2010

September 2010

Fake website 'takes seconds' to set up

Kevin Peachey

http://www.bbc.co.uk/news/business-11372689

Excerpt:

"................Mr Holman said that it was "extremely simple" for people to clone a legitimate website in order to sell fake products, but there were different levels of sophistication to trick internet users. Â Other fraudsters have used links to "bargains" sent via social networking sites, internet forums and in e-mails, which also prove to be fake or are used to fish for people's banking details.............."

Norman Describes Cyber Criminal Behavior at Cyber Security 2010

John Callahan

http://www.prnewswire.com/news-releases/norman-describes-cyber-criminal-behavior-at-cyber-security-2010-103282079.html

Excerpt:

"..............Norman ASA, a leading security company, today announced that Righard Zwienenberg, Chief Research Officer, will speak on cyber criminal behavior and strategies at the Cyber Security 2010 event, Sept. 22-23, Brussels, Belgium. The theme of the conference is "Protecting Critical National Infrastructure from the Cyber Threat." The event will be attended by leaders from government, international organizations and the private sector................"

US eyes NATO-powered cyber shield

AHARON ETENGOFF

http://www.tgdaily.com/security-features/51627-us-wants-nato-powered-cyber-shield

Excerpt:

".............US Deputy Defense Secretary William Lynn believes NATO must construct a "cyber shield" to protect critical Alliance infrastructure from hostile digital threats. Â "Cyber security is a [vital] element [and] the Alliance has a crucial role to play in extending a blanket of security over our networks," Lynn explained during a recent conference in a statement quoted by AFP................"

Nations, Companies Should Prepare for Cyberwar, Experts Say

Grant Gross

http://www.pcworld.com/businesscenter/article/205773/nations_companies_should_prepare_for_cyberwar_experts_say.html

Excerpt:

"..............Many people have called the 2007 attacks on Estonian banks, media outlets and government ministries an early example of cyberwar, but using a legal definition, they were not, said Eneken Tikk, head of the legal and policy branch of the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. She defined cyberwar as an attack that would cause the same type of destruction as the traditional military, with military force as an appropriate response..............."

SCADA worm a 'nation state search-and-destroy weapon'

Dan Goodin

http://www.itworld.com/government/121315/was-stuxnet-built-attack-irans-nuclear-program

Excerpt:

'.....The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world â€“ to destroy something.Â

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target â€“ and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat....."

Information security and the balanced scorecard

Jamil Farshchi and Ahmad Douglas

http://www.itworld.com/print/121196

Excerpt:

"..............But can an excellent information security program create value? Perhaps the first step to implementing a successful plan is defining success. Many organizations, especially those harshly constrained by regulatory compliance and public scrutiny, define success as the absence of a significant, widely publicized event. Los Alamos National Laboratory was in the same situation: Our security program was deemed a success as long as it kept incidents to a minimum and those that did occur were of low enough severity to satisfy our regulating authority................"

Botnet operators shift locations

Shaun Nichols

http://www.v3.co.uk/v3/news/2270261/botnet-operators-shift

Excerpt:

'....M86 Security said that 5,000 new spam domains have been traced back to two Russian registrars in the past month. Among those who have moved to Russian providers are the operators of the Zeus malware. Â "It used to be Chinese registrars, and now it has been a pretty dramatic shift," Bradley Anstis, vice president of technology strategy at M86 Security, told V3.co.uk......'

Kaspersky Lab provides its insights on Stuxnet worm

Kaspersky Lab

http://www.kaspersky.com/news?id=207576183

Excerpt:

'.....Kaspersky Lab's experts believe that Stuxnet manifests the beginning of the new age of cyber-warfare.We believe this type of attack could only be conducted with nation-state support and backing. Â "I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars," said Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab. Speaking at the Kaspersky Security Symposium with international journalists in Munich, Germany, Kaspersky described Stuxnet as the opening of "Pandora's Box.".....'

