Spyware, Viruses, & Security

Alert

NEWS - March 30, 2012

by Carol~ Forum moderator / March 29, 2012 11:31 PM PDT
House Shoots Down Legislation That Would Have Stopped Employers From Demanding Your Facebook Password

Well, that didn't take long. A proposed Facebook user protection amendment introduced yesterday in the U.S. House of Representatives has already been shot down. The legislation, offered by Democratic Congressman Ed Perlmutter, would have added new restrictions to FCC rules that would have prohibited employers from demanding workers' social networking usernames and passwords.

The final vote was 236 to 184, with only one House Republican voting in support of the changes.

Had it passed, this amendment would have tacked on an extra section to H.R. 3309, the Federal Communications Commission Process Reform Act of 2012, basically allowing the FCC to step in to stop any employers who asked applicants for this confidential information.

The amendment to the bill was put forward following a series of media reports about this increasingly* common practice, which recently caught the attention of the ACLU, and even Facebook itself. On Friday, Facebook's Chief Privacy Officer on Policy, Erin Egan, took a hard stance on the matter, reminding employers that not only was this a violation of Facebook's Statement of Rights and Responsibilities, it could also put them in other legally troublesome situations, leading to things like discrimination complaints, for example.

When introducing the proposed amendment, Perlmutter explained the problem like so:

Continued : http://techcrunch.com/2012/03/28/house-shoots-down-bill-that-would-have-stopped-employers-from-demanding-your-facebook-password/

Also:
US House declines to block employers demanding Facebook passwords
Facebook Password Amendment Rejected by Congress
House votes down plan to block employers from Facebook snooping
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 30, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 30, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
MasterCard, VISA Warn of Processor Breach
by Carol~ Forum moderator / March 30, 2012 12:23 AM PDT
In reply to: NEWS - March 30, 2012
VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach "massive," and say it may involve more than 10 million compromised card numbers.

In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012. The alerts also said that full Track 1 and Track 2 data was taken - meaning that the information could be used to counterfeit new cards.

Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.

Continued : http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/#more-14393
Collapse -
Breach Hits Card Processor Global Payments
by Carol~ Forum moderator / March 30, 2012 6:30 AM PDT

Global Payments Inc., which processes credit cards and debit cards for banks and merchants, has been hit by a security breach that has put some 50,000 cardholders at risk, according to people with knowledge of the situation.

The full extent of the breach couldn't be determined, one of the people said. It wasn't immediately clear if cardholders have been hit by fraudulent transactions.

Representatives of Atlanta-based Global Payments, a so-called third-party processors of payment cards, including debit cards, credit cards, and gift cards, couldn't be reached for comment.

The news comes as MasterCard Inc. and Visa Inc. have been alerting their card-issuing bank customers about the potential breach. It wasn't immediately known if the banks are planning to reissue cards to their customers.

MasterCard said law enforcement has been notified of the matter and an "independent data security organization" is conducting a forensic review of the matter.

"MasterCard's own systems have not been compromised in any manner," a company spokesman said in a statement. The company will "continue to both monitor this event and take steps to safeguard account information."

The spokesman declined to say how many cards may have been compromised or how many banks it is notifying.

Continued : http://online.wsj.com/article/SB10001424052702303816504577313411294908868.html?mod=WSJ_hp_LEFTTopStories

Related: Massive payments data breach originating with Central American gang through NYC garage?

Collapse -
Draw Something scam targets players via Twitter
by Carol~ Forum moderator / March 30, 2012 12:23 AM PDT
In reply to: NEWS - March 30, 2012

The Draw Something game is a soaraway success, with hundreds of millions of downloads onto iPhone and Android smartphones since it was launched early last month.

Everyone's talking about it, and the hype became even huger when OMGPop, the New York software house that created the app, was sold for a cool $210 million to gaming goliath Zynga.

But with so much buzz and interest in the Pictionary-style game, it's perhaps not a surprise to find scammers trying to make a quick buck by leaping on the bandwagon.

Here's a Twitter account we found, that's spamming users telling them that they have won a prize. [Screenshot]

From what we have seen, the account appears to be targeting Twitter users who have mentioned "Draw Something" in past tweets.

