ISN

[ISN] Ford Motor Rolls Out New Security Features To Prevent Car-Hacking

InfoSec News — Tue, 9 Mar 2010 10:50:08 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Tue, 9 Mar 2010 10:50:08 -0600 (CST)



http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163



By Kelly Jackson Higgins

DarkReading

March 08, 2010 



Automobile giant Ford Motor this year will debut vehicles with built-in 

WiFi -- along with enhanced security features to prevent data breaches 

via its new cars.



Ford has offered the so-called Sync technology service it co-developed 

with Microsoft in most of its Ford, Lincoln, and Mercury vehicles since 

2008. The technology lets drivers run their Bluetooth-enabled mobile 

phones and digital media players via their vehicles and use voice 

commands to operate them, for instance.



The automaker announced today that the second generation of its Sync 

technology -- due out later this year and to include a full Windows CE 

operating system with a new driver interface called MyFordTouch -- will 

come with a built-in browser and secured WiFi access. It will first 

debut in the 2011 Ford Edge and 2011 MKX Lincoln, and later, in the 2010 

Ford Focus.



"We really began to focus on the security side when we began launching 

Sync, and it was [originally] for working with phones and media 

players," says Jim Buczkowski, director of Ford electronics and 

electrical systems engineering. "Now we're extending that system 

connectivity to include WiFi as another data path for customers in their 

vehicles ... and we're extending that security model for protecting 

WiFi."



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Tue Mar 09 2010 - 08:50:08 PST

[ISN] WhitePages.com halts ad networks over malware

InfoSec News — Thu, 11 Mar 2010 00:20:57 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Thu, 11 Mar 2010 00:20:57 -0600 (CST)



http://news.cnet.com/8301-27080_3-10466753-245.html



By Elinor Mills

InSecurity Complex

CNet News

March 10, 2010



WhitePages.com has stopped ad networks from delivering ads to its site 

after they were found to contain fake antivirus malware.



"On Monday morning WhitePages received reports from users [about] 

malware in the form of a fake antivirus upsell program that we believe 

originated (against our terms) from a third-party advertising network 

serving ads on our website, in addition to other websites," a WhitePages 

spokeswoman said in an e-mail late Tuesday.



"We immediately suspended the networks in question at which time the 

reports from users subsided," she wrote. "We are working diligently to 

prevent this from happening in the future."



A representative for the Senate's Committee on Environment and Public 

Works said on Tuesday that officials were looking at WhitePages.com and 

Drudge Report as possible sources of malware that had affected Senate 

computers the day before.



Matt Drudge denied the accusation on his site and accused the committee 

of politicking. But several CNET readers reported that they too had been 

hit with the malware when they visited the Drudge Report Web site, a 

conservative news aggregator that sometimes authors stories too.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Wed Mar 10 2010 - 22:20:57 PST

[ISN] Why Bob Maley's Firing is Bad for All of Us

InfoSec News — Fri, 12 Mar 2010 00:12:15 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:12:15 -0600 (CST)



http://threatpost.com/en_us/blogs/why-bob-maleys-firing-bad-all-us-031110



By Dennis Fisher

Threatpost

March 11, 2010



The news that Pennsylvania CISO Bob Maley lost his job for publicly 

discussing a security incident at last week's RSA Conference really 

shouldn't come as a surprise, but it does. Even for a government agency, 

this kind of lack of understanding of what actually matters is appalling 

and it is a glaring example of the sickness of secrecy that's infected 

far too much of the security community.



Maley was the Pennsylvania CISO for four years and essentially started 

the state's information security program from scratch when he took the 

job. He brought the dozens of state agencies and thousands of employees 

into the 21st century with a massive project to install intrusion 

prevention and an identity and access-management system. When he got 

there, Pennsylvania didn't even have a standard desktop OS image. And 

this is a network that was seeing more than a billion security events a 

month in 2007.



As a result of his success in transforming the state's infrastructure, 

Maley became a sought-after speaker and interview subject, a fact that 

led directly to his firing. At RSA, Maley was on a panel that discussed 

security issues facing state governments. During the session he talked 

about a recent incident in which the owner of a driving school in 

Pennsylvania allegedly figured out a way to game the state's motor 

vehicle exam scheduling system in order to get his students to the head 

of the line.



That's it.



