Report: 90% of Web Sites Vulnerable to Hackers

New study claims Cross-Site Scripting attacks are all over the place. Should we be afraid?

internetnews.com: We all know that some Web sites suffer from security vulnerabilities -- but 90 percent of them?

In a new report, security researcher Whitehat Security said it found a staggering nine out of 10 Web sites have some type of serious vulnerability that a hacker could potentially exploit.

The study, which examined more than 600 sites including those of Fortune 500 firms, found a number of different vulnerabilities common across the Internet, with Cross-Site Scripting (XSS) vulnerabilities dominating the rankings.

In fact, Whitehat claims that 70 percent of the Web sites it surveyed were at risk from some sort of XSS attack. That figure dwarfs the No. 2 culprit in the firm's survey, SQL injection, which comprised only 4 percent of the firm's total surveyed vulnerabilities.

For the rest of the story CLICK HERE

Comcast Cameras to Start Watching You?

If you have some tinfoil handy, now might be a good time to fashion a hat. At the Digital Living Room conference today, Gerard Kunkel, Comcast’s senior VP of user experience, told me the cable company is experimenting with different camera technologies built into devices so it can know who’s in your living room.

The idea being that if you turn on your cable box, it recognizes you and pulls up shows already in your profile or makes recommendations. If parents are watching TV with their children, for example, parental controls could appear to block certain content from appearing on the screen. Kunkel also said this type of monitoring is the “holy grail” because it could help serve up specifically tailored ads. Yikes.

read more | digg story

Librarian fired after reporting patron viewing child porn

Found on PogoWasRight.org: One California county may be facing a lawsuit by former librarian Brenda Biesterfeld, who says she was fired after alerting authorities that a patron was viewing child pornography on library computers.

A librarian assistant at the Lindsay Library, Biesterfeld was on the job late last month when she noticed 39-year-old Donny Chrisler downloading child porn on library computers. Biesterfeld told her supervisor Judi Hill, who instructed her to issue Chrisler a warning. Instead, Biesterfeld called police the next day. A few days later, Chrisler returned and Biesterfeld noticed he was once again viewing child porn. She notified police, who came and arrested Chrisler on the spot.
According to a press release, the police also confiscated the library's computer that had used by Chrisler. Supervisor Hill confronted police, accusing them of interfering where they did not belong and assuring them that county librarians were handling the matter internally. After police explained that, since federal law had been violated, it was now a legal matter in their hands, Hill demanded to know who reported the incident. The police protected Biesterfeld's identity. However, she was fired two days later.

RFID-hack hits 1B digital access cards worldwide

The Dutch government has issued a warning about the security of access keys that are based on the widely used Mifare Classic RFID chip.

Government institutions plan to take "additional security measures to safeguard security, " Guusje ter Horst, minister of interior affairs, wrote in a letter to parliament on Wednesday.

NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

To read the rest of the story CLICK HERE

You think you are free?

From Gulfnews.com: Watching old movies makes me sad. I'm inevitably reminded of a kindlier, gentler world without cameras that spy on populations, where overseas travelling was pleasurable and privacy was an individual's right.

Nowadays, states are usurping responsibilities that are rightfully those of their citizens. Western so-called democracies, in particular, are supposed to have governments that are servants of the people, whereas, in fact, the opposite is true. Under the guise of doing what's best for us or ensuring our security, governments are exercising more and more control over our lives. And, tragically, we are facilitating this erosion of our own freedoms, mostly because we're not even aware it's happening.

To read the rest of the story CLICK HERE

Identity Theft & Family

Found on the simpledollar.com: I’m writing on behalf of a friend who just graduated from college two years ago and is trying to get on her financial feet. When she was young her mother used her identity several times to get loans and open credit cards. Her mother is a homeless nomad who has not taken responsibility for any of these accounts and has ruined my friend’s credit. She doesn’t even know how many loans and credit cards were obtained in her name, if any are paid of and to what degree, etc. She tries to run her credit report but can’t because she can’t answer the basic questions about her last address or last loan because it’s all her mother’s information.

