The use of rogue card readers, for example, attached to bank ATMs, is not uncommon in the world of credit card fraud but, in this case, it was done on a large scale. Furthermore, the data gathered can be used to create clones of the cards, to empty the accounts or perform online transactions.

Because most European countries use the “chip-and-pin” system, in which an embedded chip is also checked when the credit card is inserted into an ATM, the scammers will most likely attempt to withdraw the money from other countries in the world that do not have this system implemented. To combat this, affected financial institutions like the Bank of Ireland have temporarily limited overseas withdrawals to as little as $150, in addition to completely blocking some cards from being used.

Electronic infiltration by hostile foreign powers and criminal gangs is the second biggest risk to the nation.

Government IT systems “have been and continue to be attacked,” the first public National Risk Register revealed.

“Some of these attacks are well planned and well executed,” it added.

The suspects are Chinese and Russian security services. But North Koreans and Iranians are also skilled at hacking IT systems. The register said: “They are increasingly combining traditional intelligence with technical attacks, like penetrating computer networks through the internet.”

Islamabad is getting ready to complain to the United Nations on the Kashmir violence. Other international bodies, like the OIC, may also be approached.

Pakistan said it was “deeply concerned over the deteriorating situation, resulting in loss of life and property of the Kashmiri people.”

Earlier, the Pakistan Foreign Minister Shah Mahmood Qureshi, who visited the Hurriyat Conference office in Islamabad, had described the police action in J&K as excessive and unwarranted.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.

The duo, who currently reside at Farahan Arcade Gulistan in Karachi, are originally residents of Hyderabad, Andhra Pradesh. Prior to fleeing to Karachi, the duo were involved in recruitment of youth for jihadi activities in Hyderabad and other parts of the country. They were both allegedly members of the Harkat-ul-Jihad-al Islami, but recruited youth mainly from the Students Islamic Movement of India. Both men are wanted by the Gujarat police in connection with the murder of former state minister Haren Pandya.

Current Spam Categories

As a rule of thumb, spammers will resort to pretty much any trick they can come up with in order to propagate their malicious intents. According to a study recently updated by the McAfee team, the top three spam categories are products and services (36%), adverts (30%) and stock (11%). Other categories include Russian spam (10%), adult services (7%), and last but not least IT related and financial (both 3%). McAfee also included news and Chinese spam in the list of categories, but they ranked in at 0% (perhaps such categories are not very active in July).

Javelin Marketing relies on e-mail messages in order to attract new customers and, for that reason, they have their own database. But managing such a database takes considerable amount of time and effort, so you can see why one would be tempted to purchase a list of people that want to receive informative messages and have for this specific reason given out their e-mail.

Although China has guaranteed that, during the competition, journalists from and outside of China would have the freedom to write whatever they deem suitable, things are not happening as planned. Amnesty International, the movement that supports human rights, reports that its webpage is
not available to some of the foreign journalists in Beijing.

Other websites, belonging to the Taiwanese Liberty Times and to the Chinese versions of BBC and Deutsche Welle, have also been restricted. It seems that, as the Olympic Games are drawing near, the Chinese authorities are doing exactly the opposite of what they promised to do. In order to keep up appearances, Chinese officials have also blocked access to some websites that reported on HIV/AIDS issues.

At that time, Google officials said that the company was not in violation of the Online Privacy Protection Act since its policies regarding this issue could easily be found either by clicking on the “About Google” tab or by simply using the search engine itself to look for these policies.

According to the same statement, the security breach occurred during the students’ study hall, a special time when students “are authorized to use the school’s computer for studying and research.” The 15-year-old managed to infiltrate into the computer using a software application and, after he accessed the data, he copied it on a USB stick. Moreover, the stolen information was then copied on the personal computer at home but it seems like the students didn’t make use of it.

Samuel King, an expert from the University of Illinois at Urbana-Champaign, says that such malicious hardware will be much more difficult to detect as compared to computer worms.

He and his colleagues have shown that they could gain control of a computer by adding malicious circuits to its processor.

Since such circuits interfere with the computer at a deeper level than a virus, they effectively operate ‘below the radar’ of anti-virus software.

For determining the risk from malicious hardware, the researchers designed their own malicious circuits.

Since it is so popular, Facebook is obviously one of phishers’ favorite targets so, even if the social network implements all kinds of security measures, there’s not much to do unless users care about their own security.

