www.PenandCamera.com: Writing Samples: 2011 About | Archive | Photography| Writing | Updates
Writing Archive: 2011

Writing Archives: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003

Complete stories by date:

December 2011

6 Worst Data Breaches Of 2011
Historically speaking, these 2011 data breaches rate among the biggest or most significant data-loss incidents to date.
InformationWeek (December 28, 2011)

FBI To Get More Cyber Crime Agents
But is the bureau focusing too heavily on cyberterrorism, as opposed to fighting cybercrime?
InformationWeek (December 19, 2011)

Quest Acquires Bitkoo For Cloud Identity Management
Deal reflects the difficulty many businesses face in centralizing identity and access management programs.
InformationWeek (December 19, 2011)

Sprint Pulls Carrier IQ Software
The carrier has disabled Carrier IQ's software and reportedly instructed all of its hardware partners to no longer build the software into Sprint handsets.
InformationWeek (December 19, 2011)

Feds Indict 55 For Cyber Crime Fraud
Crime ring recruited insiders to steal personal information on hundreds of people, which they used to open fake accounts and steal money.
InformationWeek (December 19, 2011)

Adobe Patches Two Zero Day Vulnerabilities
Attackers have exploited the vulnerabilities via malicious PDFs sent to defense contractors.
InformationWeek (December 16, 2011)

Iran Hacked GPS Signals To Capture U.S. Drone
Exploit of well-known bug in drone's software made it think it was landing at an American airfield, not 140 miles inside Iran.
InformationWeek (December 16, 2011)

Security Researcher Details New SCADA Bugs
Supervisory control and data acquisition systems' programmable logic controllers could be remotely accessed and loaded with trojanized firmware.
InformationWeek (December 16, 2011)

Carrier IQ Faces FTC Probe
FBI Director Robert Mueller says bureau doesn't knowingly use data collected by Carrier IQ.
InformationWeek (December 15, 2011)

Kiss Off: Anonymous Hacker Took On Gene Simmons, Feds Say
Feds bust alleged member of Anonymous for launching an "Operation Payback" attack against website of Kiss frontman Gene Simmons.
InformationWeek (December 14, 2011)

Carrier IQ: What We Know So Far
Smartphone monitor company details in a report every data point that it can collect, and says it shared no data with law enforcement agencies.
InformationWeek (December 14, 2011)

DHS, FBI Give SCADA System Vulnerability Warning
InformationWeek, December 13, 2011
Hackers have infiltrated control system environments in at least three cities this year. Yet, many control systems remain Internet-connected and at risk of remote exploitation.
InformationWeek (December 13, 2011)

Google Boots Fraudware Apps From Android Market
Fraudulent game apps send and receive expensive premium-rate SMS messages, racking up charges for unsuspecting users.
InformationWeek (December 13, 2011)

How Digital Forensics Detects Insider Theft
A new digital forensic technique promises to help solve an ongoing problem involving malicious insiders: determining whether any information has actually been stolen.
InformationWeek (December 13, 2011)

84% Of Development Apps Sport Known Vulnerabilities
SQL injection vulnerabilities and other flaws increase in first-version code reviews, but overall bug levels decline, reports Veracode.
InformationWeek (December 9, 2011)

Microsoft Patch Fest Includes Duqu Vulnerability
Security patches next week should address multiple critical vulnerabilities. Adobe will fix a Reader flaw being actively exploited to attack defense firms.
InformationWeek (December 9, 2011)

Carrier IQ: What Carriers, Device Makers Must Do Next
Let smartphone users opt into how their devices and related data get tracked, preferably from handsets. Otherwise, carriers and manufacturers will continue to look like they have something to hide.
InformationWeek (December 9, 2011)

How To Spot Malicious Insiders Before Data Theft
Psychologists identify warning signs that could tip you off that corporate data may be stolen.
InformationWeek (December 8, 2011)

Carrier IQ On Your Android? 3 Apps With Answers
In the wake of the Carrier IQ controversy, Android hackers and security companies offer tools to detect and remove the tracking software.
InformationWeek (December 7, 2011)

Carrier IQ Data Collection Technically Legit, Say Researchers
Independent studies find CIQ's smartphone monitoring software captures only the info it needs for diagnostics work.
InformationWeek (December 6, 2011)

Carrier IQ, Carriers, Manufacturers Hit With Wiretap Lawsuits
U.S. and European officials also demand answers about who's using Carrier IQ's smartphone monitoring software and exactly which types of information they're tracking.
InformationWeek (December 6, 2011)

HP Denies Exploit Could Trigger Printer Fire
Security researchers warned that zero-day printer vulnerability could be exploited to overheat printers, or worse.
InformationWeek (December 5, 2011)

Carrier IQ Gets Scrooged For The Holidays
A tale of data collection, cease and desist, wiretap allegations, privacy questions, and potential redemption.
InformationWeek (December 3, 2011)

Carrier IQ Denies Wiretap Claims
Smartphone network diagnostic software maker says it only collects data that carriers request. Is your phone affected?
InformationWeek (December 2, 2011)

Android Bloatware's Dark Side Emerges
Some Android phones are more vulnerable to attacks than others, due to pre-installed add-on tools and skins, security researchers say.
InformationWeek (December 1, 2011)

Carrier IQ Vs. Wiretap Laws
Network diagnostic software maker Carrier IQ feels the heat after a researcher's video demonstrates how software captured his every keystroke. But is that illegal?
InformationWeek (December 1, 2011)

November 2011

Anonymous Threatens Robin Hood Attacks Against Banks
Hacktivist group says it will steal credit card data from commercial banks and use the information to donate to charities and protest groups.
InformationWeek (November 30, 2011)

Facebook's FTC Deal: 8 Things To Expect
Federal Trade Commission settlement allows Facebook to maintain some privacy policies, but also mandates key changes. Here's what users should know.
InformationWeek (November 30, 2011)

Carrier IQ Withdraws Legal Threat Against Security Researcher
Network diagnostic software vendor issues apology to researcher who discovered its application secretly monitoring smartphone users.
InformationWeek (November 29, 2011)

Twitter Buys Mobile Security Startup Whisper
Two-person development shop created software for secure text and voice communications on Android smartphones.
InformationWeek (November 29, 2011)

Feds Seize 150 Web Domains Before Cyber Monday
Federal agencies shut down websites they said were illegally selling counterfeit goods or copyrighted works. But it is easy for bad guys to set up shop under a new name.
InformationWeek (November 28, 2011)

AT&T Hackers Have Terrorism Ties, Police Say
FBI aids in arrests in Philippines of four men who allegedly hacked into AT&T customers' PBXs to generate revenue for Saudi-based militant group.
InformationWeek (November 28, 2011)

Best Paying IT Security Jobs In 2012
Compensation for security pros expected to increase 4.5% in 2012, survey finds. Which jobs will see better than average salary bumps?
InformationWeek (November 25, 2011)

DHS, FBI Dispute Illinois Water Hack
Feds say their preliminary investigation finds no evidence of stolen credentials or foreign attackers.
InformationWeek (November 23, 2011)

Android Buyers Find Smartphone Update Chaos
InformationWeek, November 23, 2011
After Google releases a new version of Android, the time it takes carriers to update your phone varies wildly right now. One security expert says consumers must vote with their wallets.
InformationWeek (November 23, 2011)

Anonymous Leaks Law Enforcement Forensic Secrets
Hacktivist group claims release of 38,000 emails related to the Feds' cybercrime investigations, in retaliation for stiff sentences for Anonymous members.
InformationWeek (November 22, 2011)

Android Buyer Beware: 12 Least Secure Phones
More than half of most popular Android smartphones run outdated--and insecure--versions of the OS. And update policies vary.
InformationWeek (November 22, 2011)

Next DIY Stuxnet Attack Should Worry Utilities
The recent water system hack in Illinois points to the dangers of insecure, Internet-connected industrial control systems. Environments like this can't ignore known security weaknesses anymore.
InformationWeek (November 22, 2011)

Hacker Apparently Triggers Illinois Water Pump Burnout
Attack illustrates the extent to which industrial control systems are Internet-connected, yet lack basic password checks or access controls.
InformationWeek (November 21, 2011)

2012 Security Spending To Hold Strong
Compliance, mobile devices, and data loss prevention top the list of trends driving 37% of businesses to increase IT security spending.
InformationWeek (November 17, 2011)

Facebook Porn Spam Appears Unrelated To Anonymous
Despite initial reports of a link, Facebook spam carrying pornographic images wasn't related to Fawkes, new malware supposedly developed by Anonymous, security experts say.
InformationWeek (November 17, 2011)

7 Facts On Duqu Malware Attacks
Research into Duqu malware finds a component compiled in 2007, but identified successful attacks that occurred as recent as April 2011.
InformationWeek (November 16, 2011)

Kindle Fire Hits The Office: 5 Security Concerns
As proud owners of the Amazon Kindle Fire tablet walk this device through your company's front door, enterprise IT should be prepared.
InformationWeek (November 16, 2011)

Facebook Blames Porn Attack On Browser Bugs
Attack spread a massive quantity of hardcore pornography and violence images via a cross-site scripting flaw.
InformationWeek (November 16, 2011)

Smartphone Invader Tracks Your Every Move
Carrier IQ software, installed on more than 144 million mobile phones, tracks GPS location, websites visited, search queries, and all keys pressed.
InformationWeek (November 16, 2011)

Siri Works Outside iPhone 4S? Crackers Say Yes
Crackers reverse-engineer Siri Protocol, to extend Apple's voice recognition service to any device, at least on the sly.
InformationWeek (November 15, 2011)

W3C Proposes Do Not Track Privacy Standard
Microsoft, Mozilla, Google, Apple, privacy groups, and online advertising associations work to balance consumers' interests with Web companies' requirements for user data.
InformationWeek (November 14, 2011)

Duqu Malware Detection Tool Released
Toolkit can throw up false positives and should only be used by professionals, researchers say.
InformationWeek (November 11, 2011)

Facebook Privacy: 6 Key Moments
As FTC settlement nears on opt-in privacy settings, take a look back at Facebook's key privacy flaps.
InformationWeek (November 11, 2011)

So You Want To Be A Zero Day Exploit Millionaire?
On the active market for reporting and selling zero day vulnerabilities, you can make big money. But you'll have to answer difficult ethical questions.
InformationWeek (November 11, 2011)

Prisons May Be Vulnerable To Stuxnet-Style Attack
Researchers found easy-to-write malware could subvert prison control systems, cause spontaneous opening of all cell doors.
InformationWeek (November 10, 2011)

