from the epic-keylogger-fail dept.
cheerytt writes "Let this be a lesson to all the broken-hearted geeks out there. A 38-year-old Ohio man is set to plead guilty to federal charges after spyware he meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at a children's hospital. Spyware was sent to the woman's Yahoo e-mail address in the hope it would be used to monitor what his former girlfriend was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department. The spyware sent more than 1,000 screen captures via e-mail, including details of medical procedures, diagnostic notes and other confidential information relating to 62 patients. The man will pay $33,000 to the hospital for damages and faces a maximum sentence of five years in prison."
dasButcher writes "Viruses and worms get all the headlines, but poor password management is a worse problem according to a new study by Channel Insider and CompTIA. As Larry Walsh writes in his Security Channel blog, VARs and security service providers say they find more problems with password management than antivirus applications when they do security assessments. While password problems are nothing new, Walsh and those posting on his blog correctly assert that users remain cavalier about passwords and businesses are doing too little to address this serious vulnerability."
from the less-ignorance-less-bliss dept.
zentanu writes "It's said that if you want to be happy, be a gardener. What about IT security professionals?
Having worked as an IT security consultant for several years, I now wonder if my job has a negative influence on my happiness, because it constantly teaches me to focus on the negative side of life: I always have to think about risks and identify all sorts of things that could go wrong.
As an auditor I search for errors that others have made and haughtily tell them. As a penetration tester I break systems that system engineers and administrators have laboriously built. I assume inside threats and have to be professionally suspicious. The security mindset surely helps me in my job, but is it good for me on the long run? What kind of influence has being an IT security professional had on your general attitude towards life? What helps you stay out of pessimism and cynicism? Is protecting existing things really as good as building new ones?"
from the poised-to-strike dept.
ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."