Following reports concerning lots of phishing scams launched through the social network service, Ryan McGeehan of Facebook came out to give some pieces of advice to all the users of the service who want to remain on the safe side without too much effort. Among the mentioned tips, the Facebook official gave the name of two recommended browsers which had already implemented anti-phishing filters: Firefox and Internet Explorer7.

The Dark Visitor, a site that tracks the activities of Chinese computer hackers, is reporting that a distributed denial-of-service (DDoS) attack on CNN.com is planned for 8 p.m. Beijing time, or 5 a.m. PT in the United States.

But the organizers themselves (Google translated page) appear to be waffling, and Jose Nazario of Arbor Networks reports that there has been little preattack activity within the last 24 hours.

Calling their action the “Revenge of the Flame,” a group of computer protesters in China appears to have learned from both last year’s cyberattacks on Estonia and the more recent anonymous attacks on the Church of Scientology. But Revenge of the Flame organizers stress that their attacks will not be a crime.

Honestly, this would be a great security measure because consumers using these old and so vulnerable applications are completely opened to attacks and, as long as they refuse to migrate to a more powerful solution, they are a danger especially for themselves.

What’s really interesting is actually to see what PayPal considers to be an unsafe browser. Some time ago, the company said that “safer browser has the following characteristics: latest version, automatic software patches and upgrades, anti-phishing functionality to notify you when you try to access a suspected fake website and 128-bit encryption that protects data during transmission,” as our own Filip Truta, Apple News Editor, wrote on February 29.

PayPal even mentioned a few browsers which may be blocked from accessing their website, but avoided to provide more information about which features such an application must have to be able to connect to their servers. “The alarming fact is that there is a significant set of users who use very old and vulnerable browsers, such as Microsoft’s Internet Explorer 4 or even IE 3. Inevitably, this set of users is a subset of the passive group. We argue that it’s critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers,” PayPal wrote in the “A Practical Approach to Managing Phishing” paper.

First of all, the interested buyers could acquire a sample of the credit cards in order to be sure that they’re not fakes. What’s interesting is that the website was based on traditional commerce techniques as the sellers made discounts for larger amounts of credit cards.

“Prices are segmented depending on whether a card is a Classic Visa or MasterCard, a premium account such as a Gold, Platinum or Business/Corporate card and its country of issue. Prices typically range from $38 per set of card data for premium card accounts in small volumes, going down to $10 for Classic card data in volumes of 100 or more,” Yuval Ben-Itzhak, chief technology officer at Finjan, told Vnunet. “Customers are also being offered a trial set of data, as well as a guarantee on account details that do not work.”

2008 is shaping up to be a very bad year indeed for CAPTCHAs:

• Jan 17: InformationWeek reports Yahoo CAPTCHA broken
• Feb 6: Websense reports Hotmail CAPTCHA broken
• Feb 22: Websense reports Google CAPTCHA broken

Which means I am now 0 for 3. Understand that I am no fan of CAPTCHA. I view them as a necessary and important evil, one of precious few things separating average internet users from a torrential deluge of email, comment, and forum spam.

So reading that the three best CAPTCHA implementations have been defeated sort of breaks my heart. Even what I consider to be the strongest, Google’s implementation, fell hard:

The Quebec police reported earlier today that 17 young hackers have been arrested, under charges of attacking nearly one million computers and causing an estimate $45 million in damages since they began their illegal activities. Aged between 17 and 26, all were Quebec residents, and the operation that lead to their capture was started two years ago, in 2006, after complaints from individuals, businesses and government departments had been received. All arrestees were male except for one 19-year-old woman.

And while he’s pondering over whether to buy a gift or settle for an attractive new date, his computer is quietly being taken over. The spammer maybe launching a phishing attacking and hijacking his PC turning it into a botnet.

A botnet PC is then used to launch bigger attacks on other Net users. And the user doesn’t even know. Spamming and phishing has become a multi-billion dollar industry worldwide.

The new model has explained three paths that an attacker can take to penetrate the network using FTP server, SSH server or database server, which would act as a guide for IT managers in securing their networks by assigning a probable risk of attack.

