Slashdot Mirror
Domain: net-security.org
Stories and comments across the archive that link to net-security.org.
Stories · 444
-
The Significant Decline of Spam
Orome1 writes "In October Commtouch reported an 18% drop in global spam levels (comparing September and October). This was largely attributed to the closure of Spamit around the end of September. Spamit is the organization allegedly behind a fair percentage of the world's pharmacy spam. Analysis of the spam trends to date reveals a further drop in the amounts of spam sent during Q4 2010. December's daily average was around 30% less than September's. The average spam level for the quarter was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%." -
Passwords Are the Weakest Link In Online Security
Orome1 writes "It's not surprising to find that 79% of consumers use risky password construction practices, such as including personal information and words. The recent Gawker breach and a detailed analysis of breached passwords show undeniably that passwords continue to be the Achilles' heel of the average Internet user. This insecure trend sadly doesn't shift as 26% of users reuse the same password for important accounts such as email, banking or shopping and social networking sites while 29% had their own email or social network account hacked, and over half (52%) know someone who has had a similar problem." -
NSA Considers Its Networks Compromised
Orome1 writes "Debora Plunkett, head of the NSA's Information Assurance Directorate, has confirmed what many security experts suspected to be true: no computer network can be considered completely and utterly impenetrable — not even that of the NSA. 'There's no such thing as "secure" any more,' she said to the attendees of a cyber security forum sponsored by the Atlantic and Government Executive media organizations, and confirmed that the NSA works under the assumption that various parts of their systems have already been compromised, and is adjusting its actions accordingly." -
Operation Payback and Hactivism 101
Orome1 writes "While individual acts of hacktivism are inconvenient, something else happens when hacktivists group together — they commonly perform a DDoS attack. Techniques have advanced to automate the process, making the attacks more powerful and thus more able to bypass security controls — the effect, however, remains the same. Let us take a look at the recent Operation Payback which has gained notoriety in the past few months." -
Cybergang Compromises Every ATM In Russian City
Orome1 writes "A group of fraudsters has been arrested in Yakutsk and Moscow for allegedly compromising all the ATMs in the city of Yakutsk — population: around 210,000 — in the Republic of Yakutia in the Russian Federation. Three of the men formed the actual criminal group, and the fourth — a Moscow-based malware developer — was 'subcontracted' by them and received 100,000 rubles (some $3200) to develop a custom ATM virus with which they would infect the devices." -
The Golden Hour of Phishing Attacks
Orome1 writes "Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims' credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn't include the time required to take down the phishing Web site, they've dubbed the first 60 minutes of a phishing site's existence is the critical 'golden hour.'" -
ProFTPD.org Compromised, Backdoor Distributed
Orome1 writes "A warning has been issued by the developers of ProFTPD, the popular FTP server software, about a compromise of the main distribution server of the software project that resulted in attackers exchanging the offered source files for ProFTPD 1.3.3c with a version containing a backdoor. It is thought that the attackers took advantage of an unpatched security flaw in the FTP daemon in order to gain access to the server." -
Whitehat Hacker Moxie Marlinspike's Laptop, Cellphones Seized
Orome1 writes "The well-known whitehat hacker and security researcher who goes by the handle Moxie Marlinspike has recently experienced firsthand the electronic device search that travelers are sometimes submitted to by border agents when entering the country. He was returning from the Dominican Republic by plane, and when he landed at JFK airport, he was greeted by two US Customs officials and taken to a detention room where they kept him for almost five hours, took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them." -
50 ISPs Harbor Half of All Infected Machines
Orome1 writes "As the classic method of combating botnets by taking down command and control centers has proven pretty much ineffective in the long run, there has been lots of talk lately about new stratagems that could bring about the desired result. A group of researchers from the Delft University of Technology and Michigan State University have recently released an analysis of the role that ISPs could play in botnet mitigation — an analysis that led to interesting conclusions. The often believed assumption that the presence of a high speed broadband connection is linked to the widespread presence of botnet infection in a country has been proven false." -
50 ISPs Harbor Half of All Infected Machines
Orome1 writes "As the classic method of combating botnets by taking down command and control centers has proven pretty much ineffective in the long run, there has been lots of talk lately about new stratagems that could bring about the desired result. A group of researchers from the Delft University of Technology and Michigan State University have recently released an analysis of the role that ISPs could play in botnet mitigation — an analysis that led to interesting conclusions. The often believed assumption that the presence of a high speed broadband connection is linked to the widespread presence of botnet infection in a country has been proven false." -
