• Archives
• Subscribe
• Add Your Link
• Harlow’s Books & Cds
• Register 'ur URL

L-M

Legislation would create new cybersecurity regulations

Two U.S. senators have introduced legislation that would overhaul the nation’s cybersecurity efforts, and would reportedly allow the government to regulate some private company cybersecurity efforts for the first time. A Senator from West Virginia and a Senator from Maine introduced the legislation on April 1, but some details were not immediately available. Earlier on April 1, the Washington Post reported that the legislation will include new mandates on government networks and on private networks that control electrical grids, water distribution, and other essential services. A spokeswoman for the Senate Commerce, Science and Transportation Committee said on April 1 she had few details about the bill. The bill would establish a new national cybersecurity advisor in the executive office of the U.S. President, and it would “remake the relationship between the government and the private sector on cybersecurity,” a committee news release said. “We must protect our critical infrastructure at all costs, from our water to our electricity, to banking, traffic lights and electronic health records, the list goes on,” the Senator from West Virginia said in a statement. “It is an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now.”

Details Here

first published week of:   04/06/2009

line between cybercrime and cyberwar is blurred

Organized Internet-based crime has reached such intensity and scale that the distinction between cybercrime and cyberwar is being blurred, security giant McAfee said in its annual Virtual Criminology Report. “Is the age of cyberwar at hand?” McAfee asked in the report, citing evidence that countries hostile to industrial democracies are involved in some of the more serious and sustained cybercrime. In response, McAfee said, “nation-states are arming themselves for the cyberspace battlefield.” The number of reports of cyberattacks and network infiltrations that appear to be linked to nation-states and political goals continues to increase, McAfee said. “There is active debate as to when a cyberattack reaches the threshold of damage and disruption to warrant being categorized as cyberwarfare,” said the report. “With critical infrastructure as likely targets of cyberattacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire,” the report warned. The CEO of McAfee said, “Experts disagree about the use of the term “cyberwar,” and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyberwar, there is little disagreement that there are increasing numbers of cyberattacks that more closely resemble political conflict than crime. McAfee believes the private sector at large needs to prepare for cyberattacks, and “those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share.” McAfee also called for greater transparency in current discussions on combating cybercrime. The report said,“Too much of the debate on policies related to cyberwar is happening behind closed doors.”

Details Here

first published week of:   12/07/2009

Malware Swipes Millions of Credit Cards

Tens of millions of credit cards could be at risk of fraudulent use thanks to a serious computer security breach at financial-transactions company Heartland Payment Systems. Earlier this week, Heartland revealed that a piece of malicious software, apparently installed inside the company’s transaction-processing system last year, had compromised creditcard data as it crossed the network.

The breach was announced on Tuesday–the day of the U.S. presidential inauguration–and, according to some experts, it shows that attackers are successfully defeating the financial industry’s tough computer security rules.

Details Here

first published week of:   01/26/2009

Malware writers exploit Google Trend

Malware distributors are taking advantage of Google Trends to earn top billing for their pages, according to security experts. Researchers at McAfee’s Avert Labs said that a number of malicious pages have seen their Trend ranking artificially enhanced so that the pages will be returned as top results for a number of Google searches. The McAfee senior threat researcher said that the malware writers appear to be using the Google service to find the most popular current search topics, then loading the pages with keywords and text to show up on result pages for those terms. “One thing they are doing is to pull the content off the pages that are already ranked high, which makes it a little more transparent when you see the search results,” said the researcher. After clicking on one of the malicious links, the user is redirected to a page which will attempt to exploit a three-year old vulnerability in Internet Explorer, as well as a number of fake ‘alert’ popups designed to trick the user into installing rogue security software. The researcher suggests that users exercise extra caution when clicking on search results and avoid following links to unknown or suspicious domains.

Details Here

first published week of:   03/09/2009

Meters for the Smart Grid

In this year’s economic stimulus package, the United States government allocated $4.5 billion to developing technologies for the "smart grid," a revamped delivery system for electricity. Advocates envision a digital system that can make energy-saving adjustments to power flow. Several million networked meters have already been distributed in the United States.

But critics say that rushing to roll out this system could give rise to security problems. At a recent conference, Mike Davis, a senior security consultant at the Seattle-based research company IOActive, gave a presentation on a proof-of-concept cyber attack that could potentially allow an attacker to shut off large numbers of meters remotely. Researchers say now is the time to test the smart grid and get security right.

The current generation of smart meters, Davis says, “is probably not mature enough3 for some of the new network features. He has not publicly released brand names of meters he has tested. This page shows a sample smart-meter interior.

Details Here

first published week of:   09/14/2009

--Page 1 of 3--

Volume 31

-->