Welcome to Montebello Partners' security home page. Here we include important current alerts, resources, and announcements. If this is your first visit here, you may want to browse:
- Our introduction to Internet Security,
- Description of our security services
- Monthly email news and updates
- The monthly meetings of the SDForum Internet Security SIG
- The FBI-sponsored bay area Infragard chapter
- Useful security links and tools
- Various presentations given by us.
April, 2005 Update
Hacks
-
Chico university, in accordance with California's hacking disclosure law, announced that hackers took over one of their servers for file sharing. Because the server also stored student social security numbers, they are notifying the affected individuals. -
Security researchers estimate that more than one million computers have become hijacked "zombies". -
31,000 names and e-mail addresses were stolen from the website for the Broadway musical "Spamalot" -- presumably to be used for spamming. -
Electronic bank robbers almost got away with $423 million. They used key-logging software to infiltrate the London offices of Sumitomo Mitsui bank. They were got by police in Israel, where the money was destined. -
Like ChoicePoint last month, now LexisNexis has lost more than 30,000 sensitive personal records to identity theives.
Holes
-
Caller-ID spoofing, enabled by VOIP technologies, is allowing cybercriminals to transfer money directly from stolen credit-card accounts.
Hints
-
IBM has published a spam-blocking technique called FairUCE. It works by attempting to connect the sender's domain with the sending IP address. Forged spam often fails that test. -
Yours truly was interviewed on the radio about mobile phone hacking. Public interest was prompted by Paris' Hilton's lost address book. Hackers can use BlueTooth, Server-side infiltration, password guessing, or simply steal a phone to get at sensitive data. Often you don't know how sensitive your data was until after you lose it.
Upcoming Events
-
The next SDForum Security SIG will be about patch management on Thursday, April 28th.