Targeted Attacks Focus On Economic Cyberterrorism
Orome1 writes "When it comes to dangerous Web threats, the only constant is change and gone are the days of predictable attack vectors. Instead, modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more. Phishing, compromised websites, and social networking are carefully coordinated to steal confidential data, because in the world of cybercrime, content equals cash. And, as a new Websense report illustrates, the latest tactics have now moved to a political and nationalistic stage. Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers." -
Man Loses Millions In Bizarre Virus-Protection Scam
Orome1 writes "A US court has heard that a couple conned at least $6 million from the great-grandson of an oil industry tycoon after he brought his virus-infected computer in for repair. The couple are said to have tricked the composer into believing that, while investigating the virus, they had found evidence that his life was in danger – concocting a story that the virus had been tracked to a hard drive in Honduras, and that evidence had been found that the composer's life was in danger." The victim here, Roger Davidson, may have lost as much as $20 million, after being convinced that he was in danger from a grand conspiracy. Vickram Bedi and girlfriend Helga Invarsdottir convinced Davidson to pay $160,000 monthly, and possibly much more, for their help. -
Toy Robots Can Guard Your Home
Orome1 writes "Worried about burglars ransacking your house? Buy yourself some toy robots! It is what Robert Oschler, a Florida-based programmer, did. He bought a Rovio — a Wi-Fi enabled mobile webcam robot that can be picked up from toy sections of many stores — and modified it to suit his needs. The robot already has a camera, a microphone and speakers, but the improvements he made to the software allowed him to enhance the audio and video quality of this existing equipment, and to create specific routines for the robots. This way, every time he feels the need to check what's going on in the house, he simply goes online with his laptop and directs the robot through the house." -
Firesheep Countermeasure Tool BlackSheep
Orome1 writes "Slashdot already covered Firesheep, the Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network. BlackSheep does this by dropping 'fake' session ID information on the wire and then monitors traffic to see if it has been hijacked." -
Most Americans Support an Internet Kill Switch
Orome1 writes "Sixty-one percent of Americans said the President should have the ability to shut down portions of the Internet in the event of a coordinated malicious cyber attack, according to research by Unisys. The survey found that while Americans are taking proactive steps to protect themselves against cybercrime and identity theft, only slightly more than a third of Internet users in the US regularly use and update passwords on their mobile devices – creating a potentially huge security hole for organizations as more consumer devices invade the workplace. The findings illustrate that recent events such as the Stuxnet computer worm attack and the attempted Times Square car bombing may have heightened the American public's awareness of and concern over global and domestic cybersecurity threats." -
Firefox Extension Makes Social-Network ID Spoofing Trivial
Orome1 writes "A simple-to-use Firefox plugin presented yesterday at Toorcon in San Diego has hit the security world with the realization that squabbles about Facebook's changing privacy settings and various privacy breaches simply miss the point. 'When it comes to user privacy, SSL is the elephant in the room,' said Eric Butler, the developer of the extension in question, dubbed Firesheep. By installing and running it, anyone can 'sniff out' the unencrypted HTTP sessions currently allowing users on that network segment to access social networks, online services and other website requiring a login, and simply hijack them and impersonate the user." -
Politically Motivated Cyber Attacks
Orome1 writes "According to a new report, 53 percent of critical infrastructure providers report that their networks have experienced what they perceived as politically motivated cyber attacks. Participants of the Symantec survey claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses. Participants from the energy industry reported that they were best prepared for such an attack, while participants from the communications industry reported that they were the least prepared." -
Exploits Propagated Via Social Media Increase
Orome1 writes "Infection via email, traditionally the most popular vector for spreading malware, has declined in favor of greater use of social media. These include clickjacking attacks using the Facebook 'Like' button, fake Web pages positioned on search engines (BlackHat SEO), and zero-day vulnerability exploits. The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices. A number of different threats have appeared, primarily aimed at racking up phone bills or using the geolocalization function to transmit a user's position to a third party." -
Gang Arrested For Stealing Millions Using ZeuS
Orome1 writes "Nineteen people were arrested yesterday in the UK and are suspected of being part of an Eastern European gang that used the ZeuS Trojan to steal online banking credentials from unsuspecting victims and siphon around £2 million per month to their accounts." -
Interpol Chief's Identity Spoofed On Facebook
An anonymous reader writes "Ronald Noble, Interpol's Secretary General, has revealed that cybercriminals have opened two fake Facebook accounts using his name and used them to gather sensitive information. 'One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red,' Noble said. 'This Operation was bringing investigators from 29 member countries at the Interpol General Secretariat to exchange information on international fugitives and lead to more than 130 arrests in 32 countries.'" -
HP To Acquire ArcSight For 1.5 Billion
An anonymous reader writes "HP and ArcSight have signed a definitive agreement for HP to acquire ArcSight, a security and compliance management company, for $43.50 per share, or an enterprise value of $1.5 billion. The acquisition will be conducted by means of a cash tender offer for all of ArcSight's outstanding shares of common stock. The closing of the acquisition, which is subject to customary closing conditions, is expected to occur by the end of the calendar year." -
Rogue Employees Sell World Cup Fans' Passport Data
An anonymous reader writes "Reports are coming in that the Information Commissioner's Office has started investigating FIFA, the world football governing body, over allegations that details of thousands of World Cup fans' — including their passport data — were accessed by one or more members of staff and then sold on the black market. It is alleged that the details of more than 35,000 English fans — who visited Germany for the 2006 World Cup — had their passport and allied data sold to ticket touts for marketing purposes." -
Behind the Scenes and Inside Workings of a CERT
An anonymous reader writes "Ireland's Computer Emergency Response Team differs from what you can find in most other countries, since it's not government-backed and relies mainly on the good will of several security professionals. In this interview, the founder and head of the CERT, Brian Honan, talks about how the CERT was formed, what equipment they use and what challenges they face in their daily work without having a government to back them up." -
Spammers Attack Apple's Ping Social Network
An anonymous reader writes "Scammers and spammers have deluged the new Ping musical social network, created by Apple and built into the new version of iTunes. Sophos researchers have found that Ping is being overrun by scams and spam messages. 'Apple seems to have anticipated a certain degree of malfeasance, as profile pictures that you upload will not appear until approved by Apple. They are likely filtering for other offensive content as well, so they probably have means in place they could use to stop the spam.' It's ironic that the most common scams on Ping right now revolve around Apple's own iPhone." The Sophos blog post adds that Apple is doing their best to clamp down on the spam, manually deleting many of the offending messages for now. Reader Tootech adds that Facebook integration was quickly disabled, possibly because of blocked API access. -
Misconfigured Networks Main Cause of Breaches
An anonymous reader writes "Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role." -
25% of Worms Spread Via USB
An anonymous reader writes "In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that approximately 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer." -
Employees Would Steal Data When Leaving a Job
An anonymous reader writes "Employees openly admit they would take company data, including customer data and product plans, when leaving a job. In response to a recent survey, 49% of US workers and 52% of British workers admitted they would take some form of company property with them when leaving a position: 29% (US) and 23% (UK) would take customer data, including contact information; 23% (US) and 22% (UK) would take electronic files; 15% (US) and 17% (UK) would take product information, including designs and plans; and 13% (US) and 22% (UK) would take small office supplies." -
5 Million Domains Serving Malware Via Network Solutions
An anonymous reader writes "A compromised widget provided by Network Solutions was serving malware on otherwise legitimate websites. But, as bad as this discovery was, it was overshadowed a couple of days later by another revelation: the widget is automatically included on every 'parked domain' by Network Solutions! Searches on Google and Yahoo! revealed 500,000 and 5,000,000 domains affected and serving malware, respectively. A manual check of some 200 parked domains on the list showed that all of them were provided with the malware-serving widget." The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later. -
Loss of Personal Info As Stressful As Losing a Job
An anonymous reader writes "Americans feel most vulnerable about the loss or theft of their personal or financial information, according to a national survey. 54% of Americans said the prospect of losing this data 'extremely concerned' them. Losing personal or financial information ranked similar to concern over job loss and not being able to provide healthcare for their family. In terms of specific risks within the online threat landscape, identity theft ranked as the chief fear. Nearly a third of Americans reported identity theft as their greatest concern to personal safety and security on the Internet. The fear of someone hacking into their financial information or accounts ranked a close second, with a quarter of Americans listing it as their greatest worry." -
Large Zeus Botnet Used For Financial Fraud
An anonymous reader writes "A large Zeus version 2 botnet is being used to conduct financial fraud in the UK and is operated from Eastern Europe. The botnet appears to be controlling more than 100,000 infected computers. The criminals have been harvesting all manner of potentially lucrative and revenue-producing credentials — including online account IDs plus login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks, and even FTP passwords." -
Long-Term Liability For One-Time Security Breaches?
