A phishing attack led the Bank of New Zealand to take its online banking web site offline Thursday to prevent scammers from draining customer accounts. The bank said that although there had been no threat to its Internet infrastructure, the site was shut for eight hours to protect customers who shared their banking logins with a spoof web site operated by a phishing crew. The BNZ web site came back online Thursday evening with "restricted functionality," and returned to full service on Friday, bank spokesman told the National Business Review.
Bank of New Zealand said it will continue to closely monitor Internet banking transactions, and has revised daily transaction limits for all customers. The bank also suspended Internet banking access for customers who enteered their details at the fake site.(more...)
Internet backbone provider Level 3 Communications reported "wide spread network instability" overnight, causing connectivity problems for many ISPs and hosting companies that rely on Level 3 for high-speed Internet access. The outage lasted several hours before service was restored. A discussion on the North American Network Operators Group mailing list offers additional details on the outage.
Level 3 is one of the largest providers of wholesale dial-up service to ISPs in North America and also connects millions of broadband subscribers to the Internet through its cable and DSL partners.
The explosion of spam blogs on Google's Blogspot hosting service is drawing a chorus of condemnation from prominent bloggers, and has led at least one blog search service to stop indexing posts on Blogspot. The growth of spam blogs has accelerated in recent months, fueled by automated tools that can create blogs on Blogspot and some similar services and populate them with keyword-optimized posts and Google AdSense advertisements.
About 39,000 fake blogs have been created on the web in the past two weeks, according to an analysis by Technorati, or about 4.6 percent of the 805,000 new weblogs created in that period. FightSplog, which has been monitoring new blogs at Blogspot, recently documented 2,763 porn splogs created by a single "splogger." Blogspot-based spam blogs recently began featuring names of prominent bloggers in posts, boosting the splogs' visibility in searches at web-based RSS aggregators like Feedster, PubSub and Bloglines.
The move prompted IceRocket to stop indexing new posts from Blogspot.com, according to a blunt post from Mark Cuban, a major investor in IceRocket. Cuban says Blogspot indexing will resume once filters are adjusted, but warned Google to fix the problem or face a permanent ban. Bloggers are also focusing their fire on Google, which has stepped up its splog-squashing efforts in recent weeks but still can't keep pace with the automated instasplogs. "If your motto truly is to do no evil, then you need to start putting some resources behind an effort to curb this train wreck," LockerGnome's Chris Pirillo advised Google.(more...)
Microsoft has issued workaround instructions for a buggy patch issued last Tuesday as part of its monthly security update. The patch repairs a critical security hole, which could leave Windows 2000 systems open to an Internet worm attack. Microsoft says that few systems have been affected by issues with the update for a security hole known as MS05-051, which could allow attackers to gain control of Windows 2000 computers via an unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC).
Late last week users began reporting significant problems on some Windows XP, Windows 2000 and Windows Server 2003 systems after the patch was applied. Although few users were directly affected, the bug reports may have prompted many network administrators to delay patching their systems until the issues were resolved.(more...)
The Apple Store was offline for more than an hour following the launch of a new video-enabled iPod, which was unveiled today after months of anticipation. While the launch of a new Apple product routinely leads to brief "restocking" outages for the Apple store, today's downtime was longer than usual, perhaps due to web traffic generated by the pent-up curiosity of iPod lovers.
The video iPod has a 2.5-inch screen and will sell for $299 for the 30-gigbyte hard drive, and $399 for 60 gigs. Apple's iTunes store will now sell music videos and some TV programming at $1.99 per video.
OpenSSL has released a software update to fix a flaw that could make it easier for hackers to attack secure web servers. The security issue could allow attackers to force an SSL-enabled site to use the outdated and potentially insecure SSL version 2.0 protocol.
Some secure web sites allow visitors to connect using earlier versions of SSL, an option which can be enabled by OpenSSL's SSL_OP_ALL setting. Normally, web servers will default to the most current encryption protocol supported by the user's browser, usually TLS or SSL version 3. But a flaw in the SSL_OP_ALL implementation could allow an attacker to trick the server into using SSL 2.0.
"An attacker acting as a 'man in the middle' can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0," notes the advisory from OpenSSL. "The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only." The OpenSSL Project is advising users to either upgrade their server software with the latest version or disable SSL 2.0 entirely.(more...)