Hacking and Anonymous surfing

Apple’s new security chief, David Rice, has some interesting views on how to improve software security – in particular a vulnerability tax concept.

The soon-to-be global security head believes such a tax could be handled in the same way as pollution, making companies pay for the amount of environmental damage they caused.

“We run cars in various crash tests to see how they respond, we can run these attack patterns on software, judge how it performs and give it a security rating,” Rice told Forbes this week. “If a tax raised the private cost of cybercrime, people would get educated very quickly. When insecure software starts costing more, people will adjust their behaviour.”

Firms that employ VoIP services can enjoy significant cost savings, but they must not lose sight of security, it has been claimed.

In an article for Fox Business, Joshua Daymont revealed the number of hacker attacks on IP telephony systems has grown over the past 12 months and companies must make sure they protect their sensitive data.

Top of the list of safety measures is changing the default password, as is this is left dangerously unchanged all too often, he noted. Encryption is another crucial tool, Mr Daymont continued, which prevents people listening into conversations and stops hackers using a VoIP connection to make calls of their own.

Source code that apparently relates to v8 of Kaspersky Anti-virus has appeared on BitTorrent and other file-sharing sites in the last few days. According to newswire reports, the source code was leaked by an employee of the IT security vendor who is now in jail for intellectual property theft.

The Softpedia newswire asserts that the source code dates back to late 2007/early 2008 and has been written in C++ and Delphi.

The newswire notes that the source codes covers the anti-virus engine, as well as the anti-phishing, anti-dialer, anti-spam, parental control, and other IT security modules. “We don’t know yet to what version of Kaspersky’s security suite the sources actually correspond to, but 8.0 is the most likely candidate at this point”, says the newswire.

Wiretapping exists, legally, for the benefit of law enforcement to protect the citizens of the U.S. But what if the wiretapping rules are extended so far that technology innovators must first get approval from the federal government BEFORE offering new technologies that affect wiretapping capabilities? How will the requirements affect hosted/cloud based service providers?

The U.S. promotes a free [from intrusion and government content control] Internet but criticizes countries that operate with a poor human rights record. How can the U.S. be a leader in this case while the FBI does a similar intrusion of communications? Will the changes force cloud providers to only locate their sites in the U.S? What are the ramifications for multi-national enterprises with sites outside the U.S?

Malcolm Riddell awoke at 6 a.m. one day last year to some of the most heart-sinking words a homeowner can hear: “FBI, open up.”

When he did, a dozen armed FBI agents swarmed through the lawyer’s lofty Palm Avenue condo in downtown Sarasota. They held him against the wall, separated him from his wife and then questioned him on the porch looking down 12 stories onto Sarasota Bay.

Riddell says he was not nervous or scared, just clueless. The FBI agents searched through his computer equipment for a while, then made it all clear: child pornography images were flowing through Riddell’s wireless Internet connection.

The London Stock Exchange has been the victim of attempted terrorist and hacking attacks, it has been revealed.

The news confirms fears that Britain is facing an “advanced and persistent” threat to its critical infrastructure, according to a cyber security expert. The headquarters of the stock exchange, near St Paul’s Cathedral, were apparently targeted last year. A separate investigation is under way to detect the source of a cyber attack.

The LSE trades about £5 trillion of shares everyday, meaning a successful attack on it could precipitate chaos in Western financial markets. The US is also investigating a hacking raid on an American stock exchange which they say originated in Russia.

I don’t spend a lot of time on Facebook, so when I got an e-mail from the social networking site telling me “you haven’t been back to Facebook recently” and here are some messages you missed, it didn’t seem odd. I clicked on the link, wondering what one of my friends was doing.

Oops. I was a victim of a hacking technique called “clickjacking.” If it hadn’t been for security measures built into Firefox, I might have been in trouble, because rather than going to Facebook, I was headed for http://sleepingpillsfitnesspills.com.

That site might have simply been an ad for cut-rate, Canadian pills – an annoying, but harmless detour. But it also could have been a site loaded with malware, include rogue applications designed to steal key personal information from me and people in my address book.

Microsoft is warning that a scripting flaw affecting all versions of Windows could result in “unintended information disclosure.”

The flaw, which lies in the MHTML protocol handler and affects the way Internet Explorer handles web pages and documents, could enable hackers to steal private information or hijack computers, according to the security advisory. Users could inadvertently download malware by clicking on a web link.

Angela Gunn, an analyst with Microsoft’s Trustworthy Computing, explains the result of the flaw this way: “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session. Such a script might collect user information (e.g., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience.”

Google has open sourced its internal software for deploying Mac OS X packages across a network.

Known as Simian, the platform was built after Google’s Mac Operations and Security teams evaluated several Mac package deployment tools and failed to find one that suited their needs. After alleged Chinese hackers broke into Google’s internal systems in December of 2009, reports indicated that the company had decide to abandon Windows machines entirely and move its entire staff to Mac and Linux machines, and judging from our conversations with company employees, this is indeed the case.

According to Google, Simian is designed to deploy new or updated software to a single Mac or tens of thousands of Macs. It can push out security patches to Macs across internal networks or VPNs as well as machines on other networks. It can require the installation of some software packages while allowing others to be optional. And it can manage updates provided by Apple.

It seems like just about everyone is getting a reality show. “Real” housewives, ex-strippers, repo-men, Hawaiian bounty hunters, power gays in New York, and folks competing to be videogame testers are just a few of the folks that have TV crews following them around these days. Now, hackers can be added to the ever-growing list, as a computer security firm has just announced that it’s signed a deal for a documentary-style show that its promising will thrill audiences everywhere.

LIGATT Security International revealed today that it’s got a reality show – about life at both its Atlanta and Los Angeles offices – in the works. According to Greg Evans, the company’s CEO and self-described as the “World’s No. 1 Hacker”, the upcoming show is the result of people trashing the book he released last year.