“Us techie’s of the world argue that if you don’t want something to be seen don’t send it via email.”

Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They’re pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

CNET has reviewed a survey scheduled to be released at a federal task force meeting on Thursday, which says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to “exchange legal process requests and responses to legal process” through an encrypted, police-only “nationwide computer network.

Police Want A Backdoor To Your Data”

The lawsuit, filed by Experi-Metal Inc. (EMI), in Sterling Heights, Mich., charges that Dallas-based Comerica Bank effectively groomed its customers to become phishing victims by routinely sending them e-mail messages that asked recipients to click a link to update the bank’s security technology. The company also alleges that Comerica’s security protections for customers are not commercially reasonable, because the phishing scam routed around the bank’s 2-factor authentication system.

Phishing Attack

Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization’s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.

The intruders attempted to send more than $110,000 in unauthorized payroll transfers to at least a dozen individuals across the United States who had no prior business with the United Way chapter. At least one large wire transfer was attempted, for nearly $40,000, to a 32-year-old man in New York.

William Hong, of Flushing, N.Y., said he was approached in late December by an entity calling itself the Classic Group. Hong said the company, which gave its Web address as classic-groupco.ws, told him it had found his resume on Monster.com and asked would he like a work-at-home job as a financial manager?

Hong, who is and was unemployed at the time, said he took the job, and that the application process required him to fax an employee agreement, a canceled check, a copy of a utility bill or his drivers license, along with his bank account information. Hong gave his erstwhile employers the account and routing numbers for Merging Stone Capital Group Inc., a company he had started several years ago.

Social Engineering Alive and Well

Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users.

The add-ons have been removed from Firefox’s official add-on download site.

According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the “experimental” area of Firefox’s add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning.
Mozilla Vulnerability Slips Through Security