The Open Internet's Growing Security Problem -- Part XI

New evidence continues to spotlight the Open Internet's growing security problem. 

• The growing catalogue of evidence from mainstream sources is getting harder and harder to ignore. See previous parts of the series:  I, II, III, IV, V, VI, VII, VIII, IX, & X.

"Hackers get into UC Berkley Health Records Database" FoxNews.com

• "University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk the personal information of 160,000 current and former students, alumni and others." ...
• "Evidence uncovered to date suggests that this attack was launched by highly skilled criminal operations based overseas," the school said."

"Cyber Threats to Health IT, Smart Grid All to Real" Internet News

• "As a sobering side note on this, last month in collaboration with one of the members of Conficker Working Group from Georgia Tech, we identified at least 300 critical medical devices from a single manufacturer ... that were infected with Conficker," Joffe said. "The hospitals had no idea. The manufacturer had no idea. When we called them they were honestly shocked." ... "They should never have been connected to the Internet," Joffe said."

"Cyber-squatting crooks profit on marketers' brand names" USA Today

• "Shady marketers are using so-called cybersquatting to do their digital stealing. They drive people to a "squatted" site via e-mails or through paid search. Once they've led someone there, they hope to steal credit card information, spur clicks on ads to skim revenue from online ad networks or sell fake products, such as pharmaceuticals or pricey handbags. ... "We're at a point in which marketers need a wake-up call in what's happening to their brand..."  

"Zombie computers on the rise"  BBC

"The downside of friends; Facebook's hacking problem" Time

• "In the '90s, scammers used e-mail," says Michael Argast, a security analyst at Sophos, an antivirus software company. "Today, it's social networking." Argast explains that although people have been trained not to click on suspicious e-mails, they don't operate with the same sense of caution when presented with a link on Facebook or Twitter. Maybe that's why the number of phishing attacks on these kinds of sites — in which people are fishing for account information, as opposed to infecting your computer with a virus — has skyrocketed recently, from 4,600 attacks in 2007 to 11,000 in 2008. This year doesn't look any better, with 6,400 attacks in the first three months of 2009."

"Government networks still have weak links" Government Computer News

• “In the absence of robust security programs, agencies have experienced a wide range of incidents involving data loss or theft, computer intrusions and privacy breaches, underscoring the need for improved security practices,” testified Gregory Wilshusen, director of information security issues at the Government Accountability Office."

"Hackers demand ransom for medical data" vnunet

• "Hackers have taken control of the Virginia Prescription Monitoring Program (PMP), and are demanding a $10m (£6.6m) ransom for the return of millions of patient records."

"Image spam returns with a vengence" Computer World

• "The return of image spam could be the first resurrection of other once-popular tactics, she warned. "We may see others come back," Stewart said, and ticked off MP3 spam -- mail that replaced text with an audio clip -- and PDF-based spam. Both were popular in 2006 and 2007 for junk stock pushers. Of the discarded tactics, Stewart selected PDF spam as the one most likely to reappear. ...rigged PDFs exploiting Adobe bugs have been on a tear of late."

"Facebook users hooked in new 'phishing' scam" AFP

• "Facebook did not say how many of the 200 million users of the social network had been affected in the latest hacker attack. An unknown number of Facebook users received a message on Thursday from a friend's account urging them to visit websites such as "151.im." "The sites were realistic-looking replicas of the social network's log-in page but were actually controlled by the hackers. The bogus page would capture password information when a user logged in."