Donald Sears

Federal authorities on Wednesday filed intrusion charges against two
men accused of accessing the computer systems of their former employer. Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39,
of Williamstown, Kentucky, both worked as managers for Indiana-based
Stens Corporation until taking jobs with a competing company in Ohio,
according to an indictment filed in federal court.

Google has released a new version of Chrome, 3.0.195.32,
with a security update that addresses a high risk vulnerability in its
WebKit-based browser. In addition to a number of stability fixes, the
stable channel update fixes a bug that could lead to possible memory
corruption in the Gears plug-in. Read the full article. [The H Security]

Facebook and MySpace have fixed errors that could have allowed data to be given out from its subdomains. A Dutch developer, Yvo Schaap, discovered the flaw and wrote on his blog: “A “more invasive and hidden exploit could harvest all the user’s
personal photos, data and messages to a central server without any
trace, and there is no reason why this wouldn’t be happening already
with both Facebook and MySpace data.” Read the full article. [Computerworld]

Individual data compromised in a data breach is four times more likely to be used for identity theft finds Javelin Research in a multi-year study. Another key finding cited: Most consumers do not see the link between breaches and identity theft. “[D]espite 19.5 percent of breach victims
suffering some kind of fraud in the past year, only 2 percent attribute
their fraud to the breach.” Read the full article. [Dark Reading]

A flaw in the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. The flaw, which requires a hack in to a network to launch, has devastating consequences and implications on database and mail servers. Discovered in August by PhoneFactor, the researchers have been working with ICASI to make an industry-wide fix, which is called “Project Mogul.” Researchers Chris Paget and HD Moore are helping to expose the flaw. Read the full article. [Computerworld]

The state of Maryland tested a new cryptographic voting system on Election day that allowed users to confirm their votes online, as well as allow anyone to independently audit the system. Scantegrity is an optical-scan, open-source system that uses a combination of paper ballots and unique cryptographic codes inside the ballots. It was designed by David Chaum and researchers from MIT, Univ. of Maryland, George Washington Univ., the Univ. of Ottawa, and the Univ. of Waterloo. Read the full article. [Wired]

The FBI reports it has seen a rise of malware over the past few months targeting small and medium businesses and municipal government entities and school districts. Once a malicious attachment or link is opened, keylogging tactics obtain bank account info where criminals then initiate wire transfers or Automated Clearinghouse Transfers (ACH). The report also cites that in some cases individuals have been recruited to unknowingly help criminals with “work at home” jobs that tell them they will be working on sending these fraudulent funds transfers by Western Union or Moneygram. FBI has links to US CERT for help. Read the statement. [FBI]