Zero Day Threat

Zero Day Threat wins prestigious national book award

bacohido — Thu, 02 Apr 2009 13:15:20 +0000

Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity has just been awarded the prestigious Excellence in Financial Journalism Award for general audience books from the New York State Society of Certified Public Accounts. Thanks goes out to all our security, tech, law enforcement, financial services industry, legal and other contacts and sources who have so graciously helped us with guidance and expertise. We couldn’t have done it without you.

The evolution of an extraordinary globe-spanning worm

bacohido — Thu, 02 Apr 2009 12:58:35 +0000

Conficker timeline
2008 - 2009

2008

Aug. 20: The Gimmiv Trojan, which exploited the vulnerability Conficker capitalises on, is first spotted running in a virtual machine on a server in South Korea. Experts speculate this was a a test run prior to it being released in the wild. (Source: BBC)

Sept. Chinese malware brokers are spotted selling a $37 tool kit that allows anyone to exploit this newly-discovered security hole in a component of Windows, called RPC-DCOM, which enables file and print sharing. RPC-DCOM is built into all PCs of Windows XP vintage and earlier, some 800 million machines worldwide

Sept. 29: Gimmiv first seen in the wild infecting a PC in Hanoi, Vietnam. Over the next few weeks it manages to infect 200 more machines in 23 nations - most of which were in Malaysia. Mistakes in the way it is coded limit its ability to spread. (Source: BBC)….More at LastWatchdog.com

Last Watchdog: Beckstrom Q&A: Cybersecurity official explains how he was hamstrung by NSA

admin — Mon, 09 Mar 2009 18:26:17 +0000

The sudden resignation of Rod A. Beckstrom, the Department of Homeland Security’s senior official tasked with unifying the federal government’s cybersecurity intiatives, bodes ill for a new age of transparency and collaborative problem-solving in government. Beckstrom was unable to maneuver around, much less partner with, the powerful National Security Agency (NSA).

In this stunningly frank March 5th resignation letter to DHS Secretary Janet Napolitano, Beckstrom, Director of the National …More at LastWatchdog.com

Last Watchdog: Koobface, Waledec worms slam Facebook; MySpace says it’s immune

admin — Thu, 05 Mar 2009 18:23:27 +0000

Facebook appears to be taking the brunt of the onslaught of viral messages infesting the Internet. These viral messages are metastizing far and wide, carried by huge and growing botnet-driven worms, like Koobface andWaledec, that spread through email and, increasingly, via social network communication services. The bad messages try to steer you to tainted web pages or trick you into downloading something innocuous, like an Adobe …More at LastWatchdog.com

Last Watchdog: Secrecy shrouds breach of possibly a third payment cards processor

admin — Tue, 03 Mar 2009 17:48:46 +0000

Visa and MasterCard are being circumspect about a new round of warnings they’ve issued regarding stolen credit and debit card numbers circulating in the criminal world — data possibly stolen from another breach of a payment card processor. This follows major data thefts fromHeartland Payment Sytems and RBS WorldPay, for which precious few details have officially been made public.

Visa has issued a statement waffling about what …More at LastWatchdog.com

Last Watchdog: Cybersecurity stimulus: $355 million

admin — Fri, 27 Feb 2009 17:44:55 +0000

In moves that should help stimulate the economy, the Obama Administration this week took two big steps toward slowing, and perhaps ultimately reversing, therapid growth of cybercrime. On Wednesday, Admiral Dennis Blair, Director of National Intelligence, told Congress that he will assume a greater role in cybersecurity. Then on Thursday, the President released his proposed fiscal 2010 budget, which included $355 million in funding to make …More at LastWatchdog.com

Last Watchdog: Banking trojans infest Internet

admin — Sun, 22 Feb 2009 23:26:22 +0000

Banking trojans are inundating the Internet.

These malicious programs lay in wait on your hard drive for an opportune moment to crack your online banking account — usually just as you log on. You can get them by clicking on a viral link to a greeting card or video that arrives in e-mail spam. Or by clicking to a web page that’s been corrupted by hackers.

…more at LastWatchdog.com

Last Watchdog: All eyes on consultant advising Obama on cybersecurity engagement

admin — Mon, 16 Feb 2009 23:22:18 +0000

All eyes in the Washington D.C. security and intelligence communities are riveted on Melissa Hathaway. Tech company executives, military leaders, lawmakers and senior White House officials who track cybersecurity matters are anxious to find out what the bright, young management consultant will advise President Obama to do about making the Internet safer.

…more at LastWatchdog.com

Last Watchdog: The Ominous Downadup/Conficker worm

bacohido — Tue, 10 Feb 2009 18:54:31 +0000

What would you do if you controlled a botnet 1 million to 12 million strong? That’s the scale of the unnerving Downadup/Conficker worm, which continues to spread, mostly via unpatched Windows PCs inside corporate networks. For the historical backdrop — and informed speculation on the worm’s next moves — click here.

–Byron Acohido

Obama can lead way on stemming breaches, identity theft

bacohido — Mon, 26 Jan 2009 04:39:39 +0000

A bold band of security and privacy experts is calling on President Obama to create a federal clearinghouse of information about data breaches — and make that intelligence accessible to companies, consumers and law enforcement.

The proposal comes in a report titled, The Perfect Storm: Why the New Administration Cannot Ignore Identity Theft, by Adam Levin, Chairman and Co-Founder of Identity Theft 911. Experts cited in the report include Jay Foley, co-founder of the Identity Theft Resource Center, Pam Dixon founder of World Privacy Forum, and Chris Hoofnagle, of the Berkeley Center for Law and Technology.

At first blush, this comes off as a radical idea, certain to slam into a brick wall of special-interest inertia. However, it does mesh with Obama’s efforts — which are already ramping up – to establish a new age of transparency designed to undergird the public good.

What’s more, with data theft and Internet-enabled financial scams spiraling out of control – and rapidly eroding consumers’ trust in the Internet — this is, in fact, a very rationale notion. It would seem to deserve the same level of discussion that resulted in naming of the Top 25 programming flaws.

Levin

“Simply because a small percentage of consumers who are on compromised databases actually suffer a personal incident within a short period of time doesn’t mean that they don’t face continuing risk,” says Levin “Identities are evergreen and real currency.”

Levin suggests designating the Federal Trade Commission as the principal information vehicle and omnibus regulatory authority. He wants to see passage of a national data breach notification and disclosure law “with teeth.” And more funding for the FTC.

Highlights of the report include calls for the Obama administration to:

Derail efforts by the Big Three credit bureaus to water down state laws that require companies to notifiy consumers when their data gets stolen and allow them to easily freeze their credit records.
Compel federal agencies to handle sensitive citizens’ data more securely.
Pool law enforcement crime data “in order to provide a more timely and complete snapshot of the identity theft problem”

“There is no shortage of ideas as to how we may assert greater control over the identity theft pandemic,” the report concludes. “Now it’s up to the new president, as a great listener and mediator, to bring all voices to the table.”

–Byron Acohido