Maley didn't give explicit details on the problem and didn't even really 

describe it as a security issue, according to news reports. He simply 

cited it as an example of the issues he deals with every day. And as a 

result he no longer has a job because, as Jaikumar Vijayan reports in 

Computerworld, Pennsylvania has a policy requiring employees to get 

explicit permission to discuss state business publicly.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Thu Mar 11 2010 - 22:12:15 PST

[ISN] State Web site breach tied to foreign attacker

InfoSec News — Fri, 12 Mar 2010 00:14:22 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:14:22 -0600 (CST)

http://www.desmoinesregister.com/article/20100311/NEWS10/3110351/-1/networking/State-Web-site-breach-tied-to-foreign-attacker

By William Petroski

The Des Moines Register

March 11, 2010

A hacking incident on an Iowa homeland security Web site last week has

been linked to a foreign attacker who gained access through a security

vulnerability, a state official said Wednesday.

This hacker used an "abstract, colorful" image to deface the site

operated by the Iowa Division of Homeland Security and Emergency

Management, said Robert Bailey, communications director for the Iowa

Department of Administrative Services. Access was gained by exploiting

software that lacked a security patch, he said.

The breach was limited to an Iowa Department of Public Defense server,

and no sensitive data were compromised, Bailey said. Investigators have

concluded the attack occurred from outside North America, but they

haven't identified a perpetrator, he added.

A total of six state Web sites were shut down temporarily because of the

March 3 incident, including a Web site that advises the public about

family and individual preparedness for emergencies. Only a bare-bones

version of the homeland security Web site was back online as of

Wednesday. The breach did not compromise any computer systems of the

Iowa National Guard, said Maj. Michael Wunn, a Guard spokesman.

[...]

___________________________________________________________

deep-knowledge network security event in the GCC,

featuring keynote speakers John Viega and Matt Watchinski!

http://conference.hitb.org/hitbsecconf2010dxb/

Received on Thu Mar 11 2010 - 22:14:22 PST

[ISN] Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident

InfoSec News — Thu, 11 Mar 2010 00:21:44 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Thu, 11 Mar 2010 00:21:44 -0600 (CST)



http://www.pennlive.com/midstate/index.ssf/2010/03/pennsylvanias_web_security_off.html



By JAN MURPHY

The Patriot-News

March 10, 2010



Last week, Pennsylvania's chief information security officer Robert 

Maley was at an information security conference in San Francisco talking 

about a hacking incident involving PennDOT's computers. This week, Maley 

is gone.



Gary Tuma, Gov. Ed Rendell's press secretary, confirmed that Maley is no 

longer employed by the state, but he declined to comment further, saying 

it is a personnel matter.



Attempts to contact Maley yesterday were unsuccessful.



Danielle Klinger, a spokeswoman for the state Department of 

Transportation, said the agency is not aware of any hacking or breach 

that occurred involving scheduling system for its driving test. However, 

she said that a few weeks ago, "we did discover an anomaly and we have 

actually turned that over to [the state police] for further 

investigation. We're not sure what that anomaly is, but it is being 

investigated. Unfortunately, I can't provide any more details on it."



Maley is listed on LinkedIn, an online networking site, as having worked 

as a former Swatara Twp. police sergeant before entering the information 

security field more than 24 years ago. It states he worked in 

information technology for the state in a variety of capacities as well 

as in the private and nonprofit sectors.



On the agenda for the RSA Conference at which Maley appeared as a 

presenter last week, he was listed as a top-rated speaker and described 

as "one of the most high-profile experts in the field of securing the 

data of American citizens today."



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Wed Mar 10 2010 - 22:21:44 PST

[ISN] FDIC: Hackers took more than $120M in three months

InfoSec News — Tue, 9 Mar 2010 10:49:47 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Tue, 9 Mar 2010 10:49:47 -0600 (CST)

http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months?taxonomyId=17

By Robert McMillan

IDG News Service

March 8, 2010

Ongoing computer scams targeting small businesses cost U.S. companies

$25 million in the third quarter of 2009, according to the U.S. Federal

Deposit Insurance Corporation.

Online banking fraud involving the electronic transfer of funds has been

on the rise since 2007 and rose to over $120 million in the third

quarter of 2009, according to estimates presented Friday at the RSA

Conference in San Francisco, by David Nelson, an examination specialist

with the FDIC.

The FDIC receives a variety of confidential reports from financial

institutions, which allow it to generate the estimates, Nelson said.

Almost all of the incidents reported to the FDIC "related to malware on

online banking customers' PCs," he said. Typically a victim is tricked

into visiting a malicious Web site or downloading a Trojan horse program

that gives hackers access to their banking passwords. Money is then

transferred out of the account using the Automated Clearing House (ACH)

system that banks use to process payments between institutions.

[...]

