“Us techie’s of the world argue that if you don’t want something to be seen don’t send it via email.”

Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They’re pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

CNET has reviewed a survey scheduled to be released at a federal task force meeting on Thursday, which says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to “exchange legal process requests and responses to legal process” through an encrypted, police-only “nationwide computer network.

Police Want A Backdoor To Your Data”

The lawsuit, filed by Experi-Metal Inc. (EMI), in Sterling Heights, Mich., charges that Dallas-based Comerica Bank effectively groomed its customers to become phishing victims by routinely sending them e-mail messages that asked recipients to click a link to update the bank’s security technology. The company also alleges that Comerica’s security protections for customers are not commercially reasonable, because the phishing scam routed around the bank’s 2-factor authentication system.

Phishing Attack

Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization’s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.

The intruders attempted to send more than $110,000 in unauthorized payroll transfers to at least a dozen individuals across the United States who had no prior business with the United Way chapter. At least one large wire transfer was attempted, for nearly $40,000, to a 32-year-old man in New York.

William Hong, of Flushing, N.Y., said he was approached in late December by an entity calling itself the Classic Group. Hong said the company, which gave its Web address as classic-groupco.ws, told him it had found his resume on Monster.com and asked would he like a work-at-home job as a financial manager?

Hong, who is and was unemployed at the time, said he took the job, and that the application process required him to fax an employee agreement, a canceled check, a copy of a utility bill or his drivers license, along with his bank account information. Hong gave his erstwhile employers the account and routing numbers for Merging Stone Capital Group Inc., a company he had started several years ago.

Social Engineering Alive and Well

Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users.

The add-ons have been removed from Firefox’s official add-on download site.

According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the “experimental” area of Firefox’s add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning.
Mozilla Vulnerability Slips Through Security

“It’s gotten completely out of hand. The bad guys are going to some local registries in Europe and getting massive amounts of IP space and then they just go to a hosting provider and set up their own data centers,” said Alex Lanstein, senior security researcher at FireEye, an antimalware and anti-botnet vendor. “It takes one more level out of it: You own your own IP space and you’re your own ISP at that point.

“If there’s a problem, who are you going to talk to? It’s a different ball game now. These guys are buying their own data centers. These LIRs and RIRs aren’t going to push back if you say you need a /24 or /16. They’re not the Internet police,” Lanstein said.

More Here

Waikato District Health Board has been crippled by a computer worm which has seen every PC in the organisation shut down.

While the main hospital in Hamilton and smaller outlying hospitals were continuing to function, spokeswoman Mary-Ann Gill said it was important people only came for treatment if it was absolutely necessary.

Emergency care was still available but those arriving for routine appointments were being affected, as were GPs who often made referrals to hospitals via email.

“We are asking GPs to only make urgent referrals,” she said.

More Here

BOSTON – A computer hacker who was a force behind one of the largest cases of credit card theft in US history says he has a developmental disorder and is asking for a reduced sentence.

Albert Gonzalez, of Miami, admitted invading the computer systems of such retailers as TJX Cos., BJ’s Wholesale Club and Sports Authority. Federal authorities say tens of millions of credit and debit card numbers were stolen.

His lawyers have submitted a report from a psychiatrist who concluded his behaviour was consistent with Asperger’s syndrome. That’s a form of autism.

Gonzalez was scheduled to be sentenced on Monday. The hearing has been postponed indefinitely so prosecutors can consider the psychiatrist report.

His lawyers are asking for a sentence at the lower end of the 15 to 25 years in his plea agreement.

- AP