Thursday, December 09, 2010

Hundreds of Banking Sites Vulnerable to RSA Security Flaw, Researcher Finds

Brian Prince writes on eWeek:

RSA, EMC’s security division, is advising customers to apply a two-year-old patch for its Adaptive Authentication product after a researcher discovered hundreds of banking Websites are still open to attack.

RSA Adaptive Authentication is a risk-based fraud prevention and authentication platform that measures risk indicators to identify suspicious activities. According to RSA, versions 2.x and 5.7.x of the on-premise edition of the product are vulnerable to cross-site scripting due to a Flash Shockwave file provided by the Adaptive Authentication system.

The vulnerability in question was actually patched in 2008, but was brought back into focus recently when Nir Goldshlager, a security consultant with Avnet Technologies, discovered many online banking sites were still vulnerable to attack, something he uncovered after searching for the affected filename in Google. He reported his discovery to RSA in November.

Still, hundreds of sites remain vulnerable, he told eWEEK today.

More here.

Wednesday, December 08, 2010

Mark Fiore: Dojo of Democracy

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

Tuesday, December 07, 2010

Somehow Sadly Appropriate for The Holidays...

Via Pundit Kitchen.

- ferg

In Passing: Elizabeth Edwards

Elizabeth Edwards
July 3, 1949 – December 7, 2010

Cyber Theft of $200,000 from Gregg County Texas

Via (AP).

An East Texas county has halted electronic fund transfers after cyber hackers believed to be in Russia allegedly stole $200,000 in tax-related funds.

The Longview News-Journal reported Tuesday that Gregg County, state and federal authorities are investigating.

Tax assessor/collector Kirk Shields said Monday that local tax payments destined for schools and cities were hijacked.

Shields says confirmation of Nov. 23 theft, discovered in progress and traced to a website in Moscow, has led to changes in the county's method for moving funds.

Thieves use malicious software, known as malware, to infect the computers of unsuspecting users by e-mail. Shields says a county employee who mistakenly unleashed the virus has been suspended for violating cyber-security policy.

Efforts continue to retrieve the funds and identify the hackers.


In Remembrance: Pearl Harbor

USS California sinking.
Pearl Harbor Collection of pictures taken by military personnel.

Image source: Wikimedia

You Are Not Forgotten

On this day in 1941 -- a day that will live in infamy -- the Imperial Japanese Navy made its attack on Pearl Harbor.

The surprise attack on Pearl Harbor, Oahu, Hawaii, was aimed at the Pacific Fleet of the United States Navy and its defending Army Air Corps and Marine air forces. The attack damaged or destroyed twelve U.S. warships, destroyed 188 aircraft, and killed 2,403 American servicemen and 68 civilians.

Admiral Isoroku Yamamoto planned the raid as the start of the Pacific Campaign of World War II, and it was commanded by Vice Admiral Chuichi Nagumo, who lost 64 servicemen. However, the Pacific Fleet's three aircraft carriers were not in port and so were undamaged, as were oil tank farms and machine shops. Using these resources the United States was able to rebound within six months to a year.

The U.S. public saw the attack as a treacherous act and rallied strongly against the Japanese Empire, resulting in its ultimate defeat.

It absolutely "...awakened the sleeping U.S. behemoth".

Sixty-nine years later, we haven't forgotten.

- ferg

Monday, December 06, 2010

Russian ISPs May Avoid Responsibility for 'Sketchy' Content

Via RIA Novosti.

Russian providers of Internet services may avoid responsibility for offensive or controversial content stored on their servers, according to amendments to the Russian Civil Code proposed by the presidential law codification council, a Russian business daily said on Tuesday.

A new draft Civil Code includes an article stipulating responsibility of Internet providers for their content. The presidential council drew up the amendments to the article following an order by President Dmitry Medvedev, an active Internet user, the Vedomosti paper said.

The bill relieves providers of responsibility for the content if three conditions are met: the controversial content was uploaded to the provider's server "by a client or on his order"; a provider "did not know or should not have known" about the contentiousness of the content; the provider took "prompt measures" to eliminate the consequences of the controversial content storage following a written request by a third party.

The measures to be taken will be specified in a special law on Internet providers, Vedomosti said. According to the proposed amendments, a provider is obligated to delete the content within three days, suspend the domain on a written police request and limit access to questionable information upon a prosecutor's request.


In Passing: Don Meredith

Don Meredith
April 10, 1938 – December 5, 2010

Sunday, December 05, 2010

Europe Wary of U.S. Bank Monitors

Eric Lichtblau writes in The New York Times:

When the European Parliament ordered a halt in February to an American government program to monitor international banking transactions for terrorist activity, the Obama administration was blindsided by the rebuke.

“Paranoia runs deep especially about US intelligence agencies,” a secret cable from the American Embassy in Berlin said. “We were astonished to learn how quickly rumors about alleged U.S. economic espionage” had taken root among German politicians who opposed the program, it said.

The memo was among dozens of State Department cables that revealed the deep distrust of some traditional European allies toward what they considered American intrusion into their citizens’ affairs without stringent oversight.

The program, created in secrecy by the Bush administration after the Sept. 11, 2001, attacks, has allowed American counterterrorism officials to examine banking transactions routed through a vast database run by a Brussels consortium known as Swift. When the program was disclosed in 2006 by The New York Times, just months after the newspaper reported the existence of the National Security Agency’s warrantless wiretapping program, it set off protests in Europe and forced the United States to accept new restrictions.

More here.