___________________________________________________________

deep-knowledge network security event in the GCC,

featuring keynote speakers John Viega and Matt Watchinski!

http://conference.hitb.org/hitbsecconf2010dxb/

Received on Tue Mar 09 2010 - 08:49:47 PST

[ISN] Backdoor found in Energizer Duo USB battery charger

InfoSec News — Tue, 9 Mar 2010 10:49:58 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Tue, 9 Mar 2010 10:49:58 -0600 (CST)



http://news.cnet.com/8301-27080_3-10465429-245.html



By Elinor Mills

InSecurity Complex

CNet News

March 8, 2010



Software that can be downloaded for use with the Energizer Duo USB 

battery charger contains a backdoor that could allow an attacker to 

remotely take control of a Windows-based PC, Energizer and US-CERT is 

warning.



"The installer for the Energizer Duo software places the file 

UsbCharger.dll in the application's directory and Arucer.dll in the 

Windows system32 directory," the U.S. Computer Emergency Readiness Team 

said in an advisory on Friday. "Arucer.dll is a backdoor that allows 

unauthorized remote system access via accepting connections on 7777/tcp. 

Its capabilities include the ability to list directories, send and 

receive files, and execute programs."



The Windows software was made available via a download with the 

Energizer Duo Charger, Model CHUSB, Energizer said in a statement.



The battery maker said it does not know how the Trojan got into the 

software. "Energizer has discontinued sale of this product and has 

removed the site to download the software," the statement said. 

"Energizer is currently working with both CERT and U.S. government 

officials to understand how the code was inserted in the software."



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Tue Mar 09 2010 - 08:49:58 PST

[ISN] Cybersecurity program has serious defects, GAO says

InfoSec News — Tue, 9 Mar 2010 10:50:22 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Tue, 9 Mar 2010 10:50:22 -0600 (CST)



http://gcn.com/articles/2010/03/08/cnci-assessment-030810.aspx



By William Jackson

GCN.com

March 08, 2010



Implementing the Comprehensive National Cybersecurity Initiative, a 

broad program intended to protect the nation.s cyber infrastructure, has 

been hampered by a lack of coordination and transparency, according to 

the Government Accountability Office.



"CNCI is unlikely to fully achieve its goal of reducing potential 

vulnerabilities, protecting against intrusion attempts, and anticipating 

future threats to federal information systems unless roles and 

responsibilities for cybersecurity activities across the federal 

government are more clearly defined and coordinated," the GAO concluded 

in a November briefing to the staff of the House Armed Services 

subcommittee on Terrorism, Unconventional Threats and Capabilities.



The GAO also concluded that too much of the initiative, which was 

spelled out in National Security Presidential Directive 54 and Homeland 

Security Presidential Directive 23, has remained classified.



"Since the approval of NSPD-54/HSPD-23, few elements of CNCI have been 

made public," the GAO briefing said. "While certain aspects and details 

of CNCI must necessarily remain classified, the lack of transparency 

regarding CNCI projects hinders accountability to Congress and the 

public. In addition, current classification may make it difficult for 

some agencies, as well as the private sector, to interact and contribute 

to the success of CNCI projects."



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Tue Mar 09 2010 - 08:50:22 PST

[ISN] Change in Focus

InfoSec News — Fri, 12 Mar 2010 00:15:20 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:15:20 -0600 (CST)



http://www.securityfocus.com/news/11582



By SecurityFocus Staff

SecurityFocus 

2010-03-10



Since its inception in 1999, SecurityFocus has been a mainstay in the 

security community. From original news content to detailed technical 

papers and guest columnists, we've strived to be the community's source 

for all things security related. SecurityFocus was formed with the idea 

that the community needed a place to come together and share its 

collected wisdom and knowledge.



At the time, the security community was fairly fragmented with 

mainstream security information in its infancy. If you worked in 

security, it was difficult and frustrating to find the information you 

were looking for because it was scattered across a small number of 

mailing lists, sites and publications. There was no single place where a 

community of security professionals could go to get the information they 

needed and there was a unique opportunity to build a community portal 

that would provide its users with a destination and voice.



At SecurityFocus, the community has always been our primary focus. We 

knew then as we know now that providing the community with a place to 

share information, discuss new ideas and share technologies was critical 

to staying in touch with the constantly evolving threat landscape. With 

its purchase of SecurityFocus in 2002, Symantec became one of the first 

vendors to recognize the importance of maintaining a close relationship 

with the security community to the point where they made a commitment to 

its founders to continue to operate SecurityFocus as an independent 

company with the same mandate -- "It's all here - and it's all free."



