Saturday, June 30, 2012

I have a question about your EmpowerNetwork business :)

Hey I stumbled upon your business and email. Your company looks great! I'm just curious how much are you making on a weekly basis? How many people are you putting in your business on a weekly basis? If you need any help generating more money or leads in your business let me know. Coaching people in network marketing is my passion :)

Here's to your success!

Sincerely, Ashley Firmino 







1011 625 N Canon Dr
Beverly Hills, CA
90210

I have a question about your EmpowerNetwork business :)

Hey I stumbled upon your business and email. Your company looks great! I'm just curious how much are you making on a weekly basis? How many people are you putting in your business on a weekly basis? If you need any help generating more money or leads in your business let me know. Coaching people in network marketing is my passion :)

Here's to your success!

Sincerely, Ashley Firmino 







1011 625 N Canon Dr
Beverly Hills, CA
90210

Your Obama! bumper stickers: midnight deadline

Obama - Biden

PAID FOR BY OBAMA VICTORY FUND 2012, A JOINT FUNDRAISING COMMITTEE AUTHORIZED BY OBAMA FOR AMERICA, THE DEMOCRATIC NATIONAL COMMITTEE, AND THE STATE DEMOCRATIC PARTIES IN THE FOLLOWING STATES: CO, FL, IA, NV, NH, NC, OH, PA, VA, AND WI.

Contributions or gifts to Obama Victory Fund 2012 are not tax deductible.

The first $5,000 of a contribution to OVF 2012 will be allocated to Obama for America (with the first $2,500 designated for the primary election, and the next $2,500 for the general election). The next $30,800 of a contribution will be allocated to the Democratic National Committee. Any additional amounts from a contributor will be divided among the State Democratic Party Committees as follows, up to $10,000 per committee and subject to the biennial aggregate limits: FL (17%); OH (16%); PA (13%); CO (11%); NC (11%); VA (11%); NV (6%); WI (6%); IA (5%); and NH (4%). A contributor may designate his or her contribution for a particular participant. The allocation formula above may change if following it would result in an excessive contribution. Contributions will be used in connection with a Federal election.


This email was sent to: securityworld@gmail.com

Update address | Unsubscribe

Your seat on Barack's bus

Joe --

Our family has spent more than a few days on the campaign trail.

We've had lots of card games, laughs, and fun family moments on that campaign bus.

Barack is hitting the road again next week, and he's saving two seats on the bus for a supporter and their guest. We'll pick the lucky winner in just a few hours.

So make a donation before the big fundraising deadline tonight, and you'll be automatically entered to join Barack on the road.

The girls and I miss Barack when we're not on the road with him. But I know he's looking forward to hanging out with you -- so I'll let you take my seat this time.

Pitch in what you can before tonight's critical fundraising deadline to be automatically entered to spend some time with Barack on the road:

https://donate.barackobama.com/Tonight

Thanks, and good luck.

- Michelle

















No purchase, payment, or contribution necessary to enter or win. Contributing will not improve chances of winning. Void where prohibited. Entries must be received by June 30, 2012. You may enter by contributing to Obama for America here or click to enter without contributing. One winner will receive the following prize package: round-trip tickets for winner and a guest from within the fifty U.S. States, DC, or Puerto Rico to a destination to be determined by the Sponsor; hotel accommodations; and the opportunity to meet with President Obama on an official Obama for America campaign bus tour on a date and for a duration to be determined by the Sponsor (approximate retail value of all prizes $1,400). Odds of winning depend on number of entries received. Promotion open only to U.S. citizens, or lawful permanent U.S. residents who are legal residents of 50 United States, District of Columbia and Puerto Rico and 18 or older (or age of majority under applicable law). Promotion subject to Official Rules and additional restrictions on eligibility. Sponsor: Obama for America, 130 E. Randolph St., Chicago, IL 60601.
Paid for by Obama for America

Contributions or gifts to Obama for America are not tax deductible

This email was sent to: securityworld@gmail.com

Update address | Unsubscribe

This is important

Joe --

Today is one of the most important fundraising deadlines of this campaign so far.

We might not outraise Mitt Romney.

But I am determined to keep the margin close enough that we can win this election the right way.

To do that I need your help today.

Please donate $3 or more before tonight's deadline:

https://donate.barackobama.com/Tonight

The stakes in this election are real. Thanks for all your support so far.

Good week.

