In the article, Lin writes, “ we may not be ready yet for the government to lead cyberdefense against foreign adversaries. To do so would trigger serious and unresolved [International humanitarian law] issues, including Geneva and Hague Conventions [which] requires that we take care in distinguishing combatants from noncombatants.”

I would first draw a distinction between passive defense ( i.e. blocking attacker access, removing a vulnerability being exploited, etc ) and active defense ( i.e. launching a counter attack to disable the attackers capabilities).

All entities, government and private sector, are engaged in the former. Some more successfully than others. Some with greater effort than others. There are no legal or ethical questions there except a much broader sense . If gas pipelines are considered critical national infrastructure and these pipelines are owned and operated by private companies, should/can the government do more to defend them from attack? More than information sharing and increased collaboration, that is.

As to active defense, I have heard have seen proposals or discussions in security circles of the government launching counter cyber attacks against foreign adversaries on behalf of private companies. Lin’s proposal would create a legal framework that would allow the companies themselves to retaliate. He seems to find inspiration in the much talked about ” stand your ground” laws such as the one in Florida that came to national attention as a it is reportedly invoked in the defense of the fatal shooting an unarmed teenager by an armed neighborhood watch volunteer.

Notwithstanding his references to armed citizens taming the wild, wild west. I find this proposal problematic on three fronts. From the purely cyber security perpective ,from a business perspective, and as a matter of national security policy. I’ll reiterate, in fairness, that Lin is not necessarily endorsing this as a solution, but contributing to a much needed discussion on nation cyber defense policy.

• Security: In most cases, it is difficult to nearly impossible to ascertain the real identity of the attacker. Attackers use other compromised systems (victims) to launch attacks. Lin makes the point that ” There is a reasonable argument in claiming that a botnet is not fully innocent and therefore not immune to harm.Most, if not all, botnets are made possible by negligence in applying security patches to software, installing anti-malware, and using legally purchased and not pirated, vulberable copies of software“. In other words, you allowed your systems to by hacked, so you deserve it if caught in a counter attack. I certainly agree that most reported successful attacks or breaches are a result of some degree of negligence. Most security professionals would agree that no system is immune to attack. We are trained to practice due diligence in making reasonable attempts to identify vulnerabilities and risk. You can never eliminate all risks all the time nor can you afford to mitigate all identified ones.

• Business: Typical business security incidence response practice includes: Detecting the attack, containing the damage, remediating effects of attack and gathering evidence, returning systems to normal and some follow-up. Lin’s proposal would require additional steps to gather sufficient forensic evidence to identify an actual perpetrator. He proposes allowing companies to present this evidence to some governmental body to review and sanction retaliation. Companies will then have to plan and execute the counter attack. Few companies have in-house expertise to do this. Few business managers will be willing to fund such activities. Whats the return? You get hacked from a $500 laptop and you spend $50,000 to do what exactly?

• National Security: We know for a fact some of the attacks on our private owned critical infrastructure have been attributed to foreign government affiliated networks. Would it really be wise to license private companies to attack these networks? I would think not. Most of these folks can’t even patch their servers or encrypt their sensitive data. The last think we need is an international incident started by some system administrator at some SMB. I mean a government allowing private entities to conduct cyber attacks against a foreign nation with a wink and a nod is not exactly a novel concept. Google ‘Russia Georgia Cyberwar”.

I commend Dr. Lin for his contribution to this very important discussion. I don’t necessarily agree with the proposed approach but as a nation, we really need to come to terms with how best to improve our national cyber defense as we are in dire straits.

Related posts:

1. Pentagon and Congress wants control of your network during cyberattack There has been a lot of chatter in the news...
2. We really need to start taking information security more seriously From the Wall Street Journal: Hackers in Europe and China...
3. Google and China: A Dysfunctional Marriage Since making it’s search engine available to Chinese users in...

What are some consequences of the lack of basic cyber security controls?

• Loss or stolen customer data
• Loss of intellectual property
• Decreased productivity
• Legal liability
• Regulatory sanctions and fines
• Computer systems downtime
• Loss of reputation and customer confidence
• Loss of revenue
• Banking Fraud

Could this happen to you?

It is very important to understand that neither size nor industry guarantees protection from an attack. The use of computer systems and the Internet makes you vulnerable to attacks and other threats.

A 2010 survey conducted by the Ponemon Institute and Guardian Analytics of over 500 SMBs surfaced these alarming statistics:

• 55% experienced a fraud attack in the last year
• 58% of the incidents involved online banking
• Over 50% experienced multiple incidents
• 87% failed to fully recover lost funds

You are not a big, well known business. Why would anyone attack you?