The threat landscape has changed significantly over the past 10 years 

and so has the community. What was once a dispersed though vocal 

collection of users, researchers and analysts has become a much larger 

and more cohesive community of experts who have endeavored to make 

security more than just an after-thought. Vendors have also changed 

significantly, to the point where entire divisions are devoted to 

security research and education. Today, more information is shared 

openly within the community than ever before through the use of blogs, 

threat analysis, and whitepapers as vendors increasingly work with the 

community to solve today's security challenges. The enormous growth in 

dedicated portals and alternative news sources such as social networking 

sites allows us to get our security news and information from a variety 

of sources and as a result, it makes sense for SecurityFocus to evaluate 

how best to serve its readers.



With this in mind, the time is right for SecurityFocus to focus more on 

its core components. Beginning March 15, 2010 SecurityFocus will begin a 

transition of its content to Symantec Connect. As part of its continued 

commitment to the community, all of SecurityFocus. mailing lists 

including Bugtraq and its Vulnerability Database will remain online at 

www.securityfocus.com There will not be any changes to any of the list 

charters or policies and the same teams who have moderated list traffic 

will continue to do so. The vulnerability database will continue to be 

updated and made available as it is currently. DeepSight and other 

security intelligence related offerings will remain unchanged while 

Infocus articles, whitepapers, and other SecurityFocus content will be 

available off of the main Symantec website in the coming months.



While the news portal section of SecurityFocus will no longer be 

offered, we think our readers will be better served by this change as we 

combine our efforts with Symantec Connect and continue to provide a 

valuable service to the community. As always, if you have any questions 

or concerns you can reach us at editor-at-securityfocus-dot-com.





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Thu Mar 11 2010 - 22:15:20 PST

[ISN] Zeus botnets suffer mighty blow after ISP taken offline

InfoSec News — Thu, 11 Mar 2010 00:21:08 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Thu, 11 Mar 2010 00:21:08 -0600 (CST)



http://www.theregister.co.uk/2010/03/10/massive_zeus_takedown/



By Dan Goodin in San Francisco

The Register

10th March 2010



At least a quarter of the command and control servers linked to 

Zeus-related botnets have suddenly gone quiet, continuing a recent trend 

of takedowns hitting some of the world's most nefarious cyber 

operations.



The massive drop is the result of actions taken by two Eastern European 

network providers. On Tuesday, they pulled the plug on their downstream 

customers, including an ISP known a Troyak, according to Mary Landesman, 

a senior researcher with ScanSafe, a web security firm recently acquired 

by Cisco Systems. That in turn severed the connections of servers used 

to control large numbers of computers infected by a do-it-yourself crime 

kit known as Zeus.



Landesman said she was able to confirm figures provided by Zeus Tracker 

that found the number of active control servers related to Zeus had 

dropped from 249 to 181. The takedown came on Tuesday around 10:22 am 

GMT and was heralded by a sudden drop off in the number of malware 

attacks ScanSafe blocks from affected IP addresses.



The takedown is the result of two network service providers, 

Ukraine-based Ihome and Russia-based Oversun Mercury, severing their 

ties with Troyak, said Landesman, who cited data returned by 

Robotex.com. The move meant that all the ISP's customers, law-abiding or 

otherwise, were immediately unable to connect to the outside world.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Wed Mar 10 2010 - 22:21:08 PST

[ISN] Final CFP: TrustBus'10–– Deadline Extended

InfoSec News — Fri, 12 Mar 2010 00:14:44 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:14:44 -0600 (CST)



Forwarded from: "M. Carmen Fernández Gago" uma.es>



** Apologies for multiple copies **



*Final Call for Papers*



7th International Conference on



*TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS (TrustBus'10)

*

Bilbao, Spain



30 August -- 3 September 2010







http://www.isac.uma.es/trustbus10







/in conjunction with the 21st International Conference on Databse and 

Expert Systems Applications (DEXA 2010)/







The advances in the Information and Communication Technologies (ICT) 

have raised new opportunities for the implementation of novel 

applications and the provision of high quality services over global 

networks. The aim is to utilize this 'information society era' for 

improving the quality of life for all citizens, disseminating knowledge, 

strengthening social cohesion, generating earnings and finally ensuring 

that organizations and public bodies remain competitive in the global 

electronic marketplace.



Unfortunately, such a rapid technological evolution cannot be problem 

free. Concerns are raised regarding the 'lack of trust' in electronic 

procedures and the extent to which 'information security' and 'user 

privacy' can be ensured.



In answer to these concerns, the 7th International Conference on Trust, 

Privacy and Security in Digital Business (TrustBus'10) will provide an 

international forum for researchers and practitioners to exchange 

information regarding advancements in the state of the art and practice 

of trust and privacy in digital business.



