| |
Facebook Accuses Yahoo of Infringing on Patents
New York Times DealBook Blog (04/03/12) De La Merced, Michael J.; Rusli, Evelyn M.
Facebook has filed a countersuit against Yahoo, which last month accused the social networking site of violating 10 of its patents. Facebook's lawsuit accuses Yahoo of violating its patents for display advertising, content personalization, and photo sharing. Two of the technologies that were cited in Facebook's lawsuit were invented by employees of the social networking site, while patents for the rest of the technologies appear to have been purchased from others. The lawsuit is seeking to invalidate Yahoo's patents and to force Yahoo to pay damages and legal fees. Yahoo has said that Facebook's claims are baseless and that the lawsuit is merely an attempt to distract from the weakness of its defense in the lawsuit that was filed against it in March.
Card Firm Says Systems Now Secure
Wall Street Journal (04/02/12) Sidel, Robin; Johnson, Andrew R.
Global Payments, the Atlanta-based payment card processor that recently suffered a data breach in its North American processing system, said April 2 that its systems are currently secure. In addition, Global Payments said that it is continuing to process credit- and debit-card transactions during the investigation into the breach. Those comments from Global Payments came a day after the company said that the thieves behind the data breach appeared to have accessed and exported card account numbers, expiration dates, security codes, and other information. Cards labeled with all of the major card brands, including Visa and MasterCard, were affected. No customer names, addresses, or Social Security numbers were stolen in the breach, Global Payments said. However, the information that was stolen could be used by criminals to create counterfeit cards. The data breach is raising questions about the effectiveness of card industry data security standards. Critics say that the tests that the industry performs on a periodic basis to determine how secure a merchant or card processor's systems are cannot necessarily determine whether practices have been adopted to protect data. Indeed, Global Payments had been certified as meeting those industry standards as of last July.
Handyman Convicted of Killing Cleaner in NY Tower
Associated Press (04/02/12) Peltz, Jennifer
A New York City handyman was convicted April 2 on charges of suffocating a cleaning woman and placing her body in an air-conditioning duct in an office building where they both worked. The cleaning woman, Eridania Rodriguez, was discovered missing from her job in July 2009, resulting in a four-day search before her body was found in the Manhattan office tower. Prosecutors said that the handyman, Joseph Pabon, killed Rodriguez on a deserted floor of the building and told co-workers he was sick before going home. Pathology tests discovered Pabon's DNA under Rodriguez's fingernails. Pabon also had scratches on his neck and elsewhere on his body. Pabon, who pleaded not guilty to the charges, could face up to life in prison at his upcoming sentencing.
Ex-Fort Worth Bank Manager Stole From Customers
Houston Chronicle (03/29/12)
Authorities said a former Texas bank manager accused of stealing approximately $2 million from bank customers pleaded guilty to charges of bank fraud on March 28. Officials say Pamela Cobb, a former manager of a Bank of America branch in Fort Worth, illegally withdrew cash from numerous bank accounts since 2002. If customers complained, she took money from other accounts to replace the stolen funds. The money was reportedly used to purchase vacations, clothing, jewelry and property. Cobb is required to forfeit all of the items she bought with the money. A federal judge will sentence Cobb in September. She could receive up to 30 years in prison and be ordered to pay a $1 million fine and restitution.
Breach Revives Doubts About Card Industry Security Standard
American Banker (04/03/12) Wolfe, Daniel
Data breaches such as the recent Global Payments hack raises doubts about the PCI data security standard, as the processor was thought to be compliant until the intrusion was uncovered. "This [breach], in the end, does more damage to PCI than it does to Global Payments because it pretty clearly calls into question whether PCI compliance is worth anything at all ... you can be totally compliant and still be breached," says IDC's Aaron McPherson. Wells Fargo analyst Timoth Willi observes that other processors, such as Heartland Payment Systems, have lived down breaches. "It appears there is concern by some around the issue of PCI compliance and the timeline around recertification and the impact non-compliance will have," he notes. "We believe these concerns are unfounded and would point out it took [Heartland Payment Systems] approximately three months to regain its PCI compliance following its breach with no meaningful impact on its business." Global Payments CEO Paul R. Garcia says the company is caught in a no-win situation, in that it is presumed out of compliance with PCI once it discloses a breach even if it has had no prior difficulties demonstrating its compliance. However, he notes that the processor is still handling Visa transactions and is in the midst of signing up new merchants in spite of the breach and Global Payments' removal from the PCI compliant list. Some experts blame outdated magnetic-stripe cards as much as they blame the PCI standard for security vulnerabilities. They say that what is needed are stronger payment technologies such as mobile payments or the EMV chip-card standard.
