Many more casualities will pile up, but policy and agreements will prove meaningless against today's anonymous cyberwarrior.

By Fritz Nelson
InformationWeek
October 19, 2009 10:45 AM

Gladiators and jousters, Wild West gunslingers and kamikaze pilots, are long retired to history books and celluloid epics, each a reminder of war tactics from a bygone era. They're supplanted today by anonymous warriors--pseudonyms sitting in virtual garrisons, spying, probing, and launching attacks from non-descript buildings all over the world. This is not your father's war. It's not even your older brother's war. In cyberwarfare, there may be no victors, no spoils, just havoc, theft, and assault.

Microsoft today said it had recovered most of affected Sidekick customers' lost data. But this past weekend, like a doctor issuing a terminal prognosis,

Posted by Mary Hayes Weier @ 11:44:AM | Oct,15, 2009

T-Mobile told affected customers that their data "almost certainly has been lost." So, what changed between then and now?

The statement at T-Mobile's site comes from Roz Ho, corporate VP of "Premium Mobile Experiences, Microsoft Corporation." (Amusingly, there is no mention in the statement of the Microsoft subsidiary, called "Danger," that runs the Sidekick data service under contract with T-Mobile. Wonder if Microsoft's damage control experts have murdered the Danger name and buried it forever?) Ho wrote: "We have determined that the outage was caused by a system failure that created data loss in the core database and the back-up. We rebuilt the system component by component, recovering data along the way. This careful process has taken a significant amount of time, but was necessary to preserve the integrity of the data."

[Computer World...] [Comments...]

Let's say that you wanted to warn people that there are real risks in cloud computing - what would you do?

By Scott Bradner
October 14, 2009 12:02 PM ET

You could tell them that a feature of the cloud is that you cannot be sure of the reliability of other cloud participants, or maybe even know who they are. But who would pay attention to a Chicken Little crying that there is nothing holding the clouds up in the sky?

Now add that you want to be sure that the message was associated with a big company that seems to see cloud computing as its path to future riches. What could you do to be sure the message got through?

[Computer World...]

[Comments...]

Thirteen security bulletins address 34 vulnerabilities -- 22 of them critical

Oct 13, 2009 | 05:38 PM
By Tim Wilson
DarkReading

Microsoft today put security professionals on overtime with its largest-ever release of security patches -- 13 new updates that address some 34 vulnerabilities in Windows applications.
In its October security bulletin, Microsoft disclosed 22 critical vulnerabilities and 12 that were rated less threatening. The previous record was 31, which was set in June, researchers said. Included in the updates was a patch for the flaw in Server Message Block Version 2 (SMBv2), which was disclosed earlier this month. Exploits for that vulnerability already have been seen in the wild.

[Comments...]

An outage causes users to lose their pictures and other personal data, casting doubts on the cloud

Jason Mick (Blog) - October 12, 2009 9:42 AM
DailyTech

Cloud computing is one of the hottest buzz words in the computer industry today.  All of the biggest companies -- Microsoft, Google, Amazon, Yahoo -- are trying to jump on it and figure out how to sell it to customers.  However, outages in service have led many to doubt whether the cloud -- offloading storage, computing and other resources to a centralized external location -- is really such a good idea.  [Comments...]

Hotmail, Gmail, Yahoo, and other email users' accounts exposed

Oct 06, 2009 | 03:37 PM
By Kelly Jackson Higgins
DarkReading

Lists containing tens of thousands of stolen email account usernames and passwords have shown up online during the past few days in what researchers say likely came out of multiple phishing attacks.

Most of the accounts were from Microsoft's Hotmail, but Google's Gmail, Yahoo, Comcast, and Earthlink accounts also showed up on lists posted on Pastebin.com, a site typically used for developers to share code. Neowin reported yesterday that 10,000 or so Hotmail account details were posted online on October 1, and since then, several other lists were discovered that include email accounts from Gmail and the other providers. [Comments...]

Versions of Firefox with enhanced cross-site scripting protection have been released for testing.

By Thomas Claburn
InformationWeek
October 1, 2009 05:20 PM

Mozilla on Wednesday posted preview builds of its Firefox browser with security enhancements designed to mitigate the risk of certain Web attacks.
In a blog post, Brandon Sterne, security program manager for Mozilla, asks security researchers and server administrators to help test the changes by downloading a build appropriate for their operating system. [Comments...]

Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn't just steal your bank log in credentials but actually steals money from your account while you are logged in and displays a fake balance.

September 29, 2009 5:51 PM PDT
by Elinor Mills
C/Net news

The bank Trojan, dubbed URLZone, has features designed to thwart fraud detection systems which are triggered by unusual transactions, Yuval Ben-Itzhak, chief technology officer at Finjan, said in an interview Tuesday. For instance, the software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available. [Comments...]

   First draft of Cyber Security Coordination Task Group report released

Sep 28, 2009 | 06:08 PM
By Kelly Jackson Higgins
DarkReading

A draft report published today by the task group heading up the security strategy and architecture for the nation's smart power grid provided an initial peek at how the grid may be secured.
The Cyber Security Coordination Task Group led by the National Institute of Standards and Technology (NIST) and made up of members of the government, industry, academia, and regulatory bodies, plans to finalize the overall smart grid architecture and security requirements by March of 2010. The initial draft includes risk assessment, security priorities, as well as privacy issues. The task group will publish a second draft in December after addressing the round of comments from this first draft. [Comments...]