TrustBus'10 will bring together researchers from different disciplines, 

developers, and users all interested in the critical success factors of 

digital business systems. We are interested in papers, work-in-progress 

reports, and industrial experiences describing advances in all areas of 

digital business applications related to trust and privacy.



*

Topics*



- Anonymity and pseudonymity in business transactions



- Business architectures and underlying infrastructures



- Common practice, legal and regulatory issues



- Cryptographic protocols



- Delivery technologies and scheduling protocols



- Design of businesses models with security requirements



- Economics of Information Systems Security



- Electronic cash, wallets and pay-per-view systems



- Enterprise management and consumer protection



- Identity and Trust Management



- Intellectual property and digital rights management



- Intrusion detection and information filtering



- Languages for description of services and contracts



- Management of privacy & confidentiality



- Models for access control and authentication



- Multimedia web services



- New cryptographic building-blocks for e-business applications



- Online transaction processing



- PKI & PMI



- Public administration, governmental services



- P2P transactions and scenarios



- Real-time Internet E-Services



- Reliability and security of content and data



- Reliable auction, e-procurement and negotiation technology



- Reputation in services provision



- Secure process integration and management



- Security and Privacy models for Pervasive Information Systems



- Security Policies



- Shopping, trading, and contract management tools



- Smartcard technology



- Transactional Models



- Trust and privacy issues in social networks environments



- Usability of security technologies and services





*Instructions for paper submission*



Authors are invited to submit original papers not previously published 

nor submitted in parallel for publication to any other conference, 

workshop or journal. Papers should be limited to 12 pages of 11pt type 

including title page, figures and bibliography.



Accepted papers will be included in the Conference proceedings, to be 

published by Springer in their LNCS series. Camera-ready versions of the 

papers should not exceed 12 pages and must comply with the "Authors 

Instructions" that can be found at: 

http://www.springer.de/comp/lncs/authors.html



*Important dates*



Submission deadline:       March 12th, 2010, *extended deadline March 26th*



Notification to authors:   April 30th, 2010



Camera-ready version:      May 24th, 2010





*Program Committee co-Chairs*



Katsikas, Sokratis                   University of Pireaus (Greece)



Lopez, Javier                        University of Malaga (Spain)



*

General Chair*



Soriano, Miguel                      UPC (Spain)





*Publication Chair*



Fernandez-Gago, Carmen               University of Malaga (Spain)



*

Publicity Chair*



Agudo, Isaac                         University of Malaga (Spain)





*Program Committee Members*



Acquisti, Alessandro    Carnegie Mellon University (US)



Alcaraz, Cristina       University of Malaga (Spain)



Atluri, Vijay           Rutgers University (US)



Casassa Mont, Marco     HP Labs Bristol (UK)



Chadwick, David         University of Kent (UK)



Clarke, Nathan          University of Plymouth (UK)



Cuppens, Frederic       ENST Bretagne (France)



Damiani, Ernesto        Universit degli Studi di Milano (Italy)



De Capitani di



Vimercati, Sabrina      University of Milan (Italy)



Domingo-Ferrer, Josep   University Rovira i Virgili (Spain)



Fernandez, Eduardo      University of Castilla la Mancha (Spain)



Fernandez, Eduardo B.   Florida Atlantic University (USA)



Ferrer, Josep L.        University Islas Baleares (Spain)



Fischer-Huebner, Simone Karlstad University (Sweden)



Foresti, Sara           University of Milan (Italy)



Forne, Jordi            UPC (Spain)



Furnell, Steven         University of Plymouth (UK)



Fuss, Juergen           University of Applied Science in Hagenberg (Austria)



Gonzalez-Nieto, Juan M. Queensland Univ. of Technology (Australia)



Gritzalis, Dimitris     Athens Univ. of Economics and Business (Greece)



Gritzalis, Stefanos     University of the Aegean (Greece)



Hansen, Marit           Independent Center for Privacy Protection (Germany)



Herrera, Jordi          UAB (Spain)



Jsang, Audun           Oslo University (Norway)



Karabulut, Yuecel       SAP Labs (US)



Kesdogan, Dogan         University of Siegen (Germany)



Kokolakis, Spyros       University of the Aegean (Greece)



Lioy, Antonio           Politecnico di Torino (Italy)



Markowitch, Olivier     Universite Libre de Bruxelles (Belgium)



Marsh, Stephen          Communications Research Centre (Canada)



Martinelli, Fabio       CNR (Italy)



Matyas, Vashek          Masaryk University (Czech Rep.)