Barack

Paid for by Obama for America

Contributions or gifts to Obama for America are not tax deductible

This email was sent to: securityworld@gmail.com

Update address | Unsubscribe

Re: Unclaimed Prize

We're still waiting for your mail to claim your prize of £1,500,000.00 British Pounds from Liverwood Promotions.
Fill below for Claim;
(Send Name):
(Contact Add):
(Phone):
Congrats once again.
Sincerely.

Organic SEO Services

 
Hi,
 
I am Anirudh, SEO Consultant.
 
I hope you are doing well and have time to read my proposal.
 
Advertising in the online world is one of the most inexpensive and highly effective methods of promoting a business.
 
We are a Leading Indian Based SEO & Web Development Company and one of the very few companies which offer organic SEO Services with a full range of supporting services such as one way themed text links, blog submissions, directory submissions, article writing and postings, etc.
 
We are a team of 85+ professionals which includes 28 full time SEO experts. We are proud to inform you that our team handled 180+ SEO projects and obtained 100000+ manually built links in the past 1 year.
 
Let me know if you are interested and I'll present you with a proposal that would not only improve sales of your company but also brand your products.
 

Feel free to contact me in case of any enquiry.
 

Kind Regards
 
Anirudh Singh
 
Online SEO Consultant
 
Delhi,India
***********************************
 
 

Note: We are not spammers and are against spamming of any kind. If you are not interested then you can reply with a simple \"NO\",We will never contact you again.

Organic SEO Services

 
Hi,
 
I am Anirudh, SEO Consultant.
 
I hope you are doing well and have time to read my proposal.
 
Advertising in the online world is one of the most inexpensive and highly effective methods of promoting a business.
 
We are a Leading Indian Based SEO & Web Development Company and one of the very few companies which offer organic SEO Services with a full range of supporting services such as one way themed text links, blog submissions, directory submissions, article writing and postings, etc.
 
We are a team of 85+ professionals which includes 28 full time SEO experts. We are proud to inform you that our team handled 180+ SEO projects and obtained 100000+ manually built links in the past 1 year.
 
Let me know if you are interested and I'll present you with a proposal that would not only improve sales of your company but also brand your products.
 

Feel free to contact me in case of any enquiry.
 

Kind Regards
 
Anirudh Singh
 
Online SEO Consultant
 
Delhi,India
***********************************
 
 

Note: We are not spammers and are against spamming of any kind. If you are not interested then you can reply with a simple \"NO\",We will never contact you again.

Friday, June 29, 2012

An emotional moment in the Oval Office

Joe --

Yesterday I shared an emotional moment with Barack in the Oval Office after he learned health reform had been upheld.

Barack Obama is a man who refused to give up. No matter how politically unpopular it was, he knew it was the right thing to do.

Tomorrow is the biggest fundraising deadline of this election so far. Romney and the Republicans may outraise us again -- you can bet they'll have a whole slew of special interests who want to see Romney make good on his promise to repeal Obamacare on Day One.

But they can't beat us if we pull together. Our grassroots movement is unstoppable when we put our minds to it.

Please donate $3 or more today, before the critical deadline:

https://donate.barackobama.com/June-Deadline

Thanks,

Joe

Paid for by Obama for America

Contributions or gifts to Obama for America are not tax deductible

This email was sent to: securityworld@gmail.com

Update address | Unsubscribe

[SECURITY] [DSA 2505-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2505-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
June 29, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : zendframework
Vulnerability : information disclosure
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-3363
Debian Bug : 679215

An XML External Entities inclusion vulnerability was discovered in
Zend Framework, a PHP library. This vulnerability may allow attackers
to access to local files, depending on how the framework is used.

For the stable distribution (squeeze), this problem has been fixed in
version 1.10.6-1squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1.11.12-1.

