Friday, 15 April 2011

FBI Seizes Servers to Stop Cyber Fraud

In an unprecedented move in the fight against cyber crime, the FBI has disrupted an international cyber fraud operation by seizing the servers that had infected as many as two million computers with malicious software.

The FBI began the Coreflood investigation in April 2009 when a Connecticut-based company realised that hundreds of computers on its networks had been infected. Before the FBI shut down the Coreflood operation, cyber thieves made numerous fraudulent wire transfers, costing companies hundreds of thousands of dollars.

A civil complaint has been filed in Connecticut against 13 "John Doe" defendants, alleging that they engaged in wire fraud, bank fraud, and illegal interception of electronic communications. Search warrants were obtained for the command and control servers in Arizona, Georgia, Texas, Ohio, and California. And a seizure warrant was issued in Connecticut for 29 Internet domain names used by the thieves.

Victimized computers that have not been disinfected using anti-virus software updates will continue to attempt to contact the Coreflood botnet servers. When this happens, we will respond by issuing a temporary stop command to the virus and then alert that user's Internet service provider (ISP), who will inform the customer that their computer is still infected. At no time will we be collecting any personal data from victim computers, said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response

The Future of Cheques

The Commons Treasury Select Committee is to reopen its inquiry on the future of cheques given continuing public concern about possible moves to phase out this method of payment by 2018.

The then-Treasury Committee launched an inquiry in February 2010 on the future of cheques and took evidence from a range of organisations, including the UK Payments Council.

At that time the Committee was unconvinced by the Payment Council's argument that cheques were in 'terminal decline' and expressed concern about the rigour of the cost-benefit analysis undertaken by the Council.

Commenting on this evidence Treasury Committee Chairman, Andrew Tyrie MP, said:

"The Payments Council had seemingly forgotten about the millions of people who remain less at ease with the latest technology. Since our last inquiry we have been inundated by letters from the public telling us that they rely on cheques.

Many charities, small business and vulnerable people - including pensioners - depend on cheques. Their needs must be considered. They should not be forced into shredding their cheque books.

We will also want to examine whether it is in the public interest that apparently competition, can and should, be set aside on this. I was shocked, when the Payments Council last gave evidence, that they had not conducted a rigorous cost benefit analysis. We asked them to go away and do some number crunching. In this new inquiry we can now examine their latest conclusions and work."

Chase Card Services becomes First Major U.S. Bank to Issue Chip-and-Signature Technology

Chase Card Services, a division of JPMorgan Chase & Co. announced it is the first major U.S. bank to issue chip-and-signature, a credit card with EMV chip technology that provides consumers with better ease-of-use and stronger security while travelling abroad. Chase will first unveil chip-and-signature on the JPMorgan Palladium credit card in June, a card serving customers who frequently travel abroad, and later to other Chase credit cards within the year.

Chase's cards with chip-and-signature technology will feature both an embedded encrypted chip and traditional magnetic strip to accommodate merchants in the United States.

"Although chip-enabled terminals are fairly uncommon in the United States where the vast majority of merchants only support magnetic strip cards, our focus is to provide chip-and-signature cards to our card members who frequently travel outside the United States," said David Porter, general manager, Chase Card Services.

Is Cloud Computing a Data Centre in the Sky?

Research by Infosecurity Europe of 1000 commuters aimed to find out if office workers understand 'geek speak' has discovered that many are not as tech or security aware as they could be. When asked what cloud computing meant, a quarter thought it was a data centre in the sky. A fifth thought it was something that Microsoft advertises, 10% global warming caused by overheating computers and 10% guessed it was a trendy club in Soho. Only 35% thought it was a new way to access IT services over the internet.

In answer to the question 'What makes Smartphones smart?' a third of commuters thought it was because they look really cool, 46% correctly said it was because they can run applications and also email and web browsers, 9% said it was because they use artificial intelligence. A small minority said it was because smartphones can tell the time in 137 languages or contain nanobots.

When asked what android is, a third said a new Science Fiction film, 10% a new robot invention and 17% said it was Darth Vader's father! A miserable 4 out of 10 people correctly said it was an operating system for mobile phones.

When asked about how they use phones for work, 90% of people said they now have work related information, saved on their home computer or personal mobile and 81% said they kept sensitive information from their employers on their personal mobiles. Only 4 out of 10 said the data was protected by encryption. Half of people knew the password for their phone, whilst a third did not use one and 17% could not remember what it was.

When asked whose data they thought was most important to protect, four fifths said their own data and only 16% said sensitive customer data, and 5% their employer's data.

A visit to Infosecurity Europe next week (19th - 21st April 2011 at Earls Court, London) will help business leaders and IT professionals gain a deeper understanding of information security issues and brush up on their geek speak.

PasswordBank unveils the Universal Single SignOn

PasswordBank Technologies Inc., the Identity-as-a-Service (IDaaS) Company, has released the first and only Universal Single Sign-On solution.

PasswordBank delivers the first HYBRID Web-SSO and Enterprise-SSO for any application (web and desktop apps such as legacy, Java and client/server apps), across any operating system (Mac, Linux, Windows and iOS), extending the classic domain concept beyond Active Directory or LDAP, towards "Virtual Directories" from any Identity Provider (OpenID, SalesForce, Google Apps, web-services,...) and any user repository on any database, including any strong authentication method.

IDaaS is a flexible platform that provides a unique web interface to manage the provisioning/de-provisioning of corporate identities seamlessly across all services, applications, and identity repositories.

Employees, partners and customers are able to securely authenticate regardless of the operating system of the device or where the device is located, whether from within the organisation's local network or from a remote location that is simply on the Internet. By leveraging IDaaS, the end user can utilize any authentication method (OTP, password, SmartCards, certificates, SAML, Biometrics, Finger Print,) to access the services required to perform their job.

"PasswordBank IDaaS approach truly satisfies the full breadth of requirements a modern IT environment (Cloud and On-premise Hybrid Enterprises) demands to CISOs, in an easy to use and powerful interface, reducing costs and risks, increasing security, productivity and compliance", said Roger Casals, Founder and CEO of PasswordBank.

Prepaid 2011


Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group.

To Unsubscribe Email Us at or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Tel: +44 (0)1903 734 677