New ZBOT/Zeus Binary Comes with a Hidden Message

Feb10

New ZBOT/Zeus Binary Comes with a Hidden Message

11:49 pm (UTC-7)   |   by Jonell Baltazar (Advanced Threats Researcher)

Trend Micro advanced threat researchers recently came across a new ZBOT/Zeus binary file detected as TROJ_ZBOT.BTM.
ZBOT/Zeus variants are well-known for stealing banking information from its victims via various social-engineering tactics (e.g., spammed messages, malicious links sent to social-networking site members in the guise of messages, and compromising legitimate sites), as evidenced by the following documented noteworthy occurrences:

• Phishing in the Guise of Enhancing Security
• ZBOT Targets Facebook Again
• Several Compromised Thai Sites Serve Malware

Apart from the usual information-stealing tactics ZBOT/Zeus Trojans are known for, however, this new variant came with a hidden message that thanks and taunts some well-known antivirus companies for the help they provide the cybercriminals behind the malware to constantly improve on their craft. The said message, however, will only be visible after the binary file (version 1.3.3.3) unpacks and copies itself onto affected systems’ memory.
This taunting message shows that cyber criminals have systems that monitor the performance of AV companies in detecting their craft, and they are constantly updating their software to avoid detection.
Trend Micro™ Smart Protection Network™ already protects product users from this threat by blocking user access to the malicious site, http://{BLOCKED}p.com/consc/cons.exe, where the binary file could be downloaded via its Web reputation service and by detecting and preventing the file’s execution on affected systems via its file reputation service.
Non-Trend Micro product users, on the other hand, can also stay protected by using free tools like Web Protection Add-On, which was especially designed to block user access to potentially malicious websites in real-time.

iRemove Amsterdam Now Open!

iRemove Amsterdam NOW OPEN!

Having problems with your computer?


Is your system running slow or doesn't start properly?


Worried about personal online security and want to protect yourself against the newest threats of 2010?

Is your computer filled with Viruses, Spamware and Adware & any other types Malware?


Then visit iRemove Amsterdam. Virus & Malware removal specialists, we can help.



Fast & freindly service, NO FIX NO FEE!


Our Services include:

* Virus & Malware Removal
* Computer Safe & Secure Setup
* Home Network Secure Setup (wired & Wireless)
* Remote Assistance & online help
* Fresh Operating System Installation (including "Windows 7")
* Data Backup & Recovery
* Online Store
* Advanced Tutorials in Online Protection & Security
* Local Password recovery (including MSN, AIM, Windows Login, WEP & WPA)


House calls available : 30.00EU per Hour
No travel cost inside Amsterdam

Contact us for a price list of operating systems. email :infected@iremove.nl


Securing & Protecting Local Amsterdam, Byte by Byte. Online, At Home or Pickup & Delivery.

Ex-army bloke says the US is not ready for cyber war

By Nick Farrell
The Inquirer
9 February 2010

FORMER US ARMY computer insecurity specialist Christopher Tarnovsky showed the Black Hat Technical Security Conference exactly why the US cannot handle a cyber war.

Speaking before the throngs of hackers, he hacked into a computer chip called a "Trusted Platform Module" or TPM. TPM chips are supposed to be the industry's highest standard of security and are present in more than 100 million computers sold to businesses and individuals.

When he managed it he had access to all the highly sensitive documents in government and business and almost everything on the PC.

Tarnovsky unlocked the most secure chip manufactured by Infineon Technologies and he claimed that his technique will work on the entire line of security chips manufactured by the outfit. Infineon is the leading maker of TPM chips.

It is not Goodnight Vienna for the computer world, however. Hackers wanting to try the Spanish Inquisition on the TPM chips have to first get their paws on a smartphone, laptop or X-box. They will also then have to torture the TPM chip in acid baths, rust remover, and finally drive a oaken spike into the heart of the chip.

[...]

Chinese-born engineer gets 15 years in spying for China

By Patrick J. McDonnell
Los Angeles Times
February 9, 2010

A Chinese-born aerospace engineer who had access to sensitive material while working with a pair of major defense contractors in Southern California was sentenced Monday to more than 15 years in prison for acquiring secret space shuttle data and other information for China.