Portland Offers Model on Terrorism Investigations
San Francisco Chronicle (04/03/12) Adams, Sam
Portland's Mayor Sam Adams said that San Francisco lawmakers should look to Portland as a model of how to operate in instances of cooperation with the FBI. Last year, the city of Portland, Oregon worked to come up with a game plan on how to prevent and investigate possible terrorism, protect civil rights and liberties, and enhance the city as an open and inclusive community. In April, the City Council enacted binding local regulations to govern how the city's police conducted its work with the FBI's Joint Terrorism Task Force (JTTF). Adams said San Francisco's Safe San Francisco Civil Rights Ordinance resembles the legislation enacted in Portland last year. The FBI rejected both cities request to alter its standard JTTF agreement. But Portland Police have been able to work with the FBI's JTTF, while following the laws enacted locally and abstaining from signing the FBI's standard agreement. Portland Police Chief Mike Reese told the City Council at the time the legislation was enacted that the approach "gives us an opportunity to show we continue to be trustworthy and capable of protecting the community and individual privacy rights." Adams encouraged San Francisco to move ahead with its plan.
French Police Seize 10 Suspected Islamic Militants
New York Times (04/04/12) Sayare, Scott; Cowell, Alan
Ten suspected Islamic militants were arrested in raids across France on Wednesday. Police sources who spoke to the media on condition of anonymity said that the individuals who were arrested were believed to either be planning to travel to Pakistan or Afghanistan for training or had already took part in training in those countries. The individuals are not believed to be part of a terrorist organization, but rather were lone wolfs. The arrests, which French President Nicolas Sarkozy said were not related to the shooting that took place at a Jewish school in France last month, came one day after French authorities announced plans to indict 13 Muslim radicals who were arrested last week on charges of planning to carry out terrorist attacks in the country. Those individuals, who do not have ties to the 10 who were arrested on Wednesday, are believed to be members of the Islamist organization Forsane Alizza, which means Knights of Pride. The leader of the group has said that members were not planning to commit acts of violence, though the suspects who were arrested on Friday were found to be in possession of a number of weapons. Members of Forsane Alizza are also thought to have recently taken part in physical training and religious indoctrination sessions.
Mystery Surrounds Silencing of Key al Qaeda Websites
CNN.com (04/03/12) Levine, Adam
Experts are wondering why a number of al-Qaida Web sites have gone offline over the last several weeks. Five al-Qaida Web sites went dark on March 23, while another went offline on March 25. Two more were taken offline on March 28 and March 30. Two of the Web sites have since resumed operations. All of the sites are used by al-Qaida members to post messages and for aspiring jihadists to engage in discussions about terrorist ideologies. Brandeis University researcher Aaron Y. Zelin said that the outages may be related to the recent arrest of Mudhar Hussein Almalki, who maintained an online al-Qaida forum that was used to pass information along to jihadists. Meanwhile, former Bush administration Homeland Security Adviser Fran Townsend said that the outages may have been the result of a "covert" denial of service attack. Townsend said that a number of countries may have carried out such an attack if the U.S. was not responsible.
Students Ran, Hid as Gunman Opened Fire in Calif.
Associated Press (04/03/12) Elias, Paul
Seven people were killed and three others were injured in a shooting rampage that took place at Oikos University in Oakland, Calif., on Monday. Police say that the shootings took place over the course of an hour. Witnesses said that the first victim was a woman at the front desk of the university, which has just one building. The shooter, a former nursing student at Oikos University, then continued shooting randomly in a number of different classrooms. In one of those classrooms the gunman ordered students to line up against the wall. Students ran away after the gunman pulled out his weapon, prompting him to open fire. Meanwhile, heavily-armed police responded by forming a perimeter around Oikos University in the hopes of trapping the gunman inside. However, the gunman was able to escape in a victim's car. He drove to a grocery store about three miles away and told the security guard, who approached him because he was acting suspiciously, that he needed to talk to police because he had shot people. The guard subsequently called police, who arrested the gunman at the grocery store. A motive for the shooting, which is still under investigation, has yet to be determined.
NYPD Beefs Up Security Ahead of Passover Holiday
Associated Press (04/03/12)
The New York Police Department (NYPD) has announced that it will step up security around the city to protect the area's large Jewish population during the upcoming Passover holiday. Officials say there have been no threats, but that they remain wary following the attacks on a Jewish religious school in France that left a rabbi, his two young sons, and a schoolgirl dead. Police Commissioner Raymond Kelly said the heightened security would include deployment of heavily armed roving counterterrorism units. "We'll ensure that coverage is more than adequate in those neighborhoods, adding foot posts, visits by officers to synagogues, outreach by community affairs officers, and a heightened presence of anti-crime," Kelly recently told a roomful of the city's Jewish leaders.
Most Popular Internet Sites Consistently Serving Up Malware
Dark Reading (04/03/12) Wilson, Tim
Cybercriminals are using older, popular Web sites to infect Web surfers with malware, according to a report from Barracuda Labs. The report found that 58 of Alexa's 25,000 most popular Web sites, which are visited by millions of users on a daily basis, were being used to facilitate drive-by downloads of malicious code. These Web sites were being used to infect users with malicious code on 23 out of the 29 days in February, meaning that the problem of drive-by downloads is cropping up on a regular basis. Finally, the study found that more than 97 percent of the Web sites that were being used to facilitate drive-by downloads were at least a year old, while more than half were over five years old. Barracuda Labs notes that this is an indication that cybercriminals are using well-established Web sites that have been around for a long period of time to carry out drive-by downloads.