Anthony D. Romero, Executive Director of ACLU issued this statement: “Spying on Americans without warrants or judicial approval is an abuse of government power – and that’s exactly what this law allows. The ACLU will not sit by and let this evisceration of the Fourth Amendment go unchallenged. Electronic surveillance must be conducted in a constitutional manner that affords the greatest possible protection for individual privacy and free speech rights. The new wiretapping law fails to provide fundamental safeguards that the Constitution unambiguously requires.”

Orange ISP customers ranked in at numbers 1, 2 and 4 in the top five count provided by ClearMyMail. Between the three of them they received 63,339 spam messages per day and 23,118,735 messages per year. The Internet users that came in at number 3 and 5 used 123-reg/GX Networks and receive between 3,900 and 12,000 spam messaged on a daily basis.

“Trazhva is an Iranian trojan. It gives the intruder full control over the victims computer: log keystrokes, take screenshots, record audio, and mess with any files and computer settings. It is very dangerous and it is possible that manual removal won’t do the job”, 2Spyware.com wrote in the security advisory published today.

“We learned that a salesforce.com employee had been the victim of a phishing scam that allowed a salesforce.com customer contact list to be copied,” Salesforce wrote in a message especially addressed to the clients. However, the company tries to underline the fact that the leaked information was not caused by a security glitch in its system. “To be clear, a phisher tricked someone into disclosing a password, but this intrusion did not stem from a security flaw in our application or database.”

The firm confirmed that the stolen information contains “first and last names, company names, email addresses, telephone numbers of salesforce.com customers, and related administrative data belonging to salesforce.com.” Moreover, some of the users included on the list provided the passwords to their accounts after being contacted by the same phishers who managed to steal the information

Self-sacrifice provides a check against malicious nodes attacking legitimate ones.

“Our suicide mechanism is similar in that it enables simple devices to protect a network by removing malicious devices – but at the cost of its own participation,” said Tyler Moore, a security engineer at the University of Cambridge in the UK.

In 2008-2009 alone, over 500 Sri Lankan officers and other ranks will receive training in institutions ranging from Counter-Insurgency and Jungle Warfare School at Vairengte (Mizoram) to School of Artillery at Devlali (Maharashtra), apart from undergoing specialised naval courses in gunnery, navigation, communication and anti-submarine warfare, say sources.

“The exploit downloads executes a first-stage downloader EXE file from an RBN (Russian Business Network) server via anonymous FTP and executes it. That downloader installs a variant of the Gozi Trojan which steals data as described in the Threat Analysis posted on the SecureWorks website,” SecureWorks mentioned in a security alert published a few days ago.

“The emails sent in bulk looked like credit card statements, and contained an attachment called ‘report.pdf’,” its chief research officer Mikko Hypponen said in a statement.

When such PDF files are viewed on vulnerable machines, they start downloading software from servers in Malaysia or Sweden, which are now being cleaned, he said. “There will be more such attacks.”

“We are worried about this case, as PDF attachments are typically not filtered at email gateways.”

A security update for Acrobat Reader, which opens PDF files, was made available a few days ago, but many users have not updated the programme yet, Hypponen said.

Over the time, we’ve learned that hackers can do just about anything if they have the right skills and the right tools. So, if they bypass GM security systems and gain access to the control panel for this technology, things could end up in a disaster! Also, malicious insiders could wreak havoc on the streets, by abusing this system.

And imagine what could happen if a hacker accesses the system and, instead of slowing down the engine, would actually reverse the process and increase velocity – now that would cause a lot of problems, probably death! Also, these systems are going to be controlled remotely, fact which means jamming stations could be put in place to avoid control. I don’t even want to think what could happen if a terrorist gained access to this system!

The damning investigation report, prepared by the Computer Emergency Response Team (CERT) in the ministry of information technology, says the users compromised security by bypassing official orders and visiting sites blocked for use — porn, chatting, music and online games.

Here is the official line from Google about the theme on which the product is to be developed in the competition… To organize the world’s information and to make it universally accessible and useful.

Competition is open to all Computer Science students of select Engineering Colleges only. One can have a team consisting of

Of course, you can’t tackle these problems by yourself – all you can do, as a user, is keep your software up to date, other than that, there’s not much else. But what about the company’s end of the bargain?

Well, as InfoWorld reports, it’s 5 things that one company could do, to improve the security of their software, and I’m not just talking about the ones that provide security solutions, I’m talking about all software vendors.