20 hot IT security issues

From malware on Google's Android phones to the U.S. Defense Advanced Research Projects Agency trying to understand how stories or narratives impact security and human behavior, the security world certainly is never boring. Here we take a look at 20 security stories that have shaped the industry in the past few months.

Is retaliation the answer to cyberattacks?Should revenge assaults be just another security tool large IT shops use to counter cyberattacks? It's a controversial idea, and the law generally frowns on cyberattacks in general. But at the Black Hat DC conference in January, some speakers took up the issue of whether and how organizations should counterattack against adversaries clearly using attack tools to break into and subvert corporate data security. One idea that got plenty of attention here was the notion of exploiting vulnerabilities in attack tools and botnets to try to determine what the attacker was going after or feed fake data, or even dive into the attacker's network lair.

Cybercriminals targeting point-of-sale devicesPoint-of-sale payment processing devices for credit and debit cards are proving to be rich targets for cybercriminals due to lax security controls, particularly among small businesses, according to a report from Trustwave. Trustwave, which investigates payment card breaches for companies such as American Express, Visa and MasterCard, conducted 220 investigations worldwide involving data breaches in 2010. The vast majority of those cases came down to weaknesses in POS devices. "Representing many targets and due to well-known vulnerabilities, POS systems continue to be the easiest method for criminals to obtain the data necessary to commit payment card fraud," according to Trustwave's Global Security Report 2011.

FBI: Internet crime high; types of misdeeds changing

The FBI's 10th annual Internet crime report finds that complaints and money losses are at an almost all-time high with nondelivery of payment or merchandise, scams impersonating the FBI and identity theft leading to top 10 online complaint parade. The report -- which is issued through the FBI's partner the Internet Crime Complaint Center (IC3) and the National White Collar Crime Center (NW3C) -- found that in 2010, IC3 received 303,809 complaints of Internet crime, the second-highest total in IC3's 10-year history. IC3 also reached a major milestone this year when it received its 2 millionth complaint. On average, the group receives and processes 25,000 complaints per month.

Stolen US military IDs ideal cover for army of online dating scammersIt's a new twist on an old scam. The Army Times newspaper reported details of the growing trend of fraudsters stealing the identities of U.S. Army soldiers from social network sites and then using that information to set up false profiles on Internet dating sites. The profiles are uses to dupe prospective dates out of their money. But there are other consequences too. From the Army Times: "The unwitting soldiers are sometimes victims when their loved ones discover the online profiles and believe their soldiers are looking to cheat. [Master Sgt. C.J. Grisham, who uses his blog, 'A Soldier's Perspective,' to expose scammers using the soldier dating con] said the scam is a new twist on the so-called Nigerian 419 advance fee scam, and its popularity is growing, fueled by soldiers' routine use of social networking sites and the Internet's penetration into third-world havens for con men. 'In the past year, the traffic on my site related to the scams I write about has tripled,' Grisham said. 'I'll get 30 to 40 comments a day and 20 e-mails a day asking me to look into whether or not they're being scammed.'"

http://www.networkworld.com/article/2200580/security/20-hot-it-security-issues.html?page=2