The “appearance” of security is not
sufficient? (Is that what they are saying?) What a precedent!
Update:
Federal appeals court raps U.S. bank over shoddy online security
July 5, 2012 by admin
Jeremy Kirk reports the latest twist in
a long-running lawsuit
by a construction firm against its bank over fraudulent wire
transfers:
A U.S. construction company may stand a greater chance of recovering
some of the $345,000 it lost in fraudulent wire transfers that it
blames on poor online banking practices of its bank.
Patco Construction
Company, based in Sanford, Maine, sued Ocean Bank, now called
People’s United Bank, after fraudsters made six wire transfers
using the Automated Clearing House (ACH) transfer system amounting to
more than $588,000 in May 2009. About $243,000 was recovered.
In its suit, Patco
alleged among other claims that Ocean Bank’s online security was
not commercially reasonable under Article 4A of the Uniform
Commercial Code (UCC), a federal code governing contractual disputes
that has been adopted into most U.S. states’ laws.
The UCC does not
allow claims such as negligence, fraud and breach of contract. The
code makes it potentially costly for small businesses to sue
financial institutions over cybercrime-related fraud. Even if a
small business wins a lawsuit, under the code the financial damages
are limited only to the money stolen plus interest.
In a significant
twist, a three-judge federal appeals court panel
found on Tuesday that Ocean Bank’s online security measures were
not “commercially reasonable,” reversing a lower court
ruling from May 2011.
Read more on Computerworld.
A useful tool and a serious security
concern? “If we cut through the wall right here, we can walk right
into the bank vault!” (a line from too many movies to count)
Just in time for the Olympic games,
Google is bringing its indoor maps to the UK. This Google
Maps feature is currently available on Android devices, and lets
us users navigate our way and get walking directions not only in the
street, but inside building as well. There are currently over 40
venues in the UK featured on indoor maps, including the British
Museum, King’s Cross Station, the O2 Arena and most big airports.
Suggesting a new iPhone advertising
campaign?
Security
firm: Android malware pandemic by year's end
Android malware levels are rising at an
alarming rate, according
to antivirus maker Trend Micro.
The security firm said at the start of
the year, it had found more than 5,000 malicious applications
designed to target Google's Android
mobile operating system, but the figure has since risen to about
20,000 in recent months.
By the coming third-quarter, the firm
estimates there will be around 38,000 malware samples, and close to
130,000 in the fourth-quarter.
Forced cleanup. Has there ever been a
non-technical equivalent? (300,000 Typhoid Mary's?)
"The FBI
is set to pull the plug on DNSChanger servers on Monday, leaving
as many as 300,000 PCs with the wrong DNS settings, unable to easily
connect to websites — although that's a big improvement from the 4m
computers that would have been cut off had the authorities pulled the
plug when arresting the alleged cybercriminals last year. The date
has been pushed
back once already to allow people more time to sort out their
infected PCs, but experts
say it's better to cut off infected machines than leave them be.
'Cutting them off would force them to get ahold of tech support and
reveal to them that they've been running a vulnerable machine that's
been compromised,' said F-Secure's Sean Sullivan. 'They never learn
to patch up the machine, so it's vulnerable to other threats as well.
The longer these things sit there, the more time there is for
something else to infect.'"
[Check you computer
here: http://www.dns-ok.us/
(Related) Perhaps the FBI will nuke
'em? If making laws is similar to making sausage, how should we
explain “diplomacy?”
Wikileaks
starts publishing two million 'Syria Files' emails
Whistleblowing organisation Wikileaks
has begun publishing more than two million emails from Syrian
political figures, ministries, and associated companies.
Wikileaks says the data derives from
680 Syria-related entities or domain names, including those from the
Ministry of Presidential Affairs, Foreign Affairs, Finance,
Information, Transport, and Culture Ministries.
Today's publication of dozens of emails
mark the first cache released, with more to be published over the
coming months. A number of media outlets are working in partnership
with Wikileaks, including the Associated Press.
Wikileaks
founder Julian Assange said the Syrian government will not be the
only ones facing criticism from the fallout of today's announcement.
Reading other people's mail... In an
effort to stamp out wasting time on Facebook, you might expose all
your communications.
