Thailand approves extradition of credit card hack suspect

Thailand approves extradition of credit card hack suspect

Thailand approves extradition of credit card hack suspect

Posted:

InfoSec News: Thailand approves extradition of credit card hack suspect: http://www.theregister.co.uk/2010/03/08/thailand_extradites_hacking_suspect/
By Dan Goodin in San Francisco The Register 8th March 2010
A criminal court in Thailand has approved the extradition to the US of a Malaysian man suspected of participating in credit card thefts of more [...]

RSA: Cybersecurity A Joint Fed, Industry Effort

Posted:

InfoSec News: RSA: Cybersecurity A Joint Fed, Industry Effort: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=223200125
By J. Nicholas Hoover InformationWeek March 8, 2010
Government officials played a starring role at the annual RSA Conference last week, laying out their plans for government cybersecurity, [...]

Cybersecurity program has serious defects, GAO says

Posted:

InfoSec News: Cybersecurity program has serious defects, GAO says: http://gcn.com/articles/2010/03/08/cnci-assessment-030810.aspx
By William Jackson GCN.com March 08, 2010
Implementing the Comprehensive National Cybersecurity Initiative, a broad program intended to protect the nation.s cyber infrastructure, has been hampered by a lack of coordination and transparency, according to the Government Accountability Office.
"CNCI is unlikely to fully achieve its goal of reducing potential vulnerabilities, protecting against intrusion attempts, and anticipating future threats to federal information systems unless roles and responsibilities for cybersecurity activities across the federal government are more clearly defined and coordinated," the GAO concluded in a November briefing to the staff of the House Armed Services subcommittee on Terrorism, Unconventional Threats and Capabilities.
The GAO also concluded that too much of the initiative, which was spelled out in National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, has remained classified.
"Since the approval of NSPD-54/HSPD-23, few elements of CNCI have been made public," the GAO briefing said. "While certain aspects and details of CNCI must necessarily remain classified, the lack of transparency regarding CNCI projects hinders accountability to Congress and the public. In addition, current classification may make it difficult for some agencies, as well as the private sector, to interact and contribute to the success of CNCI projects."
[...]

Ford Motor Rolls Out New Security Features To Prevent Car-Hacking

Posted:

InfoSec News: Ford Motor Rolls Out New Security Features To Prevent Car-Hacking: http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
By Kelly Jackson Higgins DarkReading March 08, 2010
Automobile giant Ford Motor this year will debut vehicles with built-in WiFi -- along with enhanced security features to prevent data breaches via its new cars.
Ford has offered the so-called Sync technology service it co-developed with Microsoft in most of its Ford, Lincoln, and Mercury vehicles since 2008. The technology lets drivers run their Bluetooth-enabled mobile phones and digital media players via their vehicles and use voice commands to operate them, for instance.
The automaker announced today that the second generation of its Sync technology -- due out later this year and to include a full Windows CE operating system with a new driver interface called MyFordTouch -- will come with a built-in browser and secured WiFi access. It will first debut in the 2011 Ford Edge and 2011 MKX Lincoln, and later, in the 2010 Ford Focus.
"We really began to focus on the security side when we began launching Sync, and it was [originally] for working with phones and media players," says Jim Buczkowski, director of Ford electronics and electrical systems engineering. "Now we're extending that system connectivity to include WiFi as another data path for customers in their vehicles ... and we're extending that security model for protecting WiFi."
[...]

Backdoor found in Energizer Duo USB battery charger

Posted:

InfoSec News: Backdoor found in Energizer Duo USB battery charger: http://news.cnet.com/8301-27080_3-10465429-245.html
By Elinor Mills InSecurity Complex CNet News March 8, 2010
Software that can be downloaded for use with the Energizer Duo USB battery charger contains a backdoor that could allow an attacker to remotely take control of a Windows-based PC, Energizer and US-CERT is warning.
"The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday. "Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs."
The Windows software was made available via a download with the Energizer Duo Charger, Model CHUSB, Energizer said in a statement.
The battery maker said it does not know how the Trojan got into the software. "Energizer has discontinued sale of this product and has removed the site to download the software," the statement said. "Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software."
[...]

FDIC: Hackers took more than $120M in three months

Posted:

InfoSec News: FDIC: Hackers took more than $120M in three months: http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months?taxonomyId=17
By Robert McMillan IDG News Service March 8, 2010
Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. [...]

Career Bobs

Posted by Rohan ingale at 1:16 AM

0 comments:

Post a Comment