'Crack security team' didn't notice attempt to log in 99 million times
Up to 21 million accounts on Alibaba e-commerce site TaoBao may have been compromised thanks to stolen credentials reused on breached third-party sites.
Yes, Java fixes are a dime a dozen. But this one prevents 'total compromise' of machines
Oracle's fired off an out-of-cycle emergency Java patch to plug a during-installation vulnerability on Windows platforms.
23 hours ago Has the Star Trek communicator arrived?IT Toolbox Blogs View Synopsis+1
If you don't know what Star Trek is then go and crawl back under your rock. That is because I get the feeling that everyone who reads this blog has at least heard of Start Trek.
One of the most famous phrases in Star Trek is "Beam me up" and it was said into a communicator. The original communicator was flipped open to activate and was spoken into.
20 hours ago Watch me, watch this, watch thatIT Toolbox Blogs View Synopsis+1
So the big electronic companies started on building nick nacks for a subject close to our hearts.
20 hours ago Exploiting Google Maps for FraudSchneier blog View Synopsis+1
The New York Times has a long article on fraudulent locksmiths. The scam is a basic one: quote a low price on the phone, but charge much more once you show up and do the work. But the method by which the scammers get victims is new. They exploit Google's crowdsourced system for identifying businesses on their maps. The scammers convince Google that they have a local address, which Google displays to its uses who are searching for local businesses.But they involve chicanery with two platforms: Google My Business, essentially the company's version of the Yellow Pages, and Map Maker, which is Google's crowdsourced online map of the world. The latter allows people around the planet to log in to the system and input data about streets, companies and points of interest.
Both Google My Business and Map Maker are a bit like Wikipedia, insofar as they are largely built and maintained by millions of contributors. Keeping the system open, with verification, gives countless businesses an invaluable online presence. Google officials say that the system is so good that many local companies do not bother building their own websites. Anyone who has ever navigated using Google Maps knows the service is a technological wonder.
But the very quality that makes Google's systems accessible to companies that want to be listed makes them vulnerable to pernicious meddling.
"This is what you get when you rely on crowdsourcing for all your 'up to date' and 'relevant' local business content," Mr. Seely said. "You get people who contribute meaningful content, and you get people who abuse the system."
The scam is growing:Lead gens have their deepest roots in locksmithing, but the model has migrated to an array of services, including garage door repair, carpet cleaning, moving and home security. Basically, they surface in any business where consumers need someone in the vicinity to swing by and clean, fix, relocate or install something.
What's interesting to me are the economic incentives involved:Only Google, it seems, can fix Google. The company is trying, its representatives say, by, among other things, removing fake information quickly and providing a "Report a Problem" tool on the maps. After looking over the fake Locksmith Force building, a bunch of other lead-gen advertisers in Phoenix and that Mountain View operation with more than 800 websites, Google took action.
Not only has the fake Locksmith Force building vanished from Google Maps, but the company no longer turns up in a "locksmith Phoenix" search. At least not in the first 20 pages. Nearly all the other spammy locksmiths pointed out to Google have disappeared from results, too.
"We're in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system and who've been a thorn in the Internet's side for over a decade," a Google spokesman wrote in an email. "As spammers change their techniques, we're continually working on new, better ways to keep them off Google Search and Maps. There's work to do, and we want to keep doing better."
There was no mention of a stronger verification system or a beefed-up spam team at Google. Without such systemic solutions, Google's critics say, the change to local results will not rise even to the level of superficial.
And that's Google's best option, really. They're not the ones losing money from these scammers, so they're not incented to fix the problem. Unless it rises to the level of affecting user trust in the entire system, they're just going to do superficial things.
This is exactly the sort of market failure that government regulation needs to fix.
Micron21 is preparing to deliver DDoS protection as a service to its global network, which will be hosted from its Melbourne-based datacentre from July.
A newly discovered iPhone vulnerability can bypass your lockscreen code, but it will probably not affect you anytime soon.Â Security researcher Benjamin Kunz Mejri from Vulnerability Laboratory stumbled upon an authentication issue that affects iPhones and iPads running iOS 8 and iOS 9 . DON'T MISS: Fresh iPad Air 3 leak reveals more details about Apple's most exciting tablet in years Using this security hole, hackers could in theory access the data behind your lockscreen password. But in practice, the procedure is a little more complicated than that, as hackers would have to gain physical access to the iPhone or iPad in question. Furthermore, they would have to be able to manage an unlocked
The Business Impact Assessment needs to assess the impact of an outage to all key business processes. It ranks these processes in order, to determine recovery priorities and identifies the activities and resources which comprise each process, again, ...
