By Team Register
The Register
18th October 2009
The Home Office has agreed to a delay in extradition proceedings for Pentagon hacker Gary McKinnon while Home Secretary Alan Johnson and government lawyers reconsider evidence in the case.
Washington has been demanding McKinnon go on trial in the US for breaking into Pentagon computer systems back in 2002. He has never denied tapping into US military systems, saying he was looking for evidence of UFOs.
McKinnon, 42, was refused leave to appeal to the UK's newly minted supreme court earlier this month, with judges ruling his extradition was lawful and proportionate.
At that time he had 14 days to make any further representations to the European Court of Human Rights, though his options were extremely limited.
Monday 19 October 2009
"Tuesday, October 20 2009, 11:00 a.m. EDT, Secretary Napolitano will deliver a live webcast address about the urgent need to counter the threat of cyber attacks, and the shared responsibility in staying safe online. Visit www.dhs.gov on Tuesday to watch this live address.
Increasing the general public's awareness about computer and online risks is a critical part of Cybersecurity Awareness Month, recognized in October."
Increasing the general public's awareness about computer and online risks is a critical part of Cybersecurity Awareness Month, recognized in October."
PayChoice Suffers Another Data Breach
By Brian Krebs
Security Fix
The Washington Post
October 15, 2009
Payroll services provider PayChoice took its Web-based service offline for the second time in a month on Wednesday in response to yet another data breach caused by hackers.
Moorestown, N.J. based PayChoice, provides direct payroll processing services and licenses its online employee payroll management product to at least 240 other payroll processing firms, serving 125,000 organizations. On Thursday morning, the company sent a notice to its customers saying it had once again closed onlineemployer.com - the portal for PayChoice's online payroll service -- this time after some clients began noticing bogus employees being added to their payroll.
"After investigation, we determined that valid user credentials for an Online Employer user were used in an unauthorized manner to add these fictitious employees in an attempt to have payments made to fraudulent bank accounts," the company said in an e-mail alert to their clients sent Thursday.
This week's attack appears to be the second stage of a sophisticated cyber assault launched last month against PayChoice customers. In that attack, hackers broke into the company's servers and stole customer user names and passwords. The attackers then included that information in e-mails to PayChoice's customers warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to onlineemployer.com. The supposed plug-in offered in that e-mail was instead malicious software designed to steal the victim's user names and passwords.
[...]
Security Fix
The Washington Post
October 15, 2009
Payroll services provider PayChoice took its Web-based service offline for the second time in a month on Wednesday in response to yet another data breach caused by hackers.
Moorestown, N.J. based PayChoice, provides direct payroll processing services and licenses its online employee payroll management product to at least 240 other payroll processing firms, serving 125,000 organizations. On Thursday morning, the company sent a notice to its customers saying it had once again closed onlineemployer.com - the portal for PayChoice's online payroll service -- this time after some clients began noticing bogus employees being added to their payroll.
"After investigation, we determined that valid user credentials for an Online Employer user were used in an unauthorized manner to add these fictitious employees in an attempt to have payments made to fraudulent bank accounts," the company said in an e-mail alert to their clients sent Thursday.
This week's attack appears to be the second stage of a sophisticated cyber assault launched last month against PayChoice customers. In that attack, hackers broke into the company's servers and stole customer user names and passwords. The attackers then included that information in e-mails to PayChoice's customers warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to onlineemployer.com. The supposed plug-in offered in that e-mail was instead malicious software designed to steal the victim's user names and passwords.
[...]
Q&A: Defcon's Jeff Moss on cybersecurity, government's role
By Elinor Mills
InSecurity Complex
CNet News
October 16, 2009
As a hacker and organizer of Defcon, at event at which computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June.
But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia.
With National Cyber Security Awareness Month under way, CNET News discussed with Moss his new role, his thoughts on the national ID card debate, and how the government wants to use social media sites for public emergency alerts. This edited interview is the first of two parts. Part two will run on Monday.
Q: So, how's it going on the Homeland Security Advisory Council?
Moss: It's going pretty well, it's pretty exciting actually. Recently we did a recommendation, I'm sure you read about it, the homeland security color codes. There are the five color codes. Normally the country is on like yellow or orange. I think we've only been to red once. But we've never been to the two lowest, blue and green. So the system was up for review. It turns out that the color codes work really well for industry and government. They have procedures in place. They do things automatically when the color codes are changed. It is actually successful for them but for the third group that uses them, civilians, it actually doesn't work well at all.
[...]
InSecurity Complex
CNet News
October 16, 2009
As a hacker and organizer of Defcon, at event at which computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June.
But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia.
With National Cyber Security Awareness Month under way, CNET News discussed with Moss his new role, his thoughts on the national ID card debate, and how the government wants to use social media sites for public emergency alerts. This edited interview is the first of two parts. Part two will run on Monday.
Q: So, how's it going on the Homeland Security Advisory Council?
Moss: It's going pretty well, it's pretty exciting actually. Recently we did a recommendation, I'm sure you read about it, the homeland security color codes. There are the five color codes. Normally the country is on like yellow or orange. I think we've only been to red once. But we've never been to the two lowest, blue and green. So the system was up for review. It turns out that the color codes work really well for industry and government. They have procedures in place. They do things automatically when the color codes are changed. It is actually successful for them but for the third group that uses them, civilians, it actually doesn't work well at all.
[...]
38 Oracle security patches coming next week
By Robert McMillan
October 16, 2009
IDG News Service
After a record-setting week of Microsoft and Adobe security patches, Oracle is gearing up for a major update of its own next week.
Next Tuesday, the database vendor will release its quarterly Critical Patch Update, which "contains 38 security vulnerability fixes across hundreds of Oracle products," according to an advance notification posted to Oracle's Web site.
As usual, Oracle's most-patched product next week will be its flagship database, which will get 16 bug fixes. Six of these flaws may be exploitable over a network without any type of authentication, Oracle said.
Also in the mix are eight fixes for the company's E-Business Suite, three for Oracle Application Server and one for the Industry Applications Products Suite.
Patches are also planned for Oracle's BEA, PeopleSoft and JD Edwards software
October 16, 2009
IDG News Service
After a record-setting week of Microsoft and Adobe security patches, Oracle is gearing up for a major update of its own next week.
Next Tuesday, the database vendor will release its quarterly Critical Patch Update, which "contains 38 security vulnerability fixes across hundreds of Oracle products," according to an advance notification posted to Oracle's Web site.
As usual, Oracle's most-patched product next week will be its flagship database, which will get 16 bug fixes. Six of these flaws may be exploitable over a network without any type of authentication, Oracle said.
Also in the mix are eight fixes for the company's E-Business Suite, three for Oracle Application Server and one for the Industry Applications Products Suite.
Patches are also planned for Oracle's BEA, PeopleSoft and JD Edwards software
Sunday 18 October 2009
Subscribe to:
Posts (Atom)
