YOU’VE got ten minutes until you need to leave for the airport, but you just have to send out that e-mail containing this month’s sales figures. Dashing up the street in search of a taxi, you spot the magic words “wireless hotspot” in a cafĂŠ window. The figures are sensitive, but the cafĂŠ is almost empty. You sit down, facing your laptop screen away from the few others in the room and log on.
Read more…
ABOUT 146,000 people using a jobs web site sponsored by the US government have had their personal information stolen by hackers who broke into computers at Monster Worldwide, a government spokesman said. The theft on the USAjobs.gov site, which has about 2 million total users, was part of the hacking operation that Monster disclosed last week, according to Peter Graves, a spokesman for the US Office of Personnel Management.
Read more…
Software giant Microsoft is investigating why some Windows machines automatically updated themselves and rebooted following last week’s Patch Tuesday. As first reported on Windows user group AeroXperience, last week the automatic updates feature caused some Windows machines to reboot. Users complained to Microsoft that their machines had downloaded and installed updates they did not consent to.
Read more…
A bill introduced this week in the US would allow victims of identity theft to seek restitution for their crime-related expenses. On Tuesday the Identity Theft Enforcement and Restitution Act of 2007 was introduced, which also strengthens law enforcement’s hand against cybercriminals.
Read more…
rafty spammers overnight launched a new wave of pump-and-dump scams, this time delivering junk mail that includes audio attachments encouraging recipients to buy a penny stock. Experts today said the new MP3 spam tactic is creative, but it seems to be a natural progression following runs of image, PDF and Excel junk mail earlier this year.
Read more…
Corporate storage systems and networks are an attractive target for hackers looking to steal sensitive data or launch computer attacks, Alan Lustiger, security architect at TD Ameritrade Inc., told an audience at Computerworld’s Storage Networking World user conference here yesterday. In particular, he warned IT executives that network-attached storage (NAS) systems are a most attractive entry point for hackers. “The easiest storage technology to hack is clearly NAS,” Lustiger said. “NAS is virtually indistinguishable to a file system from a hacker perspective; this is a well-developed and well-known means of attack.”
Read more…
All too often, IT shops realize their weaknesses only after they’ve been hacked. Fortunately, Core Security Technologies has a solution: Hack yourself before others do. The company on Tuesday introduced Core Impact v7.5, the latest version of its security analysis and testing tool. The update adds new features that let users attempt to breach themselves to see how far the rabbit hole goes.
Read more…
One in two UK organisations are ill-equipped to deal with natural disasters, computer system failures and external threats, new figures from Symantec show. According to the study, 91 per cent of IT companies carry out full scenario testing of their disaster recovery plans, yet nearly half of those tests fail.
Read more…
The personal details of nearly 4,000 US citizens – including commercial truck drivers who transport hazardous materials – were on two laptops stolen from a third-party contractor working with the Transportation Security Administration (TSA) in the US. The laptops contain the names, addresses, birthdays, commercial driver’s license numbers and, in some cases, the Social Security numbers, of 3,930 people, according to an Associated Press report.
Read more…
The owners of the Storm botnet, whose identities are as yet unknown, could be preparing to sell off the “services” of segments of the network, according to Joe Stewart, a researcher from managed security services company SecureWorks. Stewart claimed in a blog post on Sunday that the latest Storm variants now use a 40-byte key to encrypt their peer-to-peer traffic, meaning each node will only be able to communicate with nodes that use the same key.
Read more…