We recommend that you upgrade your zendframework packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJP7gbWAAoJEL97/wQC1SS+6OEH/jkrMyTtmsitOAl2zutL6iLu
eMB755peBuBb+PWL6JxK9cnI+tiWl4R1USQ7bpZKm6d0ZzRZRk6phDatUR5HXPDn
DwzHF2J3hnxP4oaigpLZWSBM1vUP74ORyENSX8pznC46KZ3e/9eMCJ4Ueqw10jAD
P2fdjPhy96LNexOBtj5p0UGsiQ0tPVqVV8ZTmmIr56RKi9PJ9/9oZeI0WUO6YS8u
aqFKT48STxzmgXTxh8ImxTbsNaLjmxxIs407HxCEX0XG06tv2W7EaSDOxuwr2y7F
g9NQqubqj7l/QWBISzbjDZR3OhiPKlWySYJYcde0ZW/ewbweImTxb4t/n71mkgU=
=JrgU
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/87y5n5hpl6.fsf@mid.deneb.enyo.de

Why, when and how to migrate to Windows 8

  Google's Most Innovative Projects | Silicon Valley's top threat is China, survey finds
 
  Network World Daily News PM

Forward this to a Friend >>>


Why, when and how to migrate to Windows 8
Windows 8 machines are coming out sometime this fall, but that doesn't mean businesses should shift to panic mode to upgrade their corporate desktops and laptops, experts say. Read More


RESOURCE COMPLIMENTS OF: RIM

Introducing BlackBerry® Mobile Fusion
Easily manage and secure mobile device deployments with BlackBerry® Mobile Fusion. From a single interface, manage BlackBerry® smartphones, BlackBerry® PlayBook™ tablets and devices that use the iOS® and Android™ operating systems. Put an end to mobile chaos. Learn more at blackberry.com/mobilefusion

WHITE PAPER: HP & Intel

The Cost of Retaining Aging IT Infrastructure
This paper describes HP ProLiant Gen8 servers, the technology on which they are based, and the way they address many of the causes of operational costs found at customer sites. Read Now!

Google's Most Innovative Projects
Google unveiled two new products yesterday at its I/O developer conference: the Nexus 7 tablet and Project Glass. Here's a look at how some of Google's other famous projects got their start. Read More

Silicon Valley's top threat is China, survey finds
A significant number of high-level technology executives appear to believe Silicon Valley's days as the world's innovation hub are numbered. Read More

Canon shows augmented-reality platform with head-mounted displays
The Japanese electronics maker's new system, which it will begin selling shortly, projects virtual objects on the real world, where multiple users can interact with them. Read More


WHITE PAPER: HP & Intel

Getting Schooled on Next-Generation Mobility
This whitepaper discusses how K-12 districts can unleash the freedon that Wi-Fi affords then in learinging and administration, by embracing sophisticated WLANS. It provides an overview of wireless learning, the HP Advantage, protecting students/data, easing and unifying managemnet and how to lower TCO. Read Now!

Wickr, a mobile privacy application, sweeps digital crumbs away
A new mobile application for Apple devices called Wickr lets people exchange files and messages without leaving digital traces that could be examined by law enforcement or cyberspies. Read More

Can Microsoft Avoid Compaq's Fate?
Here's a bedtime story of how a playground leader with lots of friends (Compaq) got undercut by the new kid on the block (Dell). Is this cautionary fable repeating itself with Microsoft and Apple? Read More

Evidence that the iPhone 5 may support NFC payments emerges
Read More


WHITE PAPER: F5

Byer California Improves Business Agility
Learn how Byer California and A.T. Kearney improved application performance and availability with an ADC. Learn More!

Google's Nexus Q: A failed Apple TV clone
I wanted to like Google TV. The first models really don't work that well. I really wanted to like Google's Nexus Q streaming media player. It was supposed to be a new take on bring Internet video to your TV. It's not. Feh! Read More

Microsoft says you, yes you, are the reason it killed the Start menu
Is the blame game starting before Windows 8 even ships? Or am I just spoiling for another fight with Windows 8? A Microsoft executive spoke to UK publication PC Pro during the TechEd show in Amsterdam and made some rather interesting comments that explain just why the heck the Start button was axed from Windows. Read More

FBI: High-tech economic espionage a vast, expanding threat
Driven by the general ease of stealing electronically stored data and the reality of growing global businesses, US companies have lost some $13 billion through economic espionage in the current fiscal year - and the problem is growing. Read More

No shortage of requests from Android devs at Google team's 'fireside chat'
While Wednesday's release of Android 4.1 -- better known as Jelly Bean -- introduced a host of improvements to Google's mobile platform, a "fireside chat" that evening demonstrated that the developer community is far from completely satisfied with the state of their environment. Read More

Apple hardware engineering chief Mansfield retires
The Apple executive in charge of hardware engineering for the iPhone, iPad and other Apple products is retiring from the company, Apple said Thursday. Read More

 
 
 

SLIDESHOWS

Top CIOs take home seven-figure pay packages
Fortune 500 CIOs and IT SVPs netted multimillion dollar compensation packages in 2011.

