Monday, 14 December 2009

Get your HitmanPro Here. **NEW ANTIVIRUS SOFTWARE**

http://www.surfright.nl/en/shop?rc=9599818

Hitman Pro Available Through iRemove Amsterdam

32% of Computers Still Infected, Despite Presence of Antivirus Program

Hengelo, December 9, 2009. Computer users assume that the popular antivirus programs will protect them against malware (viruses, spyware, Trojans, etc). But our research shows this is not correct. Over 100,000 computers were scanned using our award-winning product, Hitman Pro 3, and almost 32% of the users that have an up-to-date antivirus program installed is still infected with malware.

"Our research shows that traditional antivirus programs cannot keep up with the cyber criminals", according to CEO Mark Loman. "Despite all their efforts, suppliers of antivirus programs release a solution days, sometimes weeks, after a new malware instance is released."

Mark Loman continues: "Our research also shows that not all antivirus programs detect the same threats. A combination of different antivirus programs would reduce the number of infections dramatically. This security strategy is already used successfully at the enterprise level, but has been difficult to implement for home users due to the increased resource requirements needed to run multiple antivirus programs and conflicts between different antivirus programs, both of which can adversely affect computer performance."

Hitman Pro 3 allows home users to use the detection and removal capabilities of multiple antivirus programs incorporated into one seamless solution, because the 7 antivirus programs are available via Internet (the Scan Cloud).
Research Results

107,435 computer users have used the free version of Hitman Pro 3 for the first time in the period from October 10 to December 4.
78,828 users had an up-to-date antivirus program installed. 28,607 users had not.
25,038 (32%) of the 78,828 users with up-to-date antivirus program were infected with malware.
13,002 (46%) of the 28,607 users without up-to-date antivirus program were infected with malware.

These 107,435 users have scanned their computer using the Behavioural Scan in Hitman Pro 3. All potential malware instances were submitted to the SurfRight Scan Cloud for further analysis. All of these malware samples were gathered in the period from October 10 to December 4 (55 days) in order to reflect actual malware samples "in the wild" and not a collection of "old" malware examples.
Top 10 of found malware
Rank Malware Infected
Computers
1. Generic 34,845
2. FakeAV 13,050
3. Alureon 5,915
4. Delf 4,116
5. Virut 2,868
6. Vundo 2,421
7. Small 2,342
8. OneStep 2,093
9. OnLineGames 1,946
10. Swizzor 1,854

The large number of generics is an indication that AV vendors are trailing behind in releasing signatures to detect new variants of malware. For example: The TDSS rootkit is in the top 3 of malware that Hitman Pro 3 detected last month. We received the first sample of TDSS/Alureon rootkit from a victim’s machine in our Scan Cloud on October 30, 2008. More than one year later, this particular rootkit sample still beats every major AV product.
Research Results

* It is not sufficient to assume you are protected if you have an antivirus program on your PC. Scan your PC regularly with a product from a different vendor for a second opinion.
* Do not simply extend the subscription of your antivirus program when it expires. In most cases it is better to upgrade to the latest version, as newer versions are in general better equipped to battle the newest sophisticated threats.
* Although vendors of antivirus programs are able to detect sophisticated threats, not all are able to remove it completely.

Click here for a detailed description of the research results and the methodology.
Hitman Pro 3

Hitman Pro 3 can scan a computer in only a few minutes from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware using a Behavioural Scan. The actual verification of these potential malware files is then done on the Hitman Pro servers, the "Scan Cloud", which incorporates a hosted multi-vendor scanning service. Hitman Pro 3 uses 7 different antivirus programs to analyse the suspicious files.

Hitman Pro 3 can be used in addition to your existing antivirus program. Scanning your PC is free so Hitman Pro 3 is an ideal solution to check if your current antivirus program is protecting you sufficiently. A free version can be downloaded from www.hitmanpro.com
About SurfRight

SurfRight B.V. was founded in 2008, based on the freeware project Hitman Pro 1 and 2 with a user base of more than 3 million users. SurfRight is dedicated to the development of smart, efficient and user-friendly security solutions for the average computer user. Hitman Pro 3 and the Caretaker product family include solutions against unsolicited mail (spam), online fraud (phishing), viruses and other malware.

Stolen bank data mixed into list of French tax dodgers

By John Leyden
The Register
11th December 2009

The legality of a French crackdown on suspected tax evaders earlier this
year has been thrown into doubt after it emerged that stolen data was
among the mix of information used by financial investigators.

A list of 3,000 French nationals suspected of using Swiss banking
secrecy to evade paying taxes included data handed over by a former IT
worker for HSBC in Switzerland - without the bank's permission - to the
French authorities.

