News You Might Have Missed
A wrapup of some of the news stories from the last several days that you might have missed, or which grabbed our attention.
Social Engineering Improving
Numerous sites have reported on the increasing use of extracts from real news stories as attempts to attract victims to websites where they are infected with a range of malware. Currently using a range of BBC news stories, the emails lure victims to sites that appear to be clones of the BBC (at least for that particular story), but which download malware in the background, compromising their systems. As the attacks improve in their ability to avoid detection, more victims are likely to be infected without their knowledge (and may even contribute to spreading the attack if the news story is relevant enough).
Internet Explorer Exploit Expands?
As the users and administrators of systems using Internet Explorer wait anxiously for Microsoft to release an official patch to address the three vulnerabilities disclosed a couple of weeks ago, independent companies are releasing their own patches (eEye and Determina), and news is spreading of email being a potential exploit vector (despite Microsoft claims otherwise).
Latest Privacy Losses Update
An earlier reported data loss of records related to HP employees has been pegged at 196,000 individuals affected, higher than the previous highest estimate. Elsewhere in the United States, the state of Florida had payroll and HR data for State employees (January 2003 to June 2004) send to an Indian firm after a contractor mistakenly forwarded the data by mistake. Up to 180,000 individuals are believed to be affected.
More than 500,000 members of the Georgia state pension plan could be at risk after a hacker gained access to a Georgia Technology Authority database which held confidential information on the pension holders. This is more than the 450,000 affected last year when an employee took home confidential information belonging to members of a state health plan. In Los Angeles, 40,000 county residents had their confidential personal data left next to a recycling bin in a parking garage and Nokia's US staff apparently have also been affected by the recent spate of Ernst & Young laptop losses.
MPAA Accused of Improper Action
Following last year's US Supreme Court decision in what is commonly known as the 'Grokster' case various media groups and associations took the decision as free licence to continue to pressure downloaders and torrent search sites, citing the court case as legal justification. One site has decided to bite back. The TorrentSpy bittorrent search site has filed court documents to have the MPAA's attempt to shut them down dismissed. Torrentspy have pointed out that they host no infringing content and act as a search tool, providing no direct links to any infringing content. In the court filing, Torrentspy have accused the MPAA of 'attempting to steamroller defendants by means of an improper pleading', essentially meaning that they are taking an unrelated legal precedent and claiming that it has relevance in this particular case.
Russian MP3 Sites Unsafe?
Wild claims were recently made on a music industry linked site which implied that numerous Russian MP3 retail sites are engaging in massive credit card fraud. The claim is that the sites are in the control of the Russian mafia (a reasonable claim) who are selecting cards at random from their databases to extract extra funds from ($1,000 to more than $3,000 USD per card). With no other news site backing up the claim and the original article appearing unsubstantiated, it is likely to have been an underhand attempt to get people to buy from authorised music industry sites. Even the technical data provided in the article is based on speculation and rumour. Subsequent discussion on message boards seems to substantiate the point of view that the claims of the article are untrustworthy.
Trouble Ahead for UK High-Tech Crime Investigation?
First picked up by the UK focussed Spy Blog, it appears that the UK National High Tech Crime Unit (NHTCU) has been subsumed into a larger organisation, the newly formed Serious Organised Crime Agency (SOCA). Unfortunately, the public presence for SOCA doesn't acknowledge any focus on high tech crime, fails to mention computer, and the NHTCU website directs visitors to address their queries to SOCA. As a result, questions have been asked as to the long term importance of electronic crime investigation to the UK.
3 April 2006
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.