While it might be the case that well trained hackers are not very interested in your small company, most online attacks aren’t carried out by expert hackers. Attacks are perpetrated by low-skilled, common criminals with access to pre-packaged hacking tools, thereby casting a wide net in hopes of finding an unprotected computer system or network. These tools are easy to use and readily available on the Internet, often times free of charge. The anonymity of a cyber attack makes it even more attractive to criminals. Many attackers use safe havens in foreign countries which do not have strong cyber crime laws.

Malicious software like viruses, worms, trojan horses, spam, bots are all vectors of cyber attacks that are indiscriminately spreading across the Internet. These attacks don’t only target your small business computer systems but also seek to use your unprotected systems to launch attack on others.

Hasn’t IT guy(s) already dealt with this issue?

Although cyber security includes traditional “IT”related issues, it primarily focuses on protecting your valuable information from all threats including physical attacks, data corruption, equipment failure, social engineering, and bad security choices due to insufficient security awareness education. Effective cyber security management requires specific training related to threats, vulnerabilities, and risks affecting computer systems, business operational processes, and most importantly you and your employees. One’s security problems cannot be addressed solely by off the shelf products. Security must be addressed in the boardroom before it is addressed in the computer room.

What are the benefits and cost of cyber security?

Besides avoiding some of the devastating consequences mentioned earlier, good security is simply good business. It does far more than increase customer confidence and protects the integrity of your businesses brand. A secure business increases customer confidence, loyalty and adds to the businesses bottom line.

Responsible businesses understand that risk management mandates that all threats, including cyber threats, be assessed and managed to protect the business, employees and customers.

The potential cost of inaction far outweighs the cost of action. Analyzing your businesses risks allows you to weigh the costs and benefits and make informed decisions.

Where do you start? Where can you get help?

Although improving your security may seem a daunting task, it doesn’t have to be. Increasing cyber security awareness helps small and medium sized businesses proactively implement simple best practices to protect their businesses. Security should be built into your business processes, information technology (IT), and most importantly your employees and contractors. Each business is unique and faces challenges particular to their operations. There is no magic pill that guarantees 100% security. The SMB Cyber Security Alliance have security experts available to help you understand your unique risks and implement solutions that work your your particular business environment.

Visit us today and sign up for your free membership at http://www.smbcybersecurity.org

The SMB Cyber Security Alliance is volunteer-run organization seeking to increase cyber security awareness in small business communities through education, awareness training, free resources and consultations, and active engagements between small business owners and local security professionals.

Related posts:

1. Defend your Small Business against Online Bank Fraud Is your banking practices putting your business at risk? Protect...
2. Security On A Shoestring SMB Budget The e-mail appeared to be an invitation from an old,...
3. Facebook poses biggest security threat to businesses According to it’s  Security Threats 2010 report published today, security...

sophos-security-threat-report-midyear-2010-wpna.pdf

Related posts:

1. Facebook poses biggest security threat to businesses According to it’s  Security Threats 2010 report published today, security...
2. Twitter users hit hard by "LOL" phishing attack IT security and data protection firm Sophos is warning that...
3. Top ten malware-hosting countries revealed US and UK among the top 10 countries hosting the...

Google.cn now redirects visitors to google.com.hk – where they are greeted by a message reading: “Welcome to Google search in China’s new home.”

The move allowed Google to stop self-censoring the service, although the government’s filtering system would still prevent mainland users from seeing the results of many “politically sensitive” searches.

Related posts:

1. Google and China: A Dysfunctional Marriage Since making it’s search engine available to Chinese users in...
2. Hacker Updates Woman Facebook Status Here’s an interesting story. Who didn’t see this coming? “Police...
3. Google to Microsoft-” Don’t let the door hit ya,…!” Talk about throwing out the baby with the bath water....

I’m sure we will soon start seeing phishing emails and malicious sites being set up around this so if you are interested, be sure to download it from the REAL Microsoft, huh.

Not impressed? Here’s Microsoft’s response, or should I call it a presponse.

“The Platform Preview is an early look at the Internet Explorer 9 platform so some features are incomplete, some may change, and some may be added…..We ask that you refrain from providing feedback on features where noted that they are either partially implemented or not available. We are aware of their condition and will provide updates in future releases. Similarly, for known issues, we are aware of their existence and are actively working on them. Thank you for your interest in the Internet Explorer Platform Preview!”

