13 Jun 11. Hacker group LulzSec has expanded its activities to the U.S. Senate, releasing internal data from the chamber’s database—all for kicks. “We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure,” LulzSec said in a statement. “In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!” LulzSec went on to say that the data is a “small, just-for-kicks release” of internal data. “Is this an act of war, gentlemen? Problem?” “Nothing terribly secret was lost in the breach of the U.S. Senate’s web server. LulzSec posted some basic information on the filesystems, user logins and the Apache web server config files,” according to Sophos analyst Chester Wisniewski. “The also dumped a directory listing of what appears to be every single file on the server.” Under the Computer Fraud and Abuse Act this hack could earn someone five to 20 years in prison, if convicted, Wisniewski said. (Source: PCMag.com/ShellyPalmer)
13 Jun 11. European countries have agreed to tougher penalties for cybercrimes, including new punishments for botnet creators, in an effort to clamp down on massive attacks. The new rules are part of a European Commission proposal, adopted by the Council of Europe on Friday, which now goes to the European Parliament for approval. It aims to update existing EU rules on cybercrime, introduced in 2005, which cover interference with data and systems, and illegal access. One new measure is the introduction of penalties for people who develop and supply malware or other tools for creating botnets or stealing passwords. Additionally, the illegal interception of computer data will become a criminal offence. If a botnet is used to commit crime online, or if the perpetrators spoof the identity of a business, these will be seen as aggravating factors that will carry more punishment. (Source: ZDNet UK/ShellyPalmer)
07 Jun 11. Clouded Views on Data Security. Many businesses are uneducated on the security of cloud technology and are missing out on its potentially business-changing benefits as a result.
A panel of IT security experts gathered at a round table event, held by hosting specialist UKFast, to inform businesses of the different security issues associated with various cloud platforms. They warned business owners not to rule out a move to an internet-based IT infrastructure because of inaccurate generalisations about the safety of cloud that are hyped by the media. Ian Moyse, IT security expert and EMEA channel director at Webroot said: “There have been stories dominating the press recently, including that of Sony’s leaked client data, that have suggested the use of cloud technology has contributed to the security blunder. In fact, in many of those cases, it wouldn’t make a difference if it was a cloud service provider or an on-premise system. Issues arise in organisations without the right security processes not just in those with a cloud-based infrastructure.”
Neil Lathwood, UKFast’s IT director continued: “Typically security incidents occur either because someone is gaining access to credentials illegitimately that allow them to get into a system in the first place or because they hack through inadequate security on the perimeter. Outsiders might also intercept traffic in transit because it’s not going through secure pipes. These issues exist whether you run your own data centre or you’re in the cloud.”
Panellists described the fundamental difference of a cloud-based infrastructure to a traditionally hosted set-up. Lathwood said: “The cloud is run across the internet so arguably that presents other points of vulnerability but the level of security in the cloud depends on the type of cloud you choose. With a dedicated private cloud you can lock it down securely and be confident that your data is safe.”
Lawrence Jones, UKFast’s managing director added: “With anything else there are questio