The Twitter account, which is not affiliated with OMGPop, claims it is giving away 5000 prizes to "lucky" Draw Something fans, and that players can claim their award by visiting a newly-created website called drawsomethingwinner.com.

If you visit the site you are asked a few simple questions, before being told that you are eligible to receive an award. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2012/03/29/draw-something-scam-targets-twitter-players/

Collapse -
Yahoo Says It Will Implement Do-not-track Worldwide
by Carol~ Forum moderator / March 30, 2012 12:24 AM PDT
In reply to: NEWS - March 30, 2012
.. Later This Year

Yahoo websites worldwide will comply with visitors' "do not track" preferences starting later this year, Yahoo announced Wednesday.

Most major browsers are now able to send a message to sites visited, indicating whether users want their surfing behavior to be tracked by cookies for the purposes of displaying personalized ads. In February the last major hold-out, Google, announced that its Chrome browser will include do-not-track support by the end of the year.

That message, an HTTP (hypertext transfer protocol) header accompanying a request to display a Web page, avoids the awkward paradox that to store a visitor's preference not to be tracked by cookies, sites had to store a cookie containing that preference, and provides a consistent way to store and indicate such preferences across all Web sites that respect the do-not-track header.

Support for the do-not-track header has been in the works since last year, Yahoo said. All Yahoo sites will respect the header, including those of Right Media and Interclick, two Yahoo subsidiaries specializing in behavioral or data-driven advertising, the company said.

Continued : http://www.pcworld.com/businesscenter/article/252832/yahoo_says_it_will_implement_donottrack_worldwide_later_this_year.html
Collapse -
Ukraine shuts down forum for malware writers
by Carol~ Forum moderator / March 30, 2012 12:24 AM PDT
In reply to: NEWS - March 30, 2012

"But VX Heavens probably didn't pose much of a threat in the current cybercrime landscape"

Ukrainian authorities have shut down a long-running forum that was used to trade tips on writing malicious software, a sign the country's law enforcement may be watching hackers more closely.

Administrators for the forum, VX Heavens, wrote that its servers were seized on March 23 for allegedly creating and intending to sell malicious software programs, a violation of Ukraine's criminal code. The website called the accusation "absurd" but said it couldn't offer services with the pending court case.

VX Heavens might have been easy pickings for Ukraine, which has been noted by computer security experts as being a hotbed of cybercrime.

Graham Cluley, senior technology consultant for security vendor Sophos, wrote that VX Heavens operated for many years, hosting virus-writing tutorials and malicious code samples. But the site is likely just a small player in an expansive cybercriminal underground.

"The folks using the VX Heavens website were probably not in the same league as the financially-motivated organized criminals computer users are often troubled by today, and mirror rather more the hobbyist malware authors of yesteryear," Cluley wrote.

Continued : http://www.computerworld.com/s/article/9225693/Ukraine_shuts_down_forum_for_malware_writers

Collapse -
China blamed for RSA attack during Armed Services hearing
by Carol~ Forum moderator / March 30, 2012 2:30 AM PDT
In reply to: NEWS - March 30, 2012

The commander of the U.S. Cyber Command, General Keith Alexander, told the Senate Armed Services Committee on Tuesday that China was responsible for last year's attack on RSA, which resulted in alleged compromise of their SecurID tokens.

"We are seeing increased exploitation in to industry, government, other government agencies, and the theft to intellectual property is astounding," General Alexander said.

RSA has never fully explained what was breached, but the attack was quickly blamed on a nation state, including China. All anyone knows for fact is that while the information stolen didn't enable a direct attack on SecurID customers, it could have been potentially used "to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

During a briefing for press at RSA's headquarters in Bedford, Mass. earlier this year, The Tech Herald learned that the primary reason that RSA would not comment on the identity of their attackers, or even offer speculation, was the lack of quality intelligence.