Related posts:

1. France, Germany warn users against Internet Explorer France and Germany have warned web users against using ALL...
2. Microsoft warns of new IE bug being exploited by hackers Microsoft Corp. today warned of a critical vulnerability in Internet...
3. Microsoft offering choice of browser to users in Europe Microsoft has been ordered to introduce the browser “ballot box”...

Internet Explorer 6 and its 2006 successor, IE7, contain a vulnerability that can be used by attackers to inject malicious code into a Windows PC. The oldest and newest of Microsoft’s supported browsers, IE 5.01 and IE8, respectively, are not vulnerable to such attacks.

“At this time, we are aware of targeted attacks attempting to use this vulnerability,” Microsoft acknowledged in an advisory posted simultaneously with two security updates that patched eight bugs in Windows and Office. Elsewhere, Microsoft said that the vulnerability had been publicly disclosed.

Source: http://www.computerworld.com/s/article/9168138/Microsoft_warns_of_new_IE_bug_attacks_under_way

Related posts:

1. Many companies caught in the lurch as Microsoft ends support for Windows XP 2 On July 13, Microsoft will officially retire Windows XP Service...
2. Aaaah The Infamous Blue Screen of Death On Tuesday, Microsoft issued a patch, MS10-015,  to fix a...
3. Microsoft resumes pushing Blue Screen Update Microsoft has resumed pushing out the patch connected to the...

The new security feature ultimately will scan all URLs before they hit the Twitter feed, but initially is only doing so for URLs sent via Twitter direct messages [DMs] and email notifications about DMs. Twitter is using its own URL shortener for these links: “For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications,” said Del Harvey, Twitter’s director of trust and safety, in a blog post last night.

Twitter’s security feature comes amid new data revealing the level of abuse on the social network: One in eight Twitter accounts last year was malicious, suspicious, or suspended, according to a report issued today by Barracuda Networks. The surge in celebrities joining Twitter in 2009 resulted in a major jump in spam, phishing, and other abuse on the site, according to the report.

Read more: http://www.darkreading.com/securityservices/security/attacks

Related posts:

1. How to limit Twitter risks Twitter is now used by over 350 million people worldwide....
2. Twitter users hit hard by "LOL" phishing attack IT security and data protection firm Sophos is warning that...
3. Facebook and Twitter I have never found much use for social networking sites...

Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.

Related posts:

1. Aaaah The Infamous Blue Screen of Death On Tuesday, Microsoft issued a patch, MS10-015,  to fix a...
2. Trojan Pretends to Be Microsoft Security Suite Microsoft is warning users that a Trojan is masquerading as...
3. Recent Microsoft Update BSOD may be caused by Rootkit Last week, I posted here about the recent pandemic of...

In the latest episode of this never-ending saga, there is an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8. I know what you are saying: ” But we told them to upgrade from the nine year old IE6! ”

According to Microsoft’s Senior Security Communications Manager Lead Jerry Bryant, an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 [or help] key in response to a pop up dialog box.”

Is it time to change your browser? Maybe the EU has it right.

Related posts:

1. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
2. If Microsoft can do it, why not McAfee? Yesterday, a faulty McAfee anti-virus update labeled a critical Microsoft...
3. IKEA Facebook scam cons 40,000 users These types of attacks have become the norm on Facebook. ...

The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD.

The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.

With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD’s focus on better training and preparation of the U.S. military workforce in this area.

The Certified Ethical Hacker qualification tests the certification holder’s knowledge in the mindset, tools and techniques of a hacker, fortifying it’s certification tag line: “To beat a hacker, you must think like one.”

“CEH has been selected due to the immense technical and tactical nature of the certification,”

# # #

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS). For more information about EC-Council, please visit the website: http://www.eccouncil.org

Source: http://www.prlog.org/10553483-united-states-department-of-defense-embraces-hacker-certification-to-protect-us-interests.html

Related posts:

1. Botnets give the hacker espionage tools formerly reserved for nation states The cyber attacks against Google, Adobe and a raft of...
2. Hacker cracks 49 House sites, insults Obama It must be the season. A hacker broke into 49...
3. Hacker who unlocked iPhone breaks into PlayStation 3 The hacker who managed to break into the iPhone has...

