The sudden takedown of an Internet provider thought to be helping spread one of the most promiscuous pieces of malicious software out there appears to have cut off criminals from potentially millions of personal computers under their control.

But the victory was short-lived. Less than a day after a service known as “AS Troyak” was unplugged from the Internet, security researchers said Wednesday it apparently had found a way to get back online, and criminals were reconnecting with their unmoored machines.

» via Yahoo! News

Spanish police have revealed that they have arrested three men responsible for one of the world’s biggest networks of virus-infected computers.

All are Spanish citizens with no criminal records and limited hacking skills.

It is estimated that the so-called Mariposa botnet was made up of nearly 13 million computers in 190 countries.

It included PCs inside more than half of Fortune 1000 companies and more than 40 major banks, investigators said.

» via BBC News

Do people actually care about liberating their data? Some do, but usage of the export features remains low. Google sees a “continuous low-level of use of these things,” said one engineer on the team, especially when it chooses to shut down underperforming services. Having export tools actually makes it easier to do such shutdowns, too; recall that DRM-laden music stores ran into problems when they eventually tried to shut down their DRM servers. Google’s data openness helps the company avoid this sort of public criticism in the event of service shutdowns, as when the company closed its Google Notebook product.

Nicole Wong, Google’s Deputy General Counsel, told us separately that DLF matters to Google for two reasons: 1) it provides control to users and 2) “when we say our competition is one click away,” initiatives like DLF prove that it’s true.

» via ars technica

“We may already be in the red in terms of our ability to store information,” said Christopher L. Greer last week to an interested, and vaguely intimidated, audience of scientists and other academics. Gene sequences, distant pulsar signals, YouTube videos, e-mail — it’s all too much to keep track of.

Or perhaps not. Mr. Greer, who works on networking policy for the White House Office of Science and Technology Policy, was addressing a session called “Managing the Exaflood” at the annual meeting of the American Association for the Advancement of Science. It was actually an optimistic gathering, where researchers presented ideas for getting a handle on all this data — an exabyte is one billion billion bytes — and using it productively.

» via The Chronicle of Higher Education (Subscription may be required for some content)

NetWitness said in a release that it had discovered the program last month while the company was installing monitoring systems. The company dubbed it the “Kneber botnet” based on a username that linked the infected systems. The purpose appears to be to gather login credentials to online financial systems, social networking sites and e-mail systems, and then transmit that information to the system’s controllers, the company said.

The company’s investigation determined that the botnet has been able to compromise both commercial and government systems, including 68,000 corporate log-in credentials. It has also gained access to e-mail systems, online banking accounts, Facebook, Yahoo, Hotmail and other social network credentials, along with more than 2,000 digital security certificates and a significant cache of personal identity information.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, chief executive of NetWitness and former director of the National Cyber Security Division of the Department of Homeland Security. “Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

» via The New York Times

WOULD your company know if the blueprints for its next invention had been stolen by an office interloper, who had quietly copied them onto a memory stick or an iPod? Probably not. But now a telltale “USB fingerprint” has been discovered that can identify which files have been targeted in so-called pod-slurping attacks.

» via New Scientist

The next great leap forward in wireless broadband networks, a superfast technology called Long Term Evolution, is being hailed as a breakthrough that will transform the world’s mobile operators into the lucrative gatekeepers of the on-the-go Internet.

But despite its theoretical potential to redefine the online experience — with download speeds many times faster than currently available — many of the world’s major carriers are holding back. They are wary of repeating the mistakes of a decade ago, when billions were spent on equipment and licenses for third-generation networks, the current standard, only to see consumers largely ignore the technology until Apple introduced the iPhone in 2007.

“Despite the benefits of the technology, many are wondering whether L.T.E. will be a sustainable business,” said Paul Gainham, director of service provider marketing at Juniper Networks, a maker of network routers and switches.

» via The New York Times

(via chrbutler)

The world’s largest Internet search company and the world’s most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.

Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications. The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.

» via The Washington Post

The “secret questions” used to secure online bank accounts and email services are worryingly easy to crack. So says Joesph Bonneau of the University of Cambridge, whose team has calculated the chances of an attacker correctly guessing secret answers.

Using data from sources such as national censuses and pet registries, the team calculated that if allowed three guesses, the norm for many websites, an attacker could correctly guess 1 in 80 answers.

That’s too low to target a specific individual. But it is more than enough to allow a hacker to build software to compromise online accounts, such as webmail services, by attempting to guess questions in large volumes, says Bonneau.

An attacker who knows where accounts are based has an even higher chance of success, Bonneau adds, since they could restrict their guesses to names that are common in that region.

» via New Scientist

A survey of 600 computing and computer-security executives in 14 countries suggests that attacks on the Internet pose a growing threat to the energy and communication systems that underlie modern society.

The findings, issued Thursday by the Center for Strategic and International Studies and the computer-security company McAfee, echoed alarms raised this month by Google after it experienced a wave of cyberattacks.

“One of the striking things we determined is that half of the respondents believe they have already been attacked by sophisticated government intruders,” said the study’s director, Stewart A. Baker. “It tells us that this is a serious problem right now.”

» via The New York Times