JOIN THE NETWORK WORLD COMMUNITIES
As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn

MOST-READ STORIES

  1. US Navy's high-resolution radar can see individual raindrops in a storm
  2. The original iPhone: The blueprint for all modern-day smartphones
  3. iPhone 5 rumor rollup for the week ending June 29
  4. The 10 most demanding jobs in IT
  5. Evidence that the iPhone 5 may support NFC payments emerges
  6. US retires famous Red Storm supercomputer
  7. Five years ago they said the iPhone would be a flop ... Now?
  8. Google's computerized glasses steal the show at I/O
  9. Cisco reseller finds half of enterprise networks obsolete
  10. Anonymous and LulzSec: 10 greatest hits
 

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_daily_news_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2011 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **

 

Security Management Weekly - June 29, 2012

header

  Learn more! ->   sm professional  

June 29, 2012
 
 
Corporate Security
Sponsored By:
  1. "Madoff Brother to Plead Guilty in NY in Fraud"
  2. "Security Guard Sentenced for Stealing PerkinElmer Equipment, Software" Connecticut
  3. "NYPD: Man Swipes Dali Painting From Art Gallery"
  4. "Researchers Advance Biometric Security"
  5. "Proving the Value of Security to the C-Suite"

Homeland Security
  1. "London 2012 Olympics: Muslim Converts Held Over 'Games Plot'"
  2. "One Soldier Killed, Two Injured in Shooting on Fort Bragg" North Carolina
  3. "UK Domestic Spy Chief Warns of Possible Return of Iran-State Sponsored Terror"
  4. "New Rules Ordered in Crackdown on Leaks"
  5. "India Makes Key Arrest in Mumbai Terror Plot"

Cyber Security
  1. "Web Attackers Start Borrowing Domain Generation Tricks From Botnet-Type Malware"
  2. "Stuxnet Shut Down by Its Own Kill Switch"
  3. "Operation High Roller Targets Corporate Bank Accounts"
  4. "Computer Scientists Break Security Token Key in Record Time"
  5. "Malware Targeting AutoCAD Files Could Be Sign of Industrial Espionage"

   

 
 
 

 


Madoff Brother to Plead Guilty in NY in Fraud
Associated Press (06/28/12) Neumeister, Larry

Larry Madoff, the brother of convicted financier Bernard Madoff, is set to plead guilty to two charges on Friday stemming from his alleged role in Bernard Madoff's Ponzi scheme. Court records show that Larry Madoff will plead guilty to charges of conspiracy and falsifying records. In doing so, Larry Madoff will admit to conspiring to commit securities fraud, falsifying the records of an investment adviser and a broker dealer, and falsifying filings made with the Securities and Exchange Commission. In addition, Larry Madoff will admit to having committed mail fraud and having obstructed the Internal Revenue Service. Peter Madoff reportedly received at least $60 million from the Ponzi scheme, which ran from at least the early 1990s until 2008 and was the biggest Ponzi scheme ever prosecuted in U.S. history. Peter Madoff is believed to have covered up large withdrawals by using fake stock trades. In pleading guilty to the charges against him, Peter Madoff will accept a prison sentence of 10 years and will forfeit $143 billion, an amount that includes all of his real estate and personal property. His decision to plead guilty raises the question of whether other Madoff family members are being targeted by the government for their role in the Ponzi scheme. Bernard Madoff's family reportedly did not know about the fraud.


Security Guard Sentenced for Stealing PerkinElmer Equipment, Software
Hartford Courant (CT) (06/26/12) Mahony, Edmund H.

A security guard who worked for a technology company in Fairfield County, Conn., was sentenced to two and a half years in prison this week for stealing software and computer equipment from his employer. Gabriel Quinones worked as the on-site coordinator for Securitas at PerkinElmer Inc. in Shelton, Conn., in 2008 and 2009. It was during that period that he stole the software, including 11 copies of proprietary software used to operate thermal imaging equipment. The software was worth $7,200 per copy. Quinones also stole equipment, mostly computers and computer accessories, and sold them online using eBay. Prosecutors say Quinones stole 126 items in total, worth a total of $370,000, which U.S. District Judge Janet B. Arterton has ordered Quinones to repay PerkinElmer once he is released from prison.