Continued : http://www.thetechherald.com/articles/China-blamed-for-RSA-attack-during-Armed-Services-hearing/16455/

Also:
US Cyber Command chief blames China for RSA SecurID attack
NSA Director blames China for a 'great deal' of military-related data theft
NSA's top spook blames China for RSA hack

Collapse -
iTunes and Amazon fraudsters get prison sentences
by Carol~ Forum moderator / March 30, 2012 6:30 AM PDT
In reply to: NEWS - March 30, 2012

"A gang of British cyber criminals has been jailed for cheating iTunes and Amazon out of up to £1m"

The final three members of an 11-strong gang that scammed iTunes and Amazon out of £500,000 worth of royalty payments have been charged with fraud and money laundering by Southwark Crown Court.

Craig Anderson, Arran Jassi and Lamar Johnson all pleaded guilty to conspiracy to commit fraud, after using three online music management companies to upload UK-produced urban music albums and tracks for sale on Apple iTunes and Amazon.com.

The principal organiser, Craig Anderson, then reportedly acquired thousands of compromised US and UK credit cards, which then used by a number of individuals to make over 500,000 online purchases of the music.

Anderson has been sentenced to 4 years 8 months imprisonment. Jassi and Johnson were both given 8 months, but Jassi's sentence has been suspended.

Continued : http://news.techworld.com/security/3348248/itunes-amazon-fraudsters-get-prison-sentences/

Also: iTunes scam gang netted 'Madonna-level' royalties

Collapse -
Check your Twitter account for rogue applications
by Carol~ Forum moderator / March 30, 2012 6:30 AM PDT
In reply to: NEWS - March 30, 2012

If you're careless about what applications you allow to access your Twitter account, don't be surprised if you find the bad guys are spamming tweets out in your name without your permission.

Here's just a small sample of the messages we saw earlier today, claiming to link to free iPhone 4 offers or tools to help you find out who had unfollowed your Twitter account.

Some of the messages posted from innocent users' Twitter accounts have claimed that it's easy to get your hands on a free iPhone 4: [Screenshot]

Whereas others seem to suggest that they offer a way to easily monitor who has unfollowed you on Twitter. (Which is perhaps an attractive tool after Twitter acknowledge earlier this week that the service was suffering from an "unfollowing bug"). [Screenshot]

Rogue applications we have seen sending these messages include:

Continued : http://nakedsecurity.sophos.com/2012/03/30/check-your-twitter-account-for-rogue-applications/

Collapse -
DNS Changer
by Carol~ Forum moderator / March 30, 2012 6:31 AM PDT
In reply to: NEWS - March 30, 2012

From the CircleID Blog:

Takedown

One fine night in November 2011 I got an opportunity to get my hands dirty, working on a project for the United States Federal Bureau of Investigation (FBI). They were planning to seize a bunch of computing assets in New York City that were being used as part of a criminal empire that we called "DNS Changer" since that was the name of the software this gang used to infect a half million or so computers. I work for Internet Systems Consortium (ISC), a small non-profit company headquartered in California. ISC is best known for our work on the Domain Name System (DNS) and our DNS software (called BIND), but we have a growing Internet security practice as well. My task that night in New York City was to install two replacement DNS servers supplied and operated by ISC. This was important because the victims of DNS Changer were dependent on the assets that the FBI needed for evidence, and none of us wanted a half a million DNS Changer victims to "go dark." It was a little odd for ISC to send me — ISC's Chairman and Founder — on this job, but rank hath its privileges.

It was a very long night, since there was no way to complete a detailed plan before the takedown began. After the DNS Changer gang was in custody and I could "go intrusive" on their equipment, it took me a couple of hours to figure out exactly how everything was wired together and to move the first group of victims over to ISC's replacement DNS servers. It then took a couple more hours to move and test the rest of the victims. All this long night I had a cell phone headset in one ear and a half dozen chat windows open on my laptop — the full takedown team was worldwide and there were other actions occurring elsewhere. By the time we were done and it was safe to power off the DNS Changer equipment, it was 7am and I nearly missed my train. Note to self, if another chance comes along to run — huffing and puffing — through the New York City subway system and Penn Station, trying to keep up with a younger and better conditioned member of FBI's New York division — take it! But maybe next time bring better shoes.

Cleanup

Continued : http://www.circleid.com/posts/20120327_dns_changer/

Thanks! to R. Proffitt.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.