|
E-mail \\WILD
To let your visitors read fresh news
put a link on your site using this button.
|
Latest headers from
Hack In The Box
|
go to Hack In The Box
|
NHS trusts lose 31,000 patient records on seven unencrypted laptops
Two NHS trusts have lost unencrypted laptops containing 31,000 patient records.
A laptop containing 11,000 patient records was stolen from a GP's home in Wolverhampton. And St George?s Hospital in London has admitted that six laptops were stolen from its filing cabinets at the start of the month, containing the records of 20,000 patients.
Both data breaches break Department of Health policy that states NHS mobile devices must be protected by encryption. Neither trust has offered an explanation as to why the data was unencrypted.
8 out of 10 company PCs lacking basic security
Eight out of 10 PCs are lacking at least one type of basic security, according to new data from Sophos.
The computers do not have the latest Microsoft security patches, or have disabled client firewalls or are missing endpoint security software updates.
The IT security firm collated information from those using its free online scanning tool which scans PCs for security vulnerabilities.
Microsoft releases near-final beta of HPC Server 2008
Microsoft Wednesday said it plans to release at the end of the month another beta of its Windows HPC Server 2008 and that the final version will ship by year-end.
The beta is the first release candidate (RC), which Microsoft says is feature complete. An RC is a final beta before the code is considered finished. Microsoft officials said they plan to have one more RC before development is complete.
Microsoft made the announcement at the start of the International Supercomputing Conference in Dresden, Germany, where it also placed for the first time in the Top 25 of the world's largest supercomputers. Windows High Performance Computing (HPC) Server 2008 is Microsoft's entry into the battle with Linux to provide platforms for research and other compute-intensive workloads. Linux is clearly the dominant player in the market with Microsoft battling to prove its mettle.
HADOPI - New French anti-piracy agency
France is to press ahead with its campaign to bar surfers who download files illegally from accessing their broadband accounts.
Under new laws which were introduced by Culture Minister Christine Albanel, a new state agency to be called the High Authority for Copyright Protection and Dissemination of Works on the Internet, or Hadopi, will be set up to track pirates.
The anti-piracy agency was introduced as part of a new raft of legislation designed to encourage responsible use of the internet.
Browser Wars: Mozilla vs. Safari vs. Internet Explorer
With Apple aggressively pushing Safari to Windows users who are running iTunes, and Mozilla and Opera releasing new versions of their popular browsers, it seems that the browser wars are hotting up once again.
Is a second browser war going to be a good thing or a bad thing for web users?
The current state of play is that Internet Explorer dominates the Web, commanding some 74 per cent. Following at a distant second is Firefox, with some 18 per cent market share. Safari holds some 6 per cent (hardly snapping at Firefox?s heels, despite Apple?s posturing), while Opera trails far behind with a 0.7 per cent market share.
UK ISPs fight file-sharing laws
The government has renewed its threat to introduce laws to force ISPs to control online music and film piracy and file-sharing.
But the Internet Service Providers' Association (ISPA) has hit back, warning the government that legislation could result "in cumbersome regulation".
Malcolm Wicks, the business, enterprise and regulatory reform minister, told Parliament that government had to recognise its hopes for a "voluntary agreement" with ISPs to regulate illegal file trading online "might be too ambitious".
Nigeria: First Cybercrime Confab Seeks Security Measures
As the menace of cybercrime continues to ravage the economy, an anti cyber crime campaign organisation, Global Network for Cyber solution, is collaborating with the Federal Ministry of Justice and the National Information Technology Development Agency NITDA to ensure digital national security.
A statement made available to THISDAY said that the organisations are set to hold the first national conference on cybercrime and cyber security in Nigeria. The event is geared towards sensitising Nigerians to the menace of cyber crime.
The major preoccupation of the event according to the statement, is premised on the need to provide a cross platform cyber security solution framework that can be proactively incorporated into existing National Government economic development programme of actions as encapsulated in vision 2020.
Security headaches increase for IT managers
NTA Monitor?s 2008 Annual Security Report has revealed that the average number of vulnerabilities found per test has increased to 21 compared with 19 in 2007, showing that IT security managers now have more issues with which to contend.
The report analyses data gathered from external Internet vulnerability tests conducted by NTA on UK organisations in a wide range of industry sectors, including finance, Government, retail, IT, charities and the legal sector. Apparently, the types of risk giving organisations the greatest headache are service-specific vulnerabilities and these types of security issues accounted for 60% of all risks identified.
Overall, the indication is that organisations are becoming more successful at avoiding critical vulnerabilities, with only 25% of companies tested containing one or more high risk vulnerabilities - which are widely known and actively exploited by hackers - compared to 32% in 2007.