Her mother has not used her identity for financial gain, that she knows of, in about three years. My friend is trying to be responsible. She has a good job, no debt of her own (just what her mother accrued!), and is trying to live more frugally. She’s been turned down several times for a credit card and obviously, can’t get any other sort of loan. Is there any way to get her mother’s mistakes off her report? It seems like identity theft to me, but I’m not sure how to advise her. Could a lawyer help her clear her report? It doesn’t sound like her mother will be able to pay for any outstanding charges, and I don’t know if suing her would do much good. Since many of these accounts were opened when my friend was under 18, I just can’t believe that she’d be held resposible for all of it. It’s just not fair, and I feel awful for her. Thanks in advance for your help.

For the advice given and the comments CLICK HERE

Data thieves steal credit card data from supermarket chain

Data thieves broke into computers at supermarket chains Hannaford Brothers and Sweetbay, stealing an estimated 4.2 million credit and debit card numbers, Hannaford said Monday.

"The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said Hannaford CEO Ron Hodge, in a statement posted to the company's Web site.

For the rest of the story CLICK HERE

Cyber Tensions Flare Amongst U.S., Chinese Military

Reports claim the U.S. and Chinese armed forces have begun to wage an escalating, silent war on the internet

Surveillance and subterfuge are timeless traditions. In ancient Japan, daimyo ninjas carried out dangerous spy missions to the highest bidder. Their surveillance missions and assasinations created fear and chaos within their enemies.

More recently in the days of the Cold War, espionage expanded to an unprecedented scale as the CIA and Britain's MI6 waged silent war against the Soviet Union's KGB agents. Telephoto cameras, spy planes and phone bugs were the most high-tech tools employed for monitoring.

Today a new war of intelligence has begun, this time online. China, the world's most populus nation, began to exert its digital will. The U.S. military reported numerous successful attacks on Defense Department computers originating from China. While the U.S. military has not put it in these exact words, it indicates that the U.S. is on the verge of entering into a digital war with the Chinese government, much akin to the war of surveillance which occurred against Russia during the Cold War era.

Read the Rest Of the Story: Click Here

Security website hacked to spread malware

Over 20,000 legitimate websites affected as security vendor Trend Micro becomes the latest victim of a widespread web attack.

read more | digg story

Credit Card Companies Can Stop ID Fraud

A relatively simple bit of computer programming at America's three nationwide credit bureaus could create an early-warning system that would significantly deter the $50 billion identity theft problem plaguing America's consumers and the financial services industry serving them.

read more | digg story

Password-stealing hackers infect thousands of Web pages.

Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days. The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites.

read more | digg story

MTV Security Breach Affects 5000 Employees

MTV Networks, owned by Viacom, experienced a data breach this Friday, and five thousand of its employees may have fallen victim to the socially‑engineered attack. While MTV is trying to find out what exactly happened, the information so far indicates that an outsider successfully convinced an MTV employee to download a Trojan to be installed in a company computer.

For the rest of the story CLICK HERE

Counterfeit Chips Raise Big Hacking, Terror Threats

As more computer chips are made overseas, the risk of hardware tampering increases, from stealing consumer data to crashing government networks. But how real is the threat? his past January, two brothers from Texas, Michael and Robert Edman, appeared in court to face federal charges of selling counterfeit computer equipment to, among others, the Air Force, Marine Corps, Federal Aviation Administration, Department of Energy, numerous universities and defense contractors such as Lockheed Martin. According to prosecutors, the pair, working largely out of Michael Edman's house in the rural town of Richmond, bought cheap network cards from a supplier in China. They also purchased labels and boxes carrying the logo of Cisco Systems, the U.S.-based hardware giant. Until a source in China tipped off the FBI, no one could tell that the parts were Cisco knockoffs rather than the real thing.

read more | digg story

HealthNow data goes missing as laptop vanishes

HealthNow New York has alerted 40,000 members in Western and Northeastern New York that they may be at risk for identity theft, after a former employee’s laptop computer went missing with confidential information several months ago.

The Buffalo-based parent of Blue- Cross BlueShield of Western New York sent letters late last week to the affected customers, even though officials are still not certain what, if anything, was on the computer.

