[ISN] China loses US$46B to cybercrime in 2012

http://www.zdnet.com/cn/china-loses-us46b-to-cybercrime-in-2012-7000010461/ By Liau Yun Qing ZDNet.com January 29, 2013 Online crimes such as fraud and personal information theft have cost China 289 billion yuan (US$46.4 billion) in 2012, but the lack of legal support makes it tough for local authorities to reduce the losses. Citing a study by the People’s Public Security University of China on Internet crimes in the country, Global Times reported Tuesday that local public security departments investigated more than 118,000 Internet crimes last year, with many cases involving multiple victims. The study noted an average of 700,000 Internet users in China are victims of cybercrime each day. However, many victims do not report the crime as the cases may involve only small amounts of money and are thought not worthy of involving the authorities, it added. Topping the list of online crimes, according to number of victims and money involved, are fraud, prostitution, pyramid selling and personal information theft, it stated. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘Andyhave3cats’ is a better password than ‘Shehave3cats, ‘ study finds

https://www.computerworld.com/s/article/9236227/_Andyhave3cats_is_a_better_password_than_Shehave3cats_study_finds By Jaikumar Vijayan Computerworld January 25, 2013 Using a long phrase or a short sentence as a password may not be as secure as some security experts think. Researchers at Carnegie Mellon University’s Institute for Software Research have found that long passwords that incorporate grammar — good or bad — are easier to crack than short passwords without structure. The research team tested more than 1,400 passwords containing 16 or more characters against a grammar-aware password-cracking algorithm and found that grammatical structure can undermine security. Ashwini Rao, a Carnegie Mellon software engineering doctoral student and the lead researcher on the project, said that while phrases and sentences can make passwords easier to remember, their grammatical structure significantly narrows the possible word combinations and sequences that hackers — and their tools — need to guess. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Facebook’s Graph Search worries security experts

http://www.csoonline.com/article/727502/facebook-s-graph-search-worries-security-experts By Antone Gonsalves CSO January 24, 2013 Facebook’s new Graph Search has security experts warning people who use the social network to raise their privacy settings in order to avoid embarrassment or becoming victims of cybercriminals. Graph Search, which Facebook introduced this month and is rolling out gradually, lets people use naturally phrased queries, such as “Mexican restaurants my friends like,” and receive personalized results. The service makes a lot more useful information available to people, and it gives Facebook a new venue for selling advertising. Unfortunately, while better search is good for Facebook and its users, it also brings more opportunities for scammers and potential embarrassment for people who are careless about their privacy settings. Tom Scott posted on the microblogging and social networking site Tumblr queries that returned results that few people would want to be a part of. They included “married people who like prostitutes” and “current employers of people who like racism.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Bugs Found In Baked-In Barracuda Backdoors

http://www.darkreading.com/insider-threat/167801100/security/perimeter-security/240146954/bugs-found-in-baked-in-barracuda-backdoors.html By Kelly Jackson Higgins Dark Reading Jan 24, 2013 An Austrian researcher discovered flaws in deliberate backdoors built into Barracuda Networks’ Web Filter, Message Archiver, Web Application Firewall, Link Balancer, and SSL VPN products. The security vendor today patched the bugs, but left the option up to its customers whether to disable the conduit to their devices. Steve Powell, vice president of product management at Barracuda, says the special “tunnel” option in the products is for back-end support with the vendor. “When customers request access to the system, they use the Remote Support Tunnel capability. They call us up, and we can bring up their screens … with them,” Powell says. “They open a remote support capability to do that.” But Sec Consult found the backdoors and vulnerabilities in them as well as authentication bypass flaws in Barracuda’s products. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail