Weekly Brief - June 30 2009

Law
Spammer Alan Ralsky appeared in a Detroit court, charged with involvement in an international stock fraud scheme that manipulated Chinese stock prices. He pled guilty [PDF]. On the other side of the Atlantic, Sweden's court of appeal ruled that judge in the recent Pirate Bay trial - who turned out to be a member of various pro-copyright groups - was not biased, and that a retrial was not necessary.

Retail group TJX settled with the attorneys general of 41 states, shelling out $2.5 million for a Data Security Fund that the states can use to improve security. It will pay a further settlement fee of $5.5 million, together with $1.75 million to cover the States' costs, and will certify that its computer system meets the States' security requirements. But perhaps the most interesting clause in the settlement is to "encourage the development of new technologies to address systemic vulnerabilities in the United States payment card system" - which effectively seems to be an admission that the payment card system is flawed.

If you were thinking of forcing someone to implant an RFID device under their skin, don't do it in Pennsylvania - they just moved a step closer towards outlawing it. The bill in question would stop patients with reduced mental faculties from being exploited, for example.

The Electronic Frontier Foundation has sued the Department of Justice, telling it to release guidelines for surveillance used against US citizens during FBI investigations.

James Reno and ByteHosting Internet Services are to settle [PDF] in a case with the FTC. The two defendants deceived consumers into buying rogue antivirus products, according to the Commission. The settlement involves $1.9m in revenues from the scareware scam, but only $119,697 will be paid. The rest will be suspended.

This Wednesday, new data breach notification laws will come into effect in Alaska and South Carolina. This brings the total number of states with such laws to 44.

A Court of Appeal upheld a decision to grant Kaspersky immunity from prosecution under the safe harbor provision of the Communications Decency Act 1996 [PDF]. Zango, a firm which has been accused of distributing spyware, had sued the anti-malware vendor for blocking its software.

Journalism
A group of journalism students in BC, Canada, purchased sensitive data from Northrup Grumman on a hard drive in a market in Ghana for $40.

Techniques
Microsoft finally discontinues its Live OneCare anti-virus software this week, and has limited downloads of its replacement, Microsoft Security Essentials (formerly 'Morro'), to 75 000. The limit has already been exceeded.

An IBM researcher has created a way to process encrypted data without actually looking at it. The technique could be useful by cloud computing companies with high volumes of data to deal with.

Attacks
Industry veteran and Mac evangelist Guy Kawasaki unwittingly directed people to a malware site, in a clear example that no-one is safe. Scammers posted the message "Leighton Meester sex tape video free download!", which directed users to a web site that attacked both Windows and Mac machines by altering their DNS records. Kawasaki said he didn't know how the post got into his feed, but argued that his account hadn't been hacked.

Appointments
Rod Beckstrom, former head of the Department of Homeland Security's National Cyber Security Center, has been appointed as the president of the Internet Corporation for Names and Numbers (ICAAN).


 

What’s hot on Infosecurity Magazine?