Stuxnet Under the Microscope

ESET

http://www.eset.com/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

Excerpt:

'....A high volume of detections in a single region may mean that it is the major target of attackers. However, multiple targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting detail. In fact, even known infection of a SCADA site isnâ€™t incontrovertible evidence that the site was specifically targeted. It has been suggested that malware could have been spread via flash drives distributed at a SCADA conference or event (as Randy Abrams pointed out in a blog http://blog.eset.com/2010/07/19/which-army-attacked-the-power-grids. Even that would argue targeting of the sector rather than individual sites, and that targeting is obvious from the payload. Distribution, however, is influenced by a number of factors apart from targeting, such as local availability of security software and adherence to good update/patching practice. Furthermore, our statistics show that the distribution of infections from the earliest days of detection shows a steep decline even in heavily-affected Iran in the days following the initial discovery of the attack, followed by a more gradual decline over subsequent months. ......'

The Rise of PDF Malware

Karthik Selvaraj and Nino Fred Gutierrez

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_rise_of_pdf_malware.pdf

Excerpt:

'....

The amount of malicious PDFs seen in the wild has increased dramatically over the last 3 years. This is due to the success that malware authors are attaining via PDF distribution. The threat landscape is not homogenous in that there are many different types of PDFs and different ways in which malicious PDFs are used to compromise computers. To really understand the PDF threat landscape we need to discuss different methods of distribution for these malicious PDFs as well as the different types of PDFs that are being seen in the wild.......'

Saudi Arabians Will Soon Need A License To Blog

Alexia Tsotsis

http://techcrunch.com/2010/09/23/saudi-arabians-will-soon-need-a-license-to-blog/

Excerpt:

'....While the Saudi government has arrested bloggers critical of Saudi life and censored activist Twitter pages in the past, this is the first attempt at regulating online media as a whole. As blogging becomes more popular, Saudi Arabian authorities are starting to treat it with the same caution and restriction applied to traditional media in the country.......'

Israel used cyber weapon to disrupt Iran's nuclear reactor

Homeland Security Newswire

http://homelandsecuritynewswire.com/experts-israel-used-cyber-weapon-disrupt-irans-nuclear-reactor

Excerpt:

'....The reason the Israeli planes, commandos, and several rescue helicopters were able to enter Syria, accomplish their mission, and retreat without notice was that Israel opened a new chapter in warfare: it used sophisticated software attacks on Syriaâ€™s electrical grid â€“ made more effective by Israeli-designed microchips with â€œback doorsâ€ planted in Syriaâ€™s radar and command-and-control computers â€“ completely to blind the Syrian military and government for about an hour an half.......'

Seeing The Internet As An 'Information Weapon'

Tom Gjelten

http://www.npr.org/templates/story/story.php?storyId=130052701

Excerpt:

'....So why is there no arms control measure that would apply to the use of cyberweapons? Â It is not for lack of attention to the issue. Government and military leaders around the world have warned that the next world war is likely to be fought at least partly in cyberspace, and cyber "disarmament" discussions have been under way at the United Nations for more than a decade and more recently at the International Telecommunications Union, the leading U.N. agency for information technology issues.......'

Google Warning Gmail Users: China Spied on Your Account

Athima Chansanchai

http://gawker.com/5646498/google-warning-gmail-users-china-spied-on-your-account

Excerpt:

'....Threatpost says the users affected seem to be pretty randomly distributedâ€”they found everyone from a privacy advocate, to the editor of a marketing blog, to doctors and gamers had been affected. The warning includes the IP address used to access the user's account, and a recommendation to change their password. (You've been able to check a log of who's accessed your account for a while, but Google has taken an extra step by actively warning users whose accounts have specifically been accessed by a Chinese IP address.).....'

Iran nuclear experts race to stop spread of Stuxnet computer worm

Peter Beaumont

http://www.guardian.co.uk/world/2010/sep/26/iran-stuxnet-worm-nuclear

Excerpt:

'....Computer security experts who have studied Stuxnet since it emerged two months ago believe it was designed specifically to attack the Siemens-designed working system of the Bushehr plant and appears to have infected the system via the laptops and USB drives of Russian technicians who had been working there. Â Western experts say the worm's sophistication â€“ and the fact that some 60% of computers infected appeared to be in Iran â€“ pointed to a government-backed attack. Â Although the worm has turned up in other countries since first appearing in July â€“ including Indonesia and the US â€“ the frequency of its appearance in Iran has suggested the country was the intended victim of the cyber-warfare attack, with some analysts speculating that Israel might be behind it.......'

