Cyber criminals related to the Mariposa botnet were finally arrested last month. The Mariposa botnet, a network of 12 zombie computers assembled together to steal personal information, is believed to have infected approximately 13 million computers in more than 190 countries. The botnet spread over P2P networks, infected USB drives and through web links. After a user was infected, malware would begin to install and allow the hackers to access sensitive information.

The Register reports that “half the roster of Fortune 1000 companies harboured machines infected by Mariposa at one time or another.” In fact, Christopher Davis, chief exec at Defence Intelligence in Canada, says, “It would be easier for me to provide a list of the Fortune 1000 companies that weren’t compromised, rather than the long list of those who were.”

After Davis first discovered Mariposa in May 2009, he teamed up with Georgia Tech Information Security Center, PandaLabs and law enforcement personnel to form the Mariposa Working Group. After months of collaboration, Panda Security, other security experts and law enforcement were able to shut down Mariposa on December 23, 2009.

Read more about the Mariposa botnet takedown >>

Are you using Internet Explorer 7 or 8? Beware, it’s possible that you are at risk for a recently discovered vulnerability revealed by iSEC Security Research.

“Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer,” says Jerry Bryant, senior manager with the Microsoft Security Response Center. So far, “the current state of our investigations shows that Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not affected.” In addition, Bryan also notes Microsoft hasn’t seen any attacks yet stemming from this vulnerability.

The Microsoft Security Response Center blog reminds us that “only Windows 2000 and Windows XP are impacted” and “Windows 2003 Server is also impacted, but the issue is mitigated in the default configuration due to the presence of the Internet Explorer Enhanced Security Configuration.”

A security advisory issued by Microsoft earlier today tells us, “the main impact of the vulnerability is remote code execution.” Basically, the F1 key (which activates Windows Help) could be used to execute malicious code that may pass along sensitive information of the user. Microsoft is currently working on a security patch to fix this flaw, so in the meantime, don’t hit that F1 key! You could also protect yourself by locking down the Windows Help system. Further instructions can be found on the MSRC blog post.

If you’re ready to drop IE, like Google did yesterday, you could always entertain the idea of switching to FireFox or Chrome…

“F*ck You, Google” ran viral through the tech world not too long ago.  And Google (smartly) responded in haste. Have you read the post? Have you heard the chatter? It seems like the original blog post from author Harriet Jacobs has been made private, but Gizmodo has a copy.

Did you hear about the problems Google Buzz had when it first released? In a nutshell, privacy wasn’t a strong suit (pun not intended — har har har). In Harriet’s case, her abusive ex-husband (amongst many others) was automatically granted access to her Google Reader information. Since she had never created a Google profile or Buzz profile, there were no blocking options. Not cool, Google.

Well, the story spread quickly. Techmeme picked it up, as did many other popular tech news sites. It wasn’t much later that Google responded to Harriet’s outrage saying “her report helped us discover one bug and one product issue in Google Reader.” Read more of their response at Business Insider. Lifehacker also reported today that as  “recently promised, Google has updated Gmail to include a ‘Buzz’ tab.” Users are now able to disable Google Buzz and banish it from sight (or site — har har har, I’m on a roll today!) of Gmail.

So, the latest news regarding all this hubbub? A local class action lawsuit has been filed in San Jose federal court against Google. Filed just yesterday on behalf of Florida woman Eva Hibnick, the complaint alleges Google “broke the law when its controversial Google Buzz service shared personal data without the consent of users,” according to the SFGate. Since Hibnick is filing on behalf of all Gmail users that were linked to Buzz, that could mean 31.2 million people against Google. The Computer Fraud and Abuse Act of 1984 is served up as an example of one law Google broke in regards to the complaint.

Google doesn’t really have much to comment yet. “We haven’t yet been served, so we can’t comment on the suit until we’ve had a chance to review it.”

Do  you know about Panda Security’s free Panda USB Vaccine utility? Panda Security is a world leader in cloud-based security solutions and they have a great tool to protect your external hard drives, USB drives and other NTFS drives. Did I already mention how it’s free? The Panda USB Vaccine tool is particularly helpful when you want to prevent an infected computer from contaminating your thumb drives or other external devices. The tool “vaccinates” those external drives (by disabling the autorun feature) to keep them from spreading the infection to other devices. Keep in mind, a Lifehacker article notes that Windows 7 no longer has the ability to auto-execute files from a USB flash drive. More information about the USB Vaccine and other free Panda Security products may be found on Panda’s site. But if you’re ready to jump the gun, grab it directly from Download.com.