U.S. District Judge Cormac J. Carney in Santa Ana imposed a 188-month prison term on Dongfan "Greg" Chung, 73, a naturalized U.S. citizen who lives in Orange.

Carney declared that he could not "put a price tag" on national security and sought to send a signal to China to "stop sending your spies here,"
according to the U.S. attorney's office.

Chung, who worked at Boeing's Huntington Beach plant, denied being a spy and said he was gathering documents for a book, not for espionage. His attorneys argued that much of the material was already available on the public record.

[...]

More information security experts needed, says CyberSecurity Malaysia

MySinchew
2010-02-09

KUALA LUMPUR, Feb 9 (Bernama) -- Although Internet banking cybercrimes are still at a manageable level, the country still needs to produce more information security experts, according to CyberSecurity Malaysia.

"I do not want to claim we have a lack of experts or our experts are enough to solve problems but we need to collaborate to produce more experts," said its chief executive officer Lt Col (Rtd) Husin Jazri.

He said with the number of Internet users rising and the trend moving into an advanced level such as mobile banking, the country needed to be prepared in all areas, particularly with information security experts.

Currently, Malaysia has about 16 million Internet users, he told reporters after delivering the opening speech at the CyberSecurity RSA Seminar 2010 here today.

On online banking, Husin said it was the users rather than financial institutions that were most affected by the cybercrimes.

"I'm not worried about the banks. They have a lot of money to secure their systems. They can have the world's best consultant to look into their security systems," he said.

"It's the human part that gets affected, not the technological part. The users become the victims. When the users communicate to the banks, they are exposed to the social engineering, scams and other threats."

According to Husin, online users should be aware that banks never do online maintenance as far as Internet banking is concerned for their customers.

"We need to educate users on this fact which can contribute towards curbing the problem when they aware of this aspect," he said.

>From the total of 3,564 cases reported last year, 1,022 were fraud and
forgery cases, which accounted for one-third of the cases, Husin said.

"We should share know-how and identify the necessary strategy to address
threats such as increasing risk of security breaches, identity theft,
phishing and cyberterrorism," he said.

'Rugged Manifesto' promotes secure coding

By Tim Greene
Network World
February 08, 2010

Three respected security professionals have issued a call for developers to learn and practice secure programming in an effort to reduce the number of exploits directed at applications.

Called the Rugged Manifesto, the document encourages developers to adopt characteristics that will lead them to write more secure applications.
The three authors of the manifesto are Josh Corman, an analyst with The
451 Group; David Rice, formerly with the National Security Agency and author of Geekonomics, a book about the real cost of insecure software; and Jeff Williams, the chairman of OWASP, an organization focused on Web application security. The trio announced the project at the SANS Institure AppSec Conferenc in San Francisco Monday.

The problem now, Corman says, is that developers write code assuming the only task is to make it perform a function. But that can lead to programs riddled with vulnerabilities that can in turn lead to economic damages, lost data and lost productivity. "We have to get to the mass of programmers who simply don't realize their code is being attacked and subverted by talented and persistent adversaries," he says.

The three are trying to motivate developers to aspire to rugged ideals and to learn how their code can be more secure. It's a philosophy or value set accompanied by business cases showing why it makes economic sense to write rugged software rather than dealing later with the consequences of vulnerable software.

Hackers Try to Steal $150,000 from United Way

By Brian Krebs
Krebs on Security
February 3rd, 2010

Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation.s largest charities.

Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization.s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.

"We were able to pretty much capture things as they were happening,"
Latimore said. "Fortunately, we saw it on the day that it occurred."

The intruders attempted to send more than $110,000 in unauthorized payroll transfers to at least a dozen individuals across the United States who had no prior business with the United Way chapter. At least one large wire transfer was attempted, for nearly $40,000, to a 32-year-old man in New York.

Military Intelligence: IDF is prepared for Cyberwarfare

By Arnon Ben-Dror
Israel Defense Forces
03 February 2010

In a paper published by the head of the Military Intelligence Directorate, Major General Amos Yadlin, in the Intelligence Research Center Journal, described the development of cyberwarfare, computer attacks in the 21st century, and the capabilities required from armies to fight this medium successfully.

According to Maj. Gen. Yadlin, cyberwarfare is divided into three areas:
intelligence gathering, defense and attack. "Anyone who is able to hack (personal computers, cell phones and internet) ends up knowing quite a lot. If you catch my drift," warned the Military Intelligence chief in the article.

