InSecurity Complex

Editor's note: This is the third in a series of articles discussing how people in the tech industry are working with or around federal and state governments.

During the first Gulf War, Greg Nojeim went to Washington National Airport to observe Arab Americans being pulled out of lines and put through security checks that weren't required of other passengers. The evidence he gathered was used by his employer, the American-Arab Anti-Discrimination Committee, to sue Pan Am World Airways on allegations of racial profiling.

Now an attorney with the Center for Democracy and Technology (CDT), he's still fighting … Read more

Facebook has sued three men, alleging they used phishing techniques to get access to Facebook user accounts and then sent spam from the compromised accounts.

The lawsuit was filed Monday in federal court in San Jose, California, and named as defendants Jeremi Fisher, Philip Porembski, Ryan Shimeall and the companies associated with them, Choko Systems, Harm, and iMedia Online Services, according to a Facebook statement late on Tuesday. The defendants could not be reached for comment.

The defendants are accused of launching at least four spam campaigns over the last couple of years, the latest in the last three months … Read more

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday.

In so-called "SEO poisoning," scammers use search engine optimization techniques to increase the distribution of malware. They create special malware-rigged Web sites or hide malware on legitimate Web sites they've compromised and then use tags associated with popular search terms to get them listed high up in search engine results.

Typically, scammers capitalize on public interest in news events or celebrities, targeting searches like "Swine Flu" or "Michael Jackson death." … Read more

Symantec on Tuesday confirmed a vulnerability in Adobe Acrobat and Reader and said it was being exploited by a Trojan hidden in e-mail attachments.

The malicious Adobe Acrobat PDF file is distributed via an e-mail attachment that "drops and executes when opened on a fully patched system with either Adobe Acrobat or Reader installed," Symantec said in a statement.

Symantec identified the file as Trojan Pidief.H, which targets Windows 98, 95, XP, Windows Me, Vista, NT, 2000 and Server 2003.

The rate of infection is extremely limited and the risk assessment level is very low, according to … Read more

Adobe warned of reports of an attack exploiting a hole in Reader and Acrobat on Monday.

"This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild," the company said in an advisory on its Security Incident Response Team blog. "We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information."

Three different security vendor partners reported the alleged exploit to the company on Monday afternoon, said Adobe spokeswoman Wiebke … Read more

A lawsuit filed against Heartland Payment Systems over what is believed to be the biggest data breach in U.S. history has been dismissed.

The lawsuit was filed in January against Heartland by shareholders who alleged that Heartland failed to adequately safeguard the compromised consumer data and did not notify consumers about the breach in a timely manner as required by law.

The U.S. District Court for the District of New Jersey granted Heartland's motion to dismiss the lawsuit on Monday, Heartland said in a statement on Wednesday. The court said the plaintiffs had not proved their allegations … Read more

Microsoft released fixes on Tuesday for critical vulnerabilities in Internet Explorer, including one for which exploit code has been released.

Adobe, meanwhile, was scheduled to release a critical update affecting Flash Player and Adobe AIR, following news of exploit code being released for a vulnerability in Illustrator CS3 and CS4 on Windows and Mac last week.

Microsoft's regular Patch Tuesday release includes six security bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server, and Office.

However, priority should be given to the cumulative IE bulletin, which affects all major Windows versions including Windows 7, IE 6, IE 7, and … Read more

Google is taking legal action to stop companies from allegedly using the search giant's name to trick people into paying for supposed work-at-home kits advertised online and in e-mails.

The company filed a lawsuit on Monday in federal court in Salt Lake City against Pacific WebWorks and other, unnamed defendants alleging trademark infringement and dilution, unfair competition, federal cyberpiracy, and violation of consumer sales practices. The lawsuit can be amended to add the names of additional defendants as they are uncovered.

"This action seeks to stop a widespread Internet advertising scam that is defrauding the public by misusing … Read more

The Department of Defense has pulled a parental control product from its online store serving military families after learning that the company collects childrens' data, according to documents the Electronic Privacy Information Center (EPIC) obtained from the government agency.

EPIC has filed a complaint (PDF) with the Federal Trade Commission alleging that Echometrix, maker of FamilySafe parental control software, violates the Children's Online Privacy Protection Act by collecting personal information from children and disclosing it to third parties for market intelligence purposes. Echometrix denies the allegations.

After learning that the Defense Department's Army and Air Force Exchange Service (… Read more