News Briefs

Latest

Verizon Tops US ISPs for Spam Abuse, Plans Prevention and Shift to Port 587

Brian Krebs of Washington Post reporting: "Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers. ... If spammers are attracted to the company's network, it may be because Verizon still allows customers to send e-mail on Port 25, the communications channel that is traditionally used by large organizations to send e-mail." more

Malware Authors, Distributors Increasingly Using Social Networks

Security experts warn the "clickjacking" attack on Twitter service last week is part of growing trend of social engineering attacks via social networks. VP of security firm RSA, Sam Curry, calls the social networking attacks "orthogonal attacks." As users have become aware of phishing attacks and other efforts to get at their personal data, hackers have turned to social networks and "brand attacks," like the recent CNN.com-spoofing Cease-Fire Trojan to spread malware that goes after the same information once installed on the victim's computer. more

N.Y. Governor Proposes Internet Download Tax, Including Porn

Reported today on NPR: "In an effort to curb New York's nearly $15 billion budget deficit, Gov. David Paterson is suggesting a tax on Internet downloads. His so-called "iPod tax" would levy a 4 percent fee on all music and video downloads -- including pornography. Supporters say they're merely bringing the tax code into line with shifting technologies. But not everyone is on board with the idea of profiting off porn." more

Canadian Judge Allows Use of IP Addresses to Identify People Without Search Warrant

A ruling in Canadian Court could allow police to routinely use IP addresses to identify line users without any need for search warrants, reports the National Post. The Ontario Superior Court justice Lynne Leitch's found that there is "no reasonable expectation of privacy" in subscriber information kept by Internet service providers, in a decision issued this week. The decision is binding on lower courts in Ontario, and it is the first time a Superior Court level judge in Canada has ruled on whether there are privacy rights in this information that are protected by the Charter. more

Microsoft Offers $250K Reward for the Arrest of Conficker Computer Warm Authors

Microsoft is trying to put some pressure on the criminals responsible for the worst Internet worm outbreak in years, offering a $250,000 reward for information leading to the arrest and conviction of Conficker's creators. The software vendor said it was also working with security researchers, domain name registrars and the Internet Corporation for Assigned Names and Numbers (ICANN) to try to take down the servers that have been launching the Conficker attacks. ICANN is the nonprofit corporation that oversees Internet addresses. more

F-Secure Third Security Vendor Attacked in One Week

A Romanian hacker site said on Wednesday it was able to breach the website of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week. F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity." more

FTC Issues New Privacy Guidelines for ISPs, Mobile Companies

Federal regulators tweaked recommendations for how websites should collect, save and share information about users, extending them to Internet service providers and mobile users. The Federal Trade Commission issued new guidance on Thursday for the self-regulated industry that urges websites to tell consumers that data is being collected during their searches and to allow them to opt out. more

U.S. Government Misses DNSSEC Deployment Deadline

The U.S. federal government has missed its initial deadline for rolling out DNS Security Extensions (DNSSEC) on its .gov top-level domain. Federal officials now say they will cryptographically sign .gov by the end of February, one month behind their original schedule. Federal agencies were required to deploy DNS Security Extensions (DNSSEC) on the .gov top-level domain by January 2009 and on all sub-domains by December 2009 under an Office of Management and Budget (OMB) mandate issued last year. more

Hathaway to Head US Cybersecurity Effort

President Barack Obama will tap a top aide to President George W. Bush's intelligence director to head his cybersecurity effort, according to government officials familiar with the decision. An announcement is expected as early as Monday. The appointment of Melissa Hathaway, a former consultant at Booz Allen Hamilton, is the president's first major decision on cybersecurity. She will lead a review of the government's efforts to secure computer networks against spies, terrorists and economic criminals and is expected to then head a new White House office of cybersecurity. more

DNS Amplification Variant Expected in Future Major DDoS Attacks, Experts Warn

Several sources are reporting about a new form of denial-of-service (DDoS) attacks which are based on a new variant of DNS amplification. DNS amplification was first widely publicized in March of 2006 with the release of a paper by security experts Gadi Evron and Randal Vaughn which examined a scenario in which criminals abuse recursive DNS name servers by using spoofed user datagram protocol (UDP) packets. more

Google, Microsoft, Motorola, Others Launch the White Spaces Database Group

In the move towards enabling mobile devices to use TV white spaces spectrum, Google along with Comsearch, Dell, HP, Microsoft, Motorola, and Neustar today announced the launch of White Spaces Database Group. The creation of this database has been part of FCC's big vote and approval of white spaces for broadband back in November. This is a required measure to ensure devices can locate channels and avoid interference. more

Yellow Parking Violation Fliers on Windshields Get Drivers to Visit Malicious Website

Security expert and malware analyst, Lenny Zeltser has examined a creative malware distribution method in the real world where fliers placed on windshield of cars scare drivers into visiting a malicious website. Zeltser writes: "Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated: 'PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redacted' ... If you went to the website, you'd see several photos of cars on parking lots in that specific town..." more

NARUC: Give Individual States Lead Role in Broadband Stimulus

Regulators from the National Association of Regulatory Utility Commissioners (NARUC) will be in Washington later this month to urge that states be given the responsibility of using federal funds to be earmarked for broadband deployment. The group, whose members come from state government agency regulators, will meet in Washington beginning Feb. 15, and the regulators are expected to press their requests at the time. The Obama administration has listed stepped-up deployment of broadband as an important part of its plan to help the economy. more

Data Breach Costs Continue to Rise, 40% Increase Since 2005

According to a new study by PGP Corporation and Ponemon Institute, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007. The study is based on 43 organizations across 17 different industry sectors with a range of 4,200 to 113,000 records that were affected. It is also noted that since 2005, the cost component has grown by more than $64 on a per victim basis since -- nearly a 40% increase. more

Malware Detection Declining, Anti-Phishing Filters Detect Less than 50% of Attacks, Says Report

A study comparing best-of-breed computer security vendors suggests more than half of active malware and phishing threats on the Internet go undetected, with an average detection rate of 37% for malware and 42% for phishing. "Given the dynamic nature of today's online threats and the traditionally reactive approach taken by today's malware and phishing detection technology, conventional signature-based solutions are inherently at a disadvantage to keep up," said Panos Anastassiadis, CEO and Chairman of Cyveillance. "Because the majority of damage occurs during the first 24 hours of an attack, early detection of attacks is crucial." more

Latest News

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days

Topics

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Mobile Internet

Sponsored byAfilias