NYPD: Man Swipes Dali Painting From Art Gallery
Associated Press (06/22/12)

A $150,000 watercolor and ink painting by Salvador Dali was stolen off the wall of a New York city art gallery last week. The Spanish surrealist's "Cartel des Don Juan Tenorio" was part of the opening exhibit of the Venus Over Manhattan art gallery. The thief, described as a slim man with a receding hairline and wearing a black-and-white checked shirt, was caught on surveillance cameras, but was apparently able to remove the painting from the gallery in a large black shopping bag after a security guard stepped away from the exhibit. According to security consultant Robert Wittman, "at some point, when that person was given access to the painting, the guard was not looking. That would be against any kind of protocol." Art galleries tend to be easier targets for art thieves, because, compared to museums, they have much less elaborate and rigorous security. Police, however, are optimistic that the painting, and perhaps the thief, will be recovered once it inevitably finds its way back to the art market.


Researchers Advance Biometric Security
University of Calgary (06/19/12)

A biometric security system developed by researchers at the University of Calgary can simulate the way the brain makes decisions about information from different sources. Professor Marina Gavrilova, head of the university's Biometric Technologies Laboratory, describes the system as a kind of artificial intelligence application that can train itself to learn the most important aspects of new data and incorporate it into the decision-making process. The system is designed to combine measurements from multiple biometric sources, such as fingerprint, voice, gait, or facial features. The system also prioritizes the information by identifying more important or prevalent features to learn, and adapts the decision-making to changing conditions, such as bad quality data samples, sensor errors, or an absence of one of the biometrics. "The neural network allows a system to combine features from different biometrics in one, learn them to make the optimal decision about the most important features, and adapt to a different environment where the set of features changes," Gavrilova says. "This is a different, more flexible approach." The goal of the project is to improve accuracy, which would boost the recognition process, Gavrilova notes.


Proving the Value of Security to the C-Suite
SecurityInfoWatch.com (06/18/12) Lasky, Steven

Among the topics of discussion by CSOs and CISOs at this month's Global Security Operations 2015 conference at Yahoo's Sunnyvale, Calif., headquarters was how to make top management stay interested and invested in security. According to security industry consultants Ray Bernard and James Connor, security risk is owned by management and thus the job of security should be to give management the tools it needs to understand and respond to that risk. Security directors like Yahoo's Greg Jodry and West-Ward Pharmaceuticals' Derrick Wright spoke about getting management to care about security by tailoring security plans to the specific needs of their organization and its industry and making executive communication a cornerstone of security policy. Being educated about your industry and the mission and departmental structure of your organization is key, according to Wright, who adds, "If you add value and you demonstrate strong leadership, there is little selling needed."




London 2012 Olympics: Muslim Converts Held Over 'Games Plot'
Telegraph.co.uk (06/29/12) Gardham, Duncan

Two men were arrested in London on June 28 for allegedly plotting to attack the upcoming 2012 Summer Olympics. The men, who police have said are Muslim converts, came to the attention of authorities after they were seen in a small boat behaving suspiciously near the Olympics canoeing venue in London on Monday night. As many as 30 police officers were called in to investigate the suspicious behavior, though the two men were not arrested until officers from the Metropolitan Police Counter-Terrorism Command launched a raid on a home in east London on Thursday morning. The two individuals were taken into custody on suspicion of committing, preparing to commit, or instigating acts of terrorism. Meanwhile, two additional locations in east London were searched by police on Thursday night as part of the investigation. The arrests come about a month before the July 27 start of the London Olympics. The terror level in the U.K. currently stands at "substantial," which means that there is a strong possibility of a terrorist attack. There are currently no specific or credible threats against the Olympic games, though officials have detected increased communications among extremist organizations.


One Soldier Killed, Two Injured in Shooting on Fort Bragg
Fayetteville Observer (NC) (06/29/12) Brooks, Drew

A soldier at Fort Bragg, N.C., opened fire on and killed one soldier and wounded another on Thursday, before turning the gun on himself. The soldiers belonged to the 525th Battlefield Surveillance Brigade and the shooting apparently took place during a routine safety briefing ahead of a three-day weekend for base soldiers. The shooter is wounded but alive and in custody. Army officials have not yet released his identity or those of the other two soldiers, and it is not known what motivated the shooting. A senior U.S. defense official is said to have told NBC News that the soldier killed in the shooting was a battalion commander, but this has yet to be confirmed. The shooting is the first deadly shooting at the North Carolina military base since October 1995, when Sgt. William J. Kreutzer Jr. opened fire on his brigade during morning calisthenics, killing Maj. Stephen Mark Badger and wounding 18 other soldiers.