BlackHole Exploit Targets Java Bug Through Browser-Based Attacks
Network World (03/30/12) Neagle, Colin
Cybersecurity experts are warning about an exploit that could take advantage of computers running old versions of Java. According to a report by security expert Brian Krebs, the exploit—which has been integrated into a software toolkit known as BlackHole that is designed to make it easier for criminals with no technical knowledge to carry out cyberattacks—takes advantage of a security vulnerability that was patched in February by Oracle. Krebs notes that this vulnerability basically shuts off the sandbox feature in Java, which was designed to help protect Java users from cyberattacks. A successful attack, which could be carried out by infecting visitors to malicious Web sites, could result in the victim's computer being used in a bot to send out spam or carry out distributed denial-of-service attacks. Sensitive information also could be stolen. Krebs says users can protect themselves by uninstalling Java from their machines, an option that is feasible because many people do not need Java at all, and if they do they only need it for certain tasks. Meanwhile, Qualys' Wolfgang Kandek says users can protect themselves by updating to the latest version of Java. If that is not an option, users can configure Windows to limit Java to working only on a handful of trusted sites.
Mac Malware Exploits Microsoft Office Vulnerability
IDG News Service (03/29/12) Constantin, Lucian
Security researchers at AlienVault have uncovered new email-based targeted exploits that take advantage of a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS platforms. AlienVault's researchers say this is one of the few times they have seen a malicious Office file used to inject malware on Mac OS X, and one Mac antivirus vendor says the attacks are likely to become more ubiquitous because the malware is fairly sophisticated and the Word document code is not encrypted. "The attack will be very effective on those who have not updated their copies of Microsoft Office, or aren't running antivirus software," the researchers say. If the flaw is exploited successfully, the rogue Word files will install a previously unseen Mac OS X Trojan horse, which the remote attackers can manipulate to download, upload, and delete files, or to initiate a remote shell on the system. AlienVault believes this attack was initiated by the same group that distributed a similar Mac Trojan earlier this month by exploiting a weakness in outdated Java installations.
Case Based in China Puts a Face on Persistent Hacking
New York Times (03/29/12) Perlroth, Nicole
Several attempts to hack computers belonging to Japanese and Tibetan companies have for the first time been conclusively traced to a former graduate student at China's Sichuan University, Gu Kaiyuan. Gu is believed to be an employee at Tencent, China's leading Internet portal company. A report released by Tokyo-based computer security firm, Trend Micro, indicates that he may have recruited students to work on Sichuan's research involving computer security and defense. While the report did not say these efforts were directly linked to hackers employed by the Chinese government, Trend Micro researchers believe the targets that were selected, including Tibetan activists, and the techniques that were used indicate that the breaches were state-sponsored. Trend Micro traced a total of 233 attacks on personal computers. Other victims include Indian military research organizations and shipping companies as well as aerospace, energy, and engineering companies in Japan. The attacks are thought to have been going on for at least 10 months and are ongoing. The attacks typically begin with tricking the recipient into opening an e-mail. Indian victims were sent and e-mail about India's ballistic missile defense program, Tibetan advocates received e-mails about self-immolation or job openings in the advocacy movement, and Japanese victims received an e-mail about radiation measurements following its recent earthquakes. Each e-mail contained an attachment that would link the computer to the attackers' servers, using security holes in Microsoft Office and Adobe software.
Watching and Waiting
Wall Street Journal (04/03/12) Worthen, Ben
Although only a small portion of the 300 million cyberattacks that took place last year were considered to be advanced persistent threats (APTs), experts say that the APTs are almost impossible to prevent. One reason why APTs are so dangerous is that the cybercriminals behind them carefully select their targets and wait for the best time to carry out the attack. In addition, APTs often use new code that is not likely to be detected by security software. APTs also remain present in breached systems for longer periods of time than garden-variety cyberattacks, allowing cybercriminals to steal important documents and information such as intellectual property. While security experts say that companies cannot prevent every APT, they can take steps to mitigate the threat from these attacks, beginning with knowing what kind of information could be targeted by an attacker. Security experts also recommend that organizations take additional steps to protect their most important information, and to treat workers who have access to this information differently than those who do not. Organizations also should be aware of what kinds of information employees are posting to social networking sites, since this information is often used to carry out an APT. Finally, organizations should look for anomalies in network traffic logs that could be indications of APTs, such as discrepancies between the names of Web sites that company computers tried to connect with and the IP addresses of the sites that the computers logged in to.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
1 comment:
Hello Friends.........
Great information.Thanks for sharing this useful information with all of us.Keep sharing more in the future.
Have a nice time ahead.
Thanks
Post a Comment