Iran successfully battling cyber attack

Iranian news agency Mehr

http://www.mehrnews.com/en/NewsDetail.aspx?NewsID=1158506

Excerpt:

'....According to Associated Press, a complex computer worm dubbed Stuxnet has infected many industrial sites in Iran and is capable of taking over power plants. Â The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday. Â â€œAn electronic war has been launched against Iran,â€ Mahmoud Liaii added. â€œThis computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,â€ he said.......'

Cyberfraud Ring Dismantled in Ukraine

Lucian Constantin

http://news.softpedia.com/news/Cyberfraud-Ring-Dismantled-in-Ukraine-157991.shtml

Excerpt:

'....A group of five hackers were arrested by Ukrainian authorities this month under suspicion of stealing millions from the bank accounts of foreign companies.HostExploit reports that local authorities believe the group might be responsible for stealing $1 million from the accounts of Sony Europe alone. Â When raiding the hackers' hideout, the police seized servers, computers, printers, stamps, forms, credit cards, fake documents, fake passports and 350 thousand dollars.......'

Cyber Attacks Test Pentagon, Allies and Foes

SIOBHAN GORMAN and STEPHEN FIDLER

http://online.wsj.com/article/SB10001424052748703793804575511961264943300.html

Excerpt:

'....More than 100 countries are currently trying to break into U.S. networks, defense officials say. China and Russia are home to the greatest concentration of attacks. Â The Pentagon's Cyber Command is scheduled to be up and running next month, but much of the rest of the U.S. government is lagging behind, debating the responsibilities of different agencies, cyber-security experts say. The White House is considering whether the Pentagon needs more authority to help fend off cyber attacks within the U.S.......'

Malware Infections Market

Team Cymru

http://www.team-cymru.com/ReadingRoom/Whitepapers/2010/Malware-Infections-Market.pdf

Excerpt:

'....What happens however if a third-party application like winzip, Flash or the PDF reader contains vulnerabilities? In some cases the application itself might have asked the user to update to a newer version. Not everyone might realize that the programs on their system, whether it is a desktop computer or phone, pose an equal security risk as the operating itself. Just recently Apple found a vulnerability on their IOS platform where the PDF implementation could cause the iPhone or iPad to become compromised. ......'

USB drive identifies and extracts data, leaving no footprint

Help Net Security

http://www.net-security.org/secworld.php?id=9915

Excerpt:

'...."This is a true breakthrough for the military, intelligence, and law enforcement communities that provide advanced computer forensics in the field without leaving a telltale footprint behind," said Richard White, vice president, Advanced Information Solutions, Harris Government Communications Systems. "The BlackJack solution is lightning-fast, durable and has the potential for application in other markets, including corporate computer forensics."......'

DHS Launches Cyber Attack Exercise

J. Nicholas Hoover

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500797

Excerpt:

'....With cybersecurity continuing to heat up as a national defense priority, Cyber Storm III will give the government a chance to see how ready it's processes and people really are in protecting the nation and Internet against malicious hackers. "So much of the cyber mission space is about collaboration, and every once in a while you've got to kick the tires to see how well it works," Bobbie Stempfley, director of DHS' National Cyber Security Division, said in a meeting with reporters last week.......'

Mass cyber attack paralyses Burmese media

FRANCIS WADE

http://www.dvb.no/elections/mass-cyber-attack-paralyses-burmese-media/11932

Excerpt:

'....Websites belonging to The Irrawaddy magazine, Mizzima and DVB â€“ all exiled media groups founded by former activists â€“ were today attacked using DDoS, or distributed denial-of-service, which fires thousands of malformed web connections against the site.......'

CIA used 'illegal, inaccurate code to target kill drones'

Chris Williams

http://www.theregister.co.uk/2010/09/24/cia_netezza/

Excerpt:

'....The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan. Â The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.......'

The Big Picture of the Security Incident Cycle

Lenny Zeltser

https://blogs.sans.org/computer-forensics/2010/09/27/digital-forensics-security-incident-cycle/

Excerpt:

'....Speaking at the US Digital Forensic and Incident Response Summit 2010, Richard Bejtlich discussed the topic of CIRT-Level Response to Advanced Persistent Threat. His talk focused on the unique challenges of handling APT incidents that span years, not days. The presentation (PDF) included a slide that outlined the structure of the Computer Incident Response Team (CIRT) group that Richard built at General Electric to support the security incident cycle. Iâ€™ll refer to this diagram; however, my interpretation might differ from that of Richard, as I do not recall the specific details he shared with the audience when discussing this slide.......'