Mitchell, Chris         Royal Holloway, University of London (UK)



Mouratidis, Haris       University of East London (UK)



Murayama, Yuko          Iwate Prefectural University (Japan)



Najera, Pablo           University of Malaga (Spain)



Okamoto, Eiji           University of Tsubuka (Japan)



Olivier, Martin S.      University of Pretoria (South Africa)



Oppliger, Rolf          eSecurity Technologies (Switzerland)



Papadaki, Maria         University of Plymouth (UK)



Patel, Ahmed            Kingston University (UK) - University Kebangsaan (Malaysia)



Pernul, Guenther        University of Regensburg (Germany)



Pfitzmann, Andreas      Dresden University of Technology (Germany)



Piattini, Mario         University Castilla-La Mancha (Spain)



Pohl, Hartmut           FH Bonn-Rhein-Sieg (Germany)



Posegga, Joachim        University of Passau (Germany)



Rannenberg, Kai         Goethe University Frankfurt (Germany)



Ribagorda, Arturo       University Carlos III Madrid (Spain)



Rudolph, Carsten        Fraunhofer Institute for Secure Information Technology (Germany)



Ruland, Christoph       University of Siegen (Germany)



Samarati, Pierangela    University of Milan (Italy)



Schaumueller-Bichl,



Ingrid                  University of Applied Science in Hagenberg (Austria)



Schunter, Matthias      IBM Zurich Research Lab (Switzerland)



Skarmeta, Antonio F.    University of Murcia (Spain)



Teufel, Stephanie       University of Fribourg (Switzerland)



Tjoa, A Min             Technical University of Vienna (Austria)



Tomlinson, Allan        Royal Holloway, University of London (UK)



Weipl, Edgar            SBA (Austria)



Xenakis, Christos       University of Piraeus (Greece)



Zhou, Jianying          I2R (Singapore)





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Thu Mar 11 2010 - 22:14:44 PST

[ISN] Thailand approves extradition of credit card hack suspect

InfoSec News — Tue, 9 Mar 2010 10:50:45 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Tue, 9 Mar 2010 10:50:45 -0600 (CST)



http://www.theregister.co.uk/2010/03/08/thailand_extradites_hacking_suspect/



By Dan Goodin in San Francisco 

The Register

8th March 2010 



A criminal court in Thailand has approved the extradition to the US of a 

Malaysian man suspected of participating in credit card thefts of more 

than $152m, according to a local news report.



Gooi Kokseng, 44, was arrested on January 30 after being accused of 

causing more than 5 billion baht, or $152.9m, in damage by accessing 

credit card information in the US and Southeast Asia, according to The 

Bangkok Post. He was charged with violating computer crime and credit 

card business laws.



The order was approved at the request of the foreign affairs section of 

the Office of the Attorney General, which sought extradition under a 

treaty signed between the Thailand and the US. Kokseng will be remanded 

in Thailand for 30 days before being transferred to the US.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Tue Mar 09 2010 - 08:50:45 PST

[ISN] The FBI supply chain illustrated

InfoSec News — Thu, 11 Mar 2010 00:21:31 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Thu, 11 Mar 2010 00:21:31 -0600 (CST)



http://blogs.csoonline.com/the_fbi_supply_chain_illustrated



By Robert McMillan

Security Blanket

2010-03-09



While FBI Director Robert Mueller was talking about possible threats to 

the U.S. supply chain at the RSA Conference last week, staffers at the 

first-ever FBI RSA booth were getting ribbed about the pens they were 

giving out.



http://blogs.csoonline.com/sites/blogs.csoonline.com/files/pensm.jpg





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Wed Mar 10 2010 - 22:21:31 PST

[ISN] Secunia Weekly Summary - Issue: 2010-10

InfoSec News — Fri, 12 Mar 2010 00:12:54 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:12:54 -0600 (CST)



========================================================================



                  The Secunia Weekly Advisory Summary                  

                        2010-03-04 - 2010-03-11                        



                       This week: 63 advisories                        



========================================================================

Table of Contents:



1.....................................................Word From Secunia

2....................................................This Week In Brief

3...............................This Weeks Top Ten Most Read Advisories

4..................................................This Week in Numbers



========================================================================

1) Word From Secunia:



Patching redefined - Free & Automatic Updating for every single PC user



Unpatched programs are a primary source of IT insecurity. But due to

the complex and immeasurable scope of patching, it is neglected by the

majority of private users. Not a viable approach to ensure online

safety - Secunia has set out aggressively to change this!



Read more:

http://secunia.com/blog/80/



 --



Use WSUS to deploy 3rd party patches



Public BETA

http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/



========================================================================

2) This Week in Brief:



A vulnerability has been reported in Internet Explorer, which can be

exploited by malicious people to compromise a user's system.