FBI Busts $14 Million Botnet Fraud Gang
Estonia-based gang's malware altered computers' DNS settings, rerouted them to sites that generated referral revenue for the attackers.
InformationWeek (November 10, 2011)

Anonymous Hacks Wal-Mart, CapitalOne, Finland, El Salvador
Releases troves of stolen data, some of unknown origin, and issues call for mass disruptions of the Iowa caucuses.
InformationWeek (November 8, 2011)

Apple Excommunicates iOS Cracker
Demonstrating proof-of-concept attack that runs arbitrary code on an iPhone gets security researcher Charlie Miller banned from Apple development program for a year.
InformationWeek (November 8, 2011)

SecurID Brings Two-Factor Authentication To MS Cloud Apps
In a big cloud app security step, RSA's SecurID platform integrates now with Microsoft Active Directory Federation Services.
InformationWeek (November 8, 2011)

Did Anonymous Crash Israeli Government Websites?
Israel blames crash on a server error, but Anonymous said outage was retaliation for the country's blockade of Gaza.
InformationWeek (November 7, 2011)

Will Cloud Signaling Contain DDoS Attacks?
Arbor Networks' "Bat-signal" for distributed denial of service attacks culls your network service provider's resources to help stop it.
InformationWeek (November 4, 2011)

Microsoft Details Duqu Workaround
Patch Tuesday next week won't have a fix for the newly discovered zero-day vulnerability, but Microsoft says it will deliver one as soon as it can.
InformationWeek (November 4, 2011)

Feds Cite Chinese Cyber Army Capability
U.S. government report blames China and Russia for cyber theft of U.S. economic secrets, but one expert questions China's actual hacking capabilities.
InformationWeek (November 3, 2011)

Google Services Don't Guarantee Privacy
Journalists aren't the only ones who should take stronger security measures with online services, security researcher warns--and Google counsel agrees.
InformationWeek (November 3, 2011)

FBI Helps Bust $4.6 Million Cybercrime Gang
Thirteen people jailed after British police break up a Trojan-application-using banking fraud crime ring.
InformationWeek (November 2, 2011)

Duqu Malware: Still No Patch
Malware exploits Microsoft Windows kernel zero-day vulnerability. Installer file is a Word document.
InformationWeek (November 2, 2011)

Nitro Malware Targeted Chemical Companies
Symantec finds Trojan launched industrial espionage attacks against chemical compound and advanced material manufacturers.
InformationWeek (November 1, 2011)

Advanced Threats Touch Two-Thirds Of Enterprises
Worse news: Sophisticated cyber attacks combining stealth and severity are leading only half of businesses to employ more automated defenses and better training.
InformationWeek (November 1, 2011)

Were Your IDs, Passwords Stolen?
Check PwnedList Site lets you check whether your login details are among 5 million compromised data records amassed since June.
InformationWeek (November 1, 2011)

October 2011

Anonymous Eyes Mexican Cartel
Attack Security experts warned that the hacktivist group's plan to name people who assisted the cartels would lead to their executions.
InformationWeek (October 31, 2011)

UBS Finds Risk Management Stress Test Costly
UBS failed to stop a single rogue trader from racking up $2 billion in losses. Yet, some experts argue that banks overall may be better than others at managing risk.
InformationWeek (October 26, 2011)

Nasdaq Server Breach: 3 Expected Findings
While federal investigators remain quiet about the ongoing investigation, experts say that the Directors Desk data breach is even worse than thought.
InformationWeek (October 25, 2011)

Hackers Likely Have Japanese Warplane, Nuclear Data
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
InformationWeek (October 25, 2011)

XML Encryption Flaw Leaves Web Services Vulnerable
Apache, Red Hat, IBM, Microsoft, and other major XML framework providers will need to adopt new standard, say German researchers who found the flaw.
InformationWeek (October 24, 2011)

Anonymous Attacks Child Pornography Websites
Hacktivist group disables numerous darknet child pornography sites, publishes 1,500 related usernames, and invites FBI and Interpol to investigate.
InformationWeek (October 24, 2011)

Does Cybercrime Pay?
Turning a profit in today's underground economy remains tough. Here's why.
InformationWeek (October 24, 2011)

Facebook: Latest 'Hack' Was Old, Invalid User IDs
Hacking group "Team Swastika" released apparent Facebook usernames and passwords, but the social network says the data isn't tied to live accounts.
InformationWeek (October 21, 2011)

3 Lessons Learned From Duqu Malware
Emergence of a Trojan based on Stuxnet sourcecode highlights security challenges businesses continue to face.
InformationWeek (October 20, 2011)

Are Your IT Pros Abusing Admin Passwords?
One in four IT professionals know of a coworker who has used privileged credentials to snoop. Worse, 25% of superuser passwords don't pass basic security test.
InformationWeek (October 19, 2011)

Can Anonymous Cripple Critical U.S. Infrastructure?
Homeland Security says Anonymous can cause DDoS attacks, but says chance of attack on scale of Stuxnet is slim.
InformationWeek (October 18, 2011)

Social Security Failed To Disclose Breaches
Agency data entry errors led to more than 30,000 Americans being incorrectly classified as dead, then having personally identifiable information disclosed.
InformationWeek (October 17, 2011)

Hacked Sesame Street YouTube Channel Served Porn
Security experts said that the Children's Television Workshop's password was likely hacked or phished.
InformationWeek (October 17, 2011)

Sony Locks Accounts After Data Breach
Sony locks almost 100,000 accounts accessed by criminals who reused usernames and passwords stolen from a third-party site.
InformationWeek (October 12, 2011)

RSA Pins SecurID Attacks On Nation State
Security firm said it traced the attack on its authentication system to two groups working for one nation state, but declined to name the country.
InformationWeek (October 12, 2011)

LulzSec Leader Sabu Details Exploits
In an interview, Sabu discloses LulzSec and Anonymous are sitting on hacked data from HSBC, Koch Brothers stored on a server in China.
InformationWeek (October 11, 2011)

Android Mobile Malware Fails To Make Money
Attackers haven't yet achieved mobile malware returns that equal the payoff from a Windows PC infection or fake antivirus campaign.
InformationWeek (October 11, 2011)

111 Arrested In Identity Theft Probe
One of the biggest identity theft and credit card fraud cases in history has generated millions of dollars in losses to date, prosecutors said.
InformationWeek (October 10, 2011)

Steve Jobs And Tech Security
Apple's products continue to highlight what relatively secure operating system environments look like.
InformationWeek (October 6, 2011)

Most Businesses Don't Spot Hack Attacks
Congress hears testimony that most businesses are told by government agencies and law enforcement that they've been hacked, and that better security data sharing is needed.
InformationWeek (October 5, 2011)

Anonymous Threatens New York Stock Exchange Attack
Calls for distributed denial-of-service attack as part of the Occupy Wall Street protests.
InformationWeek (October 5, 2011)

6 SharePoint Security Challenges
Even Microsoft recommends locking down its popular and widely used collaboration, file sharing, and online publishing platform.
InformationWeek (October 5, 2011)

HTC Preps Emergency Patch For Android Phones
Until the over-the-air fix for data leakage problem gets distributed, HTC recommends that users avoid using applications from untrusted sources.
InformationWeek (October 4, 2011)

Data Breach Response Plans: Yours Ready?
The smart money treats data breaches as a 'when' not an 'if,' proposition. Don't wait until the last minute to do this homework.
InformationWeek (October 4, 2011)

Microsoft Still Mistaking Google Chrome For Zeus Malware
Despite Microsoft's emergency Security Essentials update, some users saw continued trouble Monday with Chrome reinstalls.
InformationWeek (October 4, 2011)

HTC Android Flaw Leaks Smartphone User Data
HTC investigating vulnerability that leaves smartphones open to having email address, GPS coordinates stolen by rogue apps.
InformationWeek (October 3, 2011)

September 2011

New SSL Alternative: Support Grows for Convergence
Convergence, Moxie Marlinspike's crowdsourced approach to improving SSL security, wins fans. But Google's still not on board.
InformationWeek (September 30, 2011)

5 Reasons Credit, Debit Card Data Remains Insecure
Verizon study finds 79% of merchants fall out of compliance with PCI standards between audits. These five factors feed the problem.
InformationWeek (September 30, 2011)

Mobile Security Exploits To Double
Many of the threats involve mobile operating systems with easy-to-exploit vulnerabilities that can lead to arbitrary code execution.
InformationWeek (September 30, 2011)

Top Google Chrome Extensions Leak Data
Study of 100 extensions found that 27% leave users vulnerable to Web or Wi-Fi attack.
InformationWeek (September 29, 2011)

Social Engineering Attacks Pose As Corporate Copiers
Malware disguised as communications from in-house copiers and scanners with document emailing capabilities is on the rise, researchers say.
InformationWeek (September 28, 2011)

Supercookie Crackdown Sought By Lawmakers
FTC urged to investigate new persistent tracking technique, per its mandate to stop unfair and deceptive business practices.
InformationWeek (September 28, 2011)

LulzSec Suspect Learns Even HideMyAss.com Has Limits
After suspect's arrest, British HideMyAss VPN service said that its terms of service don't extend to illegal activities.
InformationWeek (September 27, 2011)

MySQL Malware Hack Cost Just $3,000
Oracle-owned site was hacked with Java to automatically begin downloading Blackhole malware onto Windows PCs.
InformationWeek (September 27, 2011)

Should ISPs Monitor Users' PCs To Stop Botnets?
Homeland Security's proposed code of conduct for notifying users when their PCs are infected by malware raises privacy concerns.
InformationWeek (September 27, 2011)

Will Windows 8 Secure Boot Block Linux?
A security feature designed to block malware could result in PCs no longer booting alternate operating systems, open source advocates warn.
InformationWeek (September 26, 2011)

Corporate Espionage's New Friend: Embedded Web Servers
Many types of Web-connected photocopiers, scanners, and VoIP servers have no default passwords or other security enabled to stop remote eavesdropping.
InformationWeek (September 26, 2011)

Adobe Flash Player 11 Promises Security Improvements
Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.
InformationWeek (September 23, 2011)

Wardriving Burglars Hacked Business Wi-Fi Networks
Three men are indicted for using a tricked-out Mercedes with specialized antennas and network-cracking tools to steal financial data via businesses' wireless networks.
InformationWeek (September 23, 2011)

FBI Busts Suspected LulzSec Hacker In Sony Breach
Authorities have charged three men as part of ongoing investigations into LulzSec and Anonymous attacks against government servers and Sony websites.
InformationWeek (September 23, 2011)