The Bipartisan Policy Center, a nonprofit organization focused on various issues including national and homeland security, will be unleashing Cyber ShockWave on Tuesday, February 16th. Cyber ShockWave, a cyber-attack simulation, will allow the government to assess response times and improvement areas shall they ever encounter the real deal.

A group of high-ranking former White House, Cabinet and national security officials will band together to fend off this simulated cyber-attack. As the event unfolds, the participants will be advising the President and planning a strategical response. None of the participants have any advanced information regarding the simulated attacks. The event even goes as far as hiring professional scriptwriters to coach the security experts and a production company to recreate the White House situation room in the Mandarin hotel.

There is no doubt that Google’s (and other tech companies’) struggle with recent (most-likely) Chinese attacks have caused greater concern regarding our nation’s cyber-security. How do you think our nation will fair in this exercise?

Read the ComputerWorld article or the Bipartisan press release for more information regarding this event.

Spammed
Remember how the Australian Government green lighted an Internet filter not too long ago? In retaliation to the proposed filter, a group of hackers, who call themselves Anonymous, took down two government sites: the main website and the Parliament site. Ars Technica tells us “the plan was DDoS government servers first, and then followup with ‘a s***storm’ of porn-related emails, faxes, and prank cell phone calls to government officials.”

More Operation: Titstorm, sexting and YouTube’s new Safety Mode >>

A series of 23 cedar, cypress and evergreen trees were illegally removed from a Vancouver woman’s former home. Margaret Burnyeat, listed as the property owner up til June 24th, 2009, her daughter and Michael Safronick (of Michael Safronick Tree Care Limited) have been charged with violating an old tree bylaw. Although Burnyeat received a permit to remove two trees back in May, penalties in excess of the two permitted trees will run her anywhere between CA$500 and CA$20,000 (approximately $468 to $18,715). So, how did Google help the Canadian city fight this crime?

Continue reading to find how Google proves the tree killers guilty >>

At a lost for which backup software to use? CA’s ARCserve Backup and Symantec’s Backup Exec have been top contenders when it comes to company backup software. But, according to an independent study conducted by Productive Corp., ARCserve “clearly” surpasses Backup Exec’s features and technology.

The two products were compared in “9 categories to help you uncover the right solution for your data backup needs.” Productive points out that although “these two data backup and storage products are relatively similar in function,” the differences in features are made evident in the product comparison. These features include the nine categories: “ease of install,” “ease of use,” “scalability,” “performance,” “cost,” “data security,” “supported systems,” “customer service,” and “extra value.” The review also concludes ARCserve being a better return on investment product.

Continue reading a comparison between ARCserve and Backup Exec >>

A report analyzing the strength of passwords was released yesterday by security firm, Imperva. The study is 32 million passwords strong, thanks to last year’s Rockyou.com breach. And “never before has there been such a high volume of real-world passwords to examine,” notes the study.Take heed to these key findings in Imperva’s study:

• About 30% of users chose passwords that are six characters or less in length
• Almost 60% of users chose their passwords from a limited set of alpha-numeric characters
• Nearly 50% of users use common slang or dictionary words, names and consecutive letters or digits — the most common password found was “123456″

Note that a study not too long ago also revealed “123456″ as the most common password amongst 10,000 Hotmail, MSN and Live.com users. Is that you? Okay, what about the most popular passwords following “123456″?

Are any of those you? If you have a password fitting the bullet points noted above, change it now! Let’s say a hacker worked off this list… It would only take “one attempt (per account) to guess 0.9% of the users passwords or a rate of one success per 111 attempts.” Now, let’s say this hacker is using his DSL connection (55kpbs connection rate) and each hack is 0.5kb in size… that hacker will gain access to one new account every second. Or, in the bigger scope of things, he just hacked 1000 accounts in less than 17 minutes.

Continue reading for tips on creating strong passwords you can remember >>

Is China going too far? Was the Chinese government behind, as Google puts it, “a highly sophisticated and targeted attack” that’s gotten Google ready to pull out of China? In mid-December Google and, apparently, about 20 other companies, were attacked. Google’s investigation discovered “that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties.”

A blog post from Google’s Chief Legal Officer, David Drummond, declared that Google is “no longer willing to continue censoring our results on Google.cn.” Google doesn’t necessary dominate the internet search market in China (about 15% or so), but there is lots of potential for growth — especially since Google will soon dominate the world. And if they pull out, Baidu, China’s leading search engine, will surely saturate the market even more.

Continue reading about Google’s approach to China >>