InfoSec News

Companies selling products or services online could easily charge more if they just treated their customers a bit better, according to a survey.
 
These four password managers let you save and retrieve password data no matter what device you're using.
 
These four password managers let you save and retrieve password data no matter what device you're using.
 
Clearwire is launching its 4G WiMax network in New York, San Francisco and Los Angeles before the end of the year.
 
What you don't know -- or refuse to learn -- about social networking could undermine your business
 
Physicists at the University of California have taken a giant leap closer to creating a new computer chip that gives memory the brains of a CPU, which promises to vastly improve computer performance and keep systems in an always-on state.
 
Infosys Technologies says it will hire 1,000 U.S. workers to increase its ability to provide consulting and management services to its clients, an area of increasing importance for this India-based offshore giant.
 
InfoSec News: Stolen computer contains Social Security numbers: http://www.delmarvanow.com/article/20101016/NEWS01/10160341/Stolen-computer-contains-Social-Security-numbers
By Ted Shockley Staff Writer Delmarva Now October 16, 2010
ACCOMAC -- An Accomack employee had a county-owned laptop computer stolen while on a personal vacation to Las Vegas, and with it the names and Social Security numbers of roughly 35,000 county residents.
In some cases, actual addresses of county residents also may have been included in computer files.
"It was taken there without permission," county administrator Steve Miner said of the computer.
Miner said the worker remains employed. The matter was discussed during a recent closed meeting of the Board of Supervisors.
[...]
 
InfoSec News: Hackers in China swiped sensitive data from gov’t: http://joongangdaily.joins.com/article/view.asp?aid=2927242
JoongAng Daily October 16, 2010
Hackers from China have successfully stolen confidential information from foreign service and security officials through e-mails that purport to be from the Blue House or diplomats abroad, a report from the National Intelligence Service showed.
Grand National Party Representative Lee Jung-hyun, a member of the legislature’s National Defense Commission, provided the JoongAng Ilbo on Thursday with intelligence agency warnings sent to government offices earlier this year.
According to the documents, the National Intelligence Service warned that malicious e-mails were sent to foreign affairs and security public servants and diplomats abroad. The NIS said the e-mails, which contained a type of malware capable of stealing data from personal computers and mobile data storage devices, were sent repeatedly, and it warned civil servants to step up their security. The e-mails were disguised to appear to be coming from diplomats and Blue House officials.
The e-mails contained attachments titled “Briefing on [U.S.-Korea expert Jack] Pritchard’s North Korea visit,” “2010 Korean Peninsula affairs outlook” and “Itinerary of Kim Jong-il’s trip to China.”
[...]
 
InfoSec News: New Zeus Attack Preys On Quarterly Federal Taxpayers: http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?articleID=227900050
By Kelly Jackson Higgins DarkReading Oct 15, 2010
A widespread spam campaign that began several days ago started spiking today, Oct. 15 -- quarterly tax payment deadline day in the U.S. [...]
 
InfoSec News: Fight cyberwar with cold war doctrines, says former DHS chief: http://www.theregister.co.uk/2010/10/15/cyberwar_attack_soctrines/
By John Leyden The Register 15th October 2010
Cold war doctrines on how to respond to nuclear attack need to be applied to the 21st century threats of cyber attacks and espionage, [...]
 
InfoSec News: Hackers still strong despite soft economy: http://www.themalaysianinsider.com/business/article/hackers-still-strong-despite-soft-economy/
By Erna Mahyuni The Malaysian Insider October 15, 2010
KUALA LUMPUR - Not even a recession can stall the hacker institution that is Hack in the Box (HITB). [...]
 
The global body in charge of allocating Internet addresses expects to hand out the final blocks of IPv4 (Internet Protocol version 4) addresses to regional registrars early next year, it said Monday.
 

Posted by InfoSec News on Oct 17

http://www.delmarvanow.com/article/20101016/NEWS01/10160341/Stolen-computer-contains-Social-Security-numbers

By Ted Shockley
Staff Writer
Delmarva Now
October 16, 2010

ACCOMAC -- An Accomack employee had a county-owned laptop computer
stolen while on a personal vacation to Las Vegas, and with it the names
and Social Security numbers of roughly 35,000 county residents.

In some cases, actual addresses of county residents also may have been...
 

Posted by InfoSec News on Oct 17

http://joongangdaily.joins.com/article/view.asp?aid=2927242

JoongAng Daily
October 16, 2010

Hackers from China have successfully stolen confidential information
from foreign service and security officials through e-mails that purport
to be from the Blue House or diplomats abroad, a report from the
National Intelligence Service showed.

Grand National Party Representative Lee Jung-hyun, a member of the
legislature’s National Defense...
 

Posted by InfoSec News on Oct 17

http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?articleID=227900050

By Kelly Jackson Higgins
DarkReading
Oct 15, 2010

A widespread spam campaign that began several days ago started spiking
today, Oct. 15 -- quarterly tax payment deadline day in the U.S.: The
Zeus-laden attack poses as an alert from the government's electronic tax
payment system, telling recipients that their payment was rejected and
sending them...
 

Posted by InfoSec News on Oct 17

http://www.theregister.co.uk/2010/10/15/cyberwar_attack_soctrines/

By John Leyden
The Register
15th October 2010

Cold war doctrines on how to respond to nuclear attack need to be
applied to the 21st century threats of cyber attacks and espionage,
according to former US Homeland Security secretary Michael Chertoff.

Chertoff told delegates at the RSA Conference in London that around 100
countries had cyber-espionage and cyber-attack...
 

Posted by InfoSec News on Oct 17

http://www.themalaysianinsider.com/business/article/hackers-still-strong-despite-soft-economy/

By Erna Mahyuni
The Malaysian Insider
October 15, 2010

KUALA LUMPUR - Not even a recession can stall the hacker institution
that is Hack in the Box (HITB).

In its eighth year, this year's Kuala Lumpur leg drew a 300-strong crowd
from all over the world.

Initially expecting lesser numbers, HITB's Dinesh Nair was pleasantly
surprised at the...
 
Proxim Wireless Monday unveiled a point-to-point microwave backhaul designed to meet the growing demand for faster wireless networks and devices.
 
On day 17 of our yearly Cyber Security Awareness Month, we enter into the thorny subject area of your Boss. Today, we'll look at what a boss should, or indeed should not have access to.
Bosses are interesting people. The don't do what you and I do, they do different things, go to different places, mix with different people (most with new shiny technology), and face different day to day challenges.
Lets look at those day to day challenges, or risks as we call them.
You boss most likely holds the 'keys to your business'. They will know what your company is going to do next, they have information that could move your share price such as the date of launch for a new product, move on a new take over. All of that information is valuable.So, we all think about the risks to our bosses, but do they think about the risks they enter every day.Given that most CxO level bosses are not the most tech savvy people in the world how do we educate them to work in an online world where people want that information, and are willing to try and take it?
What do you do when you boss wants to go to a country where not just crossing a geographical boarder has the potential for having technology confiscated, but how about copied when they are in their hotel room? Spyware loaded onto their laptop they take with them so that e-mails are read, documents copied, and so on.
When you boss comes to you and they want the latest iShiny technology, how do you show the risks associated with them using it?
Do you have a special executive group on your web proxy which gives these high value targets boarder access than the people in the offices they control? If you do, should you?
If you can pass on some tips on how you can educate CxO level executives to the risks they face, and how that impacts the services, and IT resources they should have access to, I'll add them to the bottom of the diary during today, and into next week.
Steve Hall

ISC Handler
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 


Internet Storm Center Infocon Status