What good may come out of the recent reorganization of the Department of Homeland Security is that cyber crime will be given a more prominent role in the department, in light with the importance and the vulnerability of the electronic infrastructure. It is good to see that finally a critical piece of modern society’s infrastructure is given due attention.

Additionally, the DHS’ National Cyber Security Division will be responsible for providing "timely, actionable, and valuable" threat information and leading the national response to cyber and telecommunications attack. Not sure how (if at all) this is different by US-CERT but more attention to the problems of cyber space probably would not hurt.

The nation’s critical infrastructures, including water, chemicals, transportation, energy, financial services, health care and others, rely significantly on computer networks to deliver the services that maintain our safety and national economy.

This seems to give another chance for foreign hackers to visit Gitmo - hack a NASA server and you will visit a warm Caribbean country with free airfare, lodging, and food.

[Via InternetNews.com -]

ISPs vs. Zombie PCs. Round X.

In the next few months, ISPs in the United States will begin receiving
reports on the zombies, or PCs open to control by hackers, that lurk on
their networks. The data will be sent out by the Federal Trade
Commission, which said in May that zombies have become such a serious problem that more industry action is required.

The Federal Trade Commission has called on ISPs to identify and take action against "zombie" computers on their networks. There are many proposals on how to deal with innocent users’ PCs that become zombies - from cutting their Internet access altogether, to distributing "good" worms to fix the problems, but the number of zombies does not seem to decrease.

[Via CNET News.com -]

Next time you order your annual free credit report online, check twice whom are you ordering from.

However, the online service has quickly fallen prey to [AnnualCreditReport.com] imposter sites,
which are designed to lure traffic from a legitimate Web site by
adopting a similar domain name. Imposters targeting the
AnnualCreditReport.com site now number 112, according World Privacy Forum.

While most of the "imposter" sites are only ad-link farms, some of them actually capture personal information.

[Via CNET News.com -]

A survey by the Computer Security Institute shows that although the losses by cyber crime are down, the frequency of the attacks has increased over the past year. The average dollar loss per incident in 2004 was $204,000 (a 61% drop from 2003.)

The breakdown of the losses, according to the survey is:

• viruses, $42.8M
• unauthorized access, $31.2M
• proprietary info theft, $30.9M
• denial of service, $7.3M
• insider ‘Net’ abuse, $6.9M
• laptop theft, $4.1M
• financial fraud, $2.6M
• misuse of public web application, $2.2M
• system penetration, $0.8M

[Via InternetNews.com -]

270,000 records of past applicants - breached at the University of Southern California.

The breach of the university’s online application database exposed
"dozens" of records, which included names and Social Security numbers,
to unauthorized individuals, said Katharine Harrington, USC dean of
admissions and financial aid.

So what is the true number? 20 or 270K? The difference is worth investigating what happened and exactly how many of these people had their information exposed. It is interesting also to note that if this was a university in another state, the breach may not have been announced at all. It is no surprise that most of the data breach announcements come from California, the only state with a strict requirement for institutions to report those affected when personal information has been stolen or accidentally released.

[Via ZDNet -]

Infected PC? Spyware slowing your PC to a halt? Just dump it then!

Tucker, an Internet industry executive who holds a doctoral degree in
computer science, decided that rather than take the time to remove the
offending software, he would spend $400 on a new machine.

How often do you find such disposable PC people around is not clear. Even with $400 in replacement hardware costs, I submit that the software/settings/documents replacement costs are much higher and should be factored in. According to the News.com article, the average amount people spent on commercial spyware-removal was $129.

[Via CNET News.com -]

Microsoft giveth, Microsoft taketh.

Microsoft may be looking to expand its AntiSpyware tool to detect the remote system monitoring tools known as "rootkits".

It is interesting how while Microsoft is trying to expand its anti-spyware software [arguably] in order to capture larget anti-spyware software market share, it is trying to acquire an [arguably] spyware-making company, Claria. So what will happen? People will trust Microsoft Anti-Spyware for all their protection needs, and Microsoft will open the door wide to Claria-written bugs and pop-up generators. Hopefully I am wrong.

[Via Techworld.com, UK -]