Are you having trouble making sense of social networking sites like Twitter? It may be because you are trying to read an encoded command to a malware-infected computer. Security consultant Jose Nazario at Arbor Networks has discovered that popular social networking sites like Twitter and Jaiku are being used to control botnets, armies of computers that have infected with malware enabling the individual controlling the botnet to steal user information and direct the computers to attack others. … More
Monthly Archives: August 2009
In a move threatened but not expected this soon, the American Bar Association today sued the Federal Trade Commission, in an effort to stop the application of the Red Flags Rule to lawyers. The Red Flags Rule is scheduled to go into effect on November 1, 2009.
On August 18, a federal judge in the Southern District of New York entered an injunction forbidding Verified Identity Pass, Inc. (VIP) to sell or transfer any of the confidential customer information it compiled while operating the CLEAR express airport check-in program. The CLEAR program collected a range of customer biographic information (e.g., name, address, etc.) as well as biometric information, including the customer’s fingerprints and iris scan. This information was used to expedite the airport check-in process.… More
According to a press release from the United States Attorney’s Office for the District of New Jersey, yesterday an "indictment was returned against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history." According to the press release, the indictment describes a scheme whereby Albert "Segvec" Gonzalez and two unnamed Russian defendants (identified as "Hacker 1"… More
ALERT: Massachusetts Proposes Revised Information Security Regulations, Delays Enforcement Until March 1, 2010
Today, the Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) issued proposed amendments to the Massachusetts information security regulations, 201 CMR 17.00 to 17.05 (.doc). The highlights of the proposed regulations include the following:
- Enforcement of the regulations is postponed until March 1, 2010.
- Businesses affected by the regulations include anyone that “receives, maintains or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment.”…
Incident of the Week: Seattle Man Sentenced To Three Years In Prison For Using Peer-To-Peer Software To Steal Financial Records, Commit Identity Theft
Yesterday, Frederick Eugene Wood of Seattle was sentenced to 39 months in prison for using LimeWire peer-to-peer (P2P) software to obtain Social Security numbers, bank and financial records and tax returns, which he then used to commit identity theft. The complaint (.pdf) filed in federal court for the Western District of Washington in March alleged that Wood took advantage of the fact that users sometime install LimeWire or other peer-to-peer software on computers without limiting the directories and files made available to the peer-to-peer network. … More
Last month, Facebook announced plans to simplify its users’ ability to control privacy settings. Facebook will standardize privacy settings, remove overlapping settings, and put all settings on the same page. In an effort to give users more control over how their information is shared, Facebook will allow users to decide, on a post-by-post basis, with whom to share their content. Users will have the option of sharing their posts with: 1) only specific friends,… More
Incident of the Week: Lativan Internet Service Provider Shut Down After Being Linked to Cybercrime Ring
Earlier this week, Latvian internet service provider Real Host was shut down by its upstream providers Junik and TeliaSonera after security experts linked Real Host to a number of criminal activities. Among the many activies allegedly conducted through Real Host were the use of malware to steal banking credentials, SPAM email campaigns and the service provider was running command and control servers for the Zeus botnet (i.e.,… More
On July 13, a federal judge in Miami granted a joint motion to stay an evidentiary hearing that was to be held as a result of a petition from the United States that the Swiss bank UBS be compelled to disclose the names of 52,000 American clients who were suspected of tax evasion. The case has raised concerns about the effects of privacy laws in other nations on the ability of the federal government to enforce its own laws and created tension between the Justice Department,… More