RSS Alerts

Share

More services

Related Links

Related Stories

  • Smartphone security has privacy problems
    WXPI, a Pittsburgh, Pennylvania-based TV station has quietly broken a story which could have profound repercusions on the security of so-called smartphones - mobile phones with computer-like qualities.
  • Quocirca releases encryption value analysis report
    Quocirca, the business and IT research analysis company, has released a report looking at how encryption can add value to an organisation.
  • Mobile Devices Raise Security Concerns
    As mobile devices like the iPhone and BlackBerry become increasingly popular among end users, enterprises are worried about ensuring the security of their data.
  • US lawmakers upset at breach news delay
    US lawmakers are asking why a stolen laptop, which had medical test results for 2,500 patients in a National Institute of Health study, was not encrypted.
  • Comment: It’s Time for Smartphone Security
    As the mobile market grows, so does mobile malware. Don DeBolt, director of threat research at internet security company Total Defense, discusses how IT practitioners and company employees can best stay safe by protecting themselves from mobile hacks, privacy concerns and more in a day and age when mobile malware is on the rise

Top 5 Stories

News

Weekly brief, January 18 2010

17 January 2010

Infosecurity rounds up the security news from the past week.

A group calling itself the Iranian Cyber Army hacked the DNS entry for Chinese search engine giant Baidu, poisoning it so that it pointed to a defaced site. And Germany's BerliOS open source portal also got hit, although that attack actually changed the home pages on its own servers. The attackers accused the open source consortium of not investing enough in security measures.

ATM skimming is on the rise, according to reports. Banks in North Carolina and Florida got hit. 300 members of Raleigh's State Employees Credit Union had their accounts pilfered after skimming devices grabbed their credit card details.

Lincoln National Corporation has reported that up to 1 200 000 individuals' records were rendered vulnerable to compromise thanks to flaws in the portfolio information systems run by its subsidiaries. Employees were sharing user names and passwords, the firm found.

Researchers have cracked a much more recent version of A5, the GSM encryption standard. A5/3, which hasn't gone into commercial use yet, is open to a theoretical attack, they say, although it would be more difficult to implement practically because of the large number of plaintexts that would need to be collected.

Porn dialers are coming back - this time to mobile phones, according to researchers from CA. This technology, which used to hit computer users with dial-up modems, is now being used to send high-cost SMS messages to attackers' accounts from mobile devices.

Oracle patched 24 critical vulnerabilities in its January Critical Patch Update. Conversely, Microsoft released just one software update for its patch Tuesday release this month. It fixed a vulnerability in the embedded OpenType font engine that could allow remote code execution. However, it confirmed a hole in Internet Explorer that was used in zero-day attacks against various technology companies, including Google.

Researchers at clearing house and directory services firm Neustar worked with ISPs to take down the Lethic botnet.

US school districts are being increasingly targeted by cybercriminals, say reports, which say that New York's Duanesburg district was the victim of an attempted attack earlier this month. Perhaps they should use more encryption - a global survey from Check Point found that only 27% of respondents used the technology to protect their data. We certainly hope that Kaiser Permanente's Northern Californian branch did. It had to write and apologize to 15 500 customers after an employee took their records home on an external drive - and had it stolen from their car. Information on the drive included full name and Kaiser Permanente medical record number, and depending on the individual, may have included other information such as their date of birth or age, gender, phone number, and date and other general information related to their care and treatment, the sheepish firm said.

Talking of encryption, Google is now defaulting to SSL connections for its Gmail service. But it still isn't doing that for Google Docs and Spreadsheets.

This article is featured in:
Compliance and Policy  • Data Loss  • Encryption • Internet and Network Security • Malware and Hardware Security • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012