Web App Attacks Rise, Disclosed Bugs Decline
Mismatch between vulnerability disclosures and actual number of new vulnerabilities strengthens case for using Web application firewalls and virtual patching.
InformationWeek (September 22, 2011)

Social Engineering Attacks Cost Companies
Half of businesses have experienced more than 25 successful social engineering attacks in the past two years, with some having to spend up to $100,000 per incident in cleanup costs.
InformationWeek (September 21, 2011)

Adobe Preps Zero-Day Flash Patch
Vulnerability is being actively exploited in the wild, has already been patched in Chrome.
InformationWeek (September 21, 2011)

Apple Lion Vulnerable To Password Hack
Flaw in Mac OS X 10.7 allows logged-in attacker to change password without knowing previous one.
InformationWeek (September 20, 2011)

HTTPS Vulnerable To Crypto Attack
Security researchers have built a tool that exploits weaknesses in the SSL and TLS encryption protocol, used by millions of websites to secure communications.
InformationWeek (September 20, 2011)

8 Techniques To Block SQL Attacks
SQL injection attacks hit Web applications 71 times per hour on average, but can peak at 1,300 unique attacks per hour or more. Consider this security advice to stop SQL attacks.
InformationWeek (September 20, 2011)

Hollywood-Grade Mobile Phone Security: 4 Tips
Recent mobile phone hacks in Hollywood and the emergence of an entertainment answer to WikiLeaks should remind everyone to follow these mobile security mantras.
InformationWeek (September 19, 2011)

FTC Proposes New Rules On Child Data Collection
Federal Trade Commission wants to regulate many more types of personal information for websites, mobile games, and online services that knowingly interact with children under the age of 13.
InformationWeek (September 16, 2011)

McAfee DeepSafe Promises Better PC Security
Taking advantage of features in Intel chips, DeepSafe technology uses virtual memory to spot and block otherwise stealthy rootkit infections.
InformationWeek (September 15, 2011)

Data Breach Avoidance Requires Copy Cops?
A U.S. senator proposes more data breach regulation, but experts say IT should be thinking data control. As one CSO recently put it, "The problem is not securing a copy of the data; it's securing data against copying."
InformationWeek (September 15, 2011)

UBS Discloses $2 Billion In Unauthorized Trades
Three years after unauthorized trading at Societe Generale, incident suggests that banks have more governance, risk, and compliance work to do.
InformationWeek (September 15, 2011)

Social Engineering Leads APT Attack Vectors
Combat advanced persistent threats with more adaptive user training and by acknowledging that networks today exist in a state of constant compromise, say experts.
InformationWeek (September 14, 2011)

Microsoft, Adobe Patch Vulnerabilities
Microsoft patches 15 important vulnerabilities, Adobe update fixes critical Reader and Acrobat vulnerabilities, and multiple vendors block more DigiNotar-related certificates.
InformationWeek (September 14, 2011)

HP Expands Security Offerings
Hewlett-Packard upgrades and expands its security lineup, blending ArcSight IPS, Fortify code scanning, and WebAppDV to provide better context and defense against threats.
InformationWeek (September 12, 2011)

Linux Foundation Confirms Malware Attack
Foundation advises users to change passwords following exploit of kernel.org, used to distribute the Linux kernel.
InformationWeek (September 12, 2011)

Stanford Hospital Breach Exposes 20,000 ER Records
Spreadsheet uploaded to homework-help website exposed sensitive patient data for almost a year.
InformationWeek (September 9, 2011)

Facing the privacy implications of IPv6
Is the next-generation Internet protocol, known as IPv6, a privacy time bomb?
International Association of Privacy Professionals (September 9, 2011)

Treat Hackers As Organized Criminals, Says Government
Obama administration seeks tougher penalties for cybercrime, but legal experts warn that current, imprecise proposals could be too widely applied.
InformationWeek (September 9, 2011)

How StartCom Foiled Comodohacker: 4 Lessons
Comodohacker claims to have exploited six certificate authorities including DigiNotar--yet he failed to break into at least one. Here's how StartCom's approach to security worked.
InformationWeek (September 8, 2011)

Inside The Booming Botnet Industry
Going rate for infecting 1,000 unique PCs? Up to $180 in the United States, or $7 or $8 in Asia. The pay-per-install malware business thrives.
InformationWeek (September 7, 2011)

GlobalSign Says No New Certificates, Pending Investigation
Move follows GlobalSign breach by Comodo hacker. Microsoft treats all DigiNotar certificates as untrusted, but downplays a related Windows malware threat.
InformationWeek (September 7, 2011)

Are Digital Certificates Doomed?
Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.
InformationWeek (September 6, 2011)

Hackers Turn On Each Other
WikiLeaks fumbles the disclosure of sensitive government cables, while hacking competition website RankMyHack.com finds little honor among members.
InformationWeek (September 6, 2011)

Stolen Digital Certificates Compromised CIA, MI6, Tor
"Operation Black Tulip" security audit launched by the Dutch government finds that some of the 531 bad certificates were used to compromise at least 300,000 Iranian IP addresses.
InformationWeek (September 6, 2011)

Scotland Yard Arrests LulzSec, Anonymous Suspects
"Kayla," thought to be key LulzSec figure, part of sting. Reacting to the arrests, Anonymous hackers are crafting less traceable attack tools.
InformationWeek (September 2, 2011)

WikiLeaks Sues Guardian, Cables Controversy Grows
WikiLeaks alleges that the newspaper violated its confidentiality agreement by publishing a password to a file containing unredacted versions of 251,000 State Department cables.
InformationWeek (September 1, 2011)

Laptop Tracking Software Faces New Privacy Heat
Judge rules couple can sue maker of Lojack For Laptops software for intercepting and sharing couple's sexually explicit communications with police.
InformationWeek (September 1, 2011)

Google Blocks 247 Digital Certificates, But Worries Linger
Mozilla, Microsoft also blocking fraudulent DigiNotar certificates, but security experts say nothing short of an SSL protocol overhaul will help.
InformationWeek (September 1, 2011)

August 2011

14 Enterprise Security Tips From Anonymous Hacker
Former Anonymous member "SparkyBlaze" advises companies on how to avoid massive data breaches.
InformationWeek (August 31, 2011)

How 9/11 Changed Privacy
On the tenth anniversary of Sept. 11, The Privacy Advisor looks back on how the events of that day changed privacy.
International Association of Privacy Professionals (August 29, 2011)

Insulin Pump Hack Controversy Grows
Security researcher--and pump user--who found the flaw takes medical device manufacturer Medtronic to task for its response to the security vulnerability.
InformationWeek (August 26, 2011)

How Your Smartphone's Motion Gives Away Keystrokes
Using a smartphone's accelerometers, security researchers achieved a 70% accuracy rate in deducing numeric keys pressed on a virtual keyboard.
InformationWeek (August 24, 2011)

Android Hackers Craft GingerMaster Rootkit
GingerMaster malware exploits Android, providing attackers with root-level access to the devices.
InformationWeek (August 24, 2011)

Microsoft's Vista Hacker Speaks: 7 Lessons Learned
Chris Paget served on the "final security review" team that assessed Vista before release. Check out what he learned about software hardening.
InformationWeek (August 24, 2011)

Google Patches Critical Chrome Bug
Chrome browser update includes patches for 11 vulnerabilities, including several discovered by Google bug bounty winners.
InformationWeek (August 23, 2011)

Hacked Medical Device Sparks Congressional Inquiry
Legislators demand answers after a security researcher remotely controlled his own insulin pump using a $20 radio frequency transmitter at Black Hat.
InformationWeek (August 23, 2011)

Apple: Stop Tracking iOS Users By Device IDs
Documentation changes to the iOS 5 beta tell developers to track users via their own applications, not the serial number associated with each device.
InformationWeek (August 23, 2011)

McAfee Blew Shady RAT Analysis, Kaspersky Says
Security expert Eugene Kaspersky dismissed the seriousness of the Shady RAT botnet and suggested McAfee was purposefully alarmist in its report.
InformationWeek (August 22, 2011)

Microsoft Disables Supercookies On MSN
The online user tracking technique is drawing fire, and numerous businesses are stepping away from the firms that practice it.
InformationWeek (August 19, 2011)

Motorola's Security Expertise Could Help Google's Android
Motorola can help Google make Android more secure, and more attractive to business and government customers.
InformationWeek (August 18, 2011)

7 Ways To Stop Insider Hack Attacks
A former IT staffer invaded his pharmaceutical employer's network and deleted virtual machines, causing about $800,000 in losses. Here's how to prevent such trouble.
InformationWeek (August 18, 2011)

Google Disputes Socially Engineered Malware Study
After IE9 beat Chrome on security in a report, Google says social engineering accounts for only 2% of malware found on the Web.
InformationWeek (August 18, 2011)

Smartphone Data Collection From Kids Draws FTC Fine
W3 Innovations agrees to pay $50,000 for failing to provide a clear privacy policy or secure parental consent before gathering personal information on tens of thousands of children.
InformationWeek (August 17, 2011)

Scotland Yard Read Encrypted BlackBerry Messages During Riots
British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.
InformationWeek (August 17, 2011)

Microsoft IE9 Blocks Malware Best
Report finds that IE9's ability to block malicious URLs, malware, and phishing attacks far surpasses that of Chrome, Safari, Firefox, or Opera.
InformationWeek (August 16, 2011)

Visa Pushes PIN Requirement With Credit Card Purchases
European consumers are used to this drill, but now Visa is putting its muscle behind increased security measures in the United States.
InformationWeek (August 11, 2011)

Shady RAT No China Smoking Gun
Kudos to McAfee for discovering attacks that go undiscovered too often, but questions about attack severity, sophistication, or nation-state backing remain.
InformationWeek (August 11, 2011)

Anonymous Threats To Kill Facebook: Another Hoax?
Security experts question whether the plot against Facebook is real, noting odd Twitter accounts used to launch the campaign.
InformationWeek (August 10, 2011)

RIM's London Riot Fallout Increases: BlackBerry Blog Hacked
Hackers take issue with RIM's cooperation with London Police. Multiple people arrested on charges of inciting others to violence via Facebook.
InformationWeek (August 10, 2011)

Most Mobile Apps Fail Password Security Test
Among popular Android and iOS consumer apps, 76% store user names as plain text, study finds.
InformationWeek (August 9, 2011)

U.K. Police Seek BlackBerry Messages Following Riots
BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.
InformationWeek (August 9, 2011)

