Cody Taylor

Cludge writes “ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: ‘They describe this as the “first real attempt to create a Mac botnet” and notes that the zombie Macs are already being used for nefarious purposes.'”

Read more of this story at Slashdot.

All of those junk e-mails that clutter up your inbox aren’t just a massive annoyance but a colossal waste of energy. According to a report released this week by computer security company McAfee, spammers last year generated a whopping 62 trillion junk e-mails.

alphadogg writes with this excerpt from Network World: “Stanford University researchers are designing an operating system from the ground up to handle the power and security requirements of mobile devices. The Cinder operating system is already working on an Arm chip, and members of the team are working on making it run on the HTC G1 handset, according to Philip Levis, a Stanford assistant professor. Levis spoke about Cinder at the Stanford Computer Forum on Tuesday. If an application isn’t running as fast as the user wants, a Cinder-based phone could include a button to boost the energy allocated to that application, Levis said. Cinder also could allow users to download any code and run it safely on their phones in a ‘sandbox’ mode.”

Read more of this story at Slashdot.

Nicola Hahn writes “One of the first things I noticed while flipping through this hefty book is the sheer number of topics covered. Perhaps this is a necessity. As the author puts it, rootkits lie “at the intersection of several related disciplines: computer security, forensics, reverse-engineering, system internals, and device drivers.” Upon closer inspection, it becomes clear that great pains have been taken to cover each subject in sufficient depth and to present ideas in a manner that’s both articulate and well organized. This accounts for the book’s girth; it weighs in at roughly 900 pages.” Keep reading for the rest of Nicola’s review.

Read more of this story at Slashdot.

An anonymous reader writes “Symantec announced that malicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidential information of computer users. According to the company’s Internet Security Threat Report Volume XIV (PDF), Symantec created more than 1.6 million new malicious code signatures in 2008. This equates to more than 60 percent of the total malicious code signatures ever created by Symantec — a response to the rapidly increasing volume and proliferation of new malicious code threats. These signatures helped Symantec block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008.” Another anonymous reader notes a related report from Verizon (PDF), which says 285 million records were compromised in 2008, more than the total of the previous four years combined.

Read more of this story at Slashdot.

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: “According to the payment-card industry … standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer’s bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module’s application programming interface, or API. ‘Essentially, the thief tricks the HSM into providing the encryption key,’ says Sartin. ‘This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'”

Read more of this story at Slashdot.

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack,…

Alyssey writes “The Mexican government wants to have a database to track every cellphone number in the country (in Spanish, Google translation) and whom it belongs to. They want to tie in the CURP (Unique Registration Population Code in Spanish, like the Social Security Number in the US) with cellphone numbers. If Mexicans don’t send in their number and CURP via SMS before April 10, 2010, their cellphone number will be blocked. The new law was published back in February and is going into effect now.”

Read more of this story at Slashdot.