Dropbox said Tuesday one of its employee's accounts was compromised, leading to a raft of spam last month that irritated users of the cloud-storage service. View full post on Computerworld Security News
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security
An email sent from Nadia Lockyer's account to reporters in which she blamed her husband, Attorney General Bill Lockyer, for supplying her with drugs was sent by her former lover, who hacked into her… Photo Credit: AP
View full post on politics hacker – Yahoo! News Search Results
View full post on National Cyber Security
Microsoft has confirmed that sample attack code created by the company had likely leaked to hackers from a programme it runs with antivirus vendors.
“Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners,” Yunsun Wee, a director with Microsoft’s Trustworthy Computing group, said in a statement posted on the company’s site.
“Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements,” Wee added.
Under MAPP, Microsoft provides select antivirus companies with technical information about bugs before Microsoft patches the flaws. MAPP is meant to give third-party security vendors advance warning so that they can craft detection signatures.
Among the things Microsoft shares with MAPP members, according to a program FAQ, are “proof-of-concept or repro tools that further illuminate the issue and help with additional protection enhancement.”
The acknowledgment by Microsoft was prompted by claims earlier in the day by Luigi Auriemma, the Italian researcher who reported the vulnerability in Windows Remote Desktop Protocol (RDP) in May 2011.
Auriemma said that code found in a proof-of-concept exploit on a Chinese website was identical to what he had provided HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program. His code was then used by ZDI to create a working exploit as part of the bounty program’s bug verification work.
ZDI then passed along information about the RDP vulnerability, including the exploit that used Auriemma’s code, to Microsoft.
According to Auriemma, the public exploit included the string “MSRC11678,” a reference to a Microsoft Security Response Center (MSRC) case number, indicating that the leak came from Microsoft.
ZDI denied it had been the source of the leak. “We’re 100% confident that the leak didn’t come from us, and Microsoft is comfortable with us saying that,” said Aaron Portnoy, the leader of TippingPoint’s security research team and the had of ZDI.
Portnoy also described the chain of custody of Auriemma’s code – a specially-constructed data packet that triggers the RDP vulnerability – from its May 2011 submission to ZDI to its inclusion in the concept exploit that ZDI provided Microsoft in August 2011 as part of a broader analysis of the vulnerability.
The proof-of-concept exploit now circulating among hackers does not allow remote code execution – necessary to compromise a PC or server, and then plant malware on the system – but instead crashes a vulnerable machine, said Portnoy. The result: The classic Windows “Blue Screen of Death.”
Portnoy also echoed what Microsoft’s Wee said of the similarity between the public exploit and Auriemma’s code. “We can confirm that the executable exploit does have a packet that was part of what Luigi gave us,” said Portnoy.
Microsoft launched MAPP in 2008. The program has 79 security firm partners, including AVG, Cisco, Kaspersky, McAfee, Trend Micro and Symantec, as well as several Chinese antivirus companies.
Wee did not say whether Microsoft had a list of suspects, but noted that all information it passes to MAPP partners was under a “a strict Non-Disclosure Agreement (NDA).” If the leak did originate with a MAPP partner, it would be the first ever for the program.
Microsoft’s MS12-020 update patches the RDP bug, and can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.
View full post on National Cyber Security » Computer Hacking
Security is still the top concern for organisations looking to migrate to a cloud service model, with privacy following close behind, according to the latest research from the Cloud Industry Forum (CIF).
In a survey of 300 end user organisations in November last year, 62 percent cited data security as one of their most significant concerns about cloud adoption, and 55 percent said they were worried about data privacy in the cloud.
Other concerns included dependence on internet access (49 percent), confidence in vendor reliability (35 percent) and contract lock in (34 percent).
According to Simon Bain, CTO at British search company Simplexo, these concerns are largely a result of the “fear, uncertainty and doubt” (FUD) that surrounds cloud computing. He said that, rather than bandying around buzzwords, vendors should be focusing on proving that the cloud is secure, in order to reassure customers.
“I am obviously a believer in using the ‘cloud’ as a way forward for both personal and corporate life,” said Bain. “However, there are certain guidelines that I think need to be adhered to before we all start throwing our hard disks away and placing everything in to the hands of others.”
He said that security is “the first and last thing” that providers should be thinking about, because security is important in all aspects of people’s online life, and the cloud is no different.
“Just because you may not be logging in to your bank, does not mean that the security should be any weaker. Remember you may have placed your bank statements in the cloud!” he added.
Simplexo is a member of CIF, which also today announced the launch of a new legal sub-group. Chaired by Conor Ward, partner at Hogan Lovells, the group will aim to offer clarity on legal issues to do with cloud computing and work towards providing a conducive legal framework in support of the work of the Cloud Industry Forum.
