A team of computer scientists from several universities has devised an attack that is capable of reconstructing the so-called vanishing data objects created by a system called Vanish, which was designed to create secure data objects that would expire after a set time and could never be recreated.
Large enterprises and consumers have been dealing with sophisticated phishing scams, online extortion plots and other assorted theft schemes for years, but now attackers are turning their attention to the huge population of small businesses and non-profits in the U.S. And they are finding a gold mine.
The IDG News Service is reporting on a new FBI investigation [computerworld.com] of a rash of online hacking attacks and bank robberies against school districts in Illinois.
FBI investigators are working on a computer intrusion case at the Crystal Lake School District in Crystal Lake, Illinois, said Ross Rice, a spokesman with the FBI’s Chicago office. But several other school districts also believe that they have been hit by the same malicious software, Rice said. The Clampi malware family [secureworks.com] may be linked to these attacks.
In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature’s hardiest creatures — the ant.
Unlike traditional security devices, which are static, these “digital ants” wander through computer networks looking for threats, such as “computer worms” — self-replicating programs designed to steal information or facilitate unauthorized use of machines. When a digital ant detects a threat, it doesn’t take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate. Read the full story [wfu.edu]
By Bruce Schneier
In computer security, a lot of effort is spent on the authentication problem. Whether it’s passwords, secure tokens, secret questions, image mnemonics, or something else, engineers are continually coming up with more complicated — and hopefully more secure — ways for you to prove you are who you say you are over the Internet.
GENEVA — A veteran security researcher today challenged the anti-malware industry to work on a standard way of assigning computer/Internet threat levels to present transparent helpful information to consumers and businesses.
During a presentation at the Virus Bulletin 2009 conference here, Fortinet project manager Bryan Lu discussed the current scenario where anti-malware vendor use different systems to display threat levels — either color-coded or using numbers and arrows — and suggested that vendors use existing data to make threat level indicators more useful and meaningful.
Less than a week after a malicious advertising attack against the New York Times ad servers, Microsoft filed five civil lawsuits against companies allegedly using online advertising to serve malware.
The lawsuits allege that individuals using the business names “Soft Solutions,” “Direct Ad,” “qiweroqw.com,” “ITmeter INC.” and “ote2008.info” used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users.
“Job candidates are willing in this market to give any information they can that would help them get a job,” said Ellen B. Vance, an HR consultant and auditor who advises companies on how to safeguard applicant and employee information.
The instinct is natural, but it can leave you vulnerable to identity theft. Read the full story [theladders.com]
GENEVA — Head of Google’s anti-malvertising team Eric Davis wants Internet Service Providers (ISPs) to look beyond profits and take a more proactive approach to dealing with malware-infested computers on their networks.
During a keynote presentation at the Virus Bulletin conference here, Davis said competitors in the ISP space must look beyond profits and partner on new initiatives to deal with the “parasites” that have taken control of the Internet landscape.
Add the Radisson Hotels & Resorts chain to the growing list of businesses [datalossdb.org] reporting significant data breaches that exposed sensitive customer data.
In an open letter [radisson.com] to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain’s computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen. Read the full story [zdnet.com]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
