Uncategorized

Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts.
URLZone, which targets computer users in Western Europe, is a botnet of approximately 6,000 hijacked computers that is used primarily to siphon funds from online bank accounts.  It steals between $4,000 and $15,000 from each compromised bank account and uses a nifty trick of modifying the withdrawn amount on the bank’s web site to avoid detection by the user.

In his keynote presentation at SecTor 2009, Chris Hoff of Cisco discusses the rise of public and private cloud services, as well as the threats to those platforms.

If you use Microsoft’s free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend. 
In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme.  Read the full story [washingtonpost.com]

By David Mortman
Inspired by professional pastry chef Shuna Fish Lydon:

“You do not know what a good, bad or indifferent baker/pastry chef you are until you work alongside someone who is better/worse than you. This is not at all to say that if you are an outstanding home baker, you are deluding yourself. But as far as professional cooking & baking go, it is my experience that unless you push yourself really hard to stay away from your sweet spot comfort zone of I-Know-All-I-Need-To-Know-And-I-Feel-Very-Comfy-In-This-Job/Kitchen-Thank-You-Very-Much, and move kitchens or chefs or hire people who are much closer to your level than you feel comfortable having them, you will become stagnant in your baking skill and knowledge.”

From eSecurityPlanet (Larry Barrett)

Securing data networks is important enough for the majority of companies to hire outside security firms to audit their systems but only about one in three bother to have their network audited every year, according to a new survey conducted by VanDyke Software and independent researcher Amplitude Research.

At time when enterprise companies, government agencies and Average Joes are doing everything they can to protect sensitive data, the survey reveals both an admirable willingness on the part of most IT departments to pony up for external expertise and an astonishing lack of follow through to keep data secure for the long haul. Read the full story [esecurityplanet.com]

In this Dateline NBC video from 1999, experts, including an unnamed Chris Wysopal, then of the L0pht, now of Veracode, discuss the dangers of online banking and the use of Trojans to steal data. Everything old is new again.

Security expert Bruce Schneier discusses the problems and limitations of identification-based security, from driver’s licenses to national ID cards and the REAL ID program.