No govt defence against cyber attacks

Darren Pauli

http://www.zdnet.com.au/no-govt-defence-against-cyber-attacks-339306238.htm

Excerpt:

'...."To be honest, we struggle to defend our own systems from the current threats â€” the idea that we can extend the envelope to protect the mining industry's SCADA (Supervisory Control and Data Acquisition) or the banking industry just doesn't fly," Rothery said. "The people that will defend Westpac will be from Westpac, and Telstra will use people from Telstra. It won't be the Australian Army or Signals Corps.".......'

Cheap hardware infects govt agencies

Darren Pauli

http://www.zdnet.com.au/cheap-hardware-infects-govt-agencies-339306199.htm

Excerpt:

'....Johnston told ZDNet Australia that he intends to push a ban on government agencies shirking expensive but trusted technology brands for cheap white-box goods after unnamed departments had discovered backdoor malware in computers, servers and processor chips. Â Backdoor malware can provide an access point through which criminals can access and steal data, often silently. Figures released by the Australian Communications and Media Authority last week point to over 30,000 computers reportedly taking part in botnet activity every day.......'

Australian Government

Information Security Manual

http://www.dsd.gov.au/_lib/pdf_doc/ism/ISM_Sep09_rev1.pdf

Excerpt:

'....The cyber security threat is not an emerging threat â€“ it is here with us now. Â Global Internet-connectivity provides the opportunity for our Internet-connected systems to be exploitedÂ

from anywhere in the world. Furthermore, the Internet readily provides information about vulnerabilities and how to exploit them. Consequently, the capabilities of malicious entities on the Internet continueÂ

to grow, posing a serious and persistent threat to the security of government information and systems. Â All government department and agency heads are responsible for the security of the information theirÂ

personnel handle in their daily business and operations. Each department and agency is not only entrusted with the protection of its own information, but must also ensure information provided by private andÂ

government individuals and organisations, including international partners, is protected to the same standard as their own information.......'

Key findings from the 2011 Global State of Information Security Survey

PricewaterhouseCoopers

http://www.pwc.com/en_GX/gx/information-security-survey/pdf/giss-2011-survey-report.pdf

Excerpt:

"..............This financial restraint is in spite of clear evidence that as information security emerges from the smoke of a brutal yearâ€”and, in effect a â€œtria by fire,â€ as last

yearâ€™s survey revealedâ€”it is sporting a new hard-won respect, not just from many but from most of this yearâ€™s respondents. This includes more than 12,800Â

CEOs, CFOs, CIOs, CISOs, CSOs and other executives responsible for their organizationâ€™s IT and security investments in more than 135 countries........."

Outage at J.P. Morgan Cuts Web Access

Dan Fitzpatrick, Robin Sidel And Mary Pilon

http://online.wsj.com/article/SB10001424052748704285104575492353620968926.html

Excerpt:

"..........A spokesman for the nation's second-largest bank by assets said the service went down because of a "technical issue, not hackers or criminals." Another person familiar with the situation said the disruption was the result of a flaw in a software program tailored for J.P. Morgan............."

US urges NATO to build 'cyber shield'

Physorg

http://www.physorg.com/news203781095.html

Excerpt:

"..........The alliance has a crucial role to play in extending a blanket of security over our networks," Lynn said. Â "NATO has a nuclear shield, it is building a stronger and stronger defence shield, it needs a cyber shield as well," he said at a forum hosted by the Security & Defence Agenda think-tank............."

Former NSA Chief Hayden: Cybersecurity Policy Still 'Vacant'

National Defense Industrial Association

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=203

Excerpt:

"...............S. government officials often have been handcuffed when operating in cyberspace because it is unclear whether their actions will set a precedent and have unknown lasting consequences, Hayden said. Another obstacle is the absence of a Â definition of privacy for the Internet age, he added.................."

