Best Of The Web

ESET BLOG
Google's Data Mining Bonanza And Your Privacy
A look at how much data about its users Google has the potential to mine and questions of privacy

KREBS ON SECURITY
Hackers Offer Bounty For Windows RDP Exploit
A website where independent and open-source software developers can hire one another promises to award at least $1,435 to the first person to develop a working exploit for a newly Remote Desktop Protocol flaw in Windows

AVAST BLOG
iYogi Support Service Removed
Avast has dropped iYogi as its phone support service for users after reports and confirmation that iYogi service representatives appear to have attempted to increase its sales for a premium support service by falsely leading some users to believe they had other problems on their machines

THE NEW YORK TIMES
New Interest In Hacking As Threat To Security
A major spike in hacking attacks on networks and computers of all types, including critical infrastructure systems, during October 2011 through February 2012 appears to have prompted more intense interest in Congress to pass tougher legislation for new standards for breaches that could incur casualties or economic fallout

HILLICON VALLEY
Obama And Cameron Pledge To Work Together On Cybersecurity
President Obama and U.K. Prime Minister David Cameron have agreed to share information about cyberattacks and to work together to defend against attacks on privacy and government systems

INFOWORLD
Google's Trap For Chrome Exploit Writers Leads To Crashes For Users
Flash exploit mitigation recently built into Chrome by Google to detect and block Flash Player exploits ended up breaking certain Flash-based applications and games for some users

GOOGLE BLOG
Host Resolution In Chromium
In a move that could affect users' online privacy, Google has announced that its Chrome browser will bypass a user system's DNS preferences

THE WALL STREET JOURNAL
Your Posts Can Be Used Against You
Job seekers should be aware that human-resources departments use online searches to vet candidates, and rules are still unclear for how workers should use social media

BBC
Former Hacker Explains Why Websites Are Targeted
BBC Radio 5 Live's Double Take asked former hacker and online security expert about who hackers are and how much of a risk they pose to government and businesses

THREAT POST
Mozilla Releases Firefox 11, Fixes Pwn2Own Bug
Mozilla issued Firefox 11 and acknowledged that the flaw researchers used in the Pwn2Own contest last week was a "memory safety" issue in the array.join function -- something Mozilla had been working fixing

NAKED SECURITY BLOG
US Army Warns About The Risks Of Geotagging
The U.S. Army warns that soldiers and others are exposed by geotagging online, and the British Army has banned the use of mobile phones in operational zones, such as Afghanistan, cautioning soldiers against taking pictures on smartphones

ROME REPORTS
Hackers Strike The Vatican's Website...Again. Vatican Radio Is Also Targeted
Hackers associated with Anonymous have hit the Vatican?s website again as well as Vatican Radio via database and posting journalists' names and passwords

THE HACKER NEWS
Hacker Exposes 40,000 Credit Cards From Digital Playground
A new hacking group called The Consortium has broken into the porn site Digital Playground and apparently has stolen 72,000 usernames and passwords and 40,000 credit-card numbers.

KREBS ON SECURITY
Hacked Inboxes Lead To Bank Fraud
Hacked and phished email accounts increasingly are serving as tools for bank fraud schemes targeting small businesses

CSO ONLINE
Ukraine Seen As A Growing 'Haven For Hackers'
An information security official at the Security Service of Ukraine has admitted that: "Ukrainian hackers are well-known in the world. Our country is a potential source of cyber threats to other countries"

V3
Malware Writers Hijack SIM Data For Mobile Bank Scam
Security firm Trusteer has spotted a series of attacks that either steal or convince users to hand over the international mobile equipment identity number on their handsets, and the information is then used to obtain a SIM card connected to the account and to grab online banking credentials

SECURITY NEWS DAILY
Pro-American Hacker's Attack Threatens Ro Expose Anonymous
Self-described patriotic hacker "The Jester" claims to have broken into smartphones belonging to Anonymous leaders and passed incriminating text messages, emails, address books, and other data to the authorities

SC MAGAZINE
White House Appoints New Federal CTO
President Obama has named Todd Park as the federal government's new chief technology officer as a replacement for Aneesh Chopra, who resigned last month

THE SMOKING GUN
Hacker-Turned-FBI Informant "Sabu" Ditches Manhattan Court Appearance, Remains In Hiding
Sabu/Hector Monsegur's case for his misdemeanor criminal charge for impersonation was called Tuesday morning at Manhattan Criminal Court, but he did not show and the case was adjourned for an arraignment next month

HELP NET SECURITY
New P2P Botnet Soon Available For Sale
The development of a new botnet that will rely on a decentralized architecture based on P2P technology is nearing completion and will soon be offered for sale for a sum of $8,000 on a number of underground hacking forums

