Privacy and data protection

If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing.

Phishing attacks have spiked this year, according to recent reports. The Anti-Phishing Working Group reports that there were more than 55,600 phishing attacks in the first half of 2009 alone. Phishing is particularly dangerous because once criminals get a victim's password for one Web site they can often … Read more

The revised Google Books settlement agreement may quiet international opponents, but it still gives Google a monopoly on commercializing out-of-print books where the copyrights are unclaimed and fails to protect consumer privacy, opponents said on Monday.

"We're at a cross roads," Internet Archive Director Brewster Kahle said during a panel late Monday on the Future of Books at the Commonwealth Club in San Francisco. "Is it going to be a subscription life...where one or two companies own the distribution and presentation (rights) to these books?"

In response, Google Books Engineering Director Dan Clancy said: &… Read more

VeriSign, which runs the master database for such domains as .com and .net, says a significant Internet security vulnerability will be closed by 2011, after delays caused by technical aspects of the implementation.

The problem is that DNS, the Domain Name System that translates Internet addresses into numerical values, can be seeded with false values and used to misdirect users. VeriSign told ZDNet on Friday that it will put in place DNSSEC, a protocol that will guarantee the origin and integrity of DNS data for the .com and .net domains, by the first quarter of 2011.

Read more of "… Read more

The cost benefits of virtualization are well-documented, allowing enterprises to significantly reduce the space and electrical power required to run data centers and streamline the management of an ever-growing number of servers.

Virtualization also provides means for expedient scalability. Given today's economic climate and cost-cutting mandates, it is not surprising that analyst firm Gartner recently predicted that 50 percent of workloads will run inside virtual machines by 2012.

What many organizations fail to understand, according to Amir Ben-Efraim, CEO of virtualization security provider Altor Networks, is that collapsing multiple servers into a single one with several virtual machines inside eliminates all firewall, intrusion detection, and other protections in existence. Physical security measures literally become "blind" to traffic between VMs, since they are no longer in the data path.

This echoes comments made by Gartner analyst Neil MacDonald, who wrote in a recent presentation titled "Securing the Next-Generation Virtual Data Center" (subscription required), that "most virtual machines you deploy will be less secure than the physical systems they replace," and that "virtualization will radically change how you secure and manage computing environments."

VMware recently launched a partner program to help ISVs develop solutions certified as "VMsafe." VMsafe provides API sharing through a secure container, enabling partner companies to access virtual environments. This virtual security technology provides fine-grained visibility over virtual-machine resources, including monitoring every aspect of the system with the ability to address previously undetectable viruses, rootkits, and malware before they can infect a system.

I spoke to Ben-Efraim to better understand the issues around VM security and for what users should be on the lookout. According to him, there are two common approaches that use existing methods to secure virtual-network traffic: using VLANs to separate and control communication between VMs; and taking software-based firewalls and running them as agents on each VM. Unfortunately, both of these approaches fall short.

VLAN segmentation extends the notion of LAN resource segmentation to include VMs. The approach essentially requires that VMs, which can naturally be grouped (i.e. by function or user base), be isolated from other VMs by use of virtual switches and routing (i.e. the human resources VLAN contains HR-serving VMs). However, VLAN segmentation is not a permanent solution to securing environments because of networking complexities, performance degradation, and security limitations of the approach, Ben-Efraim said. … Read more

A group of Eastern Europeans was charged with hacking into the network of payment processor RBS WorldPay and using counterfeit debit cards at ATMs around the world to steal more than $9 million, the U.S. Justice Department said on Tuesday.

Four of the defendants allegedly collaborated to break into the RBS WorldPay network on November 4, 2008, where they got access to the account numbers for prepaid payroll cards used by employees to withdraw salaries from ATMs, according to the indictment from a federal grand jury in Atlanta. The defendants allegedly reverse-engineered the PINs associated with the accounts from … Read more

A story recently surfaced saying malware could plant child porn on innocent people's computers without their knowledge. Just how real is this threat? And how can you keep it from happening to you?

Being accused of possessing child pornography can ruin people's reputations, confront them with overwhelming legal bills and, if convicted, and deprive them of their freedom for years if sentenced to prison time, and perhaps for life, if they're required to register as sex offenders.

That is why, at least in part, a recent case outlined by the Associated Press raised concerns over computer viruses … Read more

As part of his Master of Fine Arts thesis project, Zach Gage wrote a game to run on Macintosh computers that resembles Space Invaders but with a digital roulette twist--for every alien space ship the player destroys a random file on the computer is deleted.

"Lose/Lose is a video-game with real life consequences. Each alien in the game is created based on a random file on the player's computer. If the player kills the alien, the file it is based on is deleted. If the player's ship is destroyed, the application itself is deleted," the … Read more

Criminals have tried to steal an estimated $100 million from corporate bank accounts using targeted malware and money mules, the FBI said on Tuesday.

"Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts," the agency said in a statement.

The FBI is seeing, on average, several new victim complaints and cases every week, according to a report prepared by the Internet Crime Complaint Center and linked to in the FBI release.

Brian Krebs reported … Read more

A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.

One of the victims posted a screenshot from his iPhone of the SMS received. It said: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."

The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.

Ars Technica reports that before the page was removed, it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."… Read more