Cyber Storm about to unleash chaos on Australia, the world

Tom Hyland

http://www.brisbanetimes.com.au/national/cyber-storm-about-to-unleash-chaos-on-australia-the-world-20100918-15ham.html

Excerpt:

"..............Its aim is to test the ability of Australia and its allies to respond to what governments, spy bosses and security experts say is the real and growing threat from cyber attacks. As a video on the website of the super-secret Defence Signals Directorate puts it: ''Online is the new front line.''................."

IPv6 Transition Poses New Security Threats

Kelly Jackson Higgins

http://www.darkreading.com/vulnerability_management/security/perimeter/showArticle.jhtml?articleID=227300083

Excerpt:

"...............IPv6 has been in the works for over a decade now, but with the exhaustion of the IPv4 address space expected anywhere from spring to June of 2011, the long transition to the new IP may finally be on the radar screen for some organizations. Unlike its predecessor, the "new" protocol was built with security in mind: it comes with IPSec encryption, for instance, and its massive address space could help prevent worms from propagating, security experts say................."

NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines

Mark Bello

http://www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-security-guidelines.cfm

Excerpt:

"..............."The development of common Smart Grid standards is a national priority, and these cyber security guidelines are an important step toward that goal," said U.S Energy Secretary Steven Chu. "If we are to truly modernize our electrical grid, we must have electricity producers, distributors and consumers all speaking the same language and all working together to make our grid more secure. Cyber security is an integral part of the grid.".................."

Security Questions to Ask Your Vendor

CPNI

http://www.cpni.gov.uk/Docs/Vendor_security_questions.pdf

Excerpt:

"...............

This paper provides valuable information to procurement teams, business risk managers and information security professionals about the kinds of security questions they should be asking of vendors. By asking questions about the security of products right at the beginning of a procurement cycle, organisations are more likely to receive a better product at the end; one that does not require quite so many updates and cause so much downtime. Secure code should be one of the â€œfeaturesâ€ that customers demand. .................."

Spies Among Us

Pam Baker

http://www.cioupdate.com/features/article.php/3901696/Spies-Among-Us.htm

Excerpt:

"...............The report covers 900-plus breaches involving more than 900 million compromised records. The majority of the Verizon investigations evaluated in the study took place outside the US whereas the bulk of the Secret Service investigations occurred within the US. While external threats still run high at 69 percent, insider threats are an increasing challenge to IT. A challenge that is further complicated by the need to allow employees and other insiders access to the very network IT works so hard to block from outsiders..................."

Misconfigured networks are the easiest IT resource hackers exploit

IT Security Portal

http://www.itsecurityportal.com/itsecurity_news.asp?articleid=265225

Excerpt:

"...............This question was answered by Tufin's DEF CON18 research, which revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that donâ€™t always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role..................."

Internet Governance in an Age of Cyber Insecurity

Robert K. Knake

Â ng>

http://webcache.googleusercontent.com/search?q=cache:http://www.cfr.org/content/publications/attachments/Cybersecurity_CSR56.pdf

Excerpt:

"..............In pursuit of this objective, the United States should be guidedby three principles. First, it should take a networked and distributed approach to a networked and distributed problem. No single forumcan adequately address this set of issues...................."

Police in Europe conduct raids over file-sharing sites

Jeremy Kirk

http://www.computerworld.com/s/article/9183800/Police_in_Europe_conduct_raids_over_file_sharing_sites

Excerpt:

".............The action comes just shortly after Swedish authorities conducted a series of raids over the last two weeks related to file sharing using the Direct Connect protocol. At least 20 other cases related to file sharing are under investigation. Sweden has stepped up its efforts to stop file sharing, including prosecuting four men related to the Pirate Bay search engine, which enabled users to find content shared using the BitTorrent protocol....................."

Facial recognition: Identifying faces in a crowd in real-time

Ms. Smith

http://www.networkworld.com/community/print/65955

Excerpt:

"................The CheckPoint.S [3] system "is a covert real-time facial identification system that acts as an automatic 24/7 security guard that never forgets a face." As well as alerting security teams if a suspect is near, the OmniPerceptionâ€™s cameras can be "used to identify subjects with special privileges such us employees, security cleared personnel or, in different applications, VIPs" who are looking to enter premises such as hotels and casinos. The system works in a matter of seconds and in the near-infrared, working "in any lighting conditions, from pitch darkness to sunlight and everything in between."................."

DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network

Kevin Poulsen

http://www.wired.com/threatlevel/2010/09/us-cert

Excerpt:

"...............The United States Computer Emergency Readiness Team, or US-CERT, monitors the Einstein intrusion-detection sensors on nonmilitary government networks, and helps other civil agencies respond to hack attacks. It also issues alerts on the latest software security holes, so that everyone from the White House to the FAA can react quickly to install workarounds and patches..................."

Thoughts on the Future of Warfare

Aoyu Bai

http://seekingalpha.com/article/225905-thoughts-on-the-future-of-warfare

Excerpt:

".............The U.S. Defense Secretary Robert Gatesâ€™s Pentagon budget in April 2010 eliminated funding for many flagship development programs, including the F-22, which is to be phased out in 2011. With a congressional ban on the export of the aircraft, the development of the cheaper F-35, and a lack of Russian and Chinese counterparts, the Raptorâ€™s $143 million per unit price tag could not be justified. Despite the lengthy and secretive development process, it appears as though only 187 of these aircrafts will ever appear in service..................."

The Threat to National Security

Jonathan Evans

https://www.mi5.gov.uk/output/the-threat-to-national-security.html

Excerpt:

"...............Like many extreme organisations, the dissident Republicans have tended to form separate groups based on apparently marginal distinctions or personal rivalries. But those separate groups can still be dangerous and in recent months there have been increasing signs of co-ordination and cooperation between the groups. This has led to a position where this year we have seen over thirty attacks or attempted attacks by dissident Republicans on national security targets compared to just over twenty for the whole of last year................."

TheStar:Nation needs more cybercops to virtually weed out hackers

Vanes Devindran

http://thestar.com.my/news/story.asp?file=/2010/9/20/nation/20100920073020&sec=nation

Excerpt:

"..............Our people need to be exposed because we are facing hackers who target government websites,â€ he told reporters after officiating at the Malaysia Ex-Servicemen Kuching Branch Cooperative meeting here yesterday................."

NIST Finalizes Initial Set of Smart Grid Cyber Security Guidelines

Mark Bello

http://www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-security-guidelines.cfm

Excerpt:

Security Questions to Ask Your Vendor

CPNI

http://www.cpni.gov.uk/Docs/Vendor_security_questions.pdf

Excerpt:

"............

Spies Among Us

Pam Baker

http://www.cioupdate.com/features/article.php/3901696/Spies-Among-Us.htm

Excerpt:

Misconfigured networks are the easiest IT resource hackers exploit

IT Security Portal

http://www.itsecurityportal.com/itsecurity_news.asp?articleid=265225

Excerpt:

Internet Governance in an Age of Cyber Insecurity

Robert K. Knake

http://www.cfr.org/content/publications/attachments/Cybersecurity_CSR56.pdf

Excerpt:

"..............In pursuit of this objective, the United States should be guidedby three principles. First, it should take a networked and distributedapproach to a networked and distributed problem. No single forumcan adequately address this set of issues...................."

Police in Europe conduct raids over file-sharing sites

Jeremy Kirk

http://www.computerworld.com/s/article/9183800/Police_in_Europe_conduct_raids_over_file_sharing_sites

Excerpt:

Facial recognition: Identifying faces in a crowd in real-time

Ms. Smith

http://www.networkworld.com/community/print/65955

Excerpt:

DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network

Kevin Poulsen

http://www.wired.com/threatlevel/2010/09/us-cert

Excerpt:

The Perils of the Internet

Eugene Aseev

http://www.securelist.com/en/analysis/204792137/The_Perils_of_the_Internet

Excerpt:

"..............In Internet attacks, the primary aim of cybercriminals is to download and install a malicious executable file onto a victim computer. Naturally, there are attacks such as cross-site scripting, also known as XSS, and cross-site forgery requests, or CSRF), which do not involve downloading or installing executable files on victim machines...................."