An anonymous reader writes "Not a month goes by where we don't hear about a theft of some organization's laptop containing sensitive personal information, not to mention the even more frequent — but often kept secret — breaches into company networks and databases. It is definitely true that you should be responsible for the security of your information when you handle it, but what happens when the theft of your information is not your fault? You have handed over this information to a company or organization and trusted them to keep is secure, but they failed. They might notify you of the breach or theft, and they might even set up a credit monitoring service for you for a year or two, but the problem is that this information may be used years from now. Is it fair that you have to worry for decades and pay for further credit monitoring when they are to blame for your information ending up in the wrong hands?" -
ATM Vendors Threaten, Stop Research Presentation
An anonymous reader writes "A presentation about 'The Underground Economy,' by Italian white hat hacker and security expert Raoul Chiesa, was replaced at the last minute during last week's Hack In The Box conference. The reason behind this cancellation was that Chiesa received legal pressure from ATM vendors over the fact that the originally scheduled presentation covers details of various techniques and exploits of vulnerabilities that cyber criminals use to break into ATMs — flaws that have been known for a long time." -
Twitter To Establish Information Security Program
An anonymous reader writes "Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the 30th case the FTC has brought targeting faulty data security, and the agency's first such case against a social networking service. Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers." -
IEEE Releases 802.3ba Standard
An anonymous reader writes "EEE announced the ratification of IEEE 802.3ba, a new standard governing 40Gbps and 100Gbps Ethernet operations. An amendment to the IEEE 802.3 Ethernet standard, IEEE 802.3ba, the first standard ever to simultaneously specify two new Ethernet speeds, paves the way for the next generation of high-rate server connectivity and core switching. The new standard will act as the catalyst needed for unlocking innovation across the greater Ethernet ecosystem. IEEE 802.3ba is expected to trigger further expansion of the 40 Gigabit and 100 Gigabit Ethernet family of technologies by driving new development efforts, as well as providing new aggregation speeds that will enable 10Gbps Ethernet network deployments." -
WordPress 3.0 Released
An anonymous reader writes "WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download and comes with 1,217 bug fixes and feature enhancements. Major new features in this release include a new default theme called Twenty Ten. Theme developers have new APIs that allow them easily to implement custom backgrounds, headers, shortlinks, menus (no more file editing), post types, and taxonomies." -
420,000 Scam E-mails Sent Every Hour In UK Alone
An anonymous reader writes "More than 420,000 scam e-mails are sent every hour in the UK, according to a report by CPP, which estimates that Brits were targeted by 3.7 billion phishing e-mails in the last 12 months alone. A quarter of us admit to falling victim to e-fraudsters, with the average victim losing over GBP285. Fake banking e-mails are the most common method used by criminals, with 55% of those targeted receiving seemingly legitimate e-correspondence from high street banks." -
The US Continues Its Reign As King of Spam
An anonymous reader writes "The United States continues its reign as the king of spam, relaying more than 13% of global spam, accounting for hundreds of millions of junk messages every day, according to a report by Sophos. However, most dramatically, China – often blamed for cybercrime by other countries – has disappeared from the 'dirty dozen,' coming in at 15th place with responsibility for relaying just 1.9% of the world's spam." -
Stalker Jailed For Planting Child Porn On a PC
An anonymous reader writes "An elaborate scheme to get the husband of a co-worker with whom he was obsessed jailed backfired on Ilkka Karttunen, 48, from Essex in the UK. His plan was to get the husband arrested so that he could have a go at a relationship with the woman. To do this he broke into the couple's home while they were sleeping, used their family computer to download child pornography, and then removed the hard drive and mailed it anonymously to the police, along with a note that identified the owner." -
Millions Continue To Click On Spam
An anonymous reader writes "Even though over 80% of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to a Messaging Anti-Abuse Working Group (MAAWG) survey. In the survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it — activities that leave consumers susceptible to fraud, phishing, identity theft, and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection." -
Blazing Fast Password Recovery With New ATI Cards
An anonymous reader writes "ElcomSoft accelerates the recovery of Wi-Fi passwords and password-protected iPhone and iPod backups by using ATI video cards. The support of ATI Radeon 5000 series video accelerators allows ElcomSoft to perform password recovery up to 20 times faster compared to Intel top of the line quad-core CPUs, and up to two times faster compared to enterprise-level NVIDIA Tesla solutions. Benchmarks performed by ElcomSoft demonstrate that ATI Radeon HD5970 accelerated password recovery works up to 20 times faster than Core i7-960, Intel's current top of the line CPU unit." -
