Best Of The Web

NETWORK WORLD
Microsoft Patches Hotmail After 0-Day Remote Password Reset Exploited In The Wild
Microsoft has now fixed a zero-day password reset and setup flaw in Hotmail that cybercriminals were already exploiting

THE CHICAGO SUN TIMES
House Passes CISPA Cybersecurity Bill Obama Opposes
The U.S. House of Representatives voted in favor of the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies and the feds to share information on cyberattacks

COMPUTERWORLD
Engineers Look To Fix Internet Routing Weakness
Internet traffic can be maliciously routed in order to spy on communications, so experts are studying for an easier fix to remedy this

THREAT POST
Critical Bug Reported In Oracle Servers
Proof-of-concept exploit code is out for a remotely exploitable bug in all current versions of Oracle's database server -- Oracle reported the bug fixed, but actually only fixed it in upcoming, not existing, versions of the software

SEARCH SECURITY
Google Vulnerability Reward Program Increases, Microsoft Unfazed
Google has increased its bounty for vulnerabilities that allow for code execution to $20,000, but lowered it bounty for lower-risk bugs

CNET
Globalsign Breach Stemmed From Unpatched Server
CA GlobalSign's Web server breach last year was tied to a piece of open-source software not being updated, a senior GlobalSign executive told ZDNet UK

BLOGSPOT
The Facebook Hack -- What Really Happened
Convicted hacker tells the story in his own words

THREAT POST
Backdoor In Equipment Used For Traffic Control, Railways Called 'Huge Risk'
Security researchers warn of risk posed by embarrassing security hole in industrial control software

SECURITY WEEK
Trustworthy Internet Movement Looks To Fix SSL, Certificate Authority Ecosystems
TIM announces that it has chosen SSL governance and implementation as its first project

IT WORLD
FBI Steps UP 'Internet Doomsday' Awareness Malware Campaign
FBI says infected users must deal with DNS changer malware or risk losing Internet in July

CNET
House Approves CISPA Despite Last-Minute Push By Opponents
Bill that allows Internet companies to open their networks to the feds passes by 248-168 vote

TRENDLABS MALWARE BLOG
Usenix LEET 2012: Observations On Emerging Threats
A look at the characteristics and trends in today's most sophisticated exploits

IT WORLD
World's Most Dangerous Hackers Want To Steal How You Make Money
Intellectual property becomes an important currency in cybercrime

CyberCrime & Doing Time
SOCA and FBI Seize 36 Criminal Credit Card Stores
U.K. and U.S. agencies complete joint operation targeting 36 criminal websites

F-SECURE BLOG
A Tumblr Of Rogues
Rogue AV is now lurking in Tumblr accounts, according to F-Secure

THREAT POST
Firefox 12 Debuts With Silent Update Mechanism
Mozilla has released version 12 of Firefox and the browser now includes an automatic update mechanism so users don't have to install patches themselves anymore

ASHIMMY BLOG
Hiding Behind A Mac Is No Longer An Option
The honeymoon is over for Macs, with the recent Flashback malware attack that infected more than 600,000 machines, and Apple's not-so smooth response to the attack

BBC
Insecure Websites To Be Named And Shamed After Checks
Nonprofit Trustworthy Internet Movement (TIM) plan to publish a list of secure and unsecure websites

GOVERNMENT COMPUTER NEWS
Major Cyberattack On U.S. 'Inevitable,' Experts Tell Congress
A panel of cybersecurity experts told Congress yesterday that voluntary guidelines for securing the nation's critical infrastructure have failed and that lawmakers need to enact strong cybersecurity legislation that sets basic security standards

INFORMATIONWEEK
Healthcare's Checklist Security Mentality Failing, Report Says
Despite conducting regular risk analysis, 27% of healthcare organizations suffered a data breach in the last 12 months, twice the percentage reported in 2010

FORBES
Chinese Espionage: The Risks Within U.S. Companies
An equally dangerous cyberespionage threat is from employees or other insiders who steal trade secrets from their corporate employers and hand it over to foreign governments or companies

WEBSENSE BLOG
Weibo Accounts Compromised To Spread Phishing Campaign
New phishing campaigns are rapidly spreading on the Chinese social network Sina Weibo, which has more than 300 million registered users

ARBOR NETWORKS
DDoS Attacks On SSL: Something Old, Something New
As more transactions and services are protected by SSL, DDoS attacks on SSL secured services are on the rise

THE REGISTER
Hackers Now Pick Tools From Script Kiddies' Toybox -- Report
Automated attack weapons help black hats spread the pain

HELP NET SECURITY
Web Application Attack Report From Firehost
Company says it has blocked more than 19 million attacks

MARKETWATCH
One In Every Five Mac Computers Harbors Malware, Sophos Research Reveals
Mac devices may be "carriers" of Windows infections, study says

COUNCIL ON FOREIGN RELATIONS
Understanding Illicit Networks
Globalization is benefiting transnational criminal enterprises as well as mainstream business

RAPID7
Automated Security Assessments Can Stop Untargeted Attacks
Nothing can replace a manual security assessment, but with so many untargeted attacks, why are penetration testers still doing most of their work by hand?

INFOWORLD
Cyber Crime Not A Big Deal? Get Real
Microsoft report indicates that cybercrime stats are wildy inflated, but expert says those stats underestimate the problem

THE REGISTER
UK Biz Pays Heavy Price For Skimping On Security -- PwC
One in seven big firms penetrated by cybercrime, study says

HELP NET SECURITY
New WordPress Update A Must For Users
Open-source blogging tool WordPress has issued an update that fixes some major security flaws

TREND MICRO BLOG
Bogus Olympics 2012 Email Warning Blindside Users With Malware
New Olympics scam email warns recipients of fake websites and organizations selling tickets to this summer?s London Olympics

HUFFINGTON POST
Cybersecurity Bill Loses Key Provision, Dem Blames 'Extremely Partisan' House Republicans
House Republicans removed a key provision from the PRECISE Act bill for securing the power grid and other critical infrastructure -- allowing the Department of Homeland Security to help create cybersecurity standards that companies must meet

CIO
Weak Passwords Still Subvert IT Security
Data breach at the Utah Department of Health last month that exposed Social Security numbers of more than 280,000 people demonstrated how weak and default passwords can be deadly

THREAT POST
Accountability -- Not Code Quality -- Makes iOS Safer Than Android
Apple's policies that demand accountability from iOS developers as well as stricter controls on what apps can do on Apple devices have made the platform more secure than Android

WLTX
228,000 South Carolinians Medicaid Info Sent To Email
A state employee for the South Carolina Department of Health and Human Services has been fired after transferring Medicaid information on 228,000 people to his own e-mail account -- thus far, the agency doesn't know why he stole the sensitive information

ARS TECHNICA
TV-Based Botnets? DoS Attacks On Your Fridge? More Plausible Than You Think
Vulnerabilities in Samsung and Sony TVs demonstrates how these consumer devices could also be attacked for denial-of-service purposes

ZSCALER BLOG
French Budget Minister Website Hijacked
The French Minister of Budget?s website was recently hijacked and rigged with obfuscated JavaScript at the top of the page

ZDNET BLOG
3 Million Bank Accounts Hacked In Iran
An Iranian hacker who discovered a security vulnerability in Iran?s banking system reported it to the banks nationwide; when they ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point

SAN INTERNET STORM CENTER
OpenSSL Security Advisory -- CVE-2012-2110
The OpenSSL team has issued a pathc for a newly found vulnerability that exposes applications that use specific features of OpenSSL