Interview on ENISAâ€™s first pan-European CIIP exercise

Evangelos Ouzounis, Panagiotis Trimintzios & Panagiotis Saragiotis

http://www.enisa.europa.eu/media/news-items/focus-interview-cyber-security-exercise

Excerpt:

"...............The main objective of the exercise is to bring the Member States together and enhance the

Member Statesâ€™ coordination efforts during a crisis. We also want to test the Member Statesâ€™Â

abilities to find the right contacts and assess the competences in the other Member States

during a crisis. This is the first time we have a pan-European CIIP exercise, i.e. the first timeÂ

that the Member States come together and work on a NIS related topic. We are all very muchÂ

looking forward to this and we have been spending a lot of time analysing what the bestÂ

approach for this kind of exercise is. Several Member States have already had national exercises ..............."

Incentives and Challenges for Information Sharing in the Context of Network and Information Security

ENISA

http://www.enisa.europa.eu/act/res/policies/good-practices-1/information-sharing-exchange/incentives-and-barriers-to-information-sharing/at_download/fullReport

Excerpt:

"...............Finally, the differing approaches to regulation and co-operation may also have an impact. This can be seen in the way in which the regulator and regulated entities interact. For example, in some countries there may be more of an outcome based regulatory approach, whereby both regulators and regulated jointly agree on outcomes to be achieved that are socially important, and work co-operatively to achieve them. .................."

Google Confronts Chinaâ€™s â€œThree Warfaresâ€

Timothy L. Thomas

http://www.carlisle.army.mil/USAWC/Parameters/Articles/2010summer/Thomas.pdf

Excerpt:

"...............Initially, this article examines the context within which the Google attacks occurred and how Googleâ€™s responseâ€”abandoning censorship in Chinaâ€”was used by the Chinese to distract attention from their planned aggression. It then analyzes how a 2003 military regulation assisted Chinaâ€™s response to Googleâ€™s accusations. In short, these procedures are being used all too often by the Chinese and are causing US authorities to be more and more intolerant of Chinese behavior..................."

Every week 57,000 fake Web addresses try to infect users

Help Net Security

http://www.net-security.org/malware_news.php?id=1456

Excerpt:

"..............Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals. To do this, they use an average of 375 company brands and names of private institutions from all over the world, all of them instantly recognizable...................."

UK plans increased spending on cyber-security

John Leyden

http://www.theregister.co.uk/2010/09/14/cyber_security_defense/

Excerpt:

"...............Investing in better cyber-security will not be an option for the United Kingdom. What is being considered under the National Security Council as part of the SDSR is how that occurs. We will face increasing threats in cyberspace in the years ahead-the question is how we identify the weakest areas, which need to be looked at first, and how we develop the technologies so that, as the other technologies that might affect us continue to evolve, we are best protected. That will require us to look at research across the board.................."

The Top Cyber Security Risks Report

HP TippingPoint DVLabs

http://dvlabs.tippingpoint.com/toprisks2010

Excerpt:

"...............Over the previous decade, the vulnerability threat landscape might be segmented into two distinct eras. Between 2000-2005 there was the era of the classic worm, generally leveraging a Microsoft or

other widely used service level vulnerability. However, between 2005 and 2006 the landscape seemed to change and another large Internet worm did not arise until Conficker in late 2008..................."

U.S. cyber-security strategy yet to solidify

Ellen Nakashima

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/16/AR2010091606745.html

Excerpt:

".............."There's a degree of caution about what direction to move, how far to move," said James A. Lewis, a national security expert at the Center for Strategic and International Studies. "You've got a lot of agreement on what the problem is but very little agreement on the solution, both within the government and outside."..................."

Cybercrime is world's most dangerous criminal threat

The Times of India

http://economictimes.indiatimes.com/tech/internet/Cybercrime-is-worlds-most-dangerous-criminal-threat/articleshow/6571330.cms

Excerpt:

"..............."Cybercrime is emerging as a very concrete threat," he said at the opening ceremony of the first Interpol Information Security Conference at Hong Kong's police headquarters on Wednesday. Â Considering the anonymity of cyberspace, it may in fact be one of the most dangerous criminal threats we will ever face." .................."

Intel CISO: The biggest threat to security is a misperception of risk

Joan Goodchild,

http://www.csoonline.com/article/615413/intel-ciso-the-biggest-threat-to-security-is-a-misperception-of-risk

Excerpt:

"..............From a psychology perspective, the greater people perceive a benefit, the greater the tolerance of risk. Some examples of this include organizational adoptions of technologies such as cloud computing, virtualization, and social media. All present great advantages to business, so the security risk they present are acceptable, noted Harkins...................."

