Sign up for our Technology Newsletter 
Are Cyber Criminals Hard To Catch?
Despite 100,000 cyber crimes being committed every year UK authorities only caught 12 hackers.
In fact on average just one person was convicted of an offence under the Computer Misuse Act every month for the past 23 years.
We assume that it was not the same bloke, because he would be the most luckless criminal ever.
Campaigners from the Digital Trust, which supports victims of online abuse, said police do not know how to cope with the problem.
Need more laws
Criminal justice expert Harry Fletcher, who is a director of the Digital Trust, said: “The police still concentrate their resources on traditional offences offline, but most people are more likely to be mugged online than in the street.
“The law needs to change. It should, for example, be an offence to use any technological device to locate, listen to or watch a person without legitimate purpose.
“In addition, restrictions should be placed on the sale of spyware without lawful reasons. It should also be against the law to install a webcam or any other form or surveillance device without the target’s knowledge.”
Of course just creating new laws is not going to mean that more hackers will be caught, it will just mean that there are more crimes which they could be arrested for.
The conviction rate against hackers are not bad, if the coppers do arrest someone. Between 1990 to 2006 only 183 defendants were proceeded against and 134 found guilty under the Computer Misuse Act.
Unfortunately the Trust did not see, to realize that a lot of the hacks against companies and individuals come from overseas, particularly Russian or China. Changing laws in the UK would not change anything.
Heartbleed Hits Oracle
Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.
However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.
Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.
Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.
Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.
Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.
Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.
Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.
The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.
A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.
Did Sears Suffer A Data Breach?
Sears Holdings Corp acknowledged it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.
“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.
“We have found no information based on our review of our systems to date indicating a breach,” he added.
He did not say when the operator of Sears department stores and Kmart discount stores had begun the investigation or provide other information about the probe.
Sears Holdings Corp operates nearly 2,500 retail stores in the United States and Canada.
Bloomberg News reported on Friday that the U.S. Secret Service was investigating a possible secret breach at Sears, citing a person familiar with the investigation. The report did not identify that source by name.
The Bloomberg report said that its source did not disclose details about the scope or timing of the suspected breach.
A spokesman for the U.S. Secret Service declined comment when Reuters asked if the agency was investigating a possible breach at Sears.
The Secret Service is leading the U.S. government’s investigation into last year’s attack on Target, which the company has said led to the theft of some 40 million payment card numbers as well as another 70 million pieces of personal data.
Is A Cyber Warfare On The Horizon?
F-secure’s chief security researcher, Mikko Hypponen, has warned that we are entering into a cyber warfare revolution, and that governments will soon attempt to outdo each other based on their computer weapons’ prowess.
The internet security expert said-any future crisis between technically advanced nations will involve cyber elements.
His comments came after hearing last week that China and the US have been engaging in “war games” simulations.
“I wasn’t expecting [war games] so soon,” Hypponen said.
“I’m surprised and I think it is a good move because everybody is worried about escalation. The way to fight unnecessary escalations is that you know more about how the perceived enemy would act if there would be an escalation. War games are exactly that.”
It was Hypponen’s observations on the war games which led him to remark that we must look at “the bigger picture”.
“We’ve seen a revolution in defence technology and in technology generally over the past 60 to 70 years and I believe we are right now seeing the beginning of the next revolution: a cyber warfare revolution, which is going to as big as the revolutions we’ve seen so far in technology becoming part of defence, and part of wars,” he added.
Hypponen also predicted that it won’t be long before the world sees its first cyber arms race, including cyber war rehearsals to prove how strong countries are and boasting about their cyber skills to make other countries pay attention.
“Like nuclear in the sixties, cyber attacks are a deterrent and deterrents only work if your perceived enemies know that you have it,” he said.
EMC’s Data Breach Cost $66 Million
Between April and June 2011, EMC spent $66 million handling the fallout from a March cyber attack against its systems, which resulted in the compromise of information relating to the SecurID two-factor authentication sold by EMC’s security division, RSA.
That clean-up figure was disclosed last week during an EMC earnings call, by David Goulden, the company’s chief financial officer. It doesn’t include post-breach expenses from the first quarter, when EMC began investigating the attack, hardening its systems, and working with customers to prevent their being exploited as a result of the attacks.
In spite of the breach, EMC reported strong second-quarter financial results, earning consolidated revenue of $4.85 billion, which is an increase of 20% compared with the same period one year ago. Meanwhile, second-quarter GAAP net income increased by 28% from the same period last year, to reach $546 million. The company saw large growth in its information infrastructure and virtual infrastructure products and services, including quarterly revenue increases of 19% for its information storage group.
Those results led executives to increase their financial outlook for 2011 and predict consolidated revenue in excess of $19.8 billion, which would be a 16% increase from EMC’s 2010 revenues of $17 billion.