"Just imagine the damage a single skilled hacker could cause if he penetrated the systems of the infrastructure, transportation and communications companies," continued Maj. Gen. Yadlin. Additionally he spoke of the attacks on government sites, banks and communications in Estonia following the crisis with Russia, which accused Russia of cyberwarfare; the attack on local networks during the war in Georgia, where Russia was also accused; and the attacks on computer networks in the U.S. and South Korea, where North Korea was blamed for penetrating into U.S and South Korean servers. None of the charges against the aggressor countries, stressed Yadlin, were verified even until now.

Maj. Gen. Yadlin, concerned about the potential defensive capabilities,
stated: "Many people believe that defense must go hand in hand with intelligence gathering and attack. Cyber power gives the little guys the kind of ability that used to be confined to superpowers. Like unmanned aircraft, it's a use of force that can strike without regard for distance or duration, and without endangering fighters' lives."

The head of the Military Intelligence Directorate reminded that the United States has already established a cyber command, and in Britain there is an official body that deals with the issuet "because they understand the responsibility for dealing with this evolving new world,"
and stressed that "proper dimension for cyber warfare fits with Israel's conception of security. No great natural resources are required. It's all available right here, without any dependence on foreign aid, in an area with which Israeli young people are very familiar."

"Staying ahead of the game is important in light of the dizzying change of pace in the cyber world: at most, a few months in response to a change, compared to the years that pilots have."

Maj. Gen. Amos Yadlin concluded: "Every day I meet the soldiers and officers whose job is to march us confidently ahead into this new world.
With them we will be able to compete in the Cyber Premier League."

Report Details Hacks Targeting Google, Others

By Kim Zetter
Threat Level
Wired.com
February 3, 2010

Until now we've only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan. About 34 mostly undisclosed companies were breached.

Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack.

What the information indicates is that the attack that hit Google is identical to publicly undisclosed attacks that have quietly plagued thousands of other U.S. companies and government agencies since 2002 and are rapidly growing. They represent a sea change from the kinds of attacks that have commonly hit networks and made headlines.

"The scope of this is much larger than anybody has every conveyed," says Kevin Mandia, CEO and president of Virginia-based computer security and forensic firm Mandiant. "There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now."

Mandiant released the report last week at a closed-door cybercrime conference, sponsored by the U.S. Defense Department, in an effort to make companies aware of the threat.

Black Hat: Microsoft Enhances SDL Offerings

By Thomas Claburn
InformationWeek
February 3, 2010

At the Black Hat security conference in Washington, D.C., on Tuesday, Microsoft introduced new software, a new membership program, and guidance to enhance its Secure Development Lifecycle (SDL) development methodology.

The software is the first public beta of MSF for Agile Software Development plus SDL Process Template for VSTS 2008, MSF-A+SDL for short, a template that helps development teams integrate SDL processes into their Visual Studio Team System development environment.

It is based on Microsoft's SDL-Agile processes, which aim to provide structure for development projects that happen on a more accelerated time line than the typical SDL project.

A version of the template for Visual Studio 2010 will be available shortly after Visual Studio 2010 is released in April.

Microsoft is also expanding its SDL Pro Network to include a new membership category called Tools. Organizations that join as Tools members provide services related to the deployment of security tools, like static analyzers, fuzzers, or binary analyzers.

The company announced seven new SDL Pro Network members: Fortify, Veracode, and Codenomicon in the Tools category; Booz-Allen Hamilton, Casaba Security, and Consult2Comply in the Consulting Member category; and Safelight Security Advisors in the Training Member category.

[...]

Phishing Scam Cripples European Emissions Trading

Spiegel Online
02/03/2010

Sneaky cyber-thieves have made millions by fraudulently obtaining European greenhouse gas emissions allowances and reselling them. The scam has hampered trading of the credits, which are seen as an important tool in curbing climate change, in several European countries.

Most Internet users are familiar with the e-mail scam known in the jargon as "phishing." A plausible-looking e-mail arrives in your in-box, supposedly from your bank or a Web site like Ebay, informing you that your account has been "compromised" and that you urgently need to log in to the company's Web site to rectify matters. The catch is that the Web site the e-mail directs you to is a spoof created by the hackers, meaning that anyone who falls for the trick is unwittingly handing over their all-important user names and passwords to the criminals.