Sensitive information found on state surplus computers
Lawmakers expressed alarm Wednesday over a legislative report showing that confidential information was left on outdated state computers being released for sale to the public.
The Legislative Division of Post Audit found that several state agencies had failed to adequately remove sensitive data from some machines, including Social Security numbers and password files.
The computers had been turned over to a government office that disposes of excess state property for Topeka-based agencies, but they hadn't been sold.
Citibank Hack Blamed for Alleged ATM Crime Spree
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say.
"We've never heard of PINs coming out of the bank environment," says Dan Clements, CEO of the fraud watchdog company CardCops, who monitors crime forums for stolen information.
Melbourne Uni supercomputer aims to cure cancer
The next breakthrough in the study of diseases such as cancer may come from a digital mind, with the University of Melbourne and the Victorian government planning to invest AU$100 million in a supercomputer devoted to the life sciences.
Victorian Premier Steve Brumby announced the project this week, pledging AU$50 million from the state government. The remaining AU$50 million will come from Melbourne University.
Brumby said the supercomputer will have "hundreds" of teraflops of computing power, making it the world's largest supercomputer devoted to the life sciences.
iPhone 3G good but security concerns abound
The big cheeses of the analyst world, Gartner, have released an interim update on the iPhone 3G that goes into detail on all the improvements and issues that Apple has delivered ? and still faces. The company most at threat from the fruity contender? Nokia.
Gartner?s latest report on the iPhone 3G, by Ken Dulaney, sells for US $495. It?s an 8-page summary of all the important things that companies need to know about Apple?s newest piece of technology.
While many who have been fervently reading the endless flood of iPhone articles would probably already know most of what the Gartner article contains, and would likely come to the same conclusions, Gartner isn?t arguably the world?s most respected analyst firm for nothing. I?ll bet this report has sold like hotcakes for them!
Auditor-General tables guidelines for ICT procurement
The Auditor-General has updated and replaced the 2001 good practice guide on procurement, including a section on information technology procurement.
The new guide includes policies and standards for public entities to consider when implementing e-procurement and reference to guidance for public entities to consider when procuring information technology.
the guidelines say a public entity that implements e-procurement systems "should ensure that any new procedures that are established meet the same legal and policy obligations that govern all government procurement".
A security company wants you to DDoS its servers
?There is no such thing as bad publicity except your own obituary? - Brendan Behan. Ypigsfly, a company describing itselfDDoS Challenge as a group of seasoned veterans of the Internet network infrastructure business, has just launched Killthisbox.com, a DDoS challenge enticing you to knock down the site for 15 minutes in exchange for a fifty dollar gift certificate from the well known geeky outlet ThinkGeek.
Are the folks behind this challenge really trying to test their new DDoS protection system, or is this a case of a guerrilla marketing approach aiming to promote the DDoS mitigation services of the company by creating controversy?
Professors Siding With Jammie Thomas in RIAA Case
A group of university professors is weighing in on the Jammie Thomas case, telling the trial judge he erred when instructing jurors that having an open share folder filled with copyrighted music amounts to infringement ? even absent proof that somebody else downloaded songs.
A Duluth, Minnesota jury in October subsequently dinged Thomas $222,000 for "making available" 24 unauthorized songs in what was the Recording Industry Association of America's first and only case against a file sharer to go to trial.
Last month, however, the judge presiding over the case, Michael Davis, suggested he should not have told jurors that Thomas was liable simply for having an open share folder on the Kazaa network. The judge invited briefing by the RIAA, Thomas' lawyers and the public at large. A hearing is set for August.
Malaysian servers found with over 500 Mb of stolen healthcare data
Secure web gateway provider Finjan has found more than 500 Mb (Megabytes) of stolen medical, business and airline data on crimeware servers in Malaysia and Argentina.
This data is stolen and traded by cybercriminals on Crimeservers - servers controlled by hackers ? according to the company?s monthly Malicious Page report. Compromised data included healthcare and business related data, as well as personal identifiable information (stolen Social Security Numbers) which would be sold by the cybercriminals through online auctions.
According to the report, the data came from all around the world and contained information about businesses, airlines and healthcare providers as well as individuals. Examples included:
4 admit hacking games websites
Four employees of a Shanghai-based Internet security company appeared before a Beijing court on Tuesday accused of attacking the website of an online games operator.
At the hearing at Haidian district court, Luo Chun, general manager of the Shanghai Share Security Network Technology Co Ltd, and three of his employees, were said to have launched attacks on several online games operators in Beijing.
They flooded targeted websites with various requests thereby crashing their systems. They then asked the websites to buy their firewall products. Li Yichao, the 19-year-old deputy general manager and a computer expert, was accused of being the main person responsible for the attacks. He was under the instructions of Luo.