NOTE: The vulnerability is currently being actively exploited.



For more information:

http://secunia.com/advisories/38860/



 --



A vulnerability has been reported in Microsoft Windows, which can be

exploited by malicious people to compromise a user's system.



For more information:

http://secunia.com/advisories/38791/



 --



Multiple vulnerabilities have been reported in Microsoft Office Excel,

which can be exploited by malicious people to compromise a user's

system.



For more information:

http://secunia.com/advisories/38805/



 --



Paul Craig has reported a vulnerability in Skype, which can be

exploited by malicious people to bypass certain security restrictions

and potentially disclose certain sensitive information.



For more information:

http://secunia.com/advisories/38908/



========================================================================

3) This Weeks Top Ten Most Read Advisories:



For more information on how to receive alerts on these vulnerabilities,

subscribe to the Secunia business solutions:

http://secunia.com/advisories/business_solutions/



1.  [SA38416] Microsoft Internet Explorer Local File Disclosure

              Vulnerabilities

2.  [SA37584] Adobe Flash Player Multiple Vulnerabilities

3.  [SA37231] Sun Java JDK / JRE Multiple Vulnerabilities

4.  [SA38511] Microsoft DirectShow AVI File Parsing Buffer Overflow

              Vulnerability

5.  [SA37690] Adobe Reader/Acrobat Multiple Vulnerabilities

6.  [SA37769] Google Chrome Multiple Vulnerabilities

7.  [SA38209] Microsoft Internet Explorer Multiple Vulnerabilities

8.  [SA38061] Google Chrome Stylesheet Redirection Information

              Disclosure

9.  [SA38265] Microsoft Windows Two Privilege Escalation

              Vulnerabilities

10. [SA38506] Microsoft Windows TCP/IP Implementation Vulnerabilities



========================================================================

4) This Week in Numbers



During the past week 63 Secunia Advisories have been released. All

Secunia customers have received immediate notification on the alerts

that affect their business.



This weeks Secunia Advisories had the following spread across platforms

and criticality ratings:



Platforms:

  Windows             :     17 Secunia Advisories

  Unix/Linux          :     24 Secunia Advisories

  Other               :      1 Secunia Advisory  

  Cross platform      :     21 Secunia Advisories



Criticality Ratings:

  Extremely Critical  :      1 Secunia Advisory  

  Highly Critical     :     10 Secunia Advisories

  Moderately Critical :     22 Secunia Advisories

  Less Critical       :     27 Secunia Advisories

  Not Critical        :      3 Secunia Advisories



========================================================================



Secunia recommends that you verify all advisories you receive,

by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use

those supplied by the vendor.



Definitions: (Criticality, Where etc.)

http://secunia.com/advisories/about_secunia_advisories/



Subscribe:

http://secunia.com/advisories/weekly_summary/



Contact details:

Web	: http://secunia.com/

E-mail	: support_at_private

Tel	: +45 70 20 51 44

Fax	: +45 70 20 51 45





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Thu Mar 11 2010 - 22:12:54 PST

[ISN] TJX Hacking Conspirator Gets 4 Years

InfoSec News — Fri, 12 Mar 2010 00:15:03 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:15:03 -0600 (CST)



http://www.wired.com/threatlevel/2010/03/tjx-conspirator-sentenced-to-46-month/



By Kim Zetter  

Threat Level

Wired.com

March 11, 2010



Humza Zaman, a co-conspirator in the hack of TJX and other companies, 

was sentenced Thursday in Boston to 46 months in prison and fined 

$75,000 for his role in the conspiracy. The sentence matches what 

prosecutors were seeking.



Zaman, a 33-year-old former programmer at Barclays Bank, was charged 

with laundering between $600,000 and $800,000 for hacker Albert 

Gonzalez, who is currently awaiting sentencing on charges that he and 

others hacked into TJX, Office Max, Heartland Payment Systems and 

numerous other companies to steal data on more than 100 million credit 

and debit card accounts.



Zaman pleaded guilty in April to one count of conspiracy. His sentence 

includes three years of supervised release with the condition that Zaman 

must disclose his conviction to any future employer. Upon release, Zaman 

will not be barred from using computers.