How USB Sticks Cause Data Breach, Malware Woes
Half of businesses have lost sensitive or confidential information due to USB memory sticks, with many incidents involving those infected with malware.
InformationWeek (August 8, 2011)

Anonymous Cracks Cops Data Again
The "hacktivist" Anonymous operation known as AntiSec released a 7.4 GB file with emails and personal information from 56 different law enforcement agencies.
InformationWeek (August 8, 2011)

iPad Credit Card Reader Hacked As Skimmer
The Square reader for iPhone and iPad converts credit card numbers into plain audio, enabling criminals to convert stolen cards into cash.
InformationWeek (August 5, 2011)

Apple OS X Vulnerability: Advanced Persistent Attacks
Macs are even easier to exploit than Windows via advanced persistent threats, warn security researchers.
InformationWeek (August 4, 2011)

Pwnie Award Highlights: Sony Epic Fail And More
Stuxnet another winner at the annual Pwnie Awards, which honor the security world's achievements, failures, and musical talents.
InformationWeek (August 4, 2011)

China Suspected Of Shady RAT Attacks
Security experts say it is clear that China is behind the multi-year attack that has compromised scores of companies and government agencies around the world.
InformationWeek (August 3, 2011)

Shady RAT Attack Hit 72 Organizations
McAfee said that the advanced, persistent threat began in 2006, and has targeted government agencies, Olympic Committees, and numerous businesses.
InformationWeek (August 3, 2011)

Cybercrime Cleanup Costs Spike
Ponemon study finds median cost of responding to successful security breaches increased by 56% over the past year, thanks to more persistent and sophisticated attackers.
InformationWeek (August 2, 2011)

Counterfeit Windows XP Breeding Malware
Security firm finds that 74% of all rootkit infections can be traced to Windows XP machines.
InformationWeek (August 1, 2011)

Alleged LulzSec Spokesman: New Details As Bail Set
Prosecutors accuse Jake Davis, aka "Topiary," of possessing 750,000 passwords and participating in multiple attacks.
InformationWeek (August 1, 2011)

July 2011

Mac OS X Lion Password Vulnerability: Sleep Mode
Forensic software can exploit a seven-year-old FireWire design error to snoop system memory for passwords, even for devices that are locked or in sleep mode.
InformationWeek (July 29, 2011)

Facebook Dinner Date Turns Supermarket Robbery
Robbers in Belgium used a fake Facebook profile to kidnap a supermarket manager, steal his keys, and empty the store's safe.
InformationWeek (July 29, 2011)

RSA SecurID Breach Cost $66 Million
EMC details second quarter 2011 cost to replace tokens, monitor customers, and handle fallout from RSA's SecurID breach.
InformationWeek (July 28, 2011)

Alleged LulzSec Spokesman Arrested In Scotland
British police arrest 18-year-old on hacking charges as part of ongoing investigation into Anonymous and LulzSec.
InformationWeek (July 28, 2011)

Apple iOS Bug Worse Than Advertised
Off-the-shelf sniffing tools can exploit the threat, but users of older iPhones and iPod Touches won't see a fix.
InformationWeek (July 27, 2011)

Black Hat Pwnies Nominate LulzSec, Anonymous
Hacker groups among nominees for "Epic 0wnage" award, while Sony is sole nominee for "Epic Fail" distinction.
InformationWeek (July 27, 2011)

Anonymous Boycotts PayPal, Arrest Fallout Continues
Alleged hacker arrested in FBI sting on PayPal attacks faces Internet ban, while hacktivist group calls for PayPal boycott.
InformationWeek (July 27, 2011)

Apple OS X Targeted By Remote Backdoor Malware
Researchers say a remote-controlled Trojan application, known as the Olyx backdoor, is going after OS X devices.
InformationWeek (July 26, 2011)

Blended Web Attacks Hitting More Websites
Hackers increasingly use four top techniques, such as cross site scripting and SQL injection, in combination, researchers say.
InformationWeek (July 25, 2011)

Apple Laptop Batteries Hacked By Researcher
Attackers could use a password weakness to render your laptop's battery useless--or overcharge it to start a fire, researcher warns.
InformationWeek (July 25, 2011)

Cyber Strategies: National Security Versus Child Pornography
Among the interesting findings of an audit of the FBI's cyber crime capabilities: how Congress budgets the bureau, as well as the extent to which all cyber crime is local.
InformationWeek (July 18, 2011)

Android Targeted By SMS-Grabbing Malware
The fake software is disguised as legitimate security applications and reroutes SMS messages to Web servers.
InformationWeek (July 15, 2011)

Bug Warnings: Vendor Security Bulletins Unclear
Adobe, Apple, and Oracle have been slammed by security experts for a lack of information, transparency, and clarity in security bulletins.
InformationWeek (July 15, 2011)

Security Vulnerabilities: Warnings, Patches Released Same Day
Coordinated disclosures are on the rise, but so are local network attacks and critical vulnerabilities, finds Secunia security research.
InformationWeek (July 14, 2011)

Court Case Tests Right To Withhold Passwords
The Department of Justice is attempting to compel a defendant to share her hard drive encryption key, which might violate her Fifth Amendment rights against self-incrimination.
InformationWeek (July 14, 2011)

Don't Foist Euro-Style Online Privacy On The U.S.
As Congress debates numerous privacy bills, don't assume that the tougher protections afforded by EU law are the right model for the U.S.
InformationWeek (July 14, 2011)

Zeus Banking Trojan Hits Android Phones
Zeus crimeware creators adapt Zitmo malware, disguised as a banking activation application, to steal financial details from Android users.
InformationWeek (July 13, 2011)

Microsoft Squashes Bluetooth Bug
Patch Tuesday sees 22 Microsoft vulnerabilities fixed, while Mozilla pushes a Mac-only Firefox update.
InformationWeek (July 13, 2011)

Microsoft Security Center Delivered Adult Content
Attackers hacked search results generated by Microsoft's own search engine and served up some adult-oriented links.
InformationWeek (July 11, 2011)

AntiSec Hacks FBI Contractor
Hacktivist group posts emails, data related to sensitive government projects, access credentials for VPNs and Department of Energy servers.
InformationWeek (July 11, 2011)

Privacy software to protect patient records
What’s the best way to protect people’s personal health information (PHI) while using the data to benefit society? That’s a crucial question for physicians and their patients, as well as for the epidemiologists, health researchers and public officials who rely on high-quality data to improve the delivery of healthcare, cure diseases and stop pandemics. (Membership required to read article)
International Association of Privacy Professionals (July 2011 newsletter)

Florida Election Servers Hacked Again
After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.
InformationWeek (July 08, 2011)

ISPs Agree To Copyright Alerts: What It Means
Agreement between the MPAA, RIAA, and service providers will alert customers when their accounts are used to illegally download copyrighted materials.
InformationWeek (July 08, 2011)

Italian Police Arrest Alleged Anonymous Hackers
Authorities in Switzerland also crack down on members of the loosely organized hacking collective known as Anonymous.
InformationWeek (July 07, 2011)

Apple iOS Zero-Day PDF Vulnerability Exposed
Right now, only jailbroken devices have access to a patch for the PDF-related display bug.
InformationWeek (July 07, 2011)

Fox News Twitter Account Hacked, Claims Obama Killed
Weak or reused passwords likely exploited by group with Anonymous hacking collective sympathies.
InformationWeek (July 05, 2011)

LulzSec's Top 3 Hacking Tools Deconstructed
Analysis suggests LulzSec was most effective using a relatively unknown vulnerability to launch large-scale, botnet-driven attacks against everyone from Sony to the Senate.
InformationWeek (July 05, 2011)

Smartphone Security Smackdown: iPhone Vs. Android
How do Apple iOS and Google Android stack up on security? Both could take one lesson from RIM, says Symantec security expert.
InformationWeek (July 05, 2011)

Are You Ready For An FBI Server Takedown?
The FBI's recent scareware-busting raids and server seizures knocked 120 unrelated companies' websites offline--a scenario that most hosting customers don't anticipate.
InformationWeek (July 1, 2011)

Inside Indestructible Botnet, Security Experts See Flaws
The huge TDL4 botnet has snared 4.5 million PCs, as the malware creators pay handsomely for results. But experts say it's sneaky, not unstoppable.
InformationWeek (July 1, 2011)

June 2011

Office 365 Vs. Google Apps: Evaluating Email Security
What have the cloud suite rivals done to address enterprise email security and related concerns such as compliance?
InformationWeek (June 29, 2011)

Do You Play Bug Patch Game Badly?
IT managers obsessed with patching the most popular programs, including Microsoft, Adobe, and Oracle apps, miss the bigger picture about risk, research says.
InformationWeek (June 29, 2011)

LulzSec Members Apparently Outed
An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.
InformationWeek (June 28, 2011)

Passwords: Tips For Better Security
You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.
InformationWeek (June 27, 2011)

LulzSec Hackers Retire: Time To Rethink Risk
The group stops hacking after a 50-day spree and security experts say IT had better learn a lesson about risk management.
InformationWeek (June 27, 2011)

Eavesdropper Steals Quantum Crypto Keys
So-called "perfect eavesdropper" steals keys while they're being negotiated, without alerting users.
InformationWeek (June 23, 2011)

FBI Breaks Up Two Big Scareware Rings
Feds seize equipment and trigger arrests as "Operation Trident Tribunal" targets scareware campaigns that collectively stole $74 million.
InformationWeek (June 23, 2011)

The End Is Near For Paid Antivirus On PCs
The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.
InformationWeek (June 23, 2011)

WordPress Warns Of Trojanized Plug-Ins, Urges Patching
Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.
InformationWeek (June 22, 2011)

LulzSec Takes Hit, Keeps On Hacking
British authorities charge teenager with launching DDoS attack, and anti-LulzSec group says it's tracing identities of the hacking group's members.
InformationWeek (June 22, 2011)

Network Solutions Suffers DDoS Attack
A distributed denial of service attack took down Network Solutions, severing access to DNS servers, websites, plus hosted servers and email accounts.
InformationWeek (June 21, 2011)

Scotland Yard Busts Alleged LulzSec Mastermind
British police, in a joint investigation with the FBI, arrest a teenager on charges of computer misuse and fraud.
InformationWeek (June 21, 2011)

Hack Attack Exposes 1.3 Million Sega Accounts
LulzSec says to watch your Facebook, Gmail, and Skype passwords, though no one has claimed responsibility for the Sega breach.
InformationWeek (June 20, 2011)

