DNSChanger Trojan Still in 12% of Fortune 500

In about two weeks, hundreds of thousands of computer users are going to learn the hard way that failing to keep a clean machine comes with consequences. On July 9, 2012, any systems still infected with the DNSChanger Trojan will be summarily disconnected from the rest of the Internet, and the latest reports indicate this … Читать далее

‘Carderprofit’ Forum Sting Nets 26 Arrests

The U.S. Justice Department today unveiled the results of a two-year international cybercrime sting that culminated in the arrest of 26 people accused of trafficking in hundreds of thousands of stolen credit and debit card accounts. Among those arrested was an alleged core member of “UGNazi,” a malicious hacking group that has claimed responsibility for … Читать далее

Bank Settles With Calif. Cyberheist Victim

A California escrow firm that sued its bank last year after losing nearly $400,000 in a 2010 cyberheist has secured a settlement that covers the loss and the company’s attorneys fees. The settlement is notable because such cases typically favor the banks, and litigating them is often prohibitively expensive for small- to mid-sized businesses victimized … Читать далее

How to Break Into Security, Ptacek Edition

At least once a month, sometimes more, readers write in to ask how they can break into the field of computer security. Some of the emails are from people in jobs that have nothing to do with security, but who are fascinated enough by the field to contemplate a career change. Others are already in … Читать далее

PharmaLeaks: Rogue Pharmacy Economics 101

Consumer demand for cheap prescription drugs sold through spam-advertised Web sites shows no sign of abating, according to a new analysis of bookkeeping records maintained by three of the world’s largest rogue pharmacy operations. Researchers at the University of California, San Diego, the International Computer Science Institute and George Mason University examined caches of data … Читать далее

A Closer Look: Email-Based Malware Attacks

Nearly every time I write about a small- to mid-sized business that has lost hundreds of thousands of dollars after falling victim to a malicious software attack, readers want to know how the perpetrators broke through the victim organization’s defenses, and which type of malware paved the way. Normally, victim companies don’t know or disclose … Читать далее

Beware Scare Tactics for Mobile Security Apps

It may not be long before your mobile phone is beset by the same sorts of obnoxious, screen-covering, scaremongering ads pimping security software that once inundated desktop users before pop-up blockers became widely-used. A mobile ad for SnapSecure's software Richard M. Smith, a Boston-based security consultant, was dining out last Friday and browsing a local … Читать далее

Naming and Shaming the Plaintext Offenders

It was a fitting end to a week dominated by news of password breaches at major Internet companies. I’d sent a password reset request to a hosting provider I’ve used for years to host a file server online, and received an alarming response: The company sent me my password in plain text, all but advertising … Читать далее

How Companies Can Beef Up Password Security

Separate password breaches last week at LinkedIn, eHarmony and Last.fm exposed millions of credentials, and once again raised the question of whether any company can get password security right. To understand more about why companies keep making the same mistakes and what they might do differently to prevent future password debacles, I interviewed Thomas H. … Читать далее

Apple, Oracle Ship Java Security Updates

There must have been some rare planetary alignment yesterday, because the oddest thing happened: Apple and Oracle both shipped software updates for the same Java security flaws on the very same day. I’ve taken Apple to task several times for its unacceptable delays in patching Java vulnerabilities. Oracle is the official producer of Java, but … Читать далее