Lodging eTax Can Be Hazardous Says F-Secure
Security vendor F-Secure is warning Australian taxpayers to be cautious of end of financial year specific scam and phishing attacks. The warning comes after F-Secure?s Security Labs observed a new peak of malware this year targeting tax payers in the US at the close of the financial year.
According to the Australian Taxation Office (ATO), last year 13 per cent of all Australian taxpayers (1.5 million people) lodged their tax return online, a 17 per cent increase on the previous year. This year, e-tax is likely to outnumber phone and paper lodgements for the first time with a record-breaking 1.9 million people expected to lodge their returns online.
Due to the growing popularity of ATO's online services, taxpayers are more likely to become profitable prey for cyber criminals.
Trojan-to-worm toolkit helps advanced hackers go undetected
Researchers at Panda Labs have discovered a free toolkit that allows users to turn any executable file into a worm.
The tool, believed to originate in Spain, is simple to use and can be designed with various functionality, according to Panda. The application, known as T2W, or TrojanToWorm, can be customized to disable certain operating system components, such as Task Manager, Windows Registry Editor and web browsers.
"The scary part is that you can take existing stealth-based malware and actually make it a worm," Ryan Sherstobitoff, chief corporate evangelist for Panda Security, told SCMagazineUS.com on Wednesday. "Now you can infect hundreds of desktops. That's the really scary part. Taking something that's already really dangerous and making it self-replicate."
Photobucket tipped over by Turkish hacker
Photobucket, the popular photo sharing website, became the target of a DNS hack on Tuesday. As a result of the attack some (but not all) surfers hoping to check out pictures were involuntarily redirected to a greeting from hacker NetDeliz and a message in Turkish.
A post to Photobucket's user forum blamed the problem on "an error in our DNS hosting services". It stressed that users' personal information was not affected by the redirection.
On Tuesday afternoon, some users that typed in the Photobucket.com URL were temporarily redirected to an incorrect page due to an error in our DNS hosting services. The error was fixed within an hour of its discovery, but due to the nature of the problem, some users will not have access to Photobucket for a few hours as the fix rolls out. It is important to note that only a portion of Photobucket users encountered the problem and that no Photobucket content, password information or other personal information was affected by the redirect. Security experts, such as Chris Boyd of FaceTime, and security bloggers expressed doubts about this explanation and urged the photo sharing site to issue a clearer statement about the attack.
Firefox 3 0-day found 1 day after release
Less than one day after its launch, Firefox 3 has a vulnerability.
According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.
"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team," said a representative.
Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.
A Misconfigured Laptop, a Wrecked Life
When the Commonwealth of Massachusetts issued Michael Fiola a Dell Latitude in November 2006, it set off a chain of events that would cost him his job, his friends and about a year of his life, as he fought criminal charges that he had downloaded child pornography onto the laptop. Last week, prosecutors dropped their year-old case after a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files.
An initial state investigation had come to the opposite conclusion, and authorities took a second look at Fiola's case only after he hired a forensic investigator to look at his laptop. What she found was scary, given the gravity of the charges against him: The Microsoft SMS (Systems Management Server) software used to keep his laptop up to date was not functional. Neither was its antivirus protection. And the laptop was crawling with malicious programs that were most likely responsible for the files on his PC.
Why IT sucks at being a law hound
When legal wrangling turns serious and lawyers send corporate IT departments a barrage of emails looking for information to use as evidence in an upcoming trial, the IT geeks often aren't up to the challenge.
"It seems like a simple exercise. Go to IT. They'll get the information and pass it on. It's actually much more complex than that," Maureen Duffy, national practice coordinator for legal firm Freehills, said at the Information Management and E-Discovery Summit yesterday in Sydney.
Just as few lawyers are technical gurus, very few IT employees have legal qualifications, making it difficult for them when it comes to recognising what's important. "Corporate IT is not really trained in what is legal evidence," Duffy said.
Compression lets attackers tap VoIP calls
A common compression technique can make internet telephone calls significantly more susceptible to bugging, according to recent research from Johns Hopkins University.
Internet telephony has become widely used through consumer-centric applications such as Skype, and is becoming more common in enterprises.
The new research suggests, however, that standard encryption and compression methods, when used together, are not sufficiently secure. VoIP calls are commonly encrypted using a technique that preserves the lengths of voice patterns in the original, unencrypted conversation, the researchers said.
UK minister's computer snatched
British Prime Minister Gordon Brown's spokesman Michael Ellam says a Cabinet minister's computer has been stolen from her office in a new data mishap.
Communities Secretary Hazel Blears had her desktop computer stolen from an office in northern England on Saturday. The computer contained government data.
Ellam says Brown told ministers to take more care with data at a Tuesday Cabinet meeting.
|
|
|
|
