IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.
A blog from

« February 2010 | Main | April 2010 »

Barnet Council loses details of 9,000 children

Barnet Council has become the latest public sector body to suffer an embarrassing data breach, after unencrypted USB sticks and CDs containing the details of 9,000 schoolchildren were stolen following a burglary at an employee's home.

The details, which were held for statistical purposes by the council, included date of birth, gender and ethnicity, and all those affected have been informed, according to an FAQ section on the council web site.

Barnet Council also said it thought the risks associated with this data breach are very low, given that the burglars were "looking for high-value items rather than specifically to steal data".

"We, the council, has disabled any access to external storage devices so no member of staff can make unauthorised copies in the future," said the council.

"All computers leaving the council offices have to be confirmed as encrypted. A full independent review of how the council holds data has been ordered."

The incident highlights many of the problems the public sector faces in trying to tighten up its record on data breaches, namely that all the rules and guidelines in the world don't mean anything if staff are willing to disregard them.

Reblog this post [with Zemanta]

March 31, 2010 | | Comments (0)

World of Warcraft users targeted in new phishing attacks

More proof emerged today that phishing attacks are not solely confined to the financial services space, as Panda Security revealed several new campaigns targeting World of Warcraft players.

In a blog post today, the vendor's technical director Luis Corrons highlighted the phishing emails designed to lure users into clicking on a malicious link. This link takes the user to a fake log-in page where they are asked to enter their username and password.

"As you have seen, the attack could be considered pretty good, both the message and the web site looked as if they were real, so we can assume that these are smart cyber criminals with high skills," he explained.

"But we know there are a lot of phishing kits out there, and that there are easy ways to accomplish these kind of attacks, so anyone could be able to do this."

These kinds of attacks are particularly dangerous given that many computer users use the same user name and passwords for multiple accounts, potentially giving the phishers access to online banking and other accounts.

Corrons added that the criminals, it turned out, were not so smart as they allowed the Panda research team to access their own database of stolen credentials.

Apparently, most of the scammed WoW players were using their email addresses as user names.

"I bet that the password used for WoW is the same one they are using for each and every online service (mail, Facebook etc)," wrote Corrons.

"And what's the moral of this story? Well, if such a moron is able to steal thousands of credentials, imagine what a smart cyber criminal could achieve."

March 29, 2010 | | Comments (1)

Mozilla admits critical Firefox flaw

Firefox-maker Mozilla has acknowledged a critical flaw in its flagship browser but will not release an official fix for it until 30 March.

In a blog posting, the firm warned that the vulnerability, first found by researcher Evgeny Legerov, could allow remote code execution if exploited by a hacker.

"The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix," noted the blog post.

"Firefox 3.6.2 is scheduled to be released 30 March and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience."

Users worried they may be affected before the end of March were encouraged to download a Release Candidate build of Firefox 3.6.2 which contains the fix.

In a new twist, German users were warned not to use the browser until the update is released next week. BürgerCERT, which is part of the German Federal Office for Security in Information Technology, issued the warning on Friday, assessing the risk level as a four on its five step scale.

March 22, 2010 | | Comments (1)

Virtual machines being used to obfuscate malware

Security experts at the e-Crime Congress event in London this week warned of an increase in incidents of criminals using virtual technology to obfuscate malicious code, thereby making it harder to unravel.

Rik Howard, director of intelligence at iDefense, the managed security arm of VeriSign, argued that virtual machine obfuscation software is beginning to appear on the radar of researchers.

He explained that the tool is being employed by cyber criminals to create a different bytecode every time a binary is run through it, making it harder to crack.

"This makes it very difficult for our guys to pull it apart," he added. "It's a much slower process than standard reverse engineering. We expect to see it more and more in the next year or two."

Howard highlighted the worrying appearance of VM obfuscation tools readily available on the market, such as VM Protect, which is being marketed legitimately as IP protection software.

"This helps the criminals - they don't even need to build an obfuscation system," he argued.

March 16, 2010 | | Comments (0)

Adobe Reader now targeted more than Microsoft

The percentage of targeted attacks exploiting vulnerabilities in Adobe Reader is growing at a significant rate, outstripping Microsoft Word, Excel and PowerPoint, according to the latest figures from security firm F-Secure.

In a new blog posting, the firm urged users to patch a critical vulnerability in the popular software which was discovered last month and is being actively exploited in the wild.

"Our sample was submitted by a European financial organisation and the file name includes a reference to the G20," the blog posting explained.

"The exploit drops a downloader and attempts to make a connection to We detect this attack as Exploit:W32/PDFExploit.G. It doesn't surprise us to see this Adobe Reader vulnerability utilised so quickly."

According to F-Secure's research, targeted attacks exploiting Adobe Reader grew from around 49 per cent last year to over 60 per cent in the first two months of this year.

By comparison, Microsoft Word accounted for around 39 per cent of targeted attacks so far this year, slightly up from 34 per cent in 2009. Excel and PowerPoint attacks stood at around seven per cent.

March 10, 2010 | | Comments (0)

Financial services firms found wanting on security

Negligent insiders and outsourcing data to third parties are the major causes of data breaches in the financial services sector, according to a new report from IT management software firm Compuware.

The study, entitled, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry, was conducted by the Ponemon Institute and included interviews with chief information security officers, chief privacy officers and others with equivalent responsibilities from 80 multinational financial services organisations.

Three quarters rated negligent insiders as the top reason for a breach, while 42 per cent said outsourcing and a quarter lay the blame on malicious insiders.

While these headline stats may not come as a surprise to most working in the information security industry, what is more worrying is the wide open areas of vulnerability that the report highlights.

Just 56 per cent said they implemented some form of identity compliance procedures, 47 per cent said they used intrusion detection systems, and data loss prevention technology was used by just 41 per cent, according to the report.

"One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study," said Larry Ponemon. "While there is a great deal of progress being made, there is still a long way to go."

Very true Larry, very true.

Reblog this post [with Zemanta]

March 4, 2010 | | Comments (0)

Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093