Cybercrime

Register.com Press Release regarding DDoS

Here is the press release from Register.com in its entirety: Register.com Service Alert April 4, 2009: 2:52PM EST As we previously communicated, Register.com has been experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack. We want to update you on where things stand. As of now, all web services are operational. If you are [...]

Comments Off on Register.com Press Release regarding DDoS
April 4, 2009
Cybercrime

DNS Servers under Attack

This is not a Conficker related blog post. There is a bigger story on the radar from last week. Major web service providers have been intermittently off line with what seems to be major Distributed Denial-of-Service (DDoS) attacks against DNS providers. An attack against DNS provider NeuStar on Tuesday morning disrupted Amazon’s S3 cloud computing service, [...]

Comments Off on DNS Servers under Attack
April 4, 2009
Background Checks / Cybercrime / Policy

Company Wants to Keep Botmaster Criminal as SysAdmin After Time Served

As if this story could get any worse… John Schiefer, an employee of human-powered search engine Mahalo, was sentenced to four years in prison this week for operating a botnet. This would be the same Mahalo that hired Schiefer without even a Google search, let alone a background check. They would have learned that Schiefer had [...]

Comments Off on Company Wants to Keep Botmaster Criminal as SysAdmin After Time Served
March 11, 2009
Cybercrime / SANS Institute

“A Complete Revolution in Federal Cybersecurity”

This blog has previously discussed the CSIS Commission report on cybersecurity, and the one of the next steps towards federal cybersecurity was announced yesterday.   A consortium of US federal agencies has drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity. The Consensus Audit Guidelines (CAG) list [...]

Comments Off on “A Complete Revolution in Federal Cybersecurity”
February 24, 2009
Cybercrime / Microsoft Windows

Microsoft offers $250,000 reward

 Microsoft announced that it has partnered with security companies, domain name providers, and others on a coordinated global response to the worm which has Infected as many as 12 million machines (according to a guesstimate by Arbor Networks).  Participants include  ICANN, VeriSign, , CNNIC, , Public Internet Registry, Global Domains International, M1D Global, AOL, Symantec, [...]

Comments Off on Microsoft offers $250,000 reward
February 14, 2009
Audit / Background Checks / Cybercrime / Policy

Background Checks and References are Imperative for Info Sec Professionals

Does your company’s Human Resources Department complete background checks and reference checks on employees? Is it documented in the employee manual? Many companies are compelled to complete these checks if they are healthcare providers, defense contractors, or children services providers, but other companies don’t want to spend the time or money to complete background checks. [...]

Comments Off on Background Checks and References are Imperative for Info Sec Professionals
January 28, 2009
Cybercrime / Microsoft Windows / Policy

Hospital ignores Sysadmins, disables Windows Update, pays the Price

Computer malware Conficker otherwise known as DownadUp is creating havoc across the Internet, but especially at Sheffield Teaching Hospitals. The malware exploits the MS08-067 vulnerability patched by Microsoft last October. MS08-067 fixes vulnerability in the Server service that could allow remote code execution via a specially crafted RPC request. This vulnerability is particularly nasty because [...]

Comments Off on Hospital ignores Sysadmins, disables Windows Update, pays the Price
January 21, 2009