You are currently browsing the articles from IT Security Top Headlines written in the month of
Back in March, Roger Grimes wrote:
I think 2006 will be the year of the world’s biggest bank heist. Tens of millions of dollars will be stolen electronically by SSL Trojans in one day (if it hasn’t already happened), resulting in an “awakening” of the general public and government regulators.
Written by pinolobu on November 22nd, 2006 with no comments.
Read more articles on news.
What more, he learned how to do it from Malaysians!
The Times Online UK reports on 15th Nov:
Maxwell Parsons, 41 or other gang members would use MP3 portable music players to record data transmitted from free-standing ATM cash machines. The data was then converted to readable numbers using a separate computer programme.
The phone line running from the machine to an ordinary BT white socket was unplugged and a two-way adaptor inserted. The MP3 player was then placed between the ATM machine’s output cable and the phone socket.
The player would record the tones, which resemble the kind of sound emitted by a fax machine.
These were then interpreted using a modem line tap, or MLT, acquired from Canada, or passed through a computer software program bought illicitly in Ukraine.
Parsons, of Gorton, Manchester, was able to exploit his knowledge of credit card security systems to put together credit card numbers and the cards’ expiry dates. The gang used the data to encode and clone a number of credit cards.
Tags: credit cards, fraud, credit card fraud, credit card, ATM, MP3 player, MP3, hacking, hacker
Written by pinolobu on November 16th, 2006 with no comments.
Read more articles on news.
The trojan game has been upped an ante.
Gregg Keize of of informationweek.com reports:
A Trojan horse now making the rounds takes the unusual self-defense step of installing anti-virus software to scrub the victimized PC of competing malware, a security researcher said.
According to Joe Stewart of Atlanta-based SecureWorks, the SpamThru Trojan adds a pirated copy of Kaspersky Lab’s AntiVirus for WinGate to a cloaked folder on the compromised machine. The illegitimate anti-virus program scans the system for malicious code — passing over SpamThru’s own files — and then deletes what malware it finds when the PC next boots.
Typical Trojan techniques stop at disabling existing anti-virus software, preventing AV products from retrieving signature updates, and to defeat the competition, blocking specific pieces of malware. "SpamThru takes the game to a new level," said Stewart in an online brief posted last week on the SecureWorks’ Web site. "Ten minutes after the download of the DLL, it begins to scan the system."
Written by pinolobu on November 14th, 2006 with no comments.
Read more articles on news.
As reported by techrepublic on 30th October 2006:
Rather than waiting until "official" vendor patches become available, a new online organization—the Zeroday Emergency Response Team (ZERT)—aims to respond to release reliable non-vendor "emergency" patches for exploits as soon as they appear to pose a serious risk of exploitation. Of special interest to many users may be the ZProtector framework for patching zero-day vulnerabilities for Windows—beginning with Windows 95! As you probably know, this range includes a number of platforms no longer supported by Microsoft.
Although ZERT works with a number of security tool vendors, the organization has no direct affiliation with any particular vendor. To see how ZERT approaches emergency patching of zero-day threats as compared to the official Microsoft patches, check out this ZERT analysis PDF document of the recently patched CVE-2006-4868 vulnerability.
Written by pinolobu on November 13th, 2006 with no comments.
Read more articles on news.
According to Internet News, Hackers created a new page on the German edition of Wikipedia with details of a new version of Blaster worm. They also included a download link to a patch that removes the virus. Now the problem was that the patch itself was a virus.
http://labnol.blogspot.com/2006/11/virus-writers-have-new-found-love.html
Written by pinolobu on November 7th, 2006 with no comments.
Read more articles on news.
Pcworld reports on 30th Oct:
A security problem originally found in Microsoft Internet Explorer 6 browser has returned to haunt IE7, the new version of the browser launched two weeks ago, a security consultant said Monday. (more…)
Written by pinolobu on November 5th, 2006 with no comments.
Read more articles on news.
As reported by New Zealand Herald in September:
Judge Ian Mill described the case as very unusual. He noted Macridis’ dishonesty offending ended more than 10 years ago. He said Macridis used his talents to identify security risks and he had identified a grave risk to the Reserve Bank and its customers. He did not pass the information on to others and did not use it for personal gain. “In my view his intentions were honourable.” Judge Mill said conviction would be out of proportion with Macridis’ actions and he discharged him without conviction.
