February update for Windows will close the loophole that involves the venerable DOS operating system.  First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

     According to the White House’s top counter-terrorism advisor on Sunday, the United States faces “serious and significant” cyberspace threats which may affect national security.

   (I-Newswire) February 16, 2010 - A special issue of the Journal of Computer Security (IOS Press, ISSN 0926-227X) brings together the research results of six ongoing FP6-IST projects. The editors of the journal invited those projects that received outstanding reviews in the ICT Trust and Security EU-calls to submit their papers.

February update for Windows will close the loophole that involves the venerable DOS operating system.

     First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

     The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as "critical".

Home hijack

     The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run programs that date from the DOS era.

     Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.

     The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

     As well as fixing holes in many versions of Windows, the update also tackles bugs in Office XP, Office 2003 and Office 2004 for Apple Macintosh machines.

     The bumper update is not the largest that Microsoft has ever released. The security update for October 2009 tackled a total of 34 vulnerabilities. Eight of those updates were rated as critical - the highest level.

     In January 2010, Microsoft released an "out of band" patch for a serious vulnerability in Internet Explorer that was being exploited online. The vulnerability was also thought to be the one used to attack Google in China.

     Following the attack on Google, many other cyber criminals started seeking ways to exploit the loophole.

     Also this week, a security researcher has reported the discovery of a vulnerability in Internet Explorer that allows attackers to view the files held on a victim's machine.

     Microsoft has issued a security bulletin about the problem and aims to tackle it at a future date. At the moment there is no evidence that this latest find is being actively exploited online.

by BBC World News.

View this article at: http://news.bbc.co.uk!/2/hi/technology/8499859.stm

Abstract:      President Obama has released his fiscal year 2011 budget request. While the budget increases funding for the Department of Homeland Security by 2 percent, and while the Obama Administration continues to make cyber security, aviation security, and E-Verify top fiscal priorities--the budget fails to adequately align spending to the department's stated missions. The Coast Guard, WMD preparedness, and immigration enforcement/border security are just some essential aspects of a national security strategy that remain underfunded, while other programs--proven unsuccessful--have received fattened budgets. Heritage Foundation national security analyst Jena Baker McNeill maps out mismatched spending--and provides some direction for smart funding of the department's essential missions.

   On February 1, 2010, the Obama Administration released its fiscal year (FY) 2011 budget request. The President's budget of $56.3 billion for the Department of Homeland Security (DHS) represents a 2 percent increase from FY 2010.[1] The Administration continues to make cyber security a top priority, while requesting additional funds for airport security, bio-surveillance, and the E-Verify online employment-verification portal, among other initiatives.

Simply adding more money to the DHS top line, however, is not a reliable indicator that the department is using its resources wisely. One way to assess the budget is to examine how closely allocated dollars align with the Department of Homeland Security's mission. In this way, the budget fails to focus sufficiently on creating a homeland security enterprise"--bringing together all assets, from state and local governments, to the private sector and private citizens--into a cohesive framework, able to prepare for, prevent, and respond to terror attacks and natural disasters. At the same time, the new budget request disregards much-needed reforms for immigration services and enforcement as well as security at the U.S.-Mexican border-- cutting the overall immigration services and enforcement budget from $20.05 billion to $19.8 billion. Finally, the Administration focuses too heavily on the Transportation Security Administration (TSA) airport-passenger screening line in its efforts to prevent terror attacks. Preventing terror attacks is a task best accomplished by initiatives aimed at stopping terrorism in its earliest stages through robust information-sharing and quality intelligence-gathering.

Fulfilling its missions and putting in place a quality budget is fundamental to the growth and success of the DHS as well as the security of the nation. As Congress moves through the budget process, it should fill these gaps and make the budget more representative of the DHS mission.

