Dennis Fisher

Hackers had access to a database for about six months at the University of California at Berkeley and stole health-related data on more than 160,000 students and other people who used the school’s health services center. College officials said that the attack on the health center’s database was discovered last month and that they are just now beginning to notify the affected people.

From CNet (Elinor Mills)

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and took measures to push those Web sites higher in search engine rankings. Now, they’re also creating fake search engines that are showing up in Google search results. Read the full story [cnet.com]

The automatic update is one of the more useful tools ever invented by software developers. Click a couple of buttons and you never have to worry about checking for new security updates again–it happens automagically! But it’s also one of the more frustrating and intrusive mechanisms we’ve seen in recent years, thanks to the tendency of vendors to abuse its power and smush in a bunch of extra applications and add-ons that users may have little use or desire for.

From SearchSecurity.com (Eric Ogren)
The federal government has whipped itself into a frenzy on the issue of cybersecurity recently, as evidenced by the numerous competing bills in the House and Senate and the high-level wrangling over which agency should run cybersecurity. Washington certainly has a key role to play in cybersecurity, but lawmakers and regulators should keep their hands off the Internet as much as possible and look to the private sector to lead on this issue, Eric Ogren writes.

From Wired.com (David Kravets)
A Swedish man has been indicted for attacks against NASA’s Ames Research Center and Cisco several years ago that netted the source code to Cisco’s IOS operating system, among other spoils. Wired’s Threat Level is reporting that Phillip Gabriel Pettersson was indicted for the attacks on Monday in California, but likely never will be prosecuted in the U.S.

There is a good old-fashioned backroom brawl shaping up in Washington over the cybersecurity issue, and the forces are aligning in some interesting ways on a variety of different sides of the debate. The latest installment in this long-running drama involves not just the fight over which, if any, of the numerous House and Senate bills addressing cybersecurity will ever see the light of day, but also the wisdom of handing authority for federal information security to the White House.

The head of the National Security Agency on Tuesday will recommend that the United States needs a major upgrade to its capabilities in both offensive and defensive cyber capabilities, handing that responsibility to a new military command in Maryland. In a hearing before the House Armed Services Committee, Lt. Gen. Keith Alexander will deliver a blunt assessment of the country’s information warfare skills, and it won’t be pretty.