In a statement, HSBC in Switzerland confirmed a worker suspected of
stealing information from the bank between 2006 and 2007 was prosecuted
last year. The data involved less than 10 accounts held by Geneva-based
HSBC Private Bank, according to HSBC. It's unclear whether the unnamed
worker involved was convicted of any offence. French daily Le Parisien
reports that the former bank staffer has fled to France and is living
under judicial protection.

French daily Le Figaro claimed on Friday that up to 4,000 French clients
of the bank, collectively holding €6 billion ($8.8 billion) in assets in
Switzerland, were named on the stolen list. Only an unspecified
proportion of those named on the list (which sounds like a data dump,
perhaps indexed by a residential address in France) are suspected of tax
evasion.

Digital dangers in a wired world

By Lim Mi-jin, Kim Jeen-kyung
JoongAng Daily
December 14, 2009

It's the stuff of action flicks. In "Live Free or Die Hard," terrorists
paralyze the United States by taking over all transportation systems,
broadcasting, communications and the power grid. It’s a total shutdown
and only Bruce Willis can save the world from the evil hackers.

But the plot’s not a total fiction.

In today’s interconnected world, system after system can collapse if a
central computing facility such as a supervisory control and data
acquisition, or Scada, system fails. These Scada collect data from
sensors at plants and other remote locations and then send data to a
central computer that manages and controls data.

So what we saw in the last Die Hard movie has actually already been
experienced. Ask the Poles. In January last year, a subway train
derailed in Lodz injuring several passengers after a 14-year-old boy
hacked into the railway operation system. And look at what happened in
the United States in August 2003 when a virus called a "Blaster Worm"
found its way into the Scada for the power grid in the northeast of the
U.S. Around 5,000 people in seven states were injured in the ensuing
blackout. "Once you hack into the Scada, you can manipulate all the
water, electricity and gas supply systems," said Park Chan-am, 20, the
winner of a hacking protection competition held in Korea this year, part
of Codegate 2009, an international event.

Korea has already installed Scada systems in most facilities across the
country. These facilities control everything from reserving train
tickets to supplying electricity and air-conditioning. They even control
the floodgates of multipurpose dams and the quality of tap water in
Seoul.

And we have seen what can happen when things go wrong. On Nov. 27, the
electric power in the Korea Railroad Corporation building in
Bongnae-dong, central Seoul, went off at 5:21 p.m. Within a minute,
Korail had supplied emergency electric power but all systems for issuing
train tickets nationwide were halted for nearly two hours because the
computer server managing train ticket reservations and issuance that was
installed in the Korail building malfunctioned.

The situation was not life threatening but it caused a major
inconvenience for passengers trying to buy tickets.

Korea's largest Scada system in scale is Korea Electric Power
Corporation’s "smart grid," which will be test run from 2011. The system
will have sensors and cameras installed in existing power plants and
power grids. Those sensors and cameras are going to allow Scada to
control the volume of regional power supply and demand. In that way, the
proper amount of electricity is expected to be provided to each region
at that right time.

Experts say this measure could save energy but electric power supply
operation across the country could be paralyzed if the Scada is
compromised. "It is almost impossible to hack into the smart grid system
because it is operated by a remote Internet network and it has advanced
security facilities attached," said an official at Kepco who asked not
to be identified.

However, experts in the security industry said the system could be
breached. Security experts say safeguard measures have to be included in
a law related to the establishment of the smart grid. They cite the
example of an employee from a company in charge of disposing garbage
penetrated the Scada and released a large amount of waste in a river in
Queens-land, Australia. Apparently he had a grudge against the local
council.

"Terrible damage, such as a large-scale power blackout, is highly likely
if the system is attacked by hackers," said Lim Jong-in, a professor at
Korea University’s Graduate School of Information Management and
Security. "The planned bill has to be revised in order to arrange for a
high security budget and secure human resources."

New version of 20 top security controls is available

By William Jackson
GCN.com
Dec 10, 2009

Version 2.3 of the Consensus Audit Guidelines, the top 20 critical
security controls agreed on by a consortium of private and government
security experts, has been released and is available on the Web site of
the SANS Institute.

The consortium includes the National Security Agency, the U.S. Computer
Emergency Readiness Team, and agencies from the departments of Defense,
State and Energy, in addition to commercial forensics experts and white
hat hackers. The controls are intended to help large enterprises
prioritize and automate efforts to block known attacks and identify
intrusions. They include 15 automated controls and five additional
controls that cannot be automated to the same degree.