“Cloud, by nature, is creating a greater sense of capability and collaboration, which can, if not checked, drive contractual and operational ambiguity,” said Andy Burton, Chair of CIF and CEO of Fasthosts. “Clarity on the services delivered and accountability and responsibility of the parties involved in delivering them is key.”
The group will offer advice on cloud service types, data protection issues, software licensing in the cloud, service definitions and levels, liability, procurement, applicable law, customer data and the future of cloud law encompassing both the UK and the EU.
EU Justice Commissioner Viviane Reding is this week expected to announce a new data protection regime, that could have a significant impact on the cloud computing industry. The law is expected to include new rules about how and where data can be stored, and increasing the accountability of cloud service providers.
Cloud Expo Europe is also taking place this week, on 25-26 January at National Hall Olympia.
View full post on National Cyber Security » Computer Hacking
INDIANAPOLIS -
The father of Indiana Secretary of State Charlie White is blaming a computer hacker for anti-Semitic comments posted on his Facebook page targeting a judge who ruled that White should be removed from office.
Darrell White tells The Indianapolis Star that he didn’t post the comments critical of Marion County Judge Louis Rosenberg, who is Jewish. White contacted Westfield police and blames the postings on someone who is trying to hurt the White family.
The posts appeared on Darrell White’s Facebook page and in online comments to an Indianapolis Star story about Rosenberg’s ruling on Thursday that Charlie White should be removed for being wrongly registered to vote from his ex-wife’s address while he was campaigning for the office in 2010.
Darrell White’s entire Facebook page was deleted Friday.
Copyright © 2011 The Associated Press. All rights reserved. This story may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.
Article source: http://www.wthr.com/story/16390748/indiana-officials-father-blames-hacker-for-posts
View full post on National Cyber Security » Computer Hacking
INDIANAPOLIS (AP) — The father of Indiana Secretary of State Charlie White is blaming a computer hacker for anti-Semitic comments posted on his Facebook page targeting a judge who ruled that White should be removed from office.
View full post on facebook hacker – Yahoo! News Search Results
View full post on National Cyber Security
Indiana Secretary of State Charlie White’s yearlong battle to stay in office has taken a turn for the weird. Again.
View full post on facebook hacker – Yahoo! News Search Results
View full post on National Cyber Security
WASHINGTON, US: China and Russia are using cyber espionage to steal U.S. trade and technology secrets to bolster their own economic development, which poses a threat to U.S. prosperity and security, a U.S. intelligence report said on Thursday.
View full post on russia cyber attacks – Yahoo! News Search Results
View full post on National Cyber Security
HTCS1: The US blames China and Russia for cyber hacks and British police make a major cyber criminal arrest. Read more at http://t.co/UyiD22jR
View full post on Twitter / HTCS1
Russia has for the first time laid the blame for the Stuxnet worm at the door of the US and Israel, describing it as “the only proven case of actual cyber-warfare.”
In translated comments reported by the AFP agency, foreign ministry security department chief Ilya Rogachyov was blunt about the origins of a piece of malware that has mystified experts since first appearing in June 2010.
“Experts believe that traces of this lead back to the actions of Israel and the United States,” he said. “We are seeing attempts of cyberspace being used by some states to act against others [and] of it being used for political-military purposes,” he added.
After branding Stuxnet as an act of cyberwarfare, Rogachyov continued. “The only case in which experts believe the actions of states have been proven in this area [...] is the Stuxnet system that was launched in 2010 against the centrifuge control system used to enrich uranium in Iran.”
The timing of the comments will be seen as significant in a week when Iran said it had asked Russia to help it build a second nuclear facility to complement the Bushehr plant that has caused so much tension with the West. The US suspects Iran of wanting enrichment technology in order to become a nuclear state.
Earlier this year Russia’s NATO ambassador Dmitry Rogozi, claimed that the Stuxnet malware had had an effect on Iran’s Bushehr nuclear plant serious enough to cause equipment to malfunction, risking a second Chernobyl.
The effect of Stuxnet was to draw attention to the vulnerability of the industrial control systems targeted by the worm. The effects of the attack rumble on with frequent reports emerging of new vulnerabilities in this class of device.
Exactly who created Stuxnet remains unproven but the expert perception is that Israel was behind the malware, possibly aided by the US. In cybersecurity, where blame is often hard to apportion, perception can be powerful.
Iran has also blamed Israel for being behind Stuxnet but without offering much evidence. In late 2010, the country’s authorities announced the arrest of “spies” accused of being involved in Stuxnet but their links with foreign powers, if any, were never detailed.
View full post on National Cyber Security » Computer Hacking