With this precedent, can we use this excuse here in Malaysia?
Written by pinolobu on November 4th, 2006 with no comments.
Read more articles on news.
As reported by Business Week in September:
Some Macy’s, CVS, and Babies ‘R’ Us stores have installed a system called the Video Investigator, whose advanced surveillance software can compare a shopper’s movements between video images and recognize unusual activity. Remove 10 items from a shelf at once, for instance, or open a case that’s normally kept closed and locked, and the system alerts guards sitting in a back room — or pacing the sales floor — with a chime or flashing screen. The system can predict where a shoplifter is likely to hide (at the ends of aisles, behind floor displays). A search function spots sudden movement that might indicate a large spill, prompting workers to clean up before it leads to a slip-and-fall accident and a costly lawsuit. And if someone opens a back door at 2 a.m., the system will record who sneaked in and link it with snapshots of the previous and next persons to use the door. Alerts, complete with images, can be sent to handheld devices, keeping retailers informed 24/7, says Jumbi Edulbehram, vice-president for strategic marketing at IntelliVid Corp., a Cambridge (Mass.) firm that makes the Video Investigator system.
Written by pinolobu on November 3rd, 2006 with no comments.
Read more articles on case studies and news.
The Wall Street Journal reports in August:
At airport security checkpoints in Knoxville, Tenn. this summer, scores of departing passengers were chosen to step behind a curtain, sit in a metallic oval booth and don headphones.
With one hand inserted into a sensor that monitors physical responses, the travelers used the other hand to answer questions on a touch screen about their plans. A machine measured biometric responses — blood pressure, pulse and sweat levels — that then were analyzed by software. The idea was to ferret out U.S. officials who were carrying out carefully constructed but make-believe terrorist missions. (more…)
Written by pinolobu on November 2nd, 2006 with no comments.
Read more articles on news.
As reported on 3rd Jan 2006 in Computimes:
THE Malaysian Administrative Modernisation and Management Planning Unit (Mampu) is gearing up its initiative in the information and communications technology (ICT) security space, aimed at enhancing the quality of the public sector delivery system.
According to its director of ICT security division Wan Mohd Rosdi Wan Dolah, ICT security has become a critical factor in ensuring the success of efficient computerisation projects and the continuity of Government service delivery.
“To achieve this, Mampu is pushing for the implementation of security policy at agencies level, ensuring ICT assets are secured from intrusions and attacks, and that the architecture of Government ICT systems comply with established security standards,” he said in Putrajaya recently.
For 2006, Wan Mohd Rosdi said Mampu will look at security issues in areas such as wireless, digital devices, and Internet protocol (IP).
“We foresee that new elusive threats will continue, and towards that end, we will be enhancing our mechanisms like the Public Sector Network Monitoring System (Prisma) and Government Computer Emergency Response Team (GCERT) with an ICT early warning system, and combine proactive and reactive incident response capabilities with 24/7 monitoring,” he added.
According to Wan Mohd Rosdi, Government agencies are also to implement an ICT systems audit known as Security Posture Assessment (SPA), which is an exhaustive examination and review of a department’s current ICT network and systems’ security.
“It identifies weaknesses and vulnerabilities that put an agency at risk, and provides recommendations to improve security,” he said.
“In the assessment process, existing ICT policies and their implementation will be reviewed, system installation validated, and all points of entry into the network checked.”
He said over a period of five years until 2010, all agencies are required to implement a high-level ICT risk assessment.
Wan Mohd Rosdi emphasised that the ultimate goal is to ensure business or services continuity and to minimise damage by keeping the effects of security incidents to the minimum.
“By 2010, we hope 100 per cent of Government ICT assets to comply and conform to specific ICT security standards like the BS 7799,” he added.
Mampu also plans to educate the Government agencies on the importance of ICT security and its relation to better service delivery. Last year, it conducted a series of ICT security awareness programmes like consultative services, security training, and workshops to security officers from various agencies.
Wan Mohd Rosdi said Mampu is also looking at partnering with Intan to conduct the training programmes for 2006.
Tags: security policy, malaysia, security posture assessment, SPA, ICT
Written by pinolobu on November 1st, 2006 with no comments.
Read more articles on news.