Call for papers i-Society 2010

CALL FOR PAPERS

*******************************************************************
International Conference on Information Society (i-Society 2010),
Technically Co-Sponsored by IEEE UK/RI Computer Chapter
28-30 June, 2010, London, UK
www.i-society.eu
*******************************************************************

The International Conference on Information Society (i-Society 2010) is
Technically Co-Sponsored by IEEE UK/RI Computer Chapter. The i-Society
is a global knowledge-enriched collaborative effort that has its roots
from both academia and industry. The conference covers a wide spectrum
of topics that relate to information society, which includes technical
and non-technical research areas.

The mission of i-Society 2010 conference is to provide opportunities for
collaboration of professionals and researchers to share existing and
generate new knowledge in the field of information society. The
conference encapsulates the concept of interdisciplinary science that
studies the societal and technological dimensions of knowledge evolution
in digital society. The i-Society bridges the gap between academia and
industry with regards to research collaboration and awareness of current
development in secure information management in the digital society.

The topics in i-Society 2010 include but are not confined to the
following areas:

*New enabling technologies
- Internet technologies
- Wireless applications
- Mobile Applications
- Multimedia Applications
- Protocols and Standards
- Ubiquitous Computing
- Virtual Reality
- Human Computer Interaction
- Geographic information systems
- e-Manufacturing

*Intelligent data management
- Intelligent Agents
- Intelligent Systems
- Intelligent Organisations
- Content Development
- Data Mining
- e-Publishing and Digital Libraries
- Information Search and Retrieval
- Knowledge Management
- e-Intelligence
- Knowledge networks

*Secure Technologies
- Internet security
- Web services and performance
- Secure transactions
- Cryptography
- Payment systems
- Secure Protocols
- e-Privacy
- e-Trust
- e-Risk
- Cyber law
- Forensics
- Information assurance
- Mobile social networks
- Peer-to-peer social networks
- Sensor networks and social sensing

*e-Learning
- Collaborative Learning
- Curriculum Content Design and Development
- Delivery Systems and Environments
- Educational Systems Design
- e-Learning Organisational Issues
- Evaluation and Assessment
- Virtual Learning Environments and Issues
- Web-based Learning Communities
- e-Learning Tools
- e-Education

*e-Society
- Global Trends
- Social Inclusion
- Intellectual Property Rights
- Social Infonomics
- Computer-Mediated Communication
- Social and Organisational Aspects
- Globalisation and developmental IT
- Social Software

*e-Health
- Data Security Issues
- e-Health Policy and Practice
- e-Healthcare Strategies and Provision
- Medical Research Ethics
- Patient Privacy and Confidentiality
- e-Medicine

*e-Governance
- Democracy and the Citizen
- e-Administration
- Policy Issues
- Virtual Communities

*e-Business
- Digital Economies
- Knowledge economy
- eProcurement
- National and International Economies
- e-Business Ontologies and Models
- Digital Goods and Services
- e-Commerce Application Fields
- e-Commerce Economics
- e-Commerce Services
- Electronic Service Delivery
- e-Marketing
- Online Auctions and Technologies
- Virtual Organisations
- Teleworking
- Applied e-Business
- Electronic Data Interchange (EDI)

*e-Art
- Legal Issues
- Patents
- Enabling technologies and tools

*e-Science
- Natural sciences in digital society
- Biometrics
- Bioinformatics
- Collaborative research

*Industrial developments
- Trends in learning
- Applied research
- Cutting-edge technologies

* Research in progress
- Ongoing research from undergraduates, graduates/postgraduates and
professionals

Important Dates:
Paper Submission Date: January 31, 2010
Notification of Paper Acceptance / Rejection: February 28, 2010
Camera Ready Paper Due: March 15, 2010
Early Bird Attendee registration: January 01, 2010
Late Bird Attendee registration: February 28, 2010
Conference Dates: June 28-30, 2010

For more details, please visit www.i-society.eu

Heartland Executives Told the Truth, Judge Says

By Robert McMillan
IDG News Service
Dec 10, 2009

Top executives at Heartland Payment Systems spoke truthfully about the
state of security at the company, a federal judge said earlier this week
before dismissing a class-action lawsuit against the payment processor.

The shareholder lawsuit, filed in March, was dismissed Monday by Judge
Anne Thompson of the U.S. District Court for the District of New Jersey.

Heartland was sued by shareholders after its stock dropped nearly 80
percent following the largest data breach in U.S. history. The
plaintiffs in the case say that Heartland executives lied when asked
about the state of the company's security in earnings conference calls
and by failing to disclose a 2007 SQL injection attack on its payroll
system in Securities and Exchange Commission filings.

That December 2007 SQL injection attack was important because it gave
criminals a back door into the company's payment processing system, the
plaintiffs alleged. Ultimately hackers stole more than 130 million
credit card numbers.

But in her opinion, Judge Thompson said that because Heartland had not
confirmed the credit card hack until January 2009, the company's
executives were telling the truth when they told investors that they
took security seriously.

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News