Read the rest of the story CLICK HERE

Gmail Scam Signal Of A Much Bigger Security Issue

This weekend news came that a Gmail archive service called G-Archiver, which backs up all of your Gmail emails to your hard drive, was actually the front for a scam - hard coded into the application was a “feature” that sent every user’s email address and password to the creator’s own email account, giving him access to all of their Gmail messages.

Read the rest of the story - CLICK HERE

Chinese hackers: No Site Is Safe

ZHOUSHAN, China (CNN) -- They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world's most sensitive sites, including the Pentagon.

In fact, they say they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies.

"No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness," says Xiao Chen, the leader of this group.

For the rest of the story CLICK HERE

Jihadism And Internet Crime

Over on AppScout there's a post about a presentation about online jihadists. Much of it is not security-related, in the usual computer security sense, but it's all fascinating and there is one relevant point.

"Verisign hasn't found evidence that jihadists have gained access to the most serious and effective carding communities. But they are making a concerted effort to do so," [Security expert Mohammad Hluchan] said in a PowerPoint slide during his presentation. "There is mounting evidence that the worlds might be merging, with jihadists turning into cyber criminals," he said.

Yikes! That's a scary thought. Perhaps if real people and real banks get hit in their pocketbooks by jihadists it will affect the level of priority we all feel about the problems of Internet crime.

Top cybercrook targets for 2008

A recent Internet Security Outlook Report issued by CA warns that social networks and Web 2.0 are among the top potential targets for online attacks in 2008. The study, based on data compiled by CA's Global Security Advisor researchers, features Internet security predictions for 2008 and also reports on trends from 2007.

Read the rest of the story - CLICK HERE

Whistle-Blower: Feds Have High-Speed Backdoor Into Wireless

A U.S. government office in Quantico, Virginia, has direct, high-speed access to a major wireless carrier's systems, exposing customers' voice calls, data packets and physical movements to uncontrolled surveillance, according to a computer security consultant who says he worked for the carrier in late 2003.

read more | digg story

What are Identity Theft Products?

This fact sheet covers: Credit Monitoring Services, Identity Theft Insurance, Fraud Alert Products, Credit Freeze Products, Data Sweep Services The Identity Theft Resource Center receives numerous inquiries from consumers regarding identity theft products available for purchase. This document explains these in depth. Excellent resource.

read more | digg story

Windows-based cash machines 'easily hacked' - CNET News.com

ATMs that rely on desktop PC technology--and that's a lot of them--are at risk from worms, key loggers, and denial-of-service attacks.

read more | digg story

Google Groups invaded by porn peddlars

There is a long list (over 250) Google Groups sites that have been listed as posting items that are rife with viruses and malware. I guess if you stay away from these sites, you are ok, but in any case, we list them for the benefit of all to be warned. You can get the entire list of groups HERE

Beware MonaRonaDona antivirus scam, researchers warn

If your computer gets infected with a Trojan called the "MonaRonaDona virus," be careful with what you use to wipe it off your computer, says antimalware software provider Kaspersky Lab. MonaRonaDona is part of an elaborate scam to sell fake antivirus software, Kaspersky researchers say.

read more | digg story

Identity Theft: Crime of the Century?

Identity theft is a growing epidemic in the U.S. and worldwide. Chances are, if you haven't been directly impacted by it, you know someone that has.In fact, identity theft led the Federal Trade Commission's (FTC) list of consumer fraud complaints for 2007 - and it's been at the top of the list for the past seven years. Of the 813,899 total complaints in 2007, 32 percent were related to identity theft. That's 258,427 complaints. http://www.ftc.gov/opa/2008/02/fraud.shtm

Identity theft broadly refers to the fraudulent use of someone else's personal information. Criminals actively seek out sensitive or identifying data - like passwords and social security numbers - from unsuspecting victims. Sometimes they do it low-tech style by dumpster diving, raiding post boxes or posing as "legitimate" telemarketers. Today, though, there are many high-tech techniques wrecking much havoc. Fraudsters are using malware, hijacking electronic transmissions, and perpetrating email scams to get what they need.

read more | digg story