UK Domestic Spy Chief Warns of Possible Return of Iran-State Sponsored Terror
MSNBC (06/27/12) Bruton, F. Brinley; Simmons, Kier

Jonathan Evans, the director general of the British internal counter-intelligence and security service MI5, is warning that Iran could once again begin taking part in state-sponsored acts of terrorism. Evans said that the possibility of Iran resuming its campaign of state-sponsored terrorism comes amid concerns that Israel could launch a unilateral military strike against Iran's nuclear program should talks between Tehran and several Western nations fail. An Israeli attack on Iran could cause Tehran or one of its proxies, such as Hezbollah, to retaliate, Evans said. Evans added that MI5 is responding to this potential threat by significantly increasing the size of its counterterrorism team. In addition to warning about a possible threat from Iran, Evans also said that the upcoming London Olympics could be a target for terrorists. However, neither the Olympics or the U.K. in general would be an easy target for terrorists, given the fact that British officials have been able to successfully foil a number of terrorist plots over the past couple of years, Evans said. He added that preparation for both the Olympics and the Paralympic Games have been thorough. Nevertheless, the U.K.'s terrorism threat level is currently substantial, Evans said, meaning that there is a strong possibility of a terrorist attack.


New Rules Ordered in Crackdown on Leaks
Wall Street Journal (06/26/12) Perez, Evan

Director of National Intelligence James Clapper announced new measures on Monday that aim to prevent classified information from being leaked. Among the new measures announced by Clapper is the addition of a question about leaks to the standard lie detector test that is given to employees at the CIA, the FBI, the National Security Agency, and other agencies that deal with classified information. In addition, alleged leakers can now be punished even in cases where the Justice Department refuses to prosecute. In such cases, an investigation and possible sanctions could be handled by the Office of the Inspector General of the Intelligence Community. Finally, all intelligence agencies will be required to review policies governing when certain employees must report interactions with journalists. The results of those reviews will be used by individual agencies to determine if the policies should be made broader or whether they should be enforced more strictly. Clapper's announcement comes amid investigations into several alleged leaks of classified information, including information about the Stuxnet virus and the double agent who was used to foil the recent al-Qaida in the Arabian Peninsula underwear bomb plot. Information about both of those topics was given to various news outlets. Republicans have accused the Obama administration of deliberately leaking the information for political gain, though the White House has denied those charges.


India Makes Key Arrest in Mumbai Terror Plot
CNN.com (06/26/12) Singh, Harmeet Shah

One of the architects of the coordinated 2008 Mumbai terror attacks has been arrested after three years on the run, according to New Delhi police. Abu Jundal, an Indian-born member of the Pakistan-based terror group Lashkar-e-Tayyiba, is believed to have coordinated the November 2008 attacks from Pakistan, with Indian police claiming to have intercepted orders given by Jundal via cellphone to the gunmen who carried out the attacks on the Taj Mahal and Oberoi-Trident Hotels, Victoria Terminus train station, and Chabad House Jewish cultural center. More than 160 people were killed during the attacks, including nine of the 10 gunman. The 10th, Mohammed Ajmal Kasab, was sentenced to death in May 2010 after being found guilty of murder, conspiracy, and waging war against India. New Delhi police have refused to comment on Jundal's arrest since announcing it on June 26, but a Mumbai court has already issued a warrant requesting that he be transferred to their jurisdiction to stand trial.




Web Attackers Start Borrowing Domain Generation Tricks From Botnet-Type Malware
IDG News Service (06/27/12) Constantin, Lucian

The antivirus firm Symantec says it has observed attacks in which hackers use the Black Hole exploit toolkit to infect Web users with malware when visiting compromised Web sites, and that attackers are adopting domain-generation techniques normally used by botnet-type malware in order to extend the shelf life of these attacks. Drive-by download attacks use rogue code inserted into compromised Web sites to stealthily redirect their users to external domains that host exploit toolkits such as Black Hole. Those toolkits then check if the visitors' browsers contain vulnerable plug-ins and if any are found, they load the corresponding exploits to install malware. Web attacks usually do not stay live for very long because security researchers work with domain providers and registrars to shut down attack Web sites and suspend abusive domain names, which has led some malware creators to develop backup methods that let them regain control of infected machines. One of those methods involves the malware contacting new domain names generated daily according to a certain algorithm in case the primary command and control servers become inaccessible. This lets the attackers know which domain names their botnets will try to contact on a certain date, so they can register them ahead of time and use them to issue updates. Symantec researchers report seeing a "small but steady" number of domains using this technique so far, which means attackers could be testing it before expanding its use in the future.


