Monthly Archive for May, 2009
President Barack Obama today pledged to make securing the nation's most vital computer networks a top economic and national security priority, broadly detailing the results of 60-day cyber security review that calls for a range of responses to help improve the security of information networks that power the government and the U.S. economy. Speaking at the White House this morning, the president said he would work to make sure the nation's core digital infrastructure is treated as a national asset. "Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient." Obama said. "We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage." As expected, Obama said he plans to create a new office at the White House to be led by a cyber security coordinator "responsible for orchestrating and integrating all cyber security
A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser. Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows. The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or
Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use. The graphic above (click it for a larger version) shows the different reasons criminals may want access to your system. I've explained each category in more detail below: Illicit Web Hosting Cyber criminals commonly use hacked PCs as a host for a variety of dodgy Web hosting schemes, including: - Spam Web sites - Phishing Web sites - Malware download sites - "Warez" servers, or hosts
Instructions showing wannabe Mac-hackers a way to remotely take control over OS X systems through an unpatched security hole have been posted online. The researcher who published the blueprints said he did so to nudge Apple into fixing the problem, which the company has known about for more than six months. But Security Fix has found that half a year is about the average time it takes Cupertino to plug these types of holes. On Tuesday, renowned Apple researcher Landon Fuller published a proof-of-concept exploit for a particularly dangerous bug in Java that Sun Microsystems fixed in a patch released Dec. 3, 2008. However, Apple -- which ships its own version of Sun's Java with OS X -- has yet to push out an update to fix that particular flaw. "Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not
The Internal Revenue Service has long advised consumers to shred old tax returns and other documents that contain sensitive data, as a way to thwart identity thieves who sometimes root through trash bins in search of identity information. But it seems the IRS doesn't take its own advice: a recent investigation of more than a dozen IRS document disposal facilities found that -- at each location -- old taxpayer records were being tossed out in regular waste containers and dumpsters. The audit by the Treasury Inspector General for Tax Administration also found that IRS officials failed to consistently verify whether contract employees who have access to taxpayer documents had passed background checks. In addition, investigators also had trouble finding anyone responsible for overseeing most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents. "We found evidence of only 2 instances where IRS personnel conducted
Financial institutions in the securities and futures industries last year reported a large increase in the number of suspicious transactions attributed to debit and credit card fraud -- nearly double the number reported in 2007, new statistics released by the federal government show. The numbers come from an annual report released by the Financial Crimes Enforcement Network (FinCEN), a division of the U.S. Treasury Department. The report tracks so-called "suspicious activity reports" (SARs), which financial institutions are required to file when they spot customer transactions of $5,000 or more that set off various red flags most commonly associated with money laundering or other fraudulent activity. Originally, these filings were required only of traditional financial institutions, but in 2003, the government began requiring the reports from trading firms and mutual fund providers, too. According to FinCEN, the number of SARs that investment firms attributed to credit and debit card fraud jumped
Following a series of high-profile attacks that leveraged security vulnerabilities in its PDF Reader and Acrobat applications, Adobe Systems Inc. is making a major push to revamp its approach to security. The company said today that it plans to ship security updates more regularly and push out emergency updates more speedily, and that it will be continually stress-testing those products to find and close security holes before hackers can exploit them. In announcing the changes, Adobe is borrowing several pages from Microsoft's security playbook. Redmond ships updates on the second Tuesday of each month and regularly fixes vulnerabilities that its in-house researchers have uncovered. Sometime this summer, Adobe will begin shipping patches on a quarterly basis -- on the second Tuesday of every third month. Brad Arkin, Adobe's director for product security and privacy, said that day was picked to help lighten the load on businesses, most of which already
Consumers trying to determine their risk of becoming an identity theft victim typically are told to check their credit report for signs of unauthorized or suspicious activity. But a new Web-based service aims to give users a view into tricks ID thieves use that credit reports often miss, such as when crooks use only parts of a victim's identity to fabricate a new one. The new service, www.myidscore.com, is a free offering by ID Analytics, a company that sells anti-fraud software to banks and other creditors. After providing some personal information and answering a handful of questions, visitors to the site are presented with a score from 1 to 999. Unlike credit scores, where a higher score signifies a favorable credit history, with myidscore.com, a higher score means a greater risk of identity theft. Avivah Litan, a fraud analyst with Gartner Inc., said the difference between a credit report and
In February, Bill Oesterle began seeing nearly twice the normal number of transactions being declined for customers who had set up auto-billing on their accounts. The co-founder of Angie's List -- a service that aggregates consumer reviews of local contractors and physicians -- said he originally assumed more customers were simply having trouble making ends meet in a down economy. But as that trend continued into March and April, the company shifted its suspicions to another probable culprit: credit card processing giant Heartland Payment Systems. The data breach last year at Heartland -- a company that processes roughly 100 million card transactions a month for more than 175,000 businesses, has forced at least 600 banks to re-issue untold thousands of new cards in a bid to stave off fraud. For consumers, receiving a new credit or debit card number means contacting companies that have those credentials on file to charge
This turned out to be one of the busiest Patch Tuesdays in a long while: Adobe, Apple and Microsoft all independently released software security updates today. Adobe patched two vulnerabilities in its PDF Reader and Acrobat software. The update applies to all supported versions of both programs on Windows, Mac and Linux systems. Adobe vulnerabilities are some of the most heavily used in targeted attacks, and they show up quite a bit in exploit kits that are sewn into hacked and malicious Web sites. So, if you use Reader or Acrobat, try not to let too much time elapse before you apply this update. Redmond issued a single update to plug at least 16 security holes in its PowerPoint software. The Microsoft Office PowerPoint update is rated critical and applies to all supported versions of PowerPoint, including Office for Mac, Microsoft Works 8.5 and 9.0, as well as various Office