CA Security Spinoff Vows To Surprise The Marketplace
Total Defense has a new name and VC funding, but it faces a tough battle against market-dominating antivirus products, most of which are free.
InformationWeek (June 20, 2011)

How Fast Should Companies Come Clean On Breaches?
Disclosing them too quickly can compromise investigations, security experts warn.
InformationWeek (June 17, 2011)

Citi: Hackers Got More Records Than We Thought
Citigroup on Wednesday said it had underestimated the number of accounts breached in a recent attack by 70%--but such revisions are not unusual, security experts say.
InformationWeek (June 16, 2011)

LulzSec Claims Credit For CIA Site Takedown
The hacking group said it rendered the CIA's public website inaccessible and launched phone DDoS attacks on FBI's Detroit office and other groups suggested by followers.
InformationWeek (June 16, 2011)

Why Hackers Found Easy Targets At IMF, Citigroup
Security experts say simple tactics succeeded in breaching major organizations in recent weeks because companies failed to conduct their own penetration testing.
InformationWeek (June 15, 2011)

How LulzSec Hackers Outsmart Security Gurus
While the world argues whether the hacktivist group is more Robin Hood or terrorist, the big question is: how have the hacks been so successful? Security experts share some answers.
InformationWeek (June 15, 2011)

How To Prioritize Microsoft Patch Bonanza
Patch Tuesday weighed in as a doozy, but IT administrators also face fixes for major bugs in Acrobat, Flash, Java, and more. Here's expert advice on what's most key.
InformationWeek (June 15, 2011)

PCI Updates Rules for Customer Data In Cloud
Industry council warns companies that handle cardholder data in virtualized environments, including cloud: Don't skimp on security requirements.
InformationWeek (June 14, 2011)

Trend Micro Debuts Malware Sandbox For Security Managers
Why send malware to a sandbox? Security managers can craft custom virtual patches to block emerging malware without having to wait for a routine signature update.
InformationWeek (June 14, 2011)

What Do IMF, Citigroup, And Sony Hacks Share?
Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.
InformationWeek (June 13, 2011)

RSA Adds Chief Security Officer After Hack
Following a security breach related to SecurID tokens, EMC taps the CSO of NetWitness to oversee RSA security. Can he hit the ground running?
InformationWeek (June 10, 2011)

Microsoft Patch Tuesday To Address 34 Security Risks
The next Patch Tuesday will include a whopping 34 fixes, including critical vulnerabilities in all versions of Microsoft Windows, Internet Explorer, and Excel.
InformationWeek (June 10, 2011)

LulzSec Hackers Using Digital Currency: DEA Crackdown Soon?
The LulzSec hacker group has said it's receiving monetary support via a P2P digital currency, Bitcoins. Now Senators are urging DEA action on an illegal online drug sales site with a Bitcoins connection.
InformationWeek (June 10, 2011)

Russian Masterminds Ran Rustock Botnet, Microsoft Says
Forensic analysis of server hard drives points to Russian controllers and turns up email templates mentioning that old favorite, Viagra.
InformationWeek (June 9, 2011)

Citigroup Confirms Hackers Stole Customer Data
Names, account numbers, email addresses, and contact details for more than 200,000 customers stolen in newest attack.
InformationWeek (June 9, 2011)

Schwartz On Security: Confused By RSA's Clarification?
While RSA has offered to replace some tokens, many customers still don't know how or why their SecurID tokens may pose a security risk.
InformationWeek (June 9, 2011)

Sony Breach Reveals Users Lax With Password Security
Analysis of recent hacks finds that people commonly reuse logins and choose easy-to-crack passwords.
InformationWeek (June 8, 2011)

Spear Phishing Attacks On The Rise
Symantec warns that spear-phishing attack volume has hit a two-year high as attackers try to install botnet software, keylogging applications, or other malware.
InformationWeek (June 8, 2011)

Hacking Group LulzSec Denies Arrest Report
Sony and InfraGard were targeted by the group, which refutes online reports that a member was arrested by the FBI.
InformationWeek (June 7, 2011)

LulzSec Hackers Hit Nintendo, FBI Affiliate Websites
Sony's developer network source code was also released by the group, which allegedly attempted to extort a security researcher for botnet information.
InformationWeek (June 6, 2011)

Adobe Patches Flash Zero Day Attack Bug
Adobe Flash player users should beware the newest in a string of attacks using cookie-based authentication credentials. IE and LinkedIn users have been warned of similar risks in the last month.
InformationWeek (June 6, 2011)

Skype Protocol Cracked
Security researcher publishes reverse engineered source code in the wake of reports that Middle Eastern governments have Skype-eavesdropping tools.
InformationWeek (June 3, 2011)

Sony Hacked Again, 1 Million Passwords Exposed
Hacker group LulzSec releases 150,000 Sony Pictures records, including usernames and passwords, in latest setback for consumer electronics giant.
InformationWeek (June 3, 2011)

Congress Considers Controversial DNS Filtering Bill
Under Protect IP, the government could force search engines to block websites accused of illegally hosting copyrighted material or selling prescription medicine.
InformationWeek (June 2, 2011)

Attacks Up, Security Budgets Down
Half of security professionals see their budgets getting squeezed, even as attack volume increases, according to reports from nCircle and McAfee.
InformationWeek (June 2, 2011)

Schwartz On Security: Your Medical Records At Risk
The current, voluntary approach to HIPAA data security rules hasn't resulted in adequate security for electronic protected health information.
InformationWeek (June 2, 2011)

Google Removes Malware Apps From Android Market
Twenty-six applications containing DroidDreamLight were deleted from the Android Market, and Google suspended six developer accounts for hosting apps with the malware.
InformationWeek (June 1, 2011)

Microsoft Finds 5% Of PCs Running Malware
Java exploits predominate, including some still successfully targeting bugs from 2008.
InformationWeek (June 1, 2011)

Honda Data Breach Triggers Lawsuit
The class action suit accuses Honda of putting 283,000 customers at risk, in part by waiting two months to inform them of the data exposure.
InformationWeek (June 1, 2011)

May 2011

Two Convicted In Counterfeit Cisco Gear Racket
The scam involved relabeling and selling Chinese networking equipment as bona fide Cisco equipment, prosecutors say.
InformationWeek (May 31, 2011)

Lockheed Martin Suffers Massive Cyberattack
"Significant and tenacious" attack targeted multiple U.S. defense contractors and may have involved hack of RSA SecurID system.
InformationWeek (May 31, 2011)

PBS Website Hacked With Fake News
Attackers exploit zero-day vulnerability in MoveableType in retaliation for a Frontline episode's portrayal of WikiLeaks leaker Bradley Manning.
InformationWeek (May 31, 2011)

35 Million Google Profiles Captured In Database
A security researcher was able to collect information from Google Profiles and save millions of files in a SQL database in about a month.
InformationWeek (May 27, 2011)

Schwartz On Security: Should Businesses Track Employee Smartphones?
It may be one way to protect business secrets, but many aspects of smartphone security remain out of the hands of IT administrators or security-conscious users.
InformationWeek (May 27, 2011)

Cookiejacking Attack Steals Website Access Credentials
All Internet Explorer users on all versions of Windows are at risk from zero-day attack that can steal any website cookie, allowing an attacker to impersonate their victim.
InformationWeek (May 26, 2011)

iOS 4 Hardware Encryption Cracked By Forensics Firm
The iPhone 4 is at risk, but the forensics tool will only be sold to law enforcement, intelligence agencies, and forensics investigators.
InformationWeek (May 26, 2011)

3 Banks Service Majority Of Spam-Driven Sales
95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link the global spam value chain.
InformationWeek (May 25, 2011)

Google Patches Sidejacking Vulnerability
The server-side patch fixes an authentication bug that affects 99.7% of Android users and their access to Calendar and Contacts.
InformationWeek (May 25, 2011)

Audio Captchas Easy To Defeat
Security researchers have designed automated software that regularly defeats most audio challenge-and-response systems on websites.
InformationWeek (May 24, 2011)

LinkedIn Faces Cookie Vulnerabilities
The social networking site is set to reduce the length of time before cookies expire and add HTTPS across its site.
InformationWeek (May 24, 2011)

Qakbot Malware Infections Spike
Worm that targets financial information infected 1,500 Massachusetts state PCs, potentially exposing 250,000 residents' personal details.
InformationWeek (May 23, 2011)

Sony Data Breach Cleanup To Cost $171 Million
If identify theft or credit card fraud takes place, the company said its actual costs could rise substantially.
InformationWeek (May 23, 2011)

California Proposes Smart Grid Data Privacy Standards
Energy providers and their business partners would be required to follow fair information practices for customer data.
InformationWeek (May 18, 2011)

Microsoft Claims IE9 Stops Most Social Engineering Threats
Application reputation feature in the browser blocks more than 20 million malware infections per month by white-listing applications from approved publishers, the software maker says.
InformationWeek (May 18, 2011)

Schwartz On Security: Developers Battle Piracy Channels
Business Software Alliance report finds widespread software piracy, but experts say market pressures are to blame.
InformationWeek (May 18, 2011)

Dropbox Accused Of Misleading Customers On Security
FTC complaint charges that the file-sharing service hasn't told the truth about the security it applies to stored files, as well as who can access or view those files.
InformationWeek (May 16, 2011)

Sony Strengthens Security, Restores Some PlayStation Services
Online services get stronger encryption, more firewalls, and an early detection system to try to prevent future attacks; users are required to update gaming console's firmware and password before going online.
InformationWeek (May 16, 2011)

Senators Demand Public Companies Disclose Data Breaches
Democrats call for SEC to require mandatory disclosures of all data breaches, and for public companies to detail their data breach mitigation strategies.
InformationWeek (May 13, 2011)

Adobe Adds Flash Privacy Controls
Flash Player and Google Chrome get patches against attacks currently seen in the wild.
InformationWeek (May 13, 2011)

Android Malware Volume Jumps 400%
Despite the risks, experts predict slow uptake of client security tools on mobile devices.
InformationWeek (May 13, 2011)

Graphics Cards Face Internet-Borne Threats
The WebGL 3-D graphics specification implemented in Firefox and Chrome, and included in Safari, is subject to denial of service attacks.
InformationWeek (May 12, 2011)

Schwartz On Security: Sony Must Do More
Forget free ID theft monitoring. Sony should release its police reports, so that 101 million people can obtain a free credit freeze to proactively battle ID thieves.
InformationWeek (May 12, 2011)

Facebook Patches Access Token Leak
Users should change their passwords to mitigate threats posed by the accidental leak of perhaps millions of account identity details.
InformationWeek (May 11, 2011)

