White House cyber security adviser post remains unfilled
August 31, 2009
Expectations ran high after President Obama’s historic May 29th speech, in which the President outlined his framework for a national policy on cyber security, directed by a White House special adviser. But three months later the adviser has not yet been named.
Threat Post blogger Dennis Fisher does a good job analyzing the variables in play — and underscoring that stakes at risk — in this post. It’s …More
More evidence Apple is rife with security vulnerabilities, just like Windows
August 28, 2009
Affirming that Internet-connected Macs are just as rife with security flaws as Windows computers – albeit not nearly as heavily attacked as PCs — Apple has quietly added a malicious software detection feature to its new Snow Leopard operating system and Safari browser. USA Today’s Ed Baig discusses this in this review of Snow Leopard.
It wasn’t too long ago that if I wrote anything even remotely implying …More
iPhone eavesdropping coming soon
August 25, 2009
How much time should vendors of popular technology be given to fix a known security flaw?
That’s the central question of the “full disclosure” debate – and one that is being tested again via Karsten Nohl’s campaign to compile a decryption handbook useful for eavesdropping on transmissions from AT&T and Tmobile phones, including iPhones and GPhones.
Nohl, a computer science PhD candidate from the University of Virginia, is calling for …More
Cyber thieves escaped detection, sucked data from TJX, Heartland for months
August 18, 2009
It took just a modicum of skill using tried-and-true hacking techniques for criminals to pull off the record-setting data breach of the retail chain TJX in 2007 – and then top that by stealing even more data from payment card processor Heartland Payments System in 2008.
Yet the most unnerving revelation in the charges filed against Albert Gonzalez – an alleged foot soldier in two separate cyber gangs respectively accused …More
Hackers use Twitter accounts and Tweets as command & control for botnets
August 17, 2009
A cyber gang has begun experimenting with setting up free Twitter accounts, then sending out Tweets from the popular micro-blogging service that are really coded instructions to botted PCs to carry out criminal activities.
Anti-virus maker Symantec has isolated several samples of infected PCs carrying a unique new infection, dubbed “Sninfs.”
The PCs most likely got infected when their users unwittingly clicked to a tainted web page or on a corrupted link carried in an email or social network message, …More
Twitter denial-of-service reveals fragile infrastructure, morphing motives
August 7, 2009
The denial-of-service attacks that shut down Twitter and disrupted Facebook and LiveJournal this week were intended to be surgical strikes to obliterate a small-time, anti-Russian blogger.
But the attacks turned out to be not so surgical after all.
That’s the consensus of top security researchers and analysts interviewed by LastWatchdog.
There are two important revelations associated with this attack. First, the success of social networks’ revolve around aggregating huge blocks of user accounts …More
Twitter now using Google filter to block some bad URLs
August 5, 2009
Without much fanfare, Twitter has begun to put up some defenses against malicious web links circulating in Tweets. The social network told veteran security blogger Ryan Naraine, of ThreatPost, that it is now using Google Safe Browsing API to block some bad URLs.
In recent weeks, Twitter has been hit with porn spam, infectious worms that steal data and trigger fake scareware promotions, and phishing attacks.
Twitter’s solution is …More