New submitter jetcityorange
tipped us to a nasty security flaw in Cyberoam packet inspection
devices. The devices are used by employers and
despotic governments alike to intercept communications; in the case
of employers probably for relatively mundane purposes (no torrenting
at work). However, the CA key used to issue fake
certificates so that the device can intercept SSL traffic is the
same on every device, allowing every Cyberoam device to intercept
traffic that passed through any other one. But that's not all: "It
is therefore possible to intercept traffic from any victim of a
Cyberoam device with any other Cyberoam device - or, indeed, to
extract
the key from the device and import it into other DPI devices, and
use those for interception. Perhaps ones from more competent
vendors."
If Congress asked for a report, can an
attempt at new laws be far behind?
July 04, 2012
CRS
- Federal Laws Relating to Cybersecurity: Discussion of Proposed
Revisions
Federal
Laws Relating to Cybersecurity: Discussion of Proposed Revisions.
Eric A. Fischer, Senior Specialist in Science and Technology, June
29, 2012
- "For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002."
(Related) In the UK they reported on
the cost. We apparently don't care what it costs...
July 04, 2012
Paper
- Measuring the Cost of Cybercrime
Via the 11th Annual Workshop on the
Economics of Information Security - Measuring
the Cost of Cybercrime - Ross Anderson, Chris Barton, Rainer
Rainer Bohme, Richard Clayton, Michel J.G. van Eeten, Michael Levi,
Tyler Moore, Stefan Savage
- "In this paper we present what we believe to be the first systematic study of the costs of cybercrime. It was prepared in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem. For each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now 'cyber' because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. As far as direct costs are concerned, we find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost in the tens of pence/cents. However, the indirect costs and defence costs are much higher for transitional and new crimes. For the former they may be roughly comparable to what the criminals earn, while for the latter they may be an order of magnitude more. As a striking example, the botnet behind a third of the spam sent in 2010 earned its owners around US$2.7m, while worldwide expenditures on spam prevention probably exceeded a billion dollars. We are extremely ineffi cient at fighting cybercrime; or to put it another way, cybercrooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society. Some of the reasons for this are well-known: cybercrimes are global and have strong externalities, while traditional crimes such as burglary and car theft are local, and the associated equilibria have emerged after many years of optimisation. As for the more direct question of what should be done, our figures suggest that we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response - that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail."
They must teach this in that Law School
class titled “Invent your own logic” .
"In a
stretch of the meaning of 'free speech' that defies the most liberal
interpretation, Verizon
defends throttling your data speed."
In its continuing case to strike
down the FCC net neutrality regulations, Verizon is arguing that
Congress has not authorized the FCC to implement such regulations,
and therefore the FCC is overstepping its regulatory bounds, but
(from the article): "Verizon believes that even if Congress had
authorized network neutrality regulations, those regulations
would be unconstitutional under the First Amendment. 'Broadband
networks are the modern-day microphone by which their owners [e.g.
Verizon] engage in First Amendment speech,' Verizon writes."
They are also arguing that "... the rules violate the Fifth
Amendment's protections for private property rights. Verizon argues
that the rules amount to 'government compulsion to turn over [network
owners'] private property for use by others without compensation.'"
Perhaps a reaction to Treaties
negotiated in secret? Or maybe it's just a bad idea?
European
Parliament Kills Global Anti-Piracy Accord ACTA
The European Parliament on Wednesday
declared its independence from a controversial global anti-piracy
accord, rejecting the Anti-Counterfeiting Trade Agreement.
The vote,
478-39, means the deal won’t come into effect in European
Union-member nations, and effectively means ACTA is dead.
Its fate was also uncertain in the
United States. Despite the Obama administration signing its intent to
honor the deal last year, there was a looming constitutional showdown
on whether Congress, not the administration, held the power to sign
on to ACTA.
Overall, not a single
nation has ratified ACTA, although Australia, Canada,
Japan, Morocco, New Zealand, Singapore and South Korea last year
signed their intent to do so. The European Union, Mexico and
Switzerland, the only other governments participating in ACTA’s
creation, had not signed their intent to honor the plan.
For my Ethical Hackers
… when UK Internet service provider
BT blocked The Pirate Bay, the block was only in effect for a few
minutes before The Pirate Bay bypassed it.
Topics covered:
How Websites Are
Blocked
How Websites
Bypass Blocks
Legal System
Slowness
Other Ways to
Bypass Blocks
The Streisand
Effect
No comments:
Post a Comment