Hacking and Anonymous surfing

Organizations with top executives who aren’t involved in cybersecurity decisions face a serious problem — a major hit to their bottom lines, according to a report released Wednesday.

“Many organizations see cybersecurity as solely an IT problem,” said Karen Hughes, director of homeland security standards programs at the American National Standards Institute (ANSI), one of the major sponsors of the new report. “We are directing a wake-up call to executives nationwide. The message is, this is a very serious issue, and it’s costing you a lot of money.”

The report, called “The Financial Management of Cyber Risk,” recommends how C-level executives can implement cybersecurity risk management programs at their companies. Part of the goal is to get executives such as chief financial officers directly involved in cybersecurity efforts, said Larry Clinton, president of the Internet Security Alliance (ISA), the other major sponsor of the report.

Mozilla is out this week with Firefox 3.5.9 and 3.0.19 updates, fixing multiple security vulnerabilities in the open source Web browser’s two branches, while announcing that the older of the two branches is being phased out.

As part of the update, Mozilla also issued new advisories on problems that also impact Firefox 3.6.2 browser, which it released last week, in addition to the 3.5.x and 3.0.x browsers. With the 3.0.19 update, Mozilla is pledging to end the 3.0.x branch, which first debuted in June 2008.

“This is the last planned security and stability release for Firefox 3.0,” said Christian Legnitto, Mozilla’s new release driver for security and stability releases. Legnitto joined Mozilla earlier this month after a previous stint working at Apple, where he worked on stability and security releases for Mac OS X.

The role of IT professionals will change dramatically over the next 10 years as technology becomes more advanced, according to the Recruitment and Employment Confederation (REC) Technology group.

The organisation said in new report on technology in the workplace in 2020 that the role of IT professionals will evolve to align with business objectives, and that IT professionals need to enhance their skills to compete with the pace of IT growth.

“There is a real opportunity for candidates to develop more depth and less breadth in their skill-set,” said Jeff Brooks, chairman of REC Technology. “In the past, IT workers tended to opt for a broad range of skills to maximise their employment potential, but looking forward it will inevitably be specialist skills and a strong business acumen that will be most in demand.”

A LONG-RUNNING effort to upgrade FBI computerised case files faced additional big cost overruns and a new delay, the US Justice Department’s inspector general said in a report issued on Wednesday.

The Federal Bureau of Investigation and the contractor Lockheed Martin Corp were renegotiating the budget – last estimated at US$451 million (S$631 million) – as well as the schedule and some of the work to be performed, the report said.

The system, known as Sentinel, had been expected to be completed by September but FBI Director Robert Mueller told Congress earlier this month it would be delayed until 2011.

The government needs a search warrant to bust into your house, search your files, and pull out any incriminating documents. It needs the same warrant for files stored on your computer. So why doesn’t the same standard apply when the same information is stored in online servers operated by third parties like Google or Microsoft?

The answer is 1986′s Electronic Communications Privacy Act, drafted in a different era. Many of its distinctions no longer make sense today, such as the one between “private” and “third-party” records. The government has found numerous ways to access material stored in remote servers — notably e-mail — without the traditional warrant and judicial oversight required in the past. And new sources of data, such as cell phone location records, weren’t even envisioned by the earlier law.

To drag the law into the modern era, a coalition of strange bedfellows has formed: the Electronic Frontier Foundation, the American Civil Liberties Union, Microsoft, Google, AT&T, the Progress & Freedom Foundation, the Center for Democracy and Technology, and others.

After a wave of 3D movies such as Alice in Wonderland and Avatar, and a number of television manufacturers producing 3D TVs this year, there is growing interest in a three-dimensional viewing experience. The usual 3D technology uses a stereoscopic principle in which a slightly different image is presented to each eye, thanks to the special glasses the viewer has to wear. Now a device named pCubee gives you the experience of 3D without the need for the glasses.

The pCubee consists of five LCD screens arranged as a cubic “fish tank” box that viewers can pick up, tilt, shake or turn to watch the 3D content or play games with virtual objects that seem to be within the box. Instead of stereoscopy, the device uses a principle called motion parallax, which is one of the means by which we usually perceive depth in a three dimensional scene. Motion parallax is a cue the brain is able to use to sense depth, because the movements of objects across our field of view depends on their relative distance from us. Having the box move means viewers do not need to move their heads to see the effect.

A new report profiling the troubles AT&T has faced with millions of bandwidth hungry iPhone users revealed Tuesday that Apple has modified its handset to make it less taxing on its wireless partner’s network.

Talking to The Wall Street Journal, AT&T Chief Technology Officer John Donovan said he and other executives flew to Apple’s Cupertino, Calif., campus to give the handset maker a “crash course in wireless networking.” With regular return meetings at Apple, AT&T employees helped the iPhone designers create new technologies to limit the strain on the wireless provider.

“Apple rejiggered how its phones communicate with AT&T’s towers,” the report said. “As a result, the phones now put less of a load on the network for such simple tasks as finding the closest tower or checking for available text messages.”

It’s the publicity around zero-day bugs that drive Windows users to patch their software quickly, not the fact that Microsoft sounds the alarm by issuing an emergency update, a researcher said today.

Windows users rush to patch whenever a zero-day vulnerability is involved, even when Microsoft doesn’t deliver the fix in an out-of-band update, said Wolfgang Kandek, chief technology officer at Qualys, a California-based security risk and compliance management provider.

Kandek analyzed data acquired from several hundred thousand PCs that Qualys monitors for its customers, and concluded that the existence of a zero-day bug — a vulnerability for which exploit code has gone public before a fix is ready — is the driver for faster patching. He found that the patching speed of two Microsoft updates that addressed zero-days in Internet Explorer were nearly identical, even though one had been released as part of the company’s standard Patch Tuesday, and the other was issued as an out-of-band update.

Security firm Sophos has published research on the automated tools used by search engine optimisation (SEO) hackers and how companies can protect themselves.

Using SEO techniques to subvert legitimate websites has become a huge money-spinner for cybercriminals, researchers found. Every day dozens of malicious campaigns take advantage of the hottest news stories on the internet to spread malware, according to Sophos.

After the recent death of a Sea World animal trainer by a killer whale, hackers automatically used blackhat SEO techniques to stuff booby-trapped web pages with related content, said Fraser Howard, principal virus researcher at Sophos.

A website run by Durex to sell condoms in India has compromised the personal data of customers, with their names, addresses, contact numbers and order details reportedly leaked over the internet. The website admits there has been a problem but says customers’ financial details have not been breached.

The site explains to customers, “We wish to inform our customers that on the website, limited transactional details could have been accessible for a restricted time window. These details did not include credit card or other financial information which remain secure at all times.

“SSL [the owner of the Durex brand] and TTK-LIG take data security extremely seriously and we have identified the cause and taken immediate remedial action. The modifications put in place ensure that unauthorised access cannot happen again.”