SECURITY WEEK
Secunia Slams Apple Over Vulnerability Handling, Publicizes Safari Flaws
Secunia published two Safari flaws and says it went public with them because Apple has remained silent about them for more than six months

TEAM SHATTER BLOG
It's Back: March Madness Meets Higher Education Data Breach "Brackets"
The Second Annual Higher Education Data Breach Madness Brackets shows that 48 institutions were hit by breaches, with Virginia Commonwealth University at No.1 with the biggest breach of 176,567 records last year

GOOGLE INSIDE SEARCH BLOG
Bringing More Secure Search Around The Globe
Google over the next few weeks will begin rolling out SSL/HTTPS to its search page and results

CNN MONEY
LinkedIn Is A Hacker's Dream Tool
Security experts say LinkedIn could be a key tool for cyberespionage spear-phishing attacks, demonstrating potential scenarios of attack

ISC SANS DIARY
An Analysis Of Jester's QR Code Attack
Hacker Th3J35t3r claims to have successfully targeted and grabbed personal information from members of Anonymous, LulzSec, and AntiSec using a QR code in his Twitter account icon that served as a lure for potential victims

ZDNET BLOG
Chinese Spies Used Fake Facebook Profile To Friend NATO Officials
Chinese cyberspies created a fake Facebook profile of U.S. Navy admiral James Stavridis and successfully friended various NATO officials, getting access to their personal data

INFOSEC ISLAND
FTC Says Tax Fraud Is On the Rise And Here's Why
Tax and wage-related fraud accounted for 24 percent of consumer complaints last year -- that has doubled since 2009 -- and in the five states with the highest level of identity theft, tax-and wage-related fraud was about one-third or more of the consumer ID theft complaints

THE WASHINGTON POST
China Testing Cyber-Attack Capabilities, Report Says
A new congressional report says Chinese military officials have talked about conducting cyberwarfare and are testing attack capabilities during exercises, but would likely target transportation and logistics networks first

RAPID 7 BLOG
Adobe Flash And The Iranian Nuclear Program
Metasploit now has a working, general purpose exploit for the brand new Adobe Flash vulnerability exploited in the recent "Iran's Oil and Nuclear Situation.doc" email attack campaign spotted by Contagio on March 5

THE DAILY MAIL
Study Finds 50 Per Cent Of Americans Won't Return Lost Smartphones -- And Most Will Rifle Through Your Personal Information
Symantec left 50 smartphones planted around busy cities in the U.S. and Canada as an experiment and found that half of Americans would not return a lost cell phone, and even more would access personal information, including passwords, online banking information, and e-mails

READ WRITE WEB
Security Leaders: How Can Something This Dumb Be Called A "Smart Grid?"
Former assistant secretary for policy at the Department of Homeland Security in a new book criticizes the relative state of readiness and resilience of the computer equipment protecting America's energy distribution networks and industrial control systems

INTERNATIONAL BUSINESS TIMES
Anonymous And FBI's OpAntiSec War Is Hurting Civilians: Analyst
Some analysts say that the "war" between Anonymous and the FBI is only hurting the people the two organizations claim to be helping

THE NEW YORK TIMES
Hacker, Informant And Party Boy Of The Projects
Profile of "Sabu" found he was raising the two young children of his imprisoned aunt in a public housing project, paying bills with stolen credit cards, selling drugs, playing loud music late at night, and offering to use his hacking skills to help neighbors with their credit ratings

INTERNATIONAL BUSINESS TIMES
Anonymous And FBI's OpAntiSec War Is Hurting Civilians: Analyst
Some analysts say that the "war" between Anonymous and the FBI is only hurting the people the two organizations claim to be helping

THREAT POST
Mobile Security Research Rife With Legal Pitfalls
One big problem is research on mobile devices doesn't just just pertain to a single vendor: An Android may be manufactured by one company, have software from another, and service from a third party

ASSOCIATED PRESS
Serbia Arrests Member Of Anonymous Hacking Group
Serbian authorities have arrested a member of the Anonymous hacking group in the Balkan country

THREAT POST
Chats, Car Crushes And Cut 'N Paste Sowed Seeds Of LulzSec's Demise
Bad blood within the ranks of Anonymous, coupled with a series of small errors, provided clues that led investigators to group?s leaders

BLOOMBERG
Obama To Simulate Cyber Attack On New York Power To Lobby Senate
Simulated power grid hack designed to drum up support for cybersecurity legislation

COMPUTERWORLD
Chrome Succumbs To Pwn2Own Contest Hack
Google's "Pwnium" snares a Chrome sandbox-escape exploit with a $60,000 bait

INFOWORLD
Do IT Execs Know Sensitive Data When They See It?
Tech officials at a quarter of firms surveyed say they have 'limited or no understanding' of data's sensitivity