Microsoft Patches Critical Windows Vulnerability
The software maker also tweaked its exploitability index, which predicts the likelihood that vulnerabilities will soon be compromised.
InformationWeek (May 11, 2011)

Hackers Subvert Google Chrome Sandbox
Vulnerability research firm Vupen said it's found a way to execute arbitrary code in the browser.
InformationWeek (May 10, 2011)

Developers Skip Third Party Code Checks
Businesses routinely assess their own software for security and quality, but many fail to test code from external vendors that goes into their products, reports Forrester.
InformationWeek (May 10, 2011)

Self-Encrypting Hard Drives Face Perception Challenge
IT professionals see benefits, but questions linger over the cost, manageability, and speed of self-encrypting hard drives, says a Ponemon Institute survey.
InformationWeek (May 9, 2011)

OpenID Warns Of Serious Bug
Facebook, Google, and Yahoo are among the millions of websites that use the single sign-on technology.
InformationWeek (May 9, 2011)

Cracking Bin Laden's Hard Drives
Security experts detail how the government will attempt to unlock the "trove of information" on devices recovered during the raid on Osama bin Laden's residence.
InformationWeek (May 5, 2011)

Sony Brings In Forensic Experts On Data Breaches
Data Forte, Guidance Software, and Protiviti will investigate who hacked into Sony's servers and how they cracked the company's defenses.
InformationWeek (May 5, 2011)

FTC Settles With Companies Over Exposed Records
Ceridian and Lookout Services settle with Federal Trade Commission over "unfair and deceptive" security practices that exposed sensitive information on 65,000 people.
InformationWeek (May 4, 2011)

Apache Web Server Under Stealth Attack
Malicious code uses Apache's own filter capabilities to transform the server module into a malware platform.
InformationWeek (May 4, 2011)

Sony Reports 24.5 Million More Accounts Hacked
After a second breach, the company suspends all Sony Online Entertainment multiplayer games as the number of compromised user accounts exceeds 100 million.
InformationWeek (May 3, 2011)

Apple Macs Targetted By Crimeware Toolkit
The OSX operating system now faces botnet software as well as a fake antivirus campaign launched via Google image searches on Osama Bin Laden.
InformationWeek (May 3, 2011)

FBI Defends Cyber Investigation Capabilities
Exclusive: An FBI official argues that an audit finding insufficient national cybersecurity investigation skills doesn't reflect current expertise and results.
InformationWeek (May 3, 2011)

Cloud Vendors Punt Security To Users
Nearly 80% of cloud computing providers say customers don't evaluate data security before selecting a vendor, according to a recent Ponemon survey.
InformationWeek (May 2, 2011)

April 2011

Schwartz On Security: Smile, Your Smartphone Is Watching
In the wake of revelations that Apple devices have been insecurely storing and transmitting location data, it's time for enterprise IT managers to being spying as well.
InformationWeek (April 28, 2011)

Global Internet Culture Emerges
Internet users worldwide want privacy, security, trust, and freedom of expression, says a report from the Oxford Internet Institute, graduate business school Insead, and comScore.
InformationWeek (April 28, 2011)

Phishing Attackers Use Subdomain Registration Services
Online criminals doubled their use of unregulated subdomain registration services in the second half of 2010, according to a report by the Anti-Phishing Working Group.
InformationWeek (April 28, 2011)

Is Government Inflating Cyber Threats?
A report from the Mercatus Center at George Mason University questions "alarmist rhetoric" and asks whether government agencies can meaningfully improve the security of critical infrastructure.
InformationWeek (April 28, 2011)

Secret Storage Hides Encrypted Data In Plain Sight
Researchers identify new technique for disguising encrypted data as "noise" that looks like random disk fragmentation.
InformationWeek (April 28, 2011)

Sony Sued Over PlayStation Network Hack
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
InformationWeek (April 27, 2011)

Iran Alleges Espionage Over Internet Worm
Senior government official says foreign governments are launching malware dubbed Stars at the country's nuclear facilities.
InformationWeek (April 27, 2011)

Malware Bypasses Security On 64-Bit Windows OS
The latest TDL rookit family contains malware that evades security mechanisms built into the latest x64 operating systems, including Microsoft's Windows Vista and Windows 7.
InformationWeek (April 22, 2011)

Credit Card Hacker Pleads Guilty
Rogelio Hackett Jr. faces 12 years in prison and $500,000 in fines for selling 675,000 credit card numbers used to generate more than $36 million in fraudulent transactions.
InformationWeek (April 22, 2011)

Hacking Becomes Leading Cause Of Data Breaches
Businesses are the main target, and lost data is rarely password-protected or encrypted, according to a report from the Identity Theft Resource Center.
InformationWeek (April 22, 2011)

Microsoft Updates Vulnerability Disclosure Policies
The software company clarifies its vulnerability-handling guidelines and begins issuing security bulletins for third-party products.
InformationWeek (April 21, 2011) 

Lost Laptops Cost $1.8 Billion Per Year
Only one-third of missing laptops have full-disk encryption for preventing data breaches, finds Ponemon study of European firms. 
InformationWeek (April 21, 2011) 

67% Of Companies Fail Credit Card Security Compliance
Payment Card Industry Data Security Standard is seen as a burden by half of security pros, and 59% don't think it helps them become more secure, according to a study from Ponemon.
InformationWeek (April 20, 2011) 

Leaked Cables Indicate Chinese Military Hackers Attacked U.S.
U.S. authorities have reportedly traced the "Byzantine Hades" spear-phishing attacks to specific Chinese military groups.
InformationWeek (April 19, 2011) 

66% Of Security Software Submitted With Flaws
App testing firm Veracode reports that developers need significantly more training on secure-coding skills.
InformationWeek (April 19, 2011) 

Schwartz On Security: Talking Risk Equals Reward
Understanding your business's risk appetite will help you get the money for the security threats that matter.
InformationWeek (April 19, 2011) 

Online Advertisers Pitch Self-Regulation Framework
Microsoft, Google, and other companies are backing a European proposal governing how advertisers can track people's behavior online.
InformationWeek (April 18, 2011) 

Oracle To Patch 73 Critical Vulnerabilities 
Microsoft, Apple, and Adobe have all issued bug fixes recently, and now Oracle is patching Oracle Fusion Middleware, the Sun Products Suite, the Open Office Suite, and other products.
InformationWeek (April 18, 2011) 

Federal Reserve Bank Hacker Pleads Guilty
Malysian citizen Lin Mun Poo admits to installing malware on a Federal Reserve Bank server.
InformationWeek (April 15, 2011) 

Toshiba Launches Self-Encrypting Drives With Extra Security
The drives are the first that can also prevent access to the data they store after repeated failed log-ins or the device is removed.
InformationWeek (April 15, 2011)

Blocking Windows Admin Rights Can Stop Exploits
The majority of Microsoft Windows attacks seen in 2010 would have been blocked if PCs were not running with admin-level access rights, according to security vendor BeyondTrust.
InformationWeek (April 15, 2011)

Schwartz On Security: Piracy Equals Market Failure
Legal actions to prevent or punish movie, music, and software piracy may be harmful to innovation as well as ineffective.
InformationWeek (April 15, 2011)

FBI Busts Coreflood Botnet
Authorities get court authority to replace the botnet's command and control servers with their own and remotely disable the botnet on infected PCs. 
InformationWeek (April 14, 2011)

WordPress Servers Hacked At Root Level
Source code exposed, putting passwords for WordPress.com-hosted blogs at risk of being cracked. 
InformationWeek (April 14, 2011)

Senators Propose Data Privacy Law
Intel, Microsoft, and eBay support the legislation sponsored by Sens. Kerry and McCain that sets rules for the collection and storage of personal information and the right of consumers to correct mistakes and opt-out.
InformationWeek (April 13, 2011)

Windows IPv4 Networks Vulnerable To IPv6 Attack
A man-in-the-middle attack can use the IPv6 protocol to eavesdrop on IPv4 networks, though an attacker would have to physically place a router in the targeted environment for it to work. 
InformationWeek (April 13, 2011)

Texas Data Breach Exposed 3.5 Million Records 
Names, addresses, and social security numbers of state retirees and unemployment beneficiaries were posted, unencrypted, on a public server.
InformationWeek (April 13, 2011)

Adobe Flash Attacks Exploit Zero-Day Vulnerability
No patch is yet available against threat targeting government workers that uses malicious Flash inserted into Microsoft Word documents.
InformationWeek (April 12, 2011)

Russia Reverses Plan To Ban Encrypted Web Services
The head of the Federal Security Service labels Gmail, Skype, and their ilk as a "threat to Russia's security."
InformationWeek (April 11, 2011)

Epsilon Fell To Spear-Phishing Attack
Breach apparently lasted for months despite warning of targeted attacks against email service providers.
InformationWeek (April 11, 2011)

SEC Fines Former Executives For Client Privacy Breach
Private information on 16,000 customers was transferred to a departing manager's new employer in violation of government notification and opt-out regulations.
InformationWeek (April 11, 2011)

Tech Giants Challenge French Data Retention Law
Facebook, Google, Microsoft, Yahoo, and others are appealing a legal decree that would require companies to store and share usernames, passwords, and other personal details with authorities.
InformationWeek (April 8, 2011)

Justice Department Opposes Changes To Electronic Privacy Law
Congress is discussing updating the 1986 Electronic Communications Privacy Act to deal with new technologies like smartphones, cloud computing, and social networking sites.
InformationWeek (April 7, 2011)

Pandora Transmits 'Mass Quantities' Of Personal Data
With a federal privacy investigation underway, a security researcher calls "Orwellian" the amount of information the mobile app shares with ad serving firms.
InformationWeek (April 7, 2011)

Malware Surges 26% In 2011
Each day sees 73,190 new samples of Trojans, viruses, worms, and other forms of malware, says report from PandaLabs.
InformationWeek (April 6, 2011)

Schwartz On Security: Secure Coding Or Bust
Companies must embrace secure development techniques to stem the surge of attacks targeting Web application vulnerabilities.
InformationWeek (April 6, 2011)

76% Of Energy Utilities Breached In Past Year
Despite the high risks, energy company managers don't understand the importance of IT security, according to 71% of security pros surveyed by Ponemon Institute.
InformationWeek (April 6, 2011)

Fired Employee Indicted For Hacking Gucci Network
Former network engineer accused of using stolen VPN token to delete corporate data and email boxes.
InformationWeek (April 5, 2011)

Web Attacks Skyrocketed 93%
In 2010 Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.
InformationWeek (April 5, 2011)

