Listen - Download MP3 - iTunes

Rogue security software is a huge and growing problem, according to a new report from Symantec.

Listen - Download MP3 - iTunes

123456.

Believe it or not, that was the most common password on a list of 10,000 e-mail addresses recently revealed after a phishing attack.

Guests: Robert Abela, Acunetix; Bruce Schneier, security technologist

Listen - Download MP3 - iTunes

Part 2 of our interview with John Arquilla, Naval Postgraduate School

Listen - Download MP3 - iTunes

Microsoft has released its free security software package. Does it do the job? We put that question to Dwight Silverman.

Listen - Download MP3 - iTunes

In a recent scholarly paper researchers from Microsoft and Carnegie Mellon University argue that secret question mechanisms are insecure. The study involved 130 people who use Web mail services from Google, Microsoft, Yahoo and AOL, all of which have secret questions for password recovery.

Guest: Stuart Schechter, Microsoft Research

Listen - Download MP3 - iTunes

In Wired magazine, Nicholas Thompson writes about system known as Dead Hand. It was designed by Soviet scientists in the mid 1980s to automatically retaliate against a nuclear strike from the U.S.

Thompson's new book on the cold war is The Hawk and the Dove.

Listen - Download MP3 - iTunes

One of our key protections against privacy invasion, the stripping of personally identifiable information from databases, is not working, according to Paul Ohm of the University of Colorado School of Law.

MP3 - iTunes

The semi-annual Web Hacking Incidents Database report finds an increasing number of malicious attacks targeting users of Twitter, Facebook, MySpace and other social networks.

MP3 - iTunes

Guest: Tom Merritt, executive editor at CNET

MP3 - iTunes

A new survey by the Messaging Anti-Abuse Working Group finds that 12 percent of Internet users open messages they know to be spam because they're interested in the product or service being pitched.

MP3 - iTunes

In a research paper being presented at a computer security symposium in Oakland, California today, researchers from Microsoft and Carnegie Mellon University argue that secret question mechanisms are insecure. The study involved 130 people who use Web mail services from Google, Microsoft, Yahoo and AOL, all of which have secret questions for password recovery.

Guest: Stuart Schechter, Microsoft Research

MP3 - iTunes

California prison authorities confiscated 2800 cell phones from inmates last year - double the number the year before. And now a proposal being debated in California would make it a crime for the state's approximately 170,00 inmates to possess cell phones and for people to sneak them into prisons. Right now cell phones are banned from California prisons but not illegal.

MP3 - iTunes

Computer science researchers at the University of California Santa Barbara earlier this year managed to infiltrate the Torpig botnet, a vast zombie network of infected Windows computers designed to steal identities and money from its victims. Torpig infects machines with malware, then monitors keystrokes to steal user names and passwords for logging into online banks and other sites.

Guest: Giovanni Vigna, UCSB

MP3 - iTunes

The United States has no clear policy on the use of digital weaponry to attack communications systems, financial networks and power grids, or to defend its own systems, according to a National Research Council panel of scientists and policy makers.

MP3 - iTunes

Cyber crooks stole more data from financial institutions and other businesses last year than in the three year period from 2004 to 2007, according to a new report from Verizon Business.

MP3 - iTunes

Last week tens of thousands of Silicon Valley homes and businesses temporarily lost their ability to make land line and cell phone calls, and connect to the Internet, after an act of vandalism. The vandal's tool was not a virus, worm or any other kind of sophisticated cyber attack, but rather a simple hacksaw.

MP3 - iTunes

A new report from Web security company Finjan describes how cyber criminals are redirecting visitors of legitimate Web sites to pages that sell fake antivirus software.

Finjan says the scammers are inserting popular search keywords and hidden bits of code on Web sites. This causes Internet searches for those sites to return results that trick people into visiting sites selling antivirus software that only pretends to find and fix viruses.

To leave a voice comment on this story, call 612-284-1965. Or, find me on Twitter

UPDATE: Here is a list of rogue antivirus software from Wikipedia.

UPDATE 2: Here are some listener comments, via Google Voice:

MP3 - iTunes

Recent business history is replete with costly mistakes regarding the handling of customer information.

According to a new report (PDF) by the American Civil Liberties Union of Northern California, companies fail to to take privacy and free speech issues into account when they design new products and services. Companies need to bake privacy and security into their operations early on, according to the ACLU's Nicole Ozer.

MP3 - iTunes

Over the past several years, profit motive has become one of the primary reasons for carrying out Internet attacks. But according to the new Web Hacking Incidents Database Report, the number one motivation for Web-based attacks in 2008 was defacement targeting political parties, candidates and government agencies.

Other items mentioned on today's show:

Read Me A Story, Mr. Roboