Following the recent landmark Newsbin2 ruling requiring ISP’s to take a more active role in policing pirate websites, UK ISP’s are working to speed the court ordered actions though to block pirated sites. The implementation details haven’t been finalized between the creative industries and ISP’s, but copyright-owners seem to be optimistic. The goal is to
ResearchExpert content, for researchers by researchers
A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. When the user opens the “PDF” file, it attempts to mask the installation
This morning we recorded a podcast posing the question “can legislation solve cybercrime?” Well, The Senate Judiciary Committee seems eager to play a part, passing a measure yesterday attempting to thwart computer attacks. Measure S.1151 sets a national standard for data breach notification, replacing the various state initiatives already in place. It also makes concealing
The news that Japan's top defense contractor and weapons maker, Mitsubishi Heavy Industries, fell victim to cyber attacks in August is likely to increase the pressure to improve information system security from Tokyo to the Pentagon and every government contractor, outside vendor, and supplier in between. As pointed out in the Reuters report, the Japanese contractor–commonly
Google+ seems to be continuing building steam and putting itself on the map as a contender, not merely an also-ran to the Facebook behemoth. Part of its strategy is to enforce the use of real names, not just the more common online pseudonym. The logic goes that this will reduce the likelihood that cybercriminals might
Since 2010 that is, following a law enacted in 2007 that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Attorney General Martha Coakley’s office released the information, including a breakdown of the data. It seems her office received 1,166 data breach
I notice there's a flurry of articles around the "Stuxnet anniversary" and "After Stuxnet" themes...
...I didn't think I could let the recent flurry of publicity on Microsoft's disavowal of one of its Gold Partners because of their alleged implication in cold-calling scams...
The United States Attorney Office for the Southern District of New York received a flurry of attention in April, 2011 when they unsealed an indictment against the three largest Internet poker companies in the United States—Absolute Poker, Full Tilt Poker and PokerStars—for fraud, gambling and money laundering. Today, the USAO upped the ante with an
One of the recurring themes of the past few years in the UK is data lost by the public sector on USB drives, CDs and so on.
SSL isn't hopelessly broken, but the widespread use of TLS 1.0 means that SSL cannot be regarded as fully "secure"
Last week there was a report of a "health data breach" at Indiana University School of Medicine, hot on the heels of the "medical privacy breach" the week before at Stanford Hospital in Palo Alto, California. In the Stanford breach, a commercial website was found to contain data relating to 20,000 emergency room patients including
Recently, we’ve noted a steep rise in Android malware and predicted the rise in banking malware, now we see another example in the wild, this time SpyEye. Trusteer has a good rundown on it, saying “It seems that SpyEye distributors are catching up with the mobile market as they (finally) target the Android mobile platform.
Internet scams are not new, and some of the strategies they use are not unique to the Internet, but there is no doubt that the Internet can provide a multiplier effect for people intent on defrauding others. I discovered a "good" example of this when I started looking for a place to live in San
Róbert Lipovský and I put our heads together and posted a joint article to SC Magazine's Cybercrime Corner on "Dead Certs?"
Following the recent spree of data breaches at Sony, resulting in a bevy of class-action lawsuits, it has updated the Terms of Service to preclude future class action suits from being leveled. To be sure, Sony has had sleepless nights following the breaches, but they’d prefer not to deepen the stack of lawsuits if similar
With all the recent headlines about data breaches, should your organization hire a “thief to catch a thief?” That’s a question Kevin Mitnick, sitting near the top of the hacker hall-of-fame for famous hack sprees in decades past, has been contemplating. He’s not alone – many companies are wondering the same thing. There is a
ESET has discovered a new version of the Delphi infector, Win32/Induc. Unlike its predecessors, however, this variant incorporates a seriously malicious payload and has acquired some extra file infection and self-replicative functionality. Two years ago, we published comprehensive information (here , here, and here) about the virus Win32/Induc.A, which infected Delphi files at compile-time. Though
With fantastic teeny model helicopters sporting mini hacked Linux platforms that long to take over your wireless network and wreak havoc, or so recent headlines would suggest. Now, we’re big fans of innovation, and technology on the go, but these pseudo-drones (built on the cheap, for the under-budgeted aspirer of wireless world domination) lack the
What happens after you share data online, and others re-share it, etc.? As data becomes increasingly inter-connected, with multiple parties touching the same data, Internet users are starting to wonder: who DOES have access to their data? Are they acting in your best interest? And who should be checking to make sure they do? The