The ballot box will be pushed to Windows users running XP, Vista and Windows 7, via an automatic software update, and will only be shown to computer users who are not already running a different default browser. The list of offered browsers are:

* Avant
* Google Chrome
* Mozilla Firefox
* Flock
* GreenBrowser
* Internet Explorer
* K-meleon
* Maxthon
* Opera
* Apple Safari
* Sleipnir
* SlimBrowser

I’m not sure how I feel about this. Competition is always good however users savvy enough to care already know they can download and run any of these browsers. I agree with Microsoft on the point that this will just add to the confusion of many users.

Related posts:

1. Microsoft warns of new IE bug being exploited by hackers Microsoft Corp. today warned of a critical vulnerability in Internet...
2. Microsoft says Do Not Call for Help! If it sounds like a horror movie….well, that’s because is...
3. France, Germany warn users against Internet Explorer France and Germany have warned web users against using ALL...

Related posts:

1. CISSP All In One Book FIFTH EDITION has been released The fifth edition of this best-selling comprehensive CISSP training resources...
2. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
3. More on Forensics… Follow what the NOVA Information Assurance Strike Team is up...

Related posts:

1. Beware of Haiti-Themed Scams and Attacks! Our thoughts and prayers go out to all those affected...
2. IRS reminds you not to go Phishing this tax season It’s tax time again and IRS phishing scams are alive...
3. "Show me the malware"- says Google A fews weeks ago, I had a discussion with a...

“One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software,” Microsoft said in a post on the MMPC’s Threat Research & Response Blog. “So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials.”

The masquerading rogue security tool goes by the name Security Essentials 2010, which is very similar to the actual name of Microsoft’s suite, though the real suite does not have a date in its name.

Read full story: http://www.esecurityplanet.com/features/article.php/3867556/Trojan-Pretends-to-Be-Microsoft-Security-Suite.htm

Related posts:

1. 5 Open Source Alternatives to Microsoft Office The Microsoft Office productivity suite has risen to become the...
2. Microsoft resumes pushing Blue Screen Update Microsoft has resumed pushing out the patch connected to the...
3. Another fake security software alert I”ve previously warned of fake security software or scareware. Here’s...

Related posts:

1. Company develops Virtualized USB key for Online Banking Safety IronKey has come up with a USB drive that can...
2. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
3. Addressing Software Vulnerabilities BEFORE you buy Most organizations are constantly in the software purchase/create -deploy-patch cycle....

IronKey

This allows users  simply plug the drive into any PC, and without the need for any additional drivers or software, after which the host PC was given a precautionary scan for malware, including specialised banking Trojans such as Zeus. The virtualised environment run from the drive could resist browser based  attacks, session hijacking, and accessed the bank via a hosted service network run either by IronKey or from a dedicated server. This solution is currently mainly targeted for companies that want increased protection in access their accounts but it could very well be the future.

Related posts:

1. Free Blocking Tool to Stop Drive-By Malware Downloads The threat of drive-by downloads is very significant as users...
2. More on Secure Online Banking As a follow up to my previous post on online...
3. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...

Researchers are preparing to release a free tool to stop “drive-by” downloads. The new tool, called BLADE (Block All Drive-By Download Exploits), stops downloads that are initiated without the user’s consent.

Read Full Article: http://www.technologyreview.com/computing/24632/?a=f

Related posts:

1. United States Department of Defense Embraces Hacker Certification Mar 01, 2010 – The U.S. Department of Defense (DoD)...
2. Lynis – Security and System Auditing Tool Lynis is an auditing tool for Unix (specialists). It scans...
3. Company develops Virtualized USB key for Online Banking Safety IronKey has come up with a USB drive that can...

The attack, which is ongoing, began on Saturday, as Twitter users found that fellow members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.

Messages, which began with phrases such as “Lol. this is me??”, “lol , this is funny.”,”Lol. this you??” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a website based in China called BZPharma.net.

Unless the hacked Twitter users change their passwords, the intruders can continue to spread spam and other attacks from their hijacked accounts

Source: www.sophos.com/pressoffice/news/articles/2010/02/twitter-phishing-attack.html

No related posts.

Related posts:

1. United States Department of Defense Embraces Hacker Certification Mar 01, 2010 – The U.S. Department of Defense (DoD)...
2. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
3. More on Forensics… Follow what the NOVA Information Assurance Strike Team is up...

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.

Find the full list and guidance on using it here.

Related posts:

1. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
2. Top 10 Web Application Security Risks for 2010 Yesterday, OWASP released its list of top ten web application...
3. Black Hat DC -2010 is here! Black Hat, one of the biggest and most popular security...

Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.

The feature, called “Kill Zeus,” apparently removes the Zeus software from the victim’s PC, giving Spy Eye exclusive access to usernames and passwords.

Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own “botnet” networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.

Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules — U.S. residents with bank accounts — who then move the cash out of the country.

Read the full article

Related posts:

1. CISSP All In One Book FIFTH EDITION has been released The fifth edition of this best-selling comprehensive CISSP training resources...
2. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
3. Company develops Virtualized USB key for Online Banking Safety IronKey has come up with a USB drive that can...

The browser is also configured to transfer as little data to websites as possible, in particular on software errors the company says would normally be transmitted for troubleshooting purposes. This could betray a user’s browsing history.

Although identical to Google’s Chrome in terms of look and feel, delving into the options tab reveals this subtly different outlook. The crash report checkbox found in Chrome is missing, although it has to be said that the latter can be unchecked on the former and is not mandatory. The other security features such as control over cookies are all from Chrome.

Read the full article

Related posts:

1. Google Informs users of terminination of support for IE6 I received this email from the good offices of Google...
2. Microsoft offering choice of browser to users in Europe Microsoft has been ordered to introduce the browser “ballot box”...
3. Google to Microsoft-” Don’t let the door hit ya,…!” Talk about throwing out the baby with the bath water....

Blogger Pat Barnes posted the following repair instructions :

Using the Windows XP Recovery Console

1. Boot from your Windows installation CD

Insert your Windows installation CD and boot your computer. If your computer is not set to boot from CD first, you may need to reconfigure your BIOS or press a boot menu key (often F12, F8 or Esc). If you are unsure of how to do this, consult your favorite geek. As soon as the boot starts, you should see a message like “Press any key to boot from CD…” – press a key.

2. Start the Recovery Console

After the CD loads (it may take a minute), you will be presented with a few choices. One of these options is to start a recovery by pressing “R”. Press “R” to launch the Recovery Console.

* You may be asked to choose a Windows installation. If so, choose the damaged installation (probably “1″).
* You may be prompted for the Administrator password. If you do not have one, press “Enter”.

3. Identify your CD drive letter

You should now be at the command prompt. Enter the following command:

map

Look for the drive letter for your CD drive. It may look something like this:

D: \Device\CdRom0

In this case, your CD drive is “D:”.

4. Replace ATAPI.SYS

Enter the following, replacing “D:” with your CD drive:

cd system32\drivers
ren atapi.sys atapi.old
expand D:\i386\atapi.sy_

You should see the message “1 file(s) expanded.” – this indicates you have succeeded.

5. Reboot and scan for malware

Reboot your computer. With a little luck, your computer will now boot normally. Because this problem is caused by malware, you should immediately scan your computer with up-to-date antivirus software.

Related posts:

1. Aaaah The Infamous Blue Screen of Death On Tuesday, Microsoft issued a patch, MS10-015,  to fix a...
2. Interested in Computer Forensics? I recently went through an EC Council Computer Hacking Forensic...
3. Company develops Virtualized USB key for Online Banking Safety IronKey has come up with a USB drive that can...

Users are advised to boot from their Windows XP installation disc and launch the Recovery Console in order to regain control of their PC.  This solution,  however, leaves out netbook users as the lightweight, inexpensive laptops do not have optical (cd/dvd) drives and so can’t boot from an XP installation disc.

This isn’t the first time that a Microsoft update has crashed Windows PCs. Two years ago, a set of updates for Vista sent an unknown number of machines into an endless series of reboots. Similar problems affected users who tried to upgrade to Windows XP Service Pack 3  in May 2008, and others attempting to upgrade from Vista to Windows 7  last October.

Large enterprises with numerous managed desktop computers should always test patches before rolling them out. Unfortunately, home users just have to hold their noses and wish for the best. Good Ole Microsoft.

Related posts:

1. Microsoft resumes pushing Blue Screen Update Microsoft has resumed pushing out the patch connected to the...
2. Microsoft offering choice of browser to users in Europe Microsoft has been ordered to introduce the browser “ballot box”...
3. Many companies caught in the lurch as Microsoft ends support for Windows XP 2 On July 13, Microsoft will officially retire Windows XP Service...

Good Grief! One would think that work would have been done BEFORE defaming a company.

Related posts:

1. Mozilla confirms Trojan-infected Firefox add-ons If you are a Firefox user, as I am, you...
2. Does the musical browser approach work? German’s official cyber-security response team is advising surfers not to...
3. Hacker Updates Woman Facebook Status Here’s an interesting story. Who didn’t see this coming? “Police...

