Best Of The Web

NEXGOV
Cyber Czar: Power Companies Need To Watch Their Backs
White House cybersecurity coordinator Howard Schmidt yesterday at a McAfee conference said utilities must regularly identify security flaws in their electricity delivery systems as the U.S. Department of Energy, the White House, Homeland Security Department, and power companies test a voluntary reporting model

WEBROOT BLOG
Spamvertised LinkedIn Notifications Serving Client-Side Exploits And Malware
A spam campaign of LinkedIn themed messages is under way that tries to trick users into clicking on malicious links embedded in the emails

HELP NET SECURITY
0-day In Backtrack Linux Found, Patched
InfoSec Institute says a student found a zero-day vulnerability affecting the last version of Backtrack Linux -- the flaw has now been fixed

ISS SOURCE
Stuxnet Loaded By Iran Double Agents
The Stuxnet virus was installed in the Natanz Iranian nuclear facility by an Iranian working for Israel who used an infected USB stick to spread the virus, according to former and serving U.S. intelligence officials

RSA BLOG
Time To Push The Reset Button?
RSA says it's time to accept that intrusions are inevitable, and start to build a path that moves payment security forward so that while intrusions may be inevitable, they don't result in data loss

COMPUTERWORLD
Mac Security Software Sales Jump After Flashback Infections Make News
Some antivirus vendors have seen an increase sales or in downloads of free Mac Antivirus and security programs in the wake of the recent revelation of a massive OS X botnet

THE WASHINGTON POST
Police, Feds Target Cellphone Thieves By Limiting Their Resale Market
AT&T, T-Mobile, Verizon, and Sprint will create a database of identification numbers embedded in smartphones so when one is reported stolen, service will be denied when someone tries to use it

F-SECURE BLOG
F-Secure: Free Flashback Removal Tool
The antivirus firm is now offering a free tool that automatically detects and removes the widespread Flashback Trojan malware from Mac OS X machines

THREAT POST
Google Fixes SSL Certificate Error In Chrome
Update for Chrome fixes issue where when connecting to sites via HTTPS, the browser misidentified some legitimate sites as having invalid certificates when that was not the case

DAMBALLA BLOG
The APT Deception
China isn?t the only advanced persistent threat actor: Traffic originating from China could include attack traffic tunneled through open proxies and bot-infected hosts in the country but from cybercriminals in other regions

WIRED
Board Urges Feds To Prevent Medical Device Hacking
Pressure is on the FDA and the feds to analyze the security of wireless medical devices before they to go market, as well as to set up a vulnerability reporting system via the U.S. CERT for tracking security flaws in these devices

THE REGISTER
Malware-Infected Flash Cards Shipped Out With HP Switches
HP found it was shipping virus-laden compact flash cards with its HP ProCurve 5400zl switches, the company is warning

ARS TECHNICA
Rise Of 'Forever Day' Bugs In Industrial Systems Threatens Critical Infrastructure
Security vulnerabilities that vendors have no intention of fixing in control systems are growing

GREEN TECH
FBI Finds Smart Meter Hacking Surprisingly Easy
Smart meters reduce theft in some countries, but introduce new hacking opportunities in others

WASHINGTON POST
Pentagon To Fast-Track Cyber Weapons Acquisition
U.S. military could develop weapons against specific targets in a matter of days

FOX NEWS
Grandpa, Patriot Who Goes By 'The Raptor,' Claims Credit For Taking Down Al Qaeda Websites
American grandfather says he is waging his own war on terror

MICROSOFT WINDOWS BLOG
Upgrade Today: Two-Year Countdown To End Of Support For Windows XP And Office 2003
Phaseout of older software will increase security, software giant says

HELP NET SECURITY
An Unsecured Computer Is Worse Than An Unlocked Home
Using a computer without security is riskier than leaving your home or car unlocked, study says

HACKER NEWS
Anonymous Plans To Take Down Great Firewall Of China
Hacktivist group plans to launch more attacks against Chinese government websites

MICROSOFT SECURITY RESPONSE CENTER
Microsoft Releases Six Security Patches
Two critical updates released on Patch Tuesday

ADOBE
Security Updates Available For Adobe Reader And Acrobat
Updates to eliminate current vulnerabilities, software vendor says

THE WASHINGTON POST
For Agency, A Loss Of Technology Has Had Down And Upsides
The Economic Development Administration has gone offline in the wake of a targeted attack spotted three months ago that was so invasive that the agency is not using email or other electronic access for now until it?s cleaned up