The Homeland Security Budget

Opening with a budget of $42.4 billion in FY 2003, the Department of Homeland Security's funding has been growing modestly since then.[2] These increases have been appropriate given the resources required to bring a new department up to speed, including personnel, infrastructure (including a new headquarters facility), and other critical investments. This growth has remained relatively constant in the transition from the Bush Administration to the Obama Administration, with the FY 2010 budget request, the Obama Administration's first, coming in at $55.1 billion, an increase of 5 percent from the FY 2009 budget.[3]

One of the lessons of 9/11, and arguably the impetus for the creation of the Department of Homeland Security, was that money alone did not make the U.S. capable of responding to disasters or terror attacks. Security was a priority before 9/11, and money was spent then, too. In fact, between FY 1995 and FY 2001, the federal government increased homeland security spending in the regular annual appropriations bills from $9 billion to $16 billion, an increase of 60 percent."[4]

But what changed with the creation of DHS was that there would now be a federal agency to ensure that the federal actors coordinate with each other, and that the government allows states and localities, tribal actors, as well as the private sector and private citizens to participate in the nation's security.[5] As a result, the department retains the key task of developing the homeland security enterprise.

Assessing the DHS Budget. Maturing and strengthening the homeland security enterprise requires the DHS missions to be representative of the challenges facing the department, which can serve as a useful indicator of whether the President's budget is allocating money in the right areas. The mission serves to delineate what should be the strategic priorities of DHS, as opposed to politics or other bureaucratic obstacles that often dilute good fiscal policymaking.[6] There is no doubt that the complex mission of DHS requires the department to be well resourced. The President must be careful that budget allocations support, not undermine, this enterprise. The DHS mission can be broken down into five focus points:

1. Preventing terrorism and enhancing security;
2. Safeguarding and securing cyberspace;
3. Ensuring resilience to disasters;
4. Securing and managing our borders; and
5. Enforcing and administering U.S. immigration laws

by Jena Baker McNeill 

View this article at: View this article at: http://www.rightsidenews.com/201002278850/homeland-security/the-fy-2011-homeland-security-budget-spending-doesnt-match-the-missions.html

In the following report by ICANN, you can see how the whole global Botnet service operates globally.

You will learn how anyone, even those without the skills to create a Botnet, can still hire their services.

Fast and Double Flux Attacks 2
Version 1.0 January 2008
Introduction
"Fast flux" is an evasion technique that cyber-criminals and Internet miscreants use to evade identification and to frustrate law enforcement and anticrime efforts aimed at locating and shutting down web sites used for illegal purposes.

Fast flux hosting is an application of technology that supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today.

Basic fast flux hosting uses rapid modification of IP addresses associated with a system that hosts a malicious activity to evade detection and take down efforts.

This technique is also used to rapidly modify the IP addresses of the name servers that resolve the domain names of the fluxed malicious hosts (this variant is sometimes called NS fast flux).

A particularly troublesome variant of fast flux hosting, "double flux",
fluxes addresses of both name servers and malicious (web server) hosts.

This Advisory describes the technical aspects of fast flux hosting and fast flux service networks.

It explains how the DNS is exploited to abet criminal activities that employ fast flux hosting, identifying the impacts of fast flux hosting, and calling particular attention to the way such attacks extend the malicious or profitable lifetime of the illegal activities conducted using these fast flux techniques.

It describes current and possible methods of mitigating fast flux hosting at various points in the Internet. The Advisory discusses the pros and cons of these mitigation methods, identifies those methods that SSAC considers practical and sensible, and recommends that appropriate bodies consider policies that would make the practical mitigation methods universally available to registrants, ISPs, registrars and registries (where applicable for each).

United we stand, divided we fall.

With the myriad of complex cyber threats looming on the horizon, it is vital that we realize, the new front line of any cyber defense system is without a doubt, the end user.

Cyber security experts are starting to understand that the weak point in any networking system are the users themselves.

The new buzzword according to Yankee Group Analyst Andrew Jaquith is "Herd Mentality".

December 13, 2007 (Computerworld) -- A German hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said today.

The malware's most distinguishing feature, said Don Jackson, a senior security researcher with SecureWorks Inc., is its ability to mimic the steps the human account owner would take to move money.

There are many in the government and our communities that are finally beginning to understand the serious implications of children using the Internet. There have been several attempts to manage the content that children see and they have failed for reasons of free speech and the inability to control the internationally operated Internet. The reality of Dateline’s “To Catch a Predator,” has caused a renewed effort to control the people that our children are exposed to as they surf the Information Super Highway.