Savvy e-mail users know to delete such e-mails straight away. But canny thieves have now used the technique to make money in a very 21st century fashion -- by fraudulently gaining access to companies' greenhouse gas emissions allowances and selling them on.

According to a report in the Wednesday edition of the Financial Times Deutschland, hackers sent e-mails last Thursday to several companies in Europe, Japan and New Zealand which appeared to originate from the Potsdam-based German Emissions Trading Authority (DEHSt), part of the EU's Emission Trading System (EU ETS). Ironically, the e-mail said that the recipient needed to re-register on the agency's Web site to counter the threat of hacker attacks.

[...]

PACAF stands up Information Protection Directorate

Pacific Air Forces Public Affairs
2/3/2010

JOINT BASE PEARL HARBOR HICKAM, Hawaii -- As the cyberspace battlefield broadens, Pacific Air Forces leadership created the Directorate of Information Protection to effectively protect information across the enterprise.

The structure is mirrored at each wing across the area of responsibility.

The organization goal is to provide an enterprise-wide approach to prevent compromises, loss, unauthorized access, disclosure, destruction, distortion or non-accessibility of information over the life cycle of information and ensure commanders have effective processes and the right people in place to provide a focused, seamless, functional and supportive environment for protecting information at all levels to conduct effective air, space and cyberspace operations.

Information protection refers to the collective policies, processes and use of risk management and mitigation actions instituted to prevent the compromise, loss or unauthorized access of information over its life cycle, regardless of physical form or characteristics.

Information protection encompass multiple disciplines and programs, such as Information security, Personnel Security, Industrial Security, Physical Security, Security Education Training, Classification/Declassification management, Original Classification Authority training, Operation Security, Communication Security, Sensitive Compartmental Information, Special Programs, Technical Communication, Foreign Disclosure, Public Release, and Restricted Data.
These processes are executed through a collaborative established Security Advisor Groups at each installation.

"We want to change the culture of our personnel and make information protection methodologies routine and transparent to our business processes to correctly protect vital information on behalf of our warfighter," said Johnny Bland, PACAF/IP director. "Our goal is not only to protect sensitive information, controlled unclassified information and classified information, but to ensure every PACAF personnel understand the importance of protecting information. Information protection affects every PACAF active-duty member, Reservist, Guardsman, civil servant and contract employee, regardless of rank or position. We all have information protection responsibilities."

Senior leaders all agree that when Information protection staffs are fully mature, they will serve as a single entity to develop and execute policies and procedures to safeguard all levels and types of information using an enterprise-wide approach.

For more information, call DSN 449-2801/2802/2804.

Swiss Banks Achilles Heel Is Workers Selling Data

By Warren Giles
Bloomberg.com
Feb. 2, 2010

(Bloomberg) -- Swiss banks are discovering that the biggest threat to client privacy is their own workers.

German Chancellor Angela Merkel said yesterday her government may buy stolen data on Swiss bank accounts as French authorities comb information acquired from an employee of HSBC Holdings Plc's private bank in Geneva. The cases come two years after Germany paid 5 million euros ($7 million) for details filched from LGT Group in neighboring Liechtenstein.

"This is a kind of business war against Switzerland in which practices which were completely illegal have become acceptable," says Daniel Fischer, founder of Zurich-based Fischer & Partner law firm who specializes in banking law and fraud. "It's a huge danger for Swiss banks."

The willingness of governments to pay for stolen data is fanning tensions with France and Germany as Switzerland seeks to negotiate treaties implementing its commitment to cooperate with international tax probes. The Swiss government said last month it will draft a law barring officials from assisting foreign countries in cases involving theft of client details.

Researchers Uncover Security Vulnerabilities in Femtocell Technology

By Brian Prince
eWEEK.com
2010-02-01

Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.

Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge.

Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will present their findings at ShmooCon, held Feb. 5 to 7 in Washington.

"Our original [area of] curiosity was whether these devices could be utilized to supplement cellular deployment in third-world countries (such as the OpenBTS+Asterisk project) in a much cheaper package ($250 compared to over $1,200 for a USRP hardware device plus server costs),"
Fasel explained. "After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications."