Web Applications See Sharp Rise In Attacks
Prepackaged exploits are helping attackers compromise more sites at once, while many content management systems are running with known vulnerabilities, finds report from HP DVLabs.
InformationWeek (April 4, 2011)

RSA Details SecurID Attack Mechanics
EMC won't say what the attackers took, but it did explain how they penetrated RSA and stole information about its two-factor SecurID authentication system.
InformationWeek (April 4, 2011)

March 2011

Trend Micro Nukes Zeus Botnet Server
PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.
InformationWeek (March 31, 2011)

Microsoft Blames Poor Development Practices For Security Risks
Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.
InformationWeek (March 31, 2011)

Schwartz On Security: Online Privacy Battles Advertising Profits
Do businesses have the right to make money from the unregulated buying and selling of personal information?
InformationWeek (March 31, 2011)

Comodo Reports Two More Registration Authorities Hacked
The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.
InformationWeek (March 30, 2011)

BP Loses Laptop With Gulf Claimant Data
The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.
InformationWeek (March 30, 2011)

Do Not Track Momentum Mounts
Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.
InformationWeek (March 29, 2011)

Lax Overseas Data Breach Laws Attract Enterprises
About 70% of organizations that store sensitive data abroad choose to do so in countries with lenient breach notification requirements, according to a study from McAfee and SAIC.
InformationWeek (March 29, 2011)

Iranian Claims Credit For Comodo Hack
Mozilla apologizes for not publicizing the attack more quickly and criticizes Comodo's security.
InformationWeek (March 28, 2011)

Cyber Attack Hits European Commission
Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.
InformationWeek (March 25, 2011)

Firefox 4 Secures HTTPS
Like Google Chrome, Mozilla's upgraded browser implements HTTP Strict Transport Security, enabling Web sites to specify when only HTTPS pages should be used.
InformationWeek (March 25, 2011)

Gmail, Hotmail Pose Government Security Risk
Australian auditor recommends blocking Webmail on government networks to prevent insider and external threats.
InformationWeek (March 24, 2011)

Iran Fingered For Fraudulent Comodo SSL Certificates
Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.
InformationWeek (March 24, 2011)

SCADA Attack Code Released For 35 Vulnerabilities
Systems from Siemens, Iconics, 7-Technologies, and DATAC have security holes in their supervisory control and data acquisition software, leading the Industrial Control Systems Cyber Emergency Response Team to issue security warnings.
InformationWeek (March 23, 2011)

Schwartz On Security: Advanced Threats Persist And Annoy
APTs are today's normal threat, and companies such as RSA must do better, even as the odds against them keep increasing.
InformationWeek (March 23, 2011)

McAfee To Acquire Database Security Vendor Sentrigo
Intel's McAfee is taking on industry heavyweights Oracle and IBM with its move to shape an enterprise database security platform.
InformationWeek (March 23, 2011)

Adobe Patches Critical Security Flaw
With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.
InformationWeek (March 22, 2011)

Feds Bust Stock 'Pump And Dump' Botnet Scheme
Authorities said a group used hacking, spam, and malware to artificially inflate securities prices and then sell shares at a profit.
InformationWeek (March 22, 2011)

Hospital Hacker 'GhostExodus' Sentenced To 9 Years
Contract security guard installed malware on sensitive hospital systems to attack the Anonymous hacking collective.
InformationWeek (March 22, 2011)

SecurID Customers Advised To Prepare For Worst Case
EMC's RSA hasn't detailed exactly what was stolen, so security experts advise the authentication system's customers to implement a more layered network defense.
InformationWeek (March 22, 2011)

Google Mandates SSL For Developer APIs
API requests for Google Documents List, Google Spreadsheets, and Google Sites will be required to use secure sockets layer connections.
InformationWeek (March 18, 2011)

Microsoft, Feds Knock Rustock Botnet Offline
Authorities confiscated equipment from seven Internet hosting facilities used by the botnet, which was responsible for much of the Viagra email spam on the Internet.
InformationWeek (March 18, 2011)

Microsoft Adds 'Do Not Track' To IE9
In a surprise move, Internet Explorer 9 adds support for the consumer-friendly HTTP header concept developed by Firefox.
InformationWeek (March 17, 2011)

Google Patches Chrome Zero-Day Flash Vulnerability
The release of Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame makes the browser the first software to be protected against the Flash vulnerability now being actively exploited.
InformationWeek (March 17, 2011)

Schwartz On Security: Security Complexity Challenge No. 1
Still, organizations are loathe to cut vendors, fearing higher prices, greater total cost of ownership, and fewer capabilities.
InformationWeek (March 17, 2011)

UniBrows Runs IE6 Apps In Internet Explorer 8
Browsium, the startup security firm, positions the lightweight add-on as a "web application continuity" tool that can restore multiple versions of Microsoft's browser to the last-known working state.
InformationWeek (March 16, 2011)

Denial Of Service Attacks Increased Sharply In 2010
DDoS attacks surpass SQL injection to become most prevalent attack vector, security vendor Trustwave reports.
InformationWeek (March 16, 2011)

Twitter Finalizes FTC Security Settlement
The microblogging company agrees to a biannual external audit of its security posture for the next 10 years.
InformationWeek (March 15, 2011)

Adobe Warns Of Active Flash Attack
The critical, zero-day vulnerability affects most recent versions of Flash, Reader, and Acrobat, although apparently not Reader X on Windows.
InformationWeek (March 15, 2011)

February 2011

Rogue Facebook Apps Can Disable Security Settings
Security researchers also report that the social network's mobile app provides no SSL capabilities at all, leaving users vulnerable.
InformationWeek (February 24, 2011)

'Severe' DNS Vulnerability Leaves Systems Open To Attack
Security experts urge organizations running vulnerable versions of BIND to upgrade immediately to avoid a potential denial of service strike.
InformationWeek (February 24, 2011)

Schwartz On Security: Security Pros' Top 2011 Threats
While application vulnerabilities and mobile devices lead the list, perhaps it's also time to tackle security's impact on productivity.
InformationWeek (February 24, 2011)

Microsoft Releases Windows 7 SP1
Service Pack 1 for Windows 7 and Windows 2008 R2 bundles all bug fixes to date, but includes few new features.
InformationWeek (February 23, 2011)

80% Of Browsers Have Known Vulnerabilities
Most problems are caused by insecure plug-ins, such as Java, Adobe Reader, QuickTime, and Flash, finds Qualys.
InformationWeek (February 23, 2011)

OddJob, Zeus Mitmo Trojans Target Financial Data
The malware aims for bank accounts and financial details, warn security researchers at Trusteer and F-Secure.
InformationWeek (February 22, 2011)

FTC Internet Privacy Proposal Slammed By Ad Industry
“Do Not Track” settings planned by the Federal Trade Commission may not go far enough according the Center for Digital Democracy and U.S. Public Interest Research Group.
InformationWeek (February 22, 2011)

SSDs Prove Tough To Erase
Techniques that reliably erase hard disk drives don't produce the same results for solid state drives, warn University of California at San Diego researchers.
InformationWeek (February 22, 2011)

Botnet Victims Increased 654% In 2010
The top 10 botnets are responsible for 57% of all infections, says Damballa report.
InformationWeek (February 18, 2011)

Feds Arrest 99 For Identity Theft, Card Fraud
A federal grand jury has charged the Armenian Power group in California with credit card skimming, check fraud, and other sophisticated white-collar crimes that garnered $20 million.
InformationWeek (February 18, 2011)

Schwartz On Security: Unraveling Night Dragon Attacks
Attacks launched from China against oil and gas companies used simple hacking tools and even legitimate software.
InformationWeek (February 17, 2011)

Microsoft Confirms Windows Zero Day Vulnerability
Proof of concept code released for attack that uses malformed requests to crash any version of Windows, though remote execution appears unlikely.
InformationWeek (February 17, 2011)

Security Pros Straining To Lock Down Emerging Tech
Cloud computing, mobile devices, and social media are increasing training and management challenges, finds Frost & Sullivan survey.
InformationWeek (February 17, 2011)

Android Trojan Practices Click Fraud
HonTouTou malware hidden with repackaged -- typically, pirated -- applications first surfaced on third-party online software markets in China.
InformationWeek (February 16, 2011)

Oracle Releases Database Firewall
Software monitors databases in real time to prevent SQL injection attacks or unauthorized behavior.
InformationWeek (February 16, 2011)

Security Spending Grabs Greater Share Of IT Budgets
Businesses spent 8.2% of their IT budgets on security in 2007; last year it was 14%, according to a Forrester Research report.
InformationWeek (February 15, 2011)

Username Choices Poses Security Risks
Unique usernames give marketers or attackers an edge on tying a pseudonym to a real person, says a new INRIA report.
InformationWeek (February 15, 2011)

Stuxnet Iran Attack Launched From 10 Machines
Symantec researchers analyzed the worm's timestamps and found that the 12,000 infections identified to date originated from a handful of machines.
InformationWeek (February 14, 2011)

Credit Card Fraud Up 62% Since 2009
One-third of consumers have experienced credit or debit card fraud in the past five years, according to an ACI Worldwide survey of 4,200 people.
InformationWeek (February 14, 2011)

Schwartz On Security: Big Bang Botnets Sometimes Self-Defeating
Do crimeware toolkits, SCADA malware, and spam-spewing worms become too big not to fail?
InformationWeek (February 10, 2011)

IBM Unveils Endpoint Security Initiatives
Services are aimed at closing vulnerabilities in smartphones, ATMs, retail kiosks, traffic systems, smart meters, buildings, and sensors.
InformationWeek (February 9, 2011)

Identity Theft Down 28% In 2010
While overall rates are down, incidents involving friendly fraud as well as costs for consumers are on the rise, according to Javelin Strategy & Research.
InformationWeek (February 9, 2011)

Enhanced SpyEye Trojan Poses New Threats
Features from Zeus crimeware toolkit lets SpyEye grab credit card numbers from hacked PCs and allows users to upgrade plug-ins after purchase.
InformationWeek (February 8, 2011)

Sophos Unveils Mobile Security Platform For Smartphones
Android, Apple iOS, and Windows Mobile devices can be secured, monitored, and configured according to corporate security policies and IT administrators can remotely wipe all device data.
InformationWeek (February 8, 2011)

Mass P2P Lawsuits Targeted Nearly 100,000 Last Year
Eighty lawsuits were filed against alleged peer-to-peer users, typically for violating adult content copyrights.
InformationWeek (February 7, 2011)