How well do you know your 500 best friends on Facebook? How much do you trust the 1000 pals you follow on Twitter? Never mind the fact that if any of those accounts are compromised, you’re toast.

Robert Rivard over at MySANews writes:

Effective immediately, I’ve got cyber security religion. It’s scary out there, and I’m going on the defensive. You should, too.

Everybody else is kicking back on a Friday night, sipping a margarita, hanging with friends, planning Super Bowl Sunday. Me?

I’m changing passwords, downloading patches for outdated programs, running redundant anti-virus programs, sniffing for malware.

Read the rest of the great piece at http://www.mysanantonio.com/news/local_news/When_it_comes_to_cyber_security_trust_no_one.html

Related posts:

1. SMB Cyber Security Alliance helps Small Businesses address Cyber Security Risks Across all industries, small businesses are increasingly facing new threats...
2. CISSP All In One Book FIFTH EDITION has been released The fifth edition of this best-selling comprehensive CISSP training resources...
3. Brevity is the soul of…..getting yourself infected with all kinds of nasties! Would you click on the link : http://www.click-here-to-give-me-access-to-all-your-computer-files.com? No? How...

The Washington Post, quoting unnamed sources, reported yesterday that the NSA and Google are in the process of finalizing an agreement under which the NSA will help Google better defend itself against future attacks. Under the deal, the NSA would not get access to users’ search information or e-mail accounts and Google would not share any proprietary data, the source claimed.

Google isn’t the only company to get hacked. Will the NSA be extending this helping hand to all other multi-national corporations or just the one with access to all our personal data in some form or another.

The report states that Google approached the NSA shortly after the recent cyberattacks, which it said were launched from China. However, the deal will take time to hammer out because of the sensitive privacy issues involved. If the deal goes through, it will be the first time that Google has entered into a formal information-sharing relationship with the NSA, the Post quoted its source as saying.

The prospect world’s largest search engine company teaming up with the country’s largest spy agency   should clear up any illusion of the concept of privacy in the internet.

Related posts:

1. Google Acknowledges Privacy Issues With Buzz amid FTC complaint Although Google has acknowledged some of the privacy concerns with...
2. Google rolls out privacy reset for Buzz Google will ask users of its social network Buzz to...
3. Google pulls out of China Is this a divorce or separation?  I chronicled Google’s dysfunctional...

Related posts:

1. Mozilla Retracts Malware Accusation Against Firefox Extension Six days ago, I posted that Mozilla had reported in...
2. Trojan Pretends to Be Microsoft Security Suite Microsoft is warning users that a Trojan is masquerading as...
3. Does the musical browser approach work? German’s official cyber-security response team is advising surfers not to...

From Schneier on Security by Bruce Schneier

This is unconscionable:

At Tuesday’s hearing, Senator Dianne Feinstein, Democrat of California and chairwoman of the Senate Intelligence Committee, asked Mr. Blair [the Director of National Intelligence] to assess the possibility of an attempted attack in the United States in the next three to six months.

He replied, “The priority is certain, I would say” — a response that was reaffirmed by the top officials of the C.I.A. and the F.B.I.

I don’t know what “the priority is certain” actually means, but now everyone is reporting that these agencies claim there will be a terrorist attack in the U.S. during the next six months.

Related posts:

1. CISSP All In One Book FIFTH EDITION has been released The fifth edition of this best-selling comprehensive CISSP training resources...
2. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
3. More on Forensics… Follow what the NOVA Information Assurance Strike Team is up...

I just received an email from some guy called Willie Hickey. Aside form having an extremely amusing name, Mr. Hickey was offering me some very urgent advice[..]

The message reads…

“Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:”.

This little piece of social engineering is obviously designed to arouse fear and doubt in the recipient; “Oh no, not those photos, the zookeeper promised he would destroy the negatives.
Don’t be tempted though to click the link. There are no photos, there is no Willie Hickey.
The link leads to a malicious JavaScript which redirects the browser to a Russian IP address where multiple PDF exploits and an ActiveX exploit are used to push out a variant of the ZeuS crimeware. The sample itself has very low detection rates with only 9 out of 40 detections on VirusTotal.

http://countermeasures.trendmicro.eu/your-guilty-conscience-could-get-you-pwned/

Related posts:

1. Don't install fake Facebook Antivirus Alas, another day, another Facebook security alert. As soon as...
2. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
3. Brevity is the soul of…..getting yourself infected with all kinds of nasties! Would you click on the link : http://www.click-here-to-give-me-access-to-all-your-computer-files.com? No? How...