NEWS - April 07, 2014

In the wake of long-overdue media attention to revelations that a business unit of credit bureau Experian sold consumer personal data directly to an online service that catered to identity thieves, Experian is rightfully trying to explain its side of the story by releasing a series of talking points. This blog post is an attempt to add more context and fact-checking to those talking points.

Experian has posted several articles on its Web properties that lament the existence of "inaccurate information about Experian circulating in news outlets and other Web sites."

"It's no surprise that cybercrime and data breaches are hot topics for media and bloggers these days," wrote Gerry Tschopp[, senior vice president of public affairs at Experian. "Unfortunately, because of all the attention paid to these topics, we've seen some inaccurate information about Experian circulating in news outlets and other Web sites. I want to take a moment to clarify the facts and events."

Continued: https://krebsonsecurity.com/2014/04/fact-checking-experians-talking-points/

Related:
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
Experian in hot seat after exposing millions of social security numbers [Updated]

Symantec Security Response Blog:

Phishers continuously come up with various plans to enhance their chances of harvesting users' sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.

The phishing page, hosted on a free Web hosting site, targets Facebook users and contains a fake voting campaign, "WHO IS GREAT BOYS OR GIRLS?" along with the "VOTE" button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application. [Screenshot]

The first phishing page contains a button to initiate the voting process. After the button is clicked, a pop-up window appears, asking for a user's login ID and password, as shown below:

Continued: http://www.symantec.com/connect/blogs/fake-voting-campaign-steals-facebook-users-identity

Modern cars are becoming ever more sophisticated, and reliant on computer systems and software.

In fact, it is beginning to feel just as common to take your car to the local dealer to have its software updated as it is to have a mechanic fiddle around under your bonnet.

And software, as we all know far too well, is written by humans who invariably make mistakes.

Just last week, security researchers revealed how it was possible to unlock an expensive Tesla car just by having a freely-available iPhone app and hacking a single six-character password, and earlier this year Toyota was forced to recall 1.9 million Prius Hybrid cars because of a software flaw.

Well, here's something rather different.

Continued : http://grahamcluley.com/2014/04/mazda-car-software-bug/

Google has made a subtle change to the admin console in its Chrome browser, which is used in enterprise environments to help set policies for employee use, which will allow administrators to force users to browse in ephemeral mode.

The change won't have any effect on typical individual users who run Chrome in an unmanaged environment, such as a home machine or enterprise that doesn't use the admin console. But for administrators in environments where they're managing a lot of users running Chrome, the ability to force ephemeral mode is a helpful tool in the fight against data loss and other security problems.

"If Google Chrome Sync is enabled, any changes that the user makes to the browser's settings or to their Chrome data (such as bookmarks, history, apps etc.) during an ephemeral session will be saved for future sessions. The settings are saved in the user's Google account in the cloud. If Google Chrome Sync is not enabled, any changes are lost when the user exits the browser," Google's documentation on the feature says.

Continued: http://threatpost.com/chrome-adds-ability-to-force-ephemeral-mode/105273

Microsoft will end support for the ancient, still popular Windows XP on April 8, but that doesn't mean that every private and public XP user is ready to move on to another operating system. The Dutch government has agreed to pay Microsoft millions of euros in exchange for continued support for its Windows XP PCs, according to ZDNet.

The deal will grant extended Windows XP support for 34,000 to 40,000 Dutch civil servants who work for the national government, which will keep them running until a new operating system is installed by January 2015. At this point, t's unclear what OS the gov't will upgrade to.

This support extension comes after the UK government made a similar agreement with Microsoft, forking over more than 5.6 million British pounds for an extra year of XP support. UK government PCs running Office 2003 and Exchange 2003 will also receive security updates during the one year deal.

Continued : http://www.digitaltrends.com/computing/dutch-government-extends-windows-xp-support/