Malware Authors Learn Market Segmentation From the Best
Mar 14, 2010 IT
Earthquake Retrofit writes “The Register has a rather funny story about the Zeus botnet: ‘The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what’s found in Microsoft Windows. … They’ve also pushed out multiple flavors of the package that vary in price depending on the capabilities it offers. Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.’”
Read more of this story at Slashdot.
UK Intel Agency’s Missing Laptops Might Contain Sensitive Data
Mar 14, 2010 IT
superapecommando writes “GCHQ lost 35 laptops in one year, potentially containing highly sensitive data. The UK’s electronic spy centre was today lambasted by MPs for having a ‘cavalier’ attitude to data security. The centre is responsible for tracking the electronic communications of terrorists. In a new report, the Commons Intelligence and Security Committee expressed concern that GCHQ appeared to be entirely unaware whether or not the computers, lost in 2008, contained top secret information on people posing an imminent security threat to the country.”
Read more of this story at Slashdot.
Toyota Acceleration and Embedded System Bugs
Mar 14, 2010 IT
An anonymous reader writes “David Cummings, a programmer who worked on the Mars Pathfinder project, has written an interesting editorial in the L.A. Times encouraging Toyota to drop claims of software infallibility in their recent acceleration problems. He argues that embedded systems developers must program more defensively, and that companies should stop relying on software for safety. Quoting: ‘If Toyota has indeed tested its software as thoroughly as it says without finding any bugs, my response is simple: Keep trying. Find new ways to instrument the software, and come up with more creative tests. The odds are that there are still bugs in the code, which may or may not be related to unintended acceleration. Until these bugs are identified, how can you be certain they are not related to sudden acceleration?’”
Read more of this story at Slashdot.
OpenBSD 4.7 Preorders Are Up
Mar 14, 2010 IT
badger.foo writes “The OpenBSD 4.7 pre-orders are up. That means the release is done, sent off to CD production, and snapshots will turn -current again. Order now and you more likely than not will have your CD set, T-shirt or other cool stuff before the official release date. You get the chance to support the most important free software project on the planet, and get your hands on some cool playables and wearables early. The release page is still being filled in, but the changelog has detailed information about the goodies in this release.”
Read more of this story at Slashdot.
Apple Blocking iPhone Security Software
Mar 13, 2010 IT
Barence writes “Speaking exclusively to PC Pro, Eugene Kaspersky has claimed Apple has repeatedly refused to deliver the software development kit necessary to design security software for the phone. ‘We have been in contact for two years with Apple to develop our anti-theft software, [but] still we do not have permission,’ said Kaspersky. Although he admits the risk of viruses infecting the iPhone is ‘almost zero,’ he claims that securing the data on the handset is critical, especially as iPhones are increasingly being used for business purposes. ‘I don’t want to say Apple’s is the wrong way of behaving, or the right way,’ Kaspersky added. ‘It’s just a corporate culture — it wants to control everything.’”
Read more of this story at Slashdot.
IE 6 & 7 Unpatched Exploit Goes Wild
Mar 13, 2010 IT
Kolargol00 writes “Heise online reports the availability of an exploit (Google translation) for the yet-unpatched MSA-981374 affecting Internet Explorer 6 and 7. It has already been spotted in the wild by McAfee and integrated into the Metasploit Framework.”
Read more of this story at Slashdot.
Zeus Botnet Down But Not Out
Mar 13, 2010 IT
harryjohnston writes “The Register points out that the takedown of a significant number of Zeus command-and-control servers, which we discussed earlier, was a short-lived victory, as about one-third of the affected servers were back on the net in less than 48 hours.” Adds itwbennet: “Just hours after network connectivity to Troyak was severed the ISP peered with a new upstream Internet service provider named Ya. The next step will be to ‘de-peer’ Troyak from its new service provider, either an ISP named Nassist or its upstream provider, Hurricane Electric, said a researcher familiar with the matter. ‘We have taken some of their territory, they are trying to out flank us,’ the researcher said via IM. ‘We are going to win this one — we have ‘em boxed in.’”
Read more of this story at Slashdot.
Hollow Spy Coins
Mar 13, 2010 IT
Bruce Schneier’s blog links to a few sources for hollow spy coins, one being BoingBoing’s Bazaar — where a nickel that can hold a microSD card costs $27. Another is Slashdot’s sister company ThinkGeek, where you can get hollow quarters and half-dollars in the low 20s. As if corporate and government security geeks didn’t have enough to worry about.
Read more of this story at Slashdot.
Security Industry Faces Attacks It Can’t Stop
Mar 13, 2010 IT
itwbennett writes “The takedown of the Mariposa botnet and so-called advanced persistent threat attacks, such as the one that compromised Google systems in early December, were hot topics at the RSA conference last week. What both Mariposa and the Google attacks illustrate, and what went largely unsaid at RSA, was that the security industry has failed to protect paying customers from some of today’s most pernicious threats, writes Robert McMillan. Traditional security products are simply not much help, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. ‘All of the victims we’ve worked with had perfectly installed antivirus,’ he said. ‘They all had intrusion detection systems and several had Web proxies scan content.’”
Read more of this story at Slashdot.
NY To Replace IT Vendors With State Workers
Mar 13, 2010 IT
dcblogs writes “New York state plans to replace as many as 500 IT contract workers with a new type of temporary state worker. The state estimates it can save $25,000 annually for each contracting position that is in-sourced. This is the result of a new law creating ‘term appointments,’ which strip away some hiring and firing rules that apply to permanent state workers. These term appointment workers are employed ‘at will.’ Term appointments can be up to five years and workers get state benefits. Proponents of this change said a state IT worker might earn an average of $55 an hour, including benefits, while the state pays its contractors an average of $128 an hour for workers in similar jobs.”
Read more of this story at Slashdot.