. Bottom line: While vulnerability scanners aren’t new, Jikto runs in a Web browser –thus no installation needed like with other trojans– and distributes the bug-hunting task across multiple PCs. Still, some security watchers say traditional vulnerability-scanning tools probably are more efficient.
Internet backbone at center of suspected attack, CNET News.com reports
Several root server experienced spikes of traffic on Tue 6 February 2007 around 2:30 pm Pacific Time. One ISP experienced a “brownout” but no damage was done to the overall service.
Finally companies seem to wake up and get their act together in response to IT security. ‘People and processes are more important than technology in securing the enterprise’ is the essence of the 3rd global survey of 4,000 information security professionals, carried out by (ISC)2.
It had been obvious for a long time, that very often people are the weakest link in IT security. Finally, IT professionals (and their bosses) seem to wake up.
Scottish police believes that 10% of call centres in Glasgow have been infiltrated by organised crimine, the BBC Newsnight Scotland’s Raymond Buchanan reports.
Stop Swiss Police Using Trojans for VoIP Tapping!
Schneier on Security reports that the so polite and clean and neutral Swiss are thinking about it: to break the law and hack into your systems to make YOU a criminal.
Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.
VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.
This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force — not easy during a three-minute phone call. What’s more, many VoIP services are not based in Switzerland, so the authorities don’t have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.
The only alternative is to find a means of listening in at a point before the data is encrypted.
In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.
The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.