Femtocell devices are small cellular base stations used to increase wireless coverage in areas with limited service. Because a cell phone does not have business logic to prevent it from connecting to a wireless device acting as a tower that has been tampered with, it is possible for malicious users to abuse that trust and sniff traffic as it traverses the network.

"Through the theoretical attack method outlined in our talk, the attacker would compromise the femtocell device to gain full root access over the device," Fasel said. "As the attacker has access to the device, any services the device offers [are] subject to the attacker's control, including voice, data, authentication and access to the femtocell's home network."

Hacking for Fun and Profit in China's Underworld

By David Barboza
The New York Times
February 1, 2010

CHANGSHA, China -- With a few quick keystrokes, a computer hacker who goes by the code name Majia calls up a screen displaying his latest victims.

"Here's a list of the people who've been infected with my Trojan horse,"
he says, working from a dingy apartment on the outskirts of this city in central China. "They don't even know what's happened."

As he explains it, an online "trapdoor" he created just over a week ago has already lured 2,000 people from China and overseas -- people who clicked on something they should not have, inadvertently spreading a virus that allows him to take control of their computers and steal bank account passwords.

Majia, a soft-spoken college graduate in his early 20s, is a cyberthief.

He operates secretly and illegally, as part of a community of hackers who exploit flaws in computer software to break into Web sites, steal valuable data and sell it for a profit.

Homeland Security Plans Cybersecurity, Data Center Investments

By Elizabeth Montalbano
InformationWeek
February 2, 2010

The Department of Homeland Security is looking to invest nearly $900 million in fiscal 2011 on technology projects that include bolstering cyber security and continued work on a data center consolidation project that's already underway.

Other IT priorities listed as part of the department's proposed $56.3 billion budget, unveiled Monday, include improvements to an existing Internet-based verification program that lets employers check that someone is legally allowed to work in the United States and technology for airport security.

Overall, DHS said that protecting the United States against terrorism and other threats and promoting fiscal responsibility and efficiency within the department are its top priorities for fiscal 2011 funding.

DHS is asking for $379 million to go to its National Cyber Security Division (NCSD) to develop capabilities for preventing and responding to cyber attacks. The department plans to use the money to identify and reduce vulnerabilities within both its .gov and .com Internet domains, officials said on a conference call.

NCSD is a division within DHS that's meant to work collaboratively with public, private, and international organizations to secure cyberspace and the U.S. government's cyber infrastructure. At the same time that it's investing in cybersecurity, the Obama administration has made several key appointments to oversee such efforts, including cybersecurity coordinator Howard Schmidt.

Cheap Antivirus Suites with iRemove Amsterdam

iRemove Amsterdam, AVG Internet Security Licenses Available, Reduced Price.

Contact infected@iremove.nl for more prices and deals.

Other offers include :

AVG 9.0 Antivirus

SurfRight Hitman Pro 3.0 Yearly License

SurfRight Caretaker Anti-Spam Assasin, cleans 99% of all spam before it hits your inbox.

Prevx 3.0 AntiMalware Realtime protection + Safe Online Secure Bank Browsing . Yearly License.

Oracle Hacker Gets The Last Word

By Andy Greenberg
Forbes.com
02.02.10

ARLINGTON, Va. -- In 2001, Larry Ellison brashly proclaimed in a keynote speech at the computing conference Comdex that his database software was "unbreakable." David Litchfield has devoted the last nine years to making the Oracle chief executive regret that marketing stunt.

At the Black Hat security conference Tuesday afternoon, Litchfield unveiled a new bug in Oracle's 11G database software, a critical, unpatched vulnerability that would allow a hacker to take control of an Oracle database and access or modify information at any security level.
"Anything that God can do on that database, you can do," Litchfield told Forbes in an interview following his talk.

The attack that Litchfield laid out for Black Hat's audience of hackers and cybersecurity researchers exploits a combination of flaws in Oracle's software. Two sections of code within the company's database application--one that allows data to be moved between servers and another that allows management of Oracle's implementation of java--are left open to any user, rather than only to privileged administrators.
Those vulnerable subroutines each have their own simple flaws that allow the user to gain complete access to the database's contents.

Litchfield says he warned Oracle about the flaws in November, but they haven't been patched. Oracle didn't immediately respond to a request for comment.

