A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against U.S. and South Korean networks were not damaging enough to be considered serious incidents.

The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, which many commentators have speculated originated in North Korea. However, there has been little in the way of proof offered for this assessment, and Lewis doesn’t go down that road. Instead, he focuses on whether the attacks constituted an act of war and whether they could have been the work of a terrorist group.

Read the rest of this post at the original site.

For years, the big e-voting firms have refused to share their source code, repeatedly insisting all sorts of awful things would happen if the code was revealed. Of course, in the few instances where people actually did get access to the code, the only “awful things” that turned up were pretty massive security holes and weak programming.

Read the rest of this post on the original site

A few years ago, a company began to sell a liquid with identification codes suspended in it. The idea was that you would paint it on your stuff as proof of ownership. I commented that I would paint it on someone else’s stuff, then call the police.

Read the rest of this post at the original site

Microsoft says a phishing scheme is behind the exposure of passwords to thousands of Hotmail accounts late last week and adds that it’s helping affected customers regain control of their accounts.

On Monday, the Neowin technology blog posted a story saying that an anonymous user on Oct. 1 had uploaded a list with password details of more than 10,000 Hotmail accounts to a Web site called pastebin.com, where developers typically share programming code with each other. Neowin said it had seen part of the list, which has since been removed, and notified Microsoft of the issue.

After an internal investigation into the leaked Hotmail credentials, Microsoft (MSFT) said in a statement that it determined the passwords were obtained through a phishing scam. In a phishing scam, hackers send out legitimate-looking emails under the letterhead of banks, eBay (EBAY) and other institutions, usually telling consumers they need to reset online passwords to their Web sites for security purposes.

Read the rest of this post on the original site

Thought China is loosening up its grip on information flow? Think again.

For the last two months, Internet users in China have been denied access to a dozen popular Web sites and bulletin boards. They have been shut down by the Chinese government for security purposes as part of the government’s preparations for the upcoming 60th anniversary of the proclamation of People’s Republic on Oct. 1.

Read the rest of this post on the original site

In less than two months after a group of University of Washington computer researchers proposed a novel system for making electronic messages “disappear” after a certain period of time, a rival group of researchers based at the University of Texas at Austin, Princeton, and the University of Michigan, has claimed to have undermined the scheme.

In July, the University of Washington team described an experimental system called “Vanish” predicated on the idea of scattering the parts of an encryption key on a publicly accessible peer-to-peer file sharing network in such a way that the key–a large number–would become unusable as pieces of it were lost from the network.

Read the rest of this post on the original site

A Defense Department intelligence analyst hit with a federal computer hacking charge last week says he’s being made a scapegoat for a security slip-up that sent a password in a nationwide terrorism investigation to “tens of thousands” of analysts without the need-to-know.

“I think on one of the blogs, somebody said, how about this: I give you my username and password, you log into my account, and then I file criminal charges against you,” said Brian Keith Montgomery, in a telephone interview with Threat Level on Thursday. “That person hit it right on the head.”

Read the rest of this post at the original site

It is still out there.

Like a ghost ship, a rogue software program that glided onto the Internet last November has confounded the efforts of top security experts to eradicate the program and trace its origins and purpose, exposing serious weaknesses in the world’s digital infrastructure.

Read the rest of this post on the original site

A report from security firm Proofpoint shows that email isn’t the only inside threat companies face–confidential information is leaking out via blogs, mobile devices and social-media sites.

In a survey of some 220 companies, Proofpoint found that email is still the No. 1 offender when it comes to data leaks. About 43% of respondents had investigated an email-based security breach during the past year. Nearly one-third of the companies surveyed had fired an employee for violating email confidentiality policies, a 26 percent increase from 2008.

Blogs and videos are increasingly channels for leaks as well, with 18 percent of respondents saying that they looked at those media when investigating an information leak.

Read the rest of this post on the original site

People are increasingly using their mobile phones for tasks previously performed by a computer. So it shouldn’t come as a big surprise that cyber bad guys are turning their attention to the devices.

This year’s Black Hat conference, an annual gathering where security professionals show off the latest and greatest in hacking techniques and computer vulnerabilities, will for the first time feature an entire track on threats to mobile devices. Among the topics to be discussed Thursday are techniques for crashing an iPhone, and how to use SMS–the protocol used for text messages–to take over someone’s mobile phone.

Read the rest of this post on the original site

The fireworks weren’t only in the sky this past Fourth of July but were seemingly in the Intertubes, too, when U.S. and South Korean government websites were struck by a series of cyber sorties that knocked a few sites off line and left some people seeing red–as in the crimson Communist hue.

Read the rest of this post on the original site

When a closely guarded prototype of a new Apple (AAPL) iPhone went missing at a huge factory here two weeks ago, an internal investigation focused on a shy, 25-year-old employee named Sun Danyong.

Mr. Sun, a college graduate working in the logistics department, denied stealing the iPhone. But he later complained to friends that he had been beaten and humiliated by the factory’s security team.

Read the rest of this post on the original site

A group of computer scientists at the University of Washington has developed a way to make electronic messages “self destruct” after a certain period of time, like messages in sand lost to the surf. The researchers said they think the new software, called Vanish, which requires encrypting messages, will be needed more and more as personal and business information is stored not on personal computers, but on centralized machines, or servers.

Read the rest of this post on the original site

The head of the company that created the Web-filtering software that the Chinese government will require on all new personal computers acknowledged that the current version of the software contains security flaws and said that they were trying to fix the problems, according to China Daily.

Bryan Zhang, CEO of Jinhui Computer System Engineering, the primary developer of the software, told the state-run newspaper that authorities had ordered the Jinhui to fix security glitches in the software. A notice sent to PC makers last month said they must include the software with all new PCs shipped in China as of July 1.

Read the rest of this post on the original site