Defence Review: Cyber-war â€“ another new frontier for conflict opens

Paul Cornish

http://www.telegraph.co.uk/news/newstopics/politics/defence/8008520/Defence-Review-The-Services-have-a-fight-on-their-hands-but-who-is-the-biggest-enemy.html

Excerpt:

".............The â€œClickskriegâ€ was especially disabling for a country that was a pioneer of electronic government and prompted the creation of Natoâ€™s cyber defence centre in Tallinn. During the Russo-Georgian conflict over South Ossetia in 2008 it again became clear that private computing power had been coordinated for strategic effect....................."

Increased attacks on Malaysian websites detected

Malaysia Star (blog)

http://thestar.com.my/news/story.asp?file=/2010/9/8/nation/20100908115850&sec=nation

Excerpt:

"............There has been an increase in web defacement activities targetting Malaysian websites, says the Malaysian Communications and Multimedia Commission (MCMC). Â It said in a statement that the number of defaced websites had increased from 168 cases for the whole of August to 262 cases recorded in the first week of September alone................"

Cyber Threats: Beyond Entertainment Value!

Dirk Zwart

http://www.sys-con.com/node/1523540

Excerpt:

"..............On June 8th, 2010 the National Public Radio (NPR) broadcast a debate by the public charity Intelligence Squared U.S. (IQ2US) entitled â€œThe Cyber War Threat Has Been Grossly Exaggerated.â€ The showâ€™s format is based on the traditional Oxford-style debate, with one side proposing and the other side opposing a sharply-framed motion..............."

India second worst victim of cyber crime

http://www.hindustantimes.com/StoryPage/Print/597642.aspx

Excerpt:

"............Computer security firm Symantec on Wednesday reported that about two thirds of the world's Internet users have fallen victim to cybercrime and few think crooks will be caught.

China was tops when it came to online victims, with 83 per cent of Internet users there having been hit by computer viruses, identity theft, online credit card fraud or other crimes, according to a Norton Cybercrime Report................."

Internet Censorship, Here and Over There

Michael Scott Moore

http://www.miller-mccune.com/politics/internet-censorship-here-and-over-there-22052/

Excerpt:

"..............Uproar this year over an â€œInternet Kill Switchâ€ bill has largely subsided because the legislation has stalled in the Senate. The summer controversy focused on a proposed presidential power to declare a national emergency and shut down parts of the Web dealing with â€œcritical infrastructure,â€ for up to four weeks â€” which under a willing White House legal adviser, critics said, might lead to Chinese-style Web censorship for political enemies..............."

Symantec: Nearly Two-Thirds of Users Hit by Cyber-Crime

Brian Prince

http://www.eweek.com/c/a/Security/Symantec-Nearly-23-of-Users-Hit-by-CyberCrime-792448/

Excerpt:

".............According to "The Norton Cybercrime Report: The Human Impact" 65 percent of about 7,000 users globally that were surveyed reported falling victim to cyber-crimes ranging from online credit card fraud to having their machines infected with malware. In the United States that figure was 73 percent. China led the way with 83 percent, while Brazil and India were tied at 76 percent................"

Microsoft Releases Free Cyber-Security E-Book

Jason Fitzpatrick

http://www.lifehacker.com.au/2010/09/microsoft-releases-free-cyber-security-e-book/

Excerpt:

".............Microsoft has released a free â€” and lengthy! â€” e-book covering a wide range of security topics. Although intended for teenagers, the book offers a solid enough look at using the internet safely, and itâ€™s suitable for anyone who needs a primer on internet security................"

70 percent of S'pore Net users hit by cybercrime

Tyler Thia

http://www.zdnetasia.com/70-percent-of-s-pore-net-users-hit-by-cybercrime-62202807.htm

Excerpt:

"............70 percent of Internet users in Singapore have fallen prey to cybercrimes, which is slightly higher than the global average of 65 percent. Four in 10 people have never fully resolved the issue, and many are suffering in silence, according to a new report by security vendor Symantec................."

September 2010

July 2010

February 2010

January 2010