Zaman is the second conspirator in the TJX case to be charged. Former 

Morgan Stanley coder, Stephen Watt, was sentenced in December to two 

years in prison for his role in the TJX case, which involved supplying 

Gonzalez with a sniffer program used to siphon card data from the TJX 

network.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Thu Mar 11 2010 - 22:15:03 PST

[ISN] Colorado Springs man allegedly sabotaged TSA computers

InfoSec News — Thu, 11 Mar 2010 00:21:20 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Thu, 11 Mar 2010 00:21:20 -0600 (CST)



http://www.denverpost.com/ci_14648083



By Howard Pankratz

The Denver Post

03/10/2010



A former employee of the Transportation Security Administration has been 

indicted by the Denver federal grand jury for attempting to sabotage TSA 

computers that enable TSA airport personnel to spot potential terrorists 

before they board airliners.



Douglas James Duchak, 46, of Colorado Springs, worked for the TSA from 

August 2004 through October 2009.



According to the indictment, Duchak sent a code or virus into computers 

at the TSA's Colorado Springs Operations Center in the attempt to 

disable the TSA computer system, which receives information from the 

government's Terrorist Screening Database and the U.S. Marshal's Service 

Warrant Information Network.



The indictment said that the TSA computer system is critical in "vetting 

of individuals" who are attempting to gain access to "secure areas of 

the nation's transportation system."



The indictment said that Duchak's duties included updating the databases 

with new information.



He allegedly inserted a virus programmed to spread on a specific date to 

destroy the computer system.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Wed Mar 10 2010 - 22:21:20 PST

[ISN] ZeuS botnet code keeps getting better... for criminals

InfoSec News — Fri, 12 Mar 2010 00:13:22 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Fri, 12 Mar 2010 00:13:22 -0600 (CST)



http://www.networkworld.com/news/2010/031110-zeus-botnet.html



By Ellen Messmer

Network World

March 11, 2010 



New capabilities are strengthening the ZeuS botnet, which criminals use 

to steal financial credentials and execute unauthorized transactions in 

online banking, automated clearing house (ACH) networks and payroll 

systems. The latest version of this cybercrime toolkit, which starts at 

about $3,000, offers a $10,000 module that can let attackers completely 

take control of a compromised PC.



Zeus v.1.3.4.x (code changes are always underway by the author and 

owner, who is believed to be one individual in Eastern Europe) has 

integrated a powerful remote-control function into the botnet so that 

the attacker can now "take complete control of the person's PC," says 

Don Jackson, director of threat intelligence at SecureWorks, which 

released an in-depth report on ZeuS this week.



This new ZeuS feature, which was picked up from an older public-domain 

project from AT&T Bell Labs known as "Virtual Network Computing," gives 

ZeuS the kind of remote-control capability that might be found in a 

legitimate product like GoToMyPC, Jackson says. SecureWorks calls this a 

"total presence proxy," and it's so useful to criminals, just this one 

VNC module for ZeuS costs $10,000.



The Windows-based ZeuS Trojan software, which takes up about 50,000 

bytes on a compromised Windows-based computer, is designed to plunder 

accounts in North American and United Kingdom banking systems via the 

victim's computer. The criminal might be located a continent away, 

directing unauthorized transfers of funds to accounts through elaborate 

command-and-control systems.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Thu Mar 11 2010 - 22:13:22 PST

[ISN] RSA: Cybersecurity A Joint Fed, Industry Effort

InfoSec News — Tue, 9 Mar 2010 10:50:33 -0600 (CST)

From: InfoSec News <alerts_at_private>

Date: Tue, 9 Mar 2010 10:50:33 -0600 (CST)



http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=223200125



By J. Nicholas Hoover

InformationWeek

March 8, 2010



Government officials played a starring role at the annual RSA Conference 

last week, laying out their plans for government cybersecurity, 

particularly the need for increased cooperation with industry, in 

keynotes and panel sessions throughout the week.



White House cybersecurity coordinator Howard Schmidt set the tone in his 

Tuesday keynote address, focusing heavily on increasing partnerships and 

transparency when it comes to the federal government's role in 

cybersecurity.



In his remarks, Schmidt announced that the White House is declassifying 

part of its 12-part cybersecurity strategy, the Comprehensive National 

Cybersecurity Initiative, making note of its calls for increased 

co-operation between government and industry.



Schmidt dedicated most of his talk to giving an update on the progress 

of near-term action items the Cyber Policy Review completed last year. 

Schmidt noted the development of new Federal Information Security 

Management Act metrics, the development of formal cybersecurity 

education and awareness programs, and other ongoing efforts.



[...]





___________________________________________________________

Register now for HITBSecConf2010 - Dubai, the premier 

deep-knowledge network security event in the GCC, 

featuring keynote speakers John Viega and Matt Watchinski! 

http://conference.hitb.org/hitbsecconf2010dxb/



Received on Tue Mar 09 2010 - 08:50:33 PST