The malware once known as AlienSpy is back in action after original domains shut down.
Oracle has released updates for Java 6, 7 and 8 to address a high severity vulnerability that can be exploited by a remote, unauthenticated attacker for arbitrary code execution.
1 day ago Business Email Fraud: Who's Liable?InfoRiskToday View Synopsis+1
Manufacturer Sues Insurer for Failing to Cover Fraud LossesWho is responsible for fraud losses resulting from business email compromise? Texas-based AFGlobal Corp. is suing its insurance firm to settle this question. Experts weigh in on the lawsuit and why cyber insurance rarely covers losses from these scams.
(Photo by Ezra Shaw/Getty Images) Investments into cybersecurity startups and emerging players grew by 235% over the past five years, reaching an all-time high of $3.8 billion in 2015 - according to CB Insights. VCs and corporate investors moved the needle to nine-figures on some of the larger deals. A look at [...]
John Perry Barlow stands by his Declaration of Independence of Cyberspace, the libertarian idea that lit up the Internet on this day in 1996.
The post It's Been 20 Years Since This Man Declared Cyberspace Independence appeared first on WIRED.
Orders The Social NetworkTM to stop sending data to USA, tracking non-members
Monday June 8th will go down as a bad day in Facebook history, after France joined India by telling the social network to Zuck off.
Cryptonets chew data fast but keep it safe
Exclusive Microsoft researchers, in partnership with academia, have published a paper detailing how they have dramatically increased the speed of homomorphic encryption systems.
Hoppers drained in sophisticated two-part network smack-down.
Kaspersky researchers Alexander Gostev and Vitaly Kamluk have found a malware gang that can drain ATMs of cash by compromising banks and reversing transactions.
4 hours ago Open government data could add AU$25b to economyZDNet View Synopsis+1
The government has reported back on its open data policy, saying it could add between AU$500 million and AU$25 billion to the Australian economy.
UNITED NATIONS (AP) - Jane Holl Lute, a U.S. security expert who has held top posts in U.N. peacekeeping, was appointed by Secretary-General Ban Ki-moon on Monday to coordinate improvements in the United Nations' response to allegations of sexual exploitation and abuse by peacekeepers.
10 hours ago 'Covert' APT Attacks Pose New WorriesInfoRiskToday View Synopsis+1
Kaspersky Lab Says Carbanak 2.0, Other Attacks Evade DetectionThe banking malware known as Carbanak continues to evolve, and cybercriminals are now using it to wage APT-style attacks against banks as well as companies in other sectors, according to security researchers at Kaspersky Lab.
10 hours ago Denver Broncos and JD Edwards ERP, hmmm...IT Toolbox Blogs View Synopsis+1
Last week?s JD Edwards Summit took place in Broomfield, Colorado in the context of a big lead up to the Super Bowl featuring local favorite the Denver Broncos. Because of JD Edwards historical links to Denver, many of the people in JD Edwards land are very satisfied with the Super Bowl results.
Analysis of HHS Proposal Designed to Ease Exchange of Data for TreatmentFederal regulators are proposing changes to regulations governing the data privacy of substance abuse patients. Privacy experts disagree about whether the changes are necessary and practical, or potentially harmful.
This informative session will highlight how you can:
- Understand data proliferation (AKA the "data monster");
- Determine the intersection of data security risk and data management;
- Create a 360-degree view of your data risks;
- Deliver on-demand intelligence for audit and governance programs;
- Eliminate costly and error-prone manual efforts in securing your data.
A quick and easy security checkup for 2GBs of free cloud storage? Sign me up!
By Mark Hosenball WASHINGTON (Reuters) - The U.S. Department of Homeland Security and the Justice Department are investigating a claim that personal data related to thousands of DHS and FBI employees was hacked and has been posted online, an agency spokesman said on Monday. The tech website Motherboard reported on Sunday that a hacker, who Motherboard said wished to remain anonymous, intended to dump onto the Internet names, job titles, email addresses and official phone numbers of over 9,000 DHS employees and another 20,000 Federal Bureau of Investigation workers.
11 hours ago An Increasing Number of Women are Choosing Tech Careers, and There is More Room For Them Than Ever BeforeIT Toolbox Blogs View Synopsis+1
Although the US Bureau of Labor Statistics indicates women made up 47 percent of all employed workers in 2011, data from LeanIn.Org and McKinsey & Co noted only 37
Anybody who works in an office building knows they are almost always too hot or too cold. So a little research here could go along way. But seriously, the DOE is also leading a new collaborative effort with multiple private sector groups to leverage the work of the existing Better Buildings Energy Data Accelerator to promote better access to building energy data in new cities across the country. Smart