Articles from last posting

Housewife loses large sum to keylogger in South Korea

MSN site in South Korea bites users

Conflicting advise - what is a person to do - PIN fright night

Anti-virus vendors square off

MS to crush RIM and enable the 'new world of work'

Indian call centre worker sells sensitive data to UK reporter

A reporter from the Sun, the UK tabloid - not known for its kindler and gentler tactics to bring home the news, smoked out an unfortunate call centre worker in India, with the lure of hard cash - a total of 5,000 US dollars -for credit card data and other sensitive information on 1000 accounts.

London bobbies are investigating, no doubt emboldened by current hysteria that outsourcing will decimate the ranks of UK IT workers. The inveterate reporter allegedly was told he was ' getting a special deal', and that the errant worker, Kkaran Bahree, said he got the data 'from a network of call centre workers in Delhi', and boasted he could get 'up to 2,000 account details a month'.

Since the scandal broke in the UK, he has apparently alternated between denying everything, and more recently, according to Reuters, playing dumb- stating he did not know what he was selling - that he was merely trying to make some money on the side. Playing dumb is, you will recall, the defence of choice these days for several notorious corporate ne'r do wells.

Indian call centers, which Reuters indicate employ 350,000 workers have vowed to improve security, no doubt with the recent theft of data from NYC Citibank customers by an ID theft ring at the top of their minds.

US army cybersleuths find keyloggers on network in Afghanistan

As if the US army hasn't enough problems.

It was recently revealed that in 2004, a US soldier stationed in Afghanistan installed keylogger software on more than 200 computers, giving him easy access to 'passwords, credit card data and other sensitive information'.

It seems he did nothing with his stash, or so the offical story goes, but his days in the army are clearly numbered, if not already past. The US Army’s Computer Crime Investigative Unit located the suspect, who was ' referred to the military justice system for disciplinary action'.

Apparently CCIU is not entirely devoid of humour, keeping a rogues gallery of cybercriminals it has helped expose.

Security products riddled with holes

The Yankee Group has indicated that the security industry needs to pull up its socks in a big way, as the number of vulnerabilities in products that are supposed to protect us continue to escalate at an alarming rate.

In a recent press release, they state that in the 15-month period through March 2005, security vendors reported 77 separate vulnerabilities, and reveal a shocking fact, that 'during the last 12 months in particular, the relative number of vulnerabilities in security products jumped significantly....significantly faster than the rate for products made by Microsoft'.

Shareholders approve Symantec and Veritas merger

Despite a belief in many circles (shares in Symantec have nose dived since the deal was announced), that in this case, one plus one only equals two - at best - Symantec shareholders have overwhelmingly voted to approve the $13.5 billion deal, due to close on July 2.

Both companies have similar revenue, but the storage sector has enjoyed far slower growth than Symantec has experienced in its traditional security business. Hence, there are concerns that Veritas will hamper growth overall, and become a rock around Symantec's neck.

Such speculation is, of course, vehemently denied by Symantec CEO, John Thompson, who has great hopes for the combined businesses- despite the fact that Microsoft now has him firmly in its sights- an unenviable position going forward.

There is also a growing concern amongst experts, myself included, that widespread security vulnerabilites have not been adequately addressed in storage products to date, and that storage vendors are reluctant to open that particular quagmire to scrutiny. Unless Symantec is prepared to address such lingering fears, it may find itself with more liabilities than opportunities in the long term.

A recent report that CERT has identified a critical flaw in a Veritas backup tool is not encouraging.

ChoicePoint CSO tries to make a silk purse out of a sow's ear..

In a fine testament to the notion that 'hope dies eternal', ChoicePoint CSO, Rich Baich, continues to maintain that the recent data security breach at the massive data miner, was, well, not that at all. Au contraire, it was merely ' fraud', and 'not a traditional hack'.

It is worth reading the interview with ComputerWorld just to appreciate the extent of the self delusion at play in this case. However, similar contorted logic was used by the Indian call centre recently responsible for the above mentioned Citibank data breach. In that case, the victims were blamed.

In many circles, the penny has just not dropped - that the Customer is King - and that mealy mouthed excuses are unlikely to regain his or her trust when the chips are down.

Shareholders are not, alas, as sanguine about the breach/fraud and have sued the company.

Bluetooth security requires 8-digit PINs

If you have got the hang of 4-digit PINs, and you are feeling cocky, now is not the time for celebration. A greater challenge is nigh- the 8-digit PIN - needed, it seems, to protect Bluetooth enabled devices. The Bluetooth Special Interest Group (SIG) has stated that ' a PC can crack a four digit code in a tenth of a second', but an eight digit PIN would take 100 years, "making this crack nearly impossible".

The Bluetooth PIN crack attack -recently outlined by Israeli researchers -is apparently not (yet) in the arsenal of every pimply 15 year old. Scant consolation, as time will change that dynamic, as surely as there will always be death and taxes.