KREBS ON SECURITY
FBI: Smart Meter Hacks Likely To Spread
The FBI said in a bulletin that a series of hacks against smart meters over the past several years may have cost one U.S. electric utility hundreds of millions of dollars annually, and more attacks could occur against these devices

SECURELIST BLOG
10 Simple Tips For Boosting The Security Of Your Mac
As the Mac OS X Flashback Trojan spreads, there are some ways for Mac users to better secure their machines, including creating a non-admin account for everyday use, using Google Chrome for browsing, and uninstalling the stand-alone Flash Player

SEARCH SECURITY
April 2012 Patch Tuesday: Microsoft To Issue Six Bulletins, Four Critical
Microsoft says it will release six security updates tomorrow, including four critical bulletins that address both server-side flaws and serious vulnerabilities in all versions of Windows, Internet Explorer, and its .NET Framework

THE NEW YORK TIMES
Spam Invades A Last Refuge, The Cellphone
Spam is on the rise via text messaging, and while it?s not nearly as widespread as email spam, it carries the same dangers, experts say

CNET
Apple's Security Code Of Silence: A Big Problem
Apple's silence on security isn't helping the increased attacks against its systems, as well as Apple's penchant for controlling patches on its systems, including that of Java, which it doesn't allow Oracle to patch on its systems

CNN
Mystery Surrounds Silencing Of Key Al Qaeda Websites
Some major Al Qaeda online forums have gone dark over the past two weeks, but no one has claimed responsibility for the outages and U.S. officials are not commenting on it

BANK INFOSECURITY
Chase Hit In ATM Skimming Attacks
Some 13 California residents have been indicted by a grand jury in Las Vegas for an alleged ATM card-skimming scam via vestibule entry doors of ATMs at multiple Chase Bank branches in the region

THE HACKER NEWS
Anonymous Plans 7 April Attack On British government
A U.K. arm of Anonymous is rallying people to help execute a distributed denial-of-service attack against the U.K. Home Office website on Sat., April 7, in protest of the extradition of three U.K. citizens to the U.S.

CNN
China Admits Sites Hit In Hacking Attack
Chinese officials acknowledged that "certain reports prove again" that Chinese websites had been hacked

TWITTER BLOG
Shutting Down Spammers
Twitter announced that it has filed a suit in federal court in San Francisco against five prolific spam tool providers and spammers and has also beefed up anti-spam features

INFOWORLD
Mozilla Blacklists Vulnerable Java Plug-Ins From Firefox
Mozilla automatically disables outdated Java plug-ins in Firefox on Windows in response to ongoing attacks targeting the add-ons

SOFTPEDIA
Sony Hacker Pleads Guilty, Faces 15-Year Sentence
Cody Kretsinger, former member of the LulzSec crew and a.k.a. "recursion," pleaded guilty in U.S. District Court judge for breaching Sony Pictures Entertainment's computers and could get up to 15 years in prison

THREAT POST
Project Basecamp Adds Stuxnet-Type Attack Module To Metasploit
Digital Bond-sponsored Project Basecamp has created new modules for exploiting vulnerabilities in popular programmable logic controllers and submitted them to Metasploit -- including one exploit that wages a Stuxnet-type attack

CNET
Facebook Says ID Theft Threat Only On Jailbroken Phones
Facebook is shooting down reports of a researcher finding a vulnerability in the social network's Android and iOS client apps, saying the bug is only associated with jailbroken phones

CYBERWARZONE
Sophos Leaked Partners Data
Malware was discovered on Sophos' Partner Portal server; the antivirus firm has taken the portal offline as it investigates the incident, which could have exposed names, email addresses, hashed passwords

INTELNEWS
Why Are Al-Qaeda Websites Going Off-Line?
Al-Qaeda websites began dropping offline late last month in what appears to be coordinated fashion, and security experts say sure looks like a coordinated attack on them

CSO ONLINE
CDT: Cybersecurity Bills Raise Major Civil Liberties Concerns
Four bills on Capitol Hill that would let private companies share threat intelligence could have privacy and civil liberty flaws, according to the Center for Democracy and Technology

ARS TECHNICA
Internet Explorer Market Share Surges, As IE 9 Wins Hearts And Minds
For the second time in three months, Internet Explorer has gained marketshare, with nearly a 1 percent increase