InSecurity Complex

Online activists angered over antipiracy legislation in Congress as well as today's indictment of operators of popular file-hosting site MegaUpload attacked the sites of the U.S. Department of Justice, the FBI, Universal Music, and the Motion Picture Association of America, shutting them down at least temporarily, and were targeting many others.

"The Largest Attack Ever by Anonymous - 5,635 People Confirmed Using #LOIC Bring Down Sites!" the AnonDaily Twitter account read, referring to the Low Orbit Ion Cannon (LOIC) tool Anonymous supporters use to launch distributed denial-of-service (DDOS) attacks on sites.

Apparently Anonymous tried a … Read more

Authorities arrested a computer programmer today and charged him with stealing source code worth $9.5 million from the Federal Reserve Bank of New York.

Bo Zhang, 32, is accused of taking the software last summer while he was working as a contract employee assigned to the Federal Reserve Bank of New York.

Zhang allegedly admitted that in July 2011 he checked out and copied the code onto an external hard drive and on to his own computers, according to the complaint unsealed today. He said he used the code in connection with a computer programming training company he operated, … Read more

McAfee will release a fix this week for a bug in its SaaS for Total Protection anti-malware service that scammers were using to distribute spam, the company said today.

The problem came to light after McAfee customers reported in blog posts and forum sites that spammers were using a hole in McAfee's RumorServer relay service to secretly send spam from their machines. The customers said they noticed the problem after their e-mails were blocked by e-mail providers and their IP addresses appeared on blacklists.

The problem is isolated to the SaaS Total Protection service, according to David Marcus, director … Read more

McAfee is looking into a problem with a service in its SaaS Endpoint Protection software that appears to be allowing computers to serve as open proxies for sending spam, the company told CNET today.

"We are aware of the issue and have both threat analytics and development teams diligently analyzing the problem and possible solutions," the company said in a statement. "We will have more information on the issue shortly."

A public relations representative said she was attempting to get more information on the matter but did not get back to CNET by the end of … Read more

Hackers in Israel and other Middle Eastern countries are in the middle of a cyberwar that has led to disruptions of the Tel Aviv Stock Exchange, several Israeli banks, and an airline. As a result, some Israeli banks have blocked or are threatening to block international access to their sites to avoid attack.

No one has claimed responsibility for the attacks Monday that crippled the Web sites of the Tel Aviv bourse Web site and El Al Airlines, as well as the marketing sites of the First International Bank of Israel (Fibi), Massad bank, and Otzar Hahayal bank, according to … Read more

Google has fixed a bug in its Checkout software that exposed customer phone numbers to merchants in more than two dozen countries that charge a value-added tax--mostly in Europe and Asia.

"We had a bug in our Google Checkout merchant center and API. This meant that merchants selling digital goods may have seen buyer phone numbers which are normally provided only when users buy physical goods," a Google spokesman said in a statement.

"We fixed the problem in the merchant center and we're rolling out a fix to the API over the next few days," … Read more

Scammers are posing as Facebook security in chat sessions to try to trick people into providing their credit card information, Kaspersky Lab warned today.

"This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing Web site. It will reuse the stolen information and login to the compromised account and change both profile picture and name," writes David Jacoby, a Kaspersky Lab Expert, in a blog post.

"The profile picture will be changed to the Facebook logo and the name will be translated to 'Facebook Security'," … Read more

The Electronic Privacy Information Center today asked regulators to look into whether Google's new Search Plus feature violates federal antitrust rules and poses consumer privacy concerns.

"We asked the FTC, as part of its current investigation of possible antitrust violations, to assess whether the changes in Google Search also constitute an antitrust violation, and also whether the changes in Google Search violate the consent order Google recently signed with the Federal Trade Commission" related to how Google Buzz was launched, EPIC Executive Director Marc Rotenberg said in a conference call today.

For EPIC, it's a bit … Read more

Ten years ago, Microsoft had a big problem. Buggy code was allowing viruses like "CodeRed," "ILoveYou," and "Nimda" to infect millions of computers running its Windows and Microsoft's Web server software.

Times have changed.

Back then, the steady stream of worm outbreaks, coding glitches that annoyed users, and security weaknesses reported by outside researchers was having a steady and negative effect on the company's reputation. Microsoft was everywhere on consumer and corporate PCs worldwide, but the software giant couldn't seem to deliver solid software.

Then came a famous Bill Gates memo … Read more