More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Wednesday, September 02, 2009

U.S. Court Allows Suit Against Bank For Lax Security

Jaikumar Vijayan writes on ComputerWorld:

A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises.

In a ruling issued last month, Judge Rebecca Pallmeyer, of the District Court for the Northern District of Illinois, denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple -- customers of the bank -- alleged that Citizens' failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit.

The negligence claim was one of several claims brought against Citizens by the couple. Although, Pallmeyer dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a "reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access."

The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that can't prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach.

More here.

SCADA Watch: DHS Needs to Plug Some Cyber Security Holes, Audit Finds

Alice Lipowicz writes on FCW.com:

The Homeland Security Department is should improve its cybersecurity programs for some major control systems, according to a new report [.pdf] from DHS Inspector General Richard Skinner.

The control systems, which operate primarily in power plants, factories and utilities, are a vital part of the nation’s critical infrastructure. In recent years control systems increasingly have become networked and linked with other information technology systems including the Internet. As a result, the control systems are vulnerable to cyber threats, the IG said.

DHS’ National Cyber Security Division (NCSD) has been coordinating public and private efforts for cybersecurity in control systems. It also conducts training. Although that division has made progress, there are still gaps in control system cybersecurity, according to the IG's report published Sept. 1.

Skinner said the division needs to do more to encourage information sharing between the public and private sectors on needs, threats and vulnerabilities that affect control systems; conduct more vulnerability assessments performed on control systems; deploy better performance measures; and initiate an expanded program for education, training and awareness.

More here.

Tuesday, September 01, 2009

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Sept. 1, 2009, at least 4,337 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,469 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is three fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

As of Tuesday, Sept. 1, 2009, at least 734 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EDT.

Of those, the military reports 558 were killed by hostile action.

More here and here.

Honor the Fallen.

One Short Sentence: Bad Food Process


This has to be one of the most disturbing things I've seen in a while.

Really.

Warning: Again, I think this might be very disturbing for some people.

- ferg

U.S. Internet Providers Seek Low Broadband Bar

A Reuters newswire article, via Forbes.com, reports that:

The biggest U.S. Internet service providers urged regulators to adopt a conservative definition of "broadband," arguing for minimum speeds that were substantially below many other nations.

The submissions were filed with the Federal Communications Commission which had sought comments by Aug. 31 on how the agency should define broadband for a report to be submitted to Congress early next year.

The Obama administration is seeking ways to extend broadband services to both unserved Americans living in rural areas and to make broadband affordable for those living in urban areas.

Some of the submissions from service providers argued for a definition that even undercut an international ranking of U.S. Internet speed.

More here.

5 More Indicted in Probe of International Carding Ring


Kim Zetter writes on Threat Level:

Five eastern European men were indicted in New York on Monday as part of an international ring allegedly responsible for at least $4 million in credit card theft.

The ring, which authorities dubbed the Western Express Cybercrime Group, operated between 2001 and 2007 and trafficked in at least 95,000 known stolen credit card numbers, including some belonging to victims in New York, where the case is being prosecuted by the Manhattan District Attorney’s office.

The five named in an indictment unsealed this week include Vasilyev Viatcheslav, 33, and Vladimir Kramarenko, 31, of Czechoslovakia, who were arrested in Prague in July 2008 and only extradited to the U.S. last week; Egor Shevelev, 23, a Ukrainian arrested last year during a vacation in Greece and awaiting extradition; Oleg Kovelin, 28, from Moldova (spelled “Covelin” in some documents); and Dzimitry Burak, 26, a Belorussian who was last living in Ukraine. The latter two have not yet been apprehended. A sixth defendant has not been named yet.

The five men named this week allegedly worked in concert with 17 other defendants who were previously charged with a 173-count indictment in November 2007, along with a New York-based company called Western Express International Inc., which authorities allege was used to coordinate and facilitate the illegal activities and launder the ring’s ill-gotten gains. Of those 17 defendants, 14 have been arrested. Five pleaded guilty.

More here.

Image source: Threat Level / U.S. Secret Service

Monday, August 31, 2009

Albert Gonzalez' Attorney Says His Client 'Not Ringleader'

A Reuters newswire article by Ross Kerber, via MSNBC, reports that:

An attorney for the hacker whom U.S. authorities painted as an organizer of one of the largest payment-card thefts ever said his client was no ringleader.

"He wasn't directing traffic or anything," attorney Rene Palomino told Reuters in a telephone interview on Monday.

Albert Gonzalez, a 28-year-old from Miami, last week agreed to plead guilty to charges in Boston that he helped engineer the theft of more than 40 million card numbers from retailers like TJX Cos. and BJ's Wholesale Club.

Earlier this month in New Jersey, the U.S. Justice Department also charged Gonzalez and two others with conspiring to steal another 130 million payment card numbers, the most ever.

Both cases put Gonzalez at the center of the action — especially bold conduct since authorities say he was a Secret Service informant earlier this decade.

Palomino also described his client as a less-important figure than the Boston case made out, saying he was one of 11 co-conspirators worldwide, some still at large. "Did he have knowledge? Yes. But others were also involved," Palomino said.

More here.

Sunday, August 30, 2009

A Great American: Forrest Bird



Via 60 Minutes.

A viewer wrote 60 Minutes a while back and said we really should take a look at the life and times of a man, an inventor named Forrest Bird. Correspondent Morley Safer did and found, in the panhandle of Idaho, a remarkable American original.

Over the last eight decades, Bird has seen enough history and rubbed elbows with enough legends to rival that other Forrest, Forrest Gump.

As we reported two years ago, chances are Bird's invention has saved the life of someone you know, maybe even your own. And though he may not be a household name, when inventors get together Bird stands literally head and shoulders above the rest.

(This story was first published on Oct. 7, 2007. It was updated on Aug. 27, 2009.)

Much more here.