Nasdaq Confirms Servers Breached
Malware may have been targeting insider information from 10,000 senior executives who use the compromised Directors Desk app.
InformationWeek (February 7, 2011)

Microsoft To Patch Three Zero Day Vulnerabilities
Tuesday will bring 22 fixes from Microsoft, as well as Adobe patches for Acrobat and Reader.
InformationWeek (February 09, 2011)

U.S. Leading Host For Zeus Crimeware
Greater automation is creating more global Web sites that distribute or control the crimeware package, with the highest concentration of sites based in the United States.
InformationWeek (February 04, 2011)

Egypt Takes $90 Million Hit From Internet Blackout
The country is back online, but the government's shutdown of mass communications will likely have long-term economic repercussions, warns Organization for Economic Cooperation and Development.
InformationWeek (February 03, 2011)

Apple Store Identity Theft Ring Busted
The Secret Service and Manhattan DA have indicted members of “S3,” a group accused of purchasing stolen credit card data on underground forums, creating counterfeit credit cards, and selling stolen Apple gear.
InformationWeek (February 03, 2011)

Schwartz On Security: The Right To Social Networks
Blocking Internet access, cellular networks, or Web sites is never a good idea -- whether in Egypt or at home.
InformationWeek (February 03, 2011)

Waledac Botnet Contains Almost 490,000 Stolen Email Passwords
With numerous real-world credentials built-in, the worm can bypass many spam and security defenses, find security researchers.
InformationWeek (February 02, 2011)

DDoS Targeting Firewalls, Intrusion Prevention
Stateful firewalls and intrusion prevention systems placed in front of a Web server can create an effective distributed denial of service attack vector, reports network security vendor Arbor Networks.
InformationWeek (February 02, 2011)

Cisco Patches WebEx Bugs
Attacks could exploit stack overflows in WebEx Player and WebEx Media Center to compromise or crash computers.
InformationWeek (February 01, 2011)

Cross-Scripting Errors Cause Most Web App Vulnerabilities
Despite being easy to spot and fix, XSS bugs now account for more than half of all Web application vulnerabilities, reports Veracode.
InformationWeek (February 01, 2011)

January 2011

Windows Faces Zero Day MHTML Vulnerability
Microsoft releases temporary fix for bug that allows attackers to run malicious scripts on a user's computer via Internet Explorer.
InformationWeek (January 31, 2011)

ISP Data Retention Doesn't Aid Crime Prosecution
German study finds that the laws haven't resulted in police filing a greater number of charges in serious cases.
InformationWeek (January 28, 2011)

Malware Driven Banner Ad Attacks Rising
While fake cost-per-click rates declined in the fourth quarter, a new form of impression inflation has emerged, finds online advertising audit firm.
InformationWeek (January 28, 2011)

100 P2P Users Produce 75% Of Files Downloaded
Targeting the users responsible for the most content might trigger a sharp decline in file-sharing via peer-to-peer networks, suggest researchers.
InformationWeek (January 27, 2011)

Facebook Boosts Security With SSL Encryption
Technology upgrade blocks Firesheep and eavesdropping attacks, but, for now, users must opt in.
InformationWeek (January 27, 2011)

Spam Plummets To 2009 Levels
Thanks to botnet takedowns and the Spamit shutdown, spam has declined to 79% of all email traffic, says Symantec.
InformationWeek (January 26, 2011)

Schwartz On Security: Slouching Toward Smartphone, Apple Armageddon
Every new year brings fresh warnings that the next smartphone botnet or Apple "I Love You" virus is imminent, while real attacks keep escalating.
InformationWeek (January 26, 2011)

Facebook Founder's Fan Page Hacked
Rogue post on Mark Zuckerberg's page calls into question the social network's credibility that it takes site security seriously.
InformationWeek (January 26, 2011)

Apple Taps NSA Alumnus As Global Security Chief
Geekonomics author David Rice is the latest in a string of high-profile security hires for the company.
InformationWeek (January 25, 2011)

Conficker Group Offers Roadmap For Stopping Worm
Security researchers detail the high level of international coordination required to hinder the worm's spread.
InformationWeek (January 25, 2011)

Twitter Worm Unleashes Fake AV Attack
Google's goo.gl link shortening service, as well as code obfuscation with RSA public key cryptography algorithm are spreading malicious links via a bogus antivirus campaign.
InformationWeek (January 25, 2011)

Facebook Defends Security Practices
The social network responds to report alleging it puts the safety of its 650 million users at risk by not better securing third-party applications.
InformationWeek (January 24, 2011)

Botnets, Hacked Credit Cards Selling At Bargain Prices
Cybercrime black market emphasizes entrepreneurialism and customer service, with money buying just about anything, finds Panda Security report.
InformationWeek (January 21, 2011)

Cisco Bakes Intrusion Prevention Into WiFi Access Points
Retailers and financial services organizations will be able to secure, monitor wireless networks in real time to comply with credit card industry standards.
InformationWeek (January 21, 2011)

Cybercriminals Target Unemployed To Launder Money
Scams promising work-at-home opportunities disguise money mule operations to translate the glut of stolen identities into cash, says Cisco's annual security report.
InformationWeek (January 20, 2011)

Security Experts Probe Oracle Patches
While the number of products in the Oracle stables has risen dramatically, the number of quarterly security patches has noticeably declined.
InformationWeek (January 20, 2011)

Schwartz on Security: Bling Botnets Sell Gangster Lifestyle
As profit-driven attack toolkits and their supporting botnets muscle up, organizations need more than technology to defend themselves.
InformationWeek (January 20, 2011)

Microsoft Releases Vulnerability Analysis Tool
Attack Surface Analyzer, available as a free beta, assesses operating system weaknesses which emerge after an install or an attack.
InformationWeek (January 19, 2011)

Malware Volume Doubled In 2010
A new threat appears more than once each second, as attackers increasingly turn their attention to social networks, reported Sophos.
InformationWeek (January 19, 2011)

Malware Toolkits Generate Majority Of Online Attacks
Crimeware is growing more automated and effective, lowering the bar for criminals looking to cash in, says Symantec report.
InformationWeek (January 19, 2011)

Cyber Warfare Risks Overblown
Calls for military oversight of cybersecurity distract from protecting against legitimate threats, said the Organization for Economic Cooperation and Development.
InformationWeek (January 18, 2011)

'Ransomware' Threats Growing
The malware typically encrypts data or disables master boot records, then extorts money to undo damage and restore access.
InformationWeek (January 18, 2011)

Top 10 Security Predictions For 2011
More malware, botnets, and mayhem, including online protests and political attacks, are in store for this year, according to security experts.
InformationWeek (January 18, 2011)

Spectrum Analyzer Catches Cell Phone Cheats In Taiwan
Anti-cheating use aside, security experts say spectrum analysis tools could be a new data breach threat vector.
InformationWeek (January 17, 2011)

Botnets Resurge After Holiday Break
After going dark for about a week, the Waledac and Rustock botnets suddenly resurfaced and began unleashing large quantities of pharmaceutical spam.
InformationWeek (January 14, 2011)

Password Proliferation Adds Security Risk
Employees must remember six or more passwords at 27% of organizations, resulting in security-compromising behavior and increased burden on help desks, warns Forrester Research.
InformationWeek (January 13, 2011)

China Industrial Control Software Vulnerable To Trojan Attack
Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.
InformationWeek (January 13, 2011)

Schwartz On Security: Hack My Ride
Car security exploits are fast, cheap, and out of control. Why don't automotive manufacturers do more to secure their vehicles?
InformationWeek (January 12, 2011)

Hackers Could Game Wall Street With Network Latency
Even a few extra milliseconds would give an attacker enough time to execute trades ahead of the competition, warns a security researcher.
InformationWeek (January 12, 2011)

Europe Debates Child Pornography Site Blocking
Automatic blocks against offensive Web sites, as the EU is demanding, are too easy to route around, say Internet service providers.
InformationWeek (January 12, 2011)

Java Attacks Spiking
Researchers see increase in malicious Trojans favoring built-in Java functionality over application-related vulnerabilities.
InformationWeek (January 11, 2011)

Windows Phone 7 Users Allege Data Gobbling Bug
Subscribers report up to 30 MB of 3G data mysteriously consumed each day; Microsoft says it's investigating.
InformationWeek (January 11, 2011)

Cell Phones Vulnerable To 'SMS Of Death'
A single text can shut down and knock low-end handsets -- from Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax -- off of a cell phone network, say researchers.
InformationWeek (January 10, 2011)

Facebook Virus Spread Via Photo Albums
Attacks, survey scams, and hoaxes, including one alleging the social network will shut down in March, running in high gear.
InformationWeek (January 10, 2011)

Security Researcher Defeats Adobe Flash Sandbox
Flash expert Billy Rios bypassed Flash Player feature meant to prevent malicious attacks.
InformationWeek (January 7, 2011)

Microsoft To Patch Three Vulnerabilities Tuesday
January's software update won't fix two zero-day bugs being exploited by attackers.
InformationWeek (January 7, 2011)

Android Trojan Emerges In U.S. Download Sites
Games infected with botnet-like Geinimi attack code have spread to third-party U.S. and European sites as well as BitTorrent hosted collections, finds Symantec.
InformationWeek (January 6, 2011)

Zero Day IE Vulnerability Confirmed
No patch yet available for Internet Explorer flaw, as Microsoft and Google researcher trade barbs over bug's disclosure.
InformationWeek (January 6, 2011)

Schwartz On Security: First, Know You've Been Breached
Spain's national aeronautics institute found three Mariposa botnet infections on internal PCs, thanks to constant testing. But when it comes to breaches, many organizations still have their heads in the sand.
InformationWeek (January 6, 2011)

Attackers Broke Malware Records In 2010
Over the past year, online criminals created one-third of all viruses and 34% of all malware ever seen.
InformationWeek (January 5, 2011)

Spam Attack Captures Government Data
A Zeus botnet variant disguised as a White House electronic greeting card netted numerous documents from U.S. agencies.
InformationWeek (January 5, 2011)

Hackers, Insiders Behind Most Identity Theft
Malicious activity topped human error as a cause of the 662 data breaches recorded in 2010 by the Identity Theft Resource Center.
InformationWeek (January 4, 2011)

IE Zero Day Flaw Leaked To Google Search
Log from security researcher's fuzzing engine found someone at a Chinese IP address searching for the exact Microsoft Internet Explorer attack signature.
InformationWeek (January 4, 2011)

Next writing archive: 2010


Mathew Schwartz
Mat@PenandCamera.com