Security

Cisco settles dispute with flaw researcher

Networking giant Cisco Systems has come to an agreement with Michael Lynn, the researcher who quit his job to be able to present a paper on security in Cisco router software.

Lynn said at a press conference Thursday that he has agreed not to talk publicly any more about the research, which outlined how attackers could take over Cisco routers and potentially bring the Internet to its knees.

He also said he had acceded to a permanent injunction imposed by a California federal court earlier Thursday in response to a motion by Cisco and Lynn's former employer, Internet Security … Read more

Oracle: Unbreakable no more?

Big technology companies routinely make boastful claims about their products. Despite marketers' best efforts, most of those pledges are little noticed and quickly forgotten. But some security researchers have taken Oracle's "Unbreakable" marketing campaign to heart, even though the company has begun moving away from that label.

When Oracle launched the campaign four years ago, the company said its Oracle 9i database was "unbreakable," and that unauthorized users couldn't "break it" or "break in."

Larry Ellison, Oracle's CEO, repeatedly compared his company's security record against that of arch-rival … Read more

Bidding for bugs?

TippingPoint's new Zero Day Initiative has some security researchers seeing dollars in their eyes. There now is another place to go to with information on security vulnerabilities, aside from underground buyers that is. TippingPoint and rival iDefense may end up bidding against each other for details on bugs.

"We will see a legal market appear to trade vulnerability information. If a good price comes out from the competition between the actors of this market, it will definitely attract more people to legal security research," Gael Delalleau, a security researcher in France who has contributed the iDefense program, … Read more

Russian spammer murdered

Who killed Vardan Kushnir?

Kushnir, allegedly one of the world's more prolific spammers, was found beaten to death in his Moscow apartment, according to a report on the vnunet.com Web site.

The Russian's apartment appeared disheveled, with a number of valuable items apparently stolen, according to the report. Police will review footage of a courtyard in Kushnir's apartment complex, hoping to find clues to the perpetrator.

Kushnir, who ran a language institute, allegedly spammed millions of people with offers of English classes taught at his American Language Center.

May I use your Wi-Fi?

If you don't secure your wireless network, I don't think it should be a crime if somebody else uses it. To be sure, there are plenty of people who leave their Wi-Fi networks open for the purpose of sharing their Internet connection.

But apparently not everybody agrees.

A Florida man was arrested in April and was set to have a pretrial hearing this month on charges of unauthorized access to a computer network, a third-degree felony, the Associated Press reported earlier this week.

In the U.K., a man was fined 500 pounds ($880) and sentenced to 12 … Read more

New search tools aim to identify phishers, fraudsters

How do you know if that car rental agency in Italy that you found on Yahoo is legit? GeoTrust, which specializes in software for authenticating Web sites and e-commerce transactions, is coming out with tools that will help you figure that out.

Later this year, the company plans to offer tools for "trusted search," CEO Neil Creighton said during a meeting at the AlwaysOn conference in Palo Alto. In a nutshell, this means that search results will feature a badge or mark to indicate whether a company has been properly identified and authenticated through GeoTrust's software. The … Read more

Bank branch robberies are passe

Three Japanese banks were the latest victims of an online heist, in which a total of $84,000 was illegally withdrawn via the use of spyware, according to Japanese media reports Wednesday.

The funds were pilfered from nine accounts spread among Mizuho Bank, eBank Corp. and Japan Net Bank, after a malicious attacker used spyware to gain eventual access to the accounts. The institutions are currently wrestling with how to compensate the customers for their losses, the report noted.

The recent incidents in Japan come as online banking increases in popularity, but bankers fear interest will be tempered by the … Read more

Bad News Bears: Privacy risk in the toy store

You're never too young to market to, apparently. San Francisco Chronicle columnist David Lazarus wrote his column on Wednesday about the privacy perils even tots face in this increasingly consumerized digital world. He talked to the mother of two children, ages 7 and 9, who went to a Build-A-Bear Workshop at an outlet in Santa Clara, Calif., to order customized teddy bears. While entering information into a computer at the store for "birth certificates" for the bears, the kids were asked to provide their name, birth date, gender, home address and e-mail address. Boxes giving the company … Read more

Hitting back at spammers

Spammers have not been deterred by filters or laws, so it is time for more drastic action, according to Blue Security. The Menlo Park, Calif., start-up thinks spammers will surrender if their Web sites are crippled by a flood of complaints about their annoying messages.

Blue Security is solliciting Internet users to participate in its complaint campaign. Users who sign up will have to install a client on their PC that, when Blue Security receives spam, will follow the links contained in the message and look for forms that accept text. The software then automatically fills out the fields with … Read more