Oz government asks how much personal data should telcos keep?
Australia’s government will consult with its citizenry to determine how much data telcos should retain about their activities, and how long it should be retained for. Attorney-General Nicola Roxon has asked the nation’s Parliamentary Joint Committee on Intelligence and Security to conduct public hearings on the topic. The review will think about legislation governing the telecommunications industry and security agencies.
IBM melds crime-fighting, huge data analytics in one security package
IBM this day came out with its first iteration of the analytics software package that it anticipates will help law enforcement, government agencies, and private businesses wade through the big amounts of data they collect to help them predict, disrupt, and prevent criminal, terrorist and fraudulent activities. The package, IBM i2 Intelligence Analysis portfolio, is based on the security software it picked up last year when it purchased i2.
Sophos shutters partner portal after hack attack
Sophos has shut down its portal for partners after finding two software packages on its servers designed to grant access to them – and possibly to user data stored there, as well. The security software firm posted a statement on the portal explaining that it had spotted suspicious behavior on some of its servers this Tuesday. An investigation revealed two dodgy applications, which a preliminary examination suggests are designed to harvest login information. Sophos shut the portal down, just to ...
TSA bars security guru from perv scanner testimony
Security expert Bruce Schneier was been banned at the last minute from testifying in front of congress on the efficacy – or otherwise – of the US Transportation Security Administration’s (TSA) much-maligned perv scanners. Schneier is a long-time critic of the TSA’s policies for screening travelers, and was formally invited to appear before the House Committee on Oversight and Government Reform and the Committee on Transportation and Infrastructure hearings. However, the TSA objected to his presence because he is currently ...
Congress warned that military systems may already be pwned
Security experts testifying at hearings held by the US Senate Armed Services Committee on cybersecurity have warned that maintaining a perimeter to keep out spies is unsupportable, and that the US should assume that its networks have already been fully penetrated. “We’ve got the wrong mental model here,” stated Dr. James Peery, director of the Information Systems Analysis Center at Sandia National Laboratories. “I do not think that we would think that we could keep spies out of our country.
Microsoft accused of leaking RDP attack code
The newly-found attack code that exploits critical flaws in Microsoft’s RDP (Remote Desktop Protocol) system appears to have been leaked by Microsoft or one of its partners, states the researcher who originally discovered it. Luigi Auriemma, an Italian security researcher who originally reported the flaw to Microsoft, has analyzed the attack code and states parts of it are the same as the sample that he sent in for analysis, and contains code that he wrote to show the proof of ...
Windows exploit leaked — by Microsoft?
An attack exploiting a recently patched critical Windows flaws appeared on a Chinese site Thursday — and the source of the code appears to be Microsoft itself. The discovery comes less than 48 hours after Microsoft released a patch for a critical vulnerability in Microsoft’s Remote Desktop Protocol, a Windows service that grants administrators and support personnel to remotely connect to a user’s computers. Early Friday morning, Luigi Auriemma, the security researcher who originally reported the vulnerability to the Zero-Day ...
APT in action: The Heartland breach
In late 2008, a group of hackers succesfully broke into the network of Princeton, N.J.-based payment processing giant Heartland Payment Systems. The hackers stole data from more than 100 million credit and debit cards on the company’s network that serves the card-processing needs of restaurants, retailers and other merchants. The hackers spent weeks gathering intelligence on Heartland’s networks, systems, corporate structure and employee roles, according to Kris Herrin, the company’s chief technology officer.
Panda cops Anonymous retribution
In a predictable backlash against the sweep that has netted suspected LulzSec members in America and Europe, Anonymous has defaced some Web pages of the security firm Panda Security. As previously reported by The Register, the arrests turned on the assistance of Hector Xavier Monsegur, known in LulzSec circles as Sabu. Anonymous has added another name-to-blame to the list, accusing Panda Security of helping the FBI by infiltrating chat rooms and message boards. The promo page, Panda Security’s “Cybercrime Files”, ...
Secunia bets on open information for security growth
RSA 2012 Danish vulnerability specialist developer Secunia has released the latest beta of its Personal Software Inspector (PSI), and states it is betting on an open approach to security information to grow the company. Founder Niels Henrik Rasmussen told The Register that his company will continue to work on open information sharing with the security industry, rather than trying to lock down data for its own advantage. The benefits were clear, he said: Secunia has grown 182 per cent in ...
