A Security Port Blog
Security related news, security information, virus warnings, alerts and security tips posted daily.

• Law Firm Accused of Piracy
  The SIIA charged in a lawsuit that law firm Fox Rothschild is stealing software made by Adobe, Corel, Sonic Solutions, and Symantec.
  
  In a lawsuit filed last week on behalf of the vendors by the Software Information Industry Association, the firm of Fox Rothschild is alleged to have "engaged in the unauthorized reproduction and use" of software made by Adobe, Corel, Sonic Solutions, and Symantec.
  
  The vendors claim that Fox Rothschild's alleged copyright infringement is causing them repeated and irreparable injury. The suit, filed in federal court in Northern California, does not specify which specific software products the firm is alleged to be using without authorization, or their estimated value.
• Microsoft Attacks
  Microsoft today filed 52 lawsuits in 22 countries against resellers who allegedly sold counterfeit Microsoft software online.
  
  Some 15 of the 52 lawsuits filed involved software traced to the largest-ever commercial counterfeit syndicate, which was broken up earlier this year by Chinese authorities, the FBI and Microsoft. Through its investigations, Microsoft reported it had found that the counterfeit software produced by the Chinese syndicate was distributed in some markets through domestic online sellers.
  
• Chinese Spies
  The head of Britains domestic spy agency has warned that China is spying on the computer systems of British corporations, The Times of London reported.
  
  The MI5 chief, Jonathan Evans, sent a letter last week to 300 executives and security chiefs at banks, accountancies and legal firms, warning them that they were under attack from Chinese state organizations  over the Internet, the newspaper reported Saturday.
• Oak Ridge Security Attack
  A cyber attack launched on the Oak Ridge National Laboratory in Tennessee could have compromised the personal records of thousands of lab visitors, leaving them susceptible to potential identity theft.
  
  ORNL Director Thom Mason issued an all-staff e-mail earlier this week warning employees that the institution had been a target of a sophisticated cyber attack that appeared to be part of a coordinated attempt to gain access to networks at Oak Ridge laboratories and other institutions across the country.
• Flirting Bots
  Those entering online dating forums risk having more than their hearts stolen.
  
  A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools.
  
  Complete Article
• House Ups Porn Penalties
  Internet service providers would be given specific responsibilities to report child pornography on their sites and face tough penalties for not doing so under a bill passed Wednesday by the House.
  
  
  The House also approved a bill to double spending for the National Center for Missing and Exploited Children, a private, nonprofit group created in 1984 with a congressional mandate to act as a clearinghouse for child abduction and sexual exploitation cases.
  
  House Ups Porn Penalties
• Securing Adolescents From Exploitation
  409 to 2 -- the U.S. House of Representatives passed new legislation on Thursday aimed at making the Internet safer for children. The Securing Adolescents From Exploitation-Online (SAFE) Act was sponsored by Texas Democrat Nick Lampson, one of the founding members of the House Missing and Exploited Children's Caucus.
  
  
  Among other things, the legislation imposes significant fines on Internet service providers that fail to report evidence of child exploitation to the National Center for Missing and Exploited Children. According to a press release from Rep. Lampson's office, ISPs would be fined $150,000 per incident per day for first offenses, and $300,000 per incident per day for second and succeeding offenses.
  
  complete article
• HIV and Hepatitis Test Results Available on Internet
  A security breach has exposed the confidential information of some patients who were tested for such infectious diseases as HIV and hepatitis.
  The breach, at the Provincial Public Health Laboratory, occurred Tuesday.
  
  It involved the exposure of files containing patient information through an open Internet connection. Information held by the lab included names, health card numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis.
• Internet Goes Down for Pirates
  Internet users in France who frequently download music or films illegally risk losing Web access under a new anti-piracy system unveiled on Friday.
  
  The three-way pact between Internet service providers, the government and owners of film and music rights is a boon to the music industry, which has been calling for such measures to stop illicit downloads eating into its sales.
• UK Kids Warned MySpace Is Not Private
  Young people are compromising their career prospects and opening the door to online fraud by posting personal information on social networking sites without thinking about the consequences, a U.K. privacy watchdog warned Friday.
• 1000 Internet Specialists
  More than 1,000 Internet specialists from government agencies, universities, nonprofits and the private sector are meeting in Brazil this week.
  Security is one of the top agenda items at the second U.N. Internet Governance Forum in Rio de Janeiro, Brazil, running until Thursday.
  
  Other issues include freedom of expression, the fight against cyber-crime, privacy, multilingualism and diversity, and measures against the dissemination of child pornography and child sexual exploitation, according to a statement from the organizers on the forum's Web site, where most sessions can be monitored live over the Internet.
  
  complete article
• Visa Security
  The PCI Security Standards Council, the body managing the Payment Card Industry data security initiative, on Wednesday announced that it will anoint a set of best practices developed by Visa Inc. as the new security standard for third-party application software in the payment industry.
  
  The new standard is called the Payment Application Data Security Standard (PA-DSS) and is based on Visas Payment Application Best Practices (PABP).
  
  Over the next few months, the PCI Security Standards Council, together with participating organizations, security auditors, and vulnerability scanning vendors, will offer comments and suggestions relating to the PA-DSS. The security council will then incorporate this feedback and publish a final version of the application security standards in the first quarter of 2008, said Bob Russo, general manager of the security standards council.
  
• Security RSS Feeds
  Easily find security and protection RSS feeds, by searching or navigating the directory. Security Feeds.
• Chinese Spying
  Recent revelations that China-based hackers may have penetrated U.S. computer networks -- including those operated by the Departments of Defense and Homeland Security as well as by major U.S. defense firms -- has heightened concerns about Chinese spying in the United States.
  
  Computer experts believe that the extensive scale of the information operations means they probably involved, to some degree, the Chinese military or intelligence services.
  
  Although U.S. authorities remain concerned by the espionage operations conducted in the United States by Russia, Iran, and Cuba, they consider Chinese spying the most serious in terms of size.
• Macs Becoming Virus Friendly
  It is a common refrain dashed off in response whenever anyone writes about the sorry state of PC security. In fact, you have probably seen it countless times on this blog alone: Get a Mac!
  
  Well, the times they are a changing. As the Macintosh becomes more popular with users, the inevitable has begun: Macs are increasingly being targeted by malware creators, as the sheer size of that pool becomes more and more tempting.