Stuxnet Shut Down by Its Own Kill Switch
Government Computer News (06/26/12) Jackson, William

The Stuxnet computer worm halted its replication on June 24 in response to a built-in kill switch. "The code will still run, but one of the first things it does when it starts running is check the date," says Symantec's Liam Murchu. If that date is after June 24, the malware will cease copying itself to USB sticks, its primary vector for infecting other computers. Murchu and others who have studied Stuxnet are certain that this kill switch was a design feature, meant to limit the potential spread of the worm. The Duqu and Flame malware, thought to be products of the same program that engineered Stuxnet, also exhibited such features. Duqu had only a 30-day life span, which was able to be extended if so desired, and as such has effectively ceased to be a threat. However, the much more advanced Flame appeared to begin removing itself from infected machines in response to "suicide" commands issued by its command server not long after the virus was first discovered.


Operation High Roller Targets Corporate Bank Accounts
Wall Street Journal (06/26/12) King, Rachael

A new report from Guardian Analytics and McAfee says that a series of hacking attacks known as Operation High Roller is targeting corporate bank accounts and has resulted in the theft of at least $78 million from accounts at more than 60 financial institutions. Guardian and McAfee first spotted Operation High Roller earlier this year in Europe. Initially it targeted consumer bank accounts, but quickly shifted to corporate accounts and has since hit targets in Latin America and the United States. Victims are scouted using targeted e-mails containing malicious links or attachments meant to infect a target computer with SpyEye or Zeus malware that would monitor the system and log key strokes, allowing the attackers to obtain online banking account information. Operation High Roller is highly automated, running the illicit transfers through the attacker's server, and has been able to successfully bypass two-factor authentication systems that generate one-time passwords. In the U.S., companies targeted by High Roller have all had commercial bank accounts with minimum balances in the millions of dollars and fraudulent transfers from these accounts have been as large as $130,000 at a time, according to Guardian and McAfee.


Computer Scientists Break Security Token Key in Record Time
New York Times (06/25/12) Sengupta, Somini

A group of computer scientists dubbed Team Prosecco says it has found a way to extract a security key from a widely used RSA electronic token in 13 minutes. The researchers say they can hack into the SecurID 800 RSA Dongle, as well as similar devices produced by other companies. RSA Security is currently using its own computer scientists to determine if the claim is valid. "If there is a potential serious security vulnerability or threat to our customers, RSA will move quickly to address it," says RSA's Kevin Kempskie. Researchers had assumed it would be impractical for hackers to break into RSA security devices because it would take too much time, says Georgia Institute of Technology cryptographer Chris Peikert. Team Prosecco also says it has created another algorithm that enables five types of security hardware devices to be cracked, all in relatively short periods of time. "Cryptography breaks very slowly. It's the molasses of computer science," says security researcher Dan Kaminsky. "There are many technologies we abstractly know are problematic and we prioritize fixing them less than things that are obviously on fire."


Malware Targeting AutoCAD Files Could Be Sign of Industrial Espionage
Network World (06/22/12) Messmer, Ellen

A malware variant discovered earlier this year stealing AutoCAD-based files is being used by attackers to steal design files by architects and engineers as part of an industrial cyberespionage scheme, warns ESET's Pierre-Marc Bureau. ESET notes the malware appears designed to steal sensitive data, such as blueprints, made using AutoCAD software from AutoDesk. Bureau says ESET has seen the design-stealing malware most frequently in Peru, but analysis shows it is operating globally, and is sending stolen AutoCAD files to China. ESET, which captured samples of the computer-aided design malware in February but began studying it again recently after a spike in activity, contacted Chinese service provider Tencent to shut down the malware's point of delivery for stolen data, and shared information it amassed with AutoDesk. Bureau says infections are happening through compromised AutoCAD files, and notes that companies can get infected by exchanging documents with other companies. He says these attacks appear to be targeted at competing design firms, where someone wants to know what a competitor is doing in a bidding situation. The malware does not appear to be spreading, Bureau points out.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online