According to a tweet from World Privacy Forum, California state governor just signed an update to a data breach notification law that would require organizations to submit a sample of the breach notification sent to customers also to the Attorney General, to ensure what’s being sent out, and that it’s sent out in a timely
Archives - August 2011
Facebook recently rolled out a program we thought was a good step, bounties paid to hackers to find and report bugs, rather than exploit them. So far that payout has totaled around $40,000, no small sum for the aspiring hackers, and probably a boon for Facebook’s efforts to proactively fix security issues before a potential
Some of my favourite blog comments of the week: I’m surprised just how so many fish pedicure spas have sprung up in the uk without looking fully at the possible health risks to clients, or insuring against them. Yes, I've often thought the same thing, especially in the context of disclosure ethics and the issue
Awhile back we mused that the rapid rise in Android malware would hit its stride near the intersection of widespread mobile financial transaction use, and the continuing steep rise in adoption of the platform. Now we see AT&T, T-Mobile and Verizon entering a joint venture to back a payment service for, guess what: Mobile financial
At the beginning of this month, my colleague Robert Lipovsky posted an article on a new threat called Win32/Delf.QCZ, also known as Trojan.Badlib or Trojan.Win32.Miner.h. This threat caught the attention of others and additional information has since been added by fellow researchers on the blogs of Kaspersky and Symantec as well as on the H-Online
So you get a Twitter tweet or Facebook notification from what “seems to be” a friend saying they have the latest information in the development of Hurricane Irene, if you just “click here.” When you do, you find that your “friend” might really be computer script from a distant land directing you to a fake
I'm a believer in responsible disclosure. But...
Amidst a lack of fanfare this past weekend on a mailing list, a memory exhaustion hack popped up for the Apache webserver that may result in a Denial-of-Service (DoS) style attack. Since the Apache application serves up north of 65% of the websites on the internet, a plausible attack becomes quite an issue, especially if
…but it doesn't necessarily want you to be free. Since Cameron Camp and I have written here and here about the implications of the UK government's meditations on curbing civil unrest by curbing social media services, it's interesting to see that the estimable Kim Davis, who previously categorized UK Prime Minister David Cameron's pronouncements as bluster, has also
You may be aware that Cameron Camp and I regularly write articles for SC Magazine's Cybercrime Corner: here here's a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it'll give some idea of the range of content covered. Ten years later, still the same
Aryeh Goretsky's paper won't turn you into a business continuity specialist, but is an excellent primer on why, how and when to back up your data.
Following the plight of the oft-storied WikiLeaks organization, we see a new variant to hit the streets soon, GlobaLeaks. Apparently WikiLeaks has garnered a bit of a following with the community, along with the attraction of a fair share of consternation from governments around the world. This new effort attempts to extend that further. Law
Okay, so they grew from nothing to ubiquity in a few years, hey, my mom has an account. With the growth, users have started clamoring for increased privacy control, and it looks like the message is starting to be heard. Facebook is now trotting out a series of new user privacy controls, so now you
Can’t find a way to support a hacktivist with your l337 sK1LLz? Turns out they take tips, bitcoin tips. We mused awhile back about the emergence of bitcoin as a favorite underground currency. Now, on the heels of the latest announcement by “Anonymous” that they’re releasing personal data belonging to a defense contractor VP with
During the first half of 2011 we have witnessed a significant growth in malware targeting 64-bit platforms, the most interesting examples of which are bootkits.
Is that possible? Well, a researcher with Identity Finder, Aaron Titus, believes so, since he says he managed to use internet searches to unearth a trove of unsecured private health records on a website, around 300,000 of them. He notified the company, Southern California Medical-Legal Consultants, which represents doctors and hospitals seeking payment from patients
... people have been asking me about Google's interesting paper on Trends in Circumventing Web-Malware Detection...
...this is a phish mailed out indiscriminately in the hope of catching a Xoom customer...
Nearly three years old, the Conficker worm continues to pose a threat to PCs. Aryeh Goretsky wants to know why this is, and what can be done about it.
As part of our botnet monitoring initiative, we recently stumbled across an interesting piece of news. The Win32/Kelihos botnet, a likely successor to Win32/Waledac and Win32/Nuwar (the infamous Storm worm), is now sending spam to recruit money mules. We captured two different spam templates used by the bot to generate spam messages. As shown in