Monday, 04 April 2011

Websites Hit by Massive SQL Injection

The web criminals have done it again. Using fake software called the Windows Stability Centre, the online fraudsters have compromised thousands of websites by utilising their security loopholes and re-directing and linking the sites with their own websites. The re-direction of user's site was carried out by a SQL injection attack

The massive website attack is named as the 'Lizamoon attack' because the first domain to be attacked bears the name. Once the people visited the fake websites, they were told their machines were infected with malicious viruses.

Security firm Websense has been tracking the attack since its start on 29 March, this year. Initially the number of compromised websites was 28,000, but gradually the number rose to hundreds of thousands. According to Patrik Runald, senior manager for security research at Websense, "the scale of the attack was worrying".

As Websense have found out, the online criminals are attacking websites using Microsoft SQL Server 2003 and 2005. At present, the re-direction is stopped and fake websites are shut down. Investigation is underway.

Amazon to Roll Out Mobile Payment Service!

As per Bloomberg reports, Amazon is working towards starting its own mobile payments service. The service will be based on NFC or near-field communication and will enable customers to pay using their mobile phones or smartphones. There is news of Google, Microsoft and Nokia developing applications to suit Amazon's interest.

Amazon has already released its own Android Appstore, and has even introduced a music streaming/locker service that works with Android devices. According to the well-known research firm Gartner, about 340 million mobile users use their phones to carry out mobile transactions worth $245 billion in 2014.

Precise Biometrics Achieves Fastest Result in MINEX II Test

Precise Biometrics has become the winner of the MINEX (Minutiae Interoperability Exchange) II test, with the fastest standardised Match-on-Card technology. MINEX II is a key standard for U.S. federal ID implementations. Precise Biometrics is the only biometric supplier to have passed with 3 different card vendors - Gemalto, Giesecke & Devrient and SPYRUS. The company has satisfied the 3 vendors by achieving identical fingerprint test results, getting the fastest with SPYRUS.

MINEX II test evaluates fingerprint Match-on-Card technology. The test is performed by the National Institute of Standards and Technology (NIST).

Currently, the Match-on-Card technology is an approved authentication mechanism for the PIV smartcards. The US government will be implementing personal identification verification projects from 2012, and as the winner of the MINEX II test, Precise Biometrics can be a part of the project that will include 5.7 million users in the U.S. government who will be using PIV smartcards for secure access.

VASCO Announces Acquisition of Alfa & Ariss

VASCO Data Security International, Inc. today announced its acquisition of Alfa & Ariss B.V. ("A&A"), an open identity and access management specialist of Enschede, The Netherlands. VASCO acquired all of the stock of A&A in exchange for cash consideration of Euro 1 million ($1.4 million). The acquisition was financed from VASCO's existing cash balances and is expected to have a slightly dilutive impact on earnings in fiscal 2011.

A&A was founded in 1999 and is an authority in the field of developing open identity and access management solutions. A&A has strong ties with the Dutch PKI Internet trust services provider DigiNotar. The acquisition of DigiNotar by VASCO was announced on January 10, 2011. Both acquisitions support VASCO's long term growth strategy in the fields of services, software and Enterprise Security.

"Alfa & Ariss brings important know-how and engineering capabilities to VASCO. We believe that its abilities in the fields of linking applications in-the-cloud and its ID management tools are important for VASCO's long term strategy," says Ken Hunt, VASCO's Chairman and CEO. "With this acquisition, we further strengthen our offerings and R&D capabilities."

JP Morgan Adds New Features to Its Order-to-Pay Service

JP Morgan has enhanced its Order-to-Pay e-invoicing service by adding some new features such as the Auto-Configuration E-File capability. The Auto-Configuration E-File will help small and medium sized suppliers in loading invoice files directly from their current billing system.

Also, the Order-to-Pay service will bring in free Invoice Web Form to enable infrequent suppliers to electronically submit non-purchase order invoices without setting up an Order-to-Pay account. The Company's Order-to-Pay service enables suppliers to electronically receive purchase orders, submit and track invoices, as well as receive remittance information.

Google to Become NFC Forum Member

NFC Forum that promotes the use of NFC technology in various wireless devices has announced the inclusion of Google Inc. as one of its principal member. Previously known as Associate Members, it is CSR and Intel who have raised their membership status to the Principal level.

Since its inception in 2004, the NFC Forum has been the world's leading non-profit organisation that attracts companies already working or interested in NFC-based technology and innovations.

Principal members are the second-highest level of members in the NFC Forum after the Sponsor members. A Principal member can appoint a voting representative to each of the Technical, Marketing, and Compliance Committees and Working Groups, to run for positions leading Committees or Working Groups. Principal member organisations can also participate in the NFC Forum testing and certification programs using their own in-house test labs.

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group.

To Unsubscribe Email Us at or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Tel: +44 (0)1903 734 677