InSecurity Complex

Many organizations are focused on stopping random hackers and blocking pornography when they should be concerned with bigger threats from professional cybercriminals, according to a new cybersecurity report.

In a survey conducted last year of 523 IT and security managers, top-level executives, and law enforcement personnel, hackers were rated the biggest threat, followed by insiders and foreign entities--probably because hackers are the "noisiest and easiest to detect," the 2010 CyberSecurity Watch Survey concluded.

However, attackers from nation-states and organized crime syndicates use more sophisticated techniques that can do more economic damage and go undiscovered, said the report, sponsored … Read more

StopBadware, the anti-malware effort run out of Harvard's Berkman Center for Internet & Society, is spinning off to become a separate nonprofit with funding from Google, PayPal, and Mozilla, the organization was set to announce on Monday.

StopBadware was launched four years ago to help companies keep spyware, viruses, adware, and other malware off their sites. The project collects and analyzes data from Web sites and advocates for safer practices.

The group's "badware alerts," expose applications that violate its badware guidelines and have AOL, Real Networks, Sears, and others to change their practices regarding customer choice. … Read more

Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday.

The incidence of malicious attacks rose from 12 percent in 2008 to 24 percent last year, according to the 2009 Annual Study: U.S. Cost of a Data Breach survey conducted by the Ponemon Institute and sponsored by PGP Corp.

The cost per compromised record involving a criminal act averaged $215, about 40 percent higher than breaches from negligence … Read more

The California Department of Motor Vehicles department suffered a network outage on Thursday due to an equipment glitch, a state official said.

A router switch malfunctioned, said Bill Maile, spokesman for Office of Technology Services for the state of California.

"It's very rare," he said. "Our staff quickly diagnosed the problem and re-routed network traffic to restore connectivity."

The network was down for about two hours and was restored at about 1:40 p.m. PST, according to Maile.

There are 168 DMV offices throughout the state, said Jan Mendoza, spokeswoman for the DMV.

"… Read more

Facebook has fixed a hole that allowed strangers to see your friends list by accessing the site using a mobile device, the company said on Thursday.

"There was an inconsistency between the Web and mobile versions of the site for the friend list visibility option," Facebook spokesman Simon Axten said in an e-mail.

"Remember that with the privacy changes we made back in December, your friend list is now publicly available information," he said. "You can't shut off access to it completely, but you can hide it from your profile for non-friends. This visibility … Read more

Microsoft on Thursday issued a cumulative critical patch for Internet Explorer that fixes eight vulnerabilities, including a hole targeted in the China-based attacks on Google and other U.S. companies.

The security update is rated critical for all supported releases of IE 5, 6, 7, and 8, according to the advisory. The more severe vulnerabilities could allow remote code execution if a user views a malicious Web page using IE, it said.

This IE security update was already planned for release on the next scheduled Patch Tuesday (February 9), Jerry Bryant, senior security program manager at Microsoft, said in a … Read more

Microsoft is warning customers of a hole in the kernel of 32-bit versions of Windows that could allow someone to install programs, change data, or create new accounts with full user rights.

The vulnerability, caused by the Windows kernel not properly handling certain exceptions, affects 32-bit versions of Windows 7, Vista, XP, 2000, and Server 2003 and 2008, according to the security advisory released on Wednesday night. It does not affect 64-bit versions of Windows.

"We are not currently aware of any active attacks against this vulnerability, and Microsoft believes the risk to customers, at this time, is limited,&… Read more

Apple fixes a dozen vulnerabilities affecting Mac OS X 10.5 and 10.6 in its first security update for the year released on Wednesday.

The security update addresses several issues with the Flash Player plug-in, including one that could allow an attacker to take control of the computer if the user visits a malicious Web site.

Also patched were holes in CoreAudio, ImageIO, and Image RAW that could lead to arbitrary code execution and allow an attacker to take control of the computer if a malicious MP4 audio file were played, or malicious TIFF (Tagged Image File Format) or … Read more

Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security … Read more