The bug is far from the first that 34-year-old Litchfield has outed on Oracle's behalf. As a cybersecurity researcher and penetration tester, Litchfield has exposed more than a thousand database software security flaws, mostly in Oracle's code.

[...]

At Black Hat, a search for the best response to China

By Patrick Thibodeau
Computerworld
February 2, 2010

ARLINGTON, Va. -- Google's revelation last month that attacks out of China resulted in the theft of some of its data drew attention to the broader question at the Black Hat conference here over what can be done to the villains.

Cyberattacks give rise to anger and a very human desire to strike back, but pursuing attackers in ways that matter isn't accomplishing much. The number of people who are arrested and convicted for any of the phishing attacks, intrusions and thefts is tiny.

Several countries, Russia and China in particular, don't want to cooperate on cybersecurity enforcement, said Andrew Fried, a security researcher at the Internet Systems Consortium, a nonprofit group, and a former special agent at the U.S. Treasury Department. "The reality is they don't want to do squat to help anybody," he said, on a panel at the cybersecurity conference today.

After an attack, such as the China-Google incident, there's always interest in establishing "attribution" - identifying the source of the attack. But Jeff Moss, the founder of Black Hat and director of the conference, questioned whether too much emphasis is placed on that effort. Moss also serves on the Department of Homeland Security's security advisory council.

"We should be spending more energy on dealing with the containment of an attack, reducing the effects of an attack," Moss said. "I don't think we will ever be able to stop the attack."

Accusations Fly Over Voice Encryption Hack

By John E. Dunn
CSO Online
February 02, 2010

German encryption firm SecurStar has strenuously denied being behind an apparently independent test of voice encryption products that found many of its rivals could be hacked using a $100 phone-tapping program.

In a blog on the subject, Fabio Pietrosanti, founder and CTO of Swiss encryption startup Khamsa, alleges that a supposedly independent test of
15 encryption products was in fact a marketing exercise designed to publicise one of only three products to pass the hacking test, SecurStar's PhoneCrypt.

The tests by an anonymous researcher, 'Notrax', found that all but three programs and hardware products looked at could be bypassed by installing a simple wiretapping Trojan called FlexiSPY to record voice output without the programs giving the user any indication that security had been compromised.

Khamsa's own GSM security software was not part of the test but the encryption technology it uses, ZRTP, came in for criticism. The moving force behind that system and its implementation in a program called Zfone is encryption pioneer and inventor of Pretty Good Privacy, Phil Zimmermann, who is also listed as being on Khamsa's scientific board.

According to Pietrosanti, the unnamed 'Notrax' was subsequently traced to an IP address connected to SecurStar after the individual followed a link embedded in a blog Pietrosanti had posted.

Cyber threat growing at unprecedented rate, intell chief says

By Ben Bain
FCW.com
Feb 02, 2010

Malicious cyber activity is growing at an unprecedented rate, severely threatening the nation's public and private information infrastructure, the government's top intelligence official said today.

Dennis Blair, the director of national intelligence, told members of the Senate Select Intelligence Committee, that "in the dynamic of cyberspace, the technology balance right now favors malicious actors rather than legal actors, and is likely to continue that way for quite some time."

Sensitive information is stolen daily from government and private-sector networks and intelligence officials often find persistent, unauthorized, and sometimes unattributable presences on exploited networks, Blair said in prepared remarks about intelligence agencies' annual threat assessment.

"We cannot be certain that our cyberspace infrastructure will remain available and reliable during a time of crisis," he testified.

Most consumers reuse banking passwords on other sites

By John Leyden
The Register
2nd February 2010

The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.

Online security firm Trusteer reports that 73 per cent of bank customers use their online account password to access at least one other, less sensitive website. Even worse, around half (47 per cent) use the same online banking username and password for other website logins.

This dismal password security practice means that if cybercrooks trick a user into giving away his login credentials for a social networking site, for example, they stand a very good chance of getting into webmail and online banking accounts for the same person, potentially bringing about crippling financial losses as a result.

Trusteer's findings are pulled from a sample of users of its Rapport browser security service. This is offered through online banks in Europe and North America to their customers as a defence against phishing attacks. Web users outfitted with Trusteer's Rapport browser security plug-in are prevented from sending login details to fraudsters, even if they visit and attempt to enter data into a known phishing site.