US Unable To Win a Cyber War
An anonymous reader writes "The inability to deflect even a simulated cyber attack or mitigate its effects shown in an exercise that took place some six days ago at Washington's Mandarin Oriental Hotel doesn't bode well for the US. Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. 'We're the most vulnerable. We're the most connected. We have the most to lose,' he stated. Three years ago, McConnell referred to cybersecurity as the 'soft underbelly of this country' and it's clear that he thinks things haven't changed much since then." -
US Unable To Win a Cyber War
An anonymous reader writes "The inability to deflect even a simulated cyber attack or mitigate its effects shown in an exercise that took place some six days ago at Washington's Mandarin Oriental Hotel doesn't bode well for the US. Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. 'We're the most vulnerable. We're the most connected. We have the most to lose,' he stated. Three years ago, McConnell referred to cybersecurity as the 'soft underbelly of this country' and it's clear that he thinks things haven't changed much since then." -
Mock Cyber Attack Shows US Unpreparedness
An anonymous reader writes with word that the outcome of the large-scale cyberattack simulation promised a few days ago isn't too rosy. From the Help Net Security article: "During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis." -
Zero-Day Vulnerabilities On the Market
An anonymous reader writes "Zero-day vulnerabilities have become prized possessions to attackers and defenders alike. As the recent China-Google attack demonstrated, they are the basis on which most of the successful attacks are crafted these days. There is an underground market growing around these vulnerabilities, but there are also 'white markets' — set up by VeriSign, TippingPoint, Google — where they buy zero-day flaws and alert the companies so that they can patch their products before the vulnerabilities can be taken advantage of." -
By Latest Count, 95% of Email Is Spam
An anonymous reader writes "The European Network and Information Security Agency released its new spam report, which looks at spam budgets, the impact of spam and spam management. Less than 5% of all email traffic is delivered to mailboxes. This means the main bulk of mails, 95%, is spam. This is a very minor change, from 6%, in earlier ENISA reports. Over 25% of respondents had spam accounting for more than 10% of help desk calls. The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries." -
Analysis of 32 Million Breached Passwords
An anonymous reader writes "Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine." Most interesting to me was that in the sample, less than 4% used any non alpha-numerics in their #$#%'ing passwords. -
Only 27% of Organizations Use Encryption
An anonymous reader writes "According to a Check Point survey of 224 IT and security administrators, over 40% of businesses in the last year have more remote users connecting to the corporate network from home or when traveling, compared to 2008. The clear majority (77%) of businesses have up to a quarter of their total workforce consisting of regular remote users. Yet, regardless of the growth in remote users, just 27% of respondents say their companies currently use hard disk encryption to protect sensitive data on corporate endpoints. In addition, only 9% of businesses surveyed use encryption for removable storage devices, such as USB flash drives. A more mobile workforce carrying large amounts of data on portable devices leaves confidential corporate data vulnerable to loss, theft and interception." -
Is Code Auditing of Open Source Apps Necessary?
An anonymous reader writes "Following Sun Microsystems' decision to release a raft of open source applications to support its secure cloud computing strategy, companies may be wondering if they should conduct security tests of their customized open source software before deployment. While the use of encryption and VPNs to extend a secure bridge between a company IT resource and a private cloud facility is very positive — especially now that Amazon is beta testing its pay-as-you-go private cloud facility — it's important that the underlying application code is also secure. What do you think?" -
Is Code Auditing of Open Source Apps Necessary?
An anonymous reader writes "Following Sun Microsystems' decision to release a raft of open source applications to support its secure cloud computing strategy, companies may be wondering if they should conduct security tests of their customized open source software before deployment. While the use of encryption and VPNs to extend a secure bridge between a company IT resource and a private cloud facility is very positive — especially now that Amazon is beta testing its pay-as-you-go private cloud facility — it's important that the underlying application code is also secure. What do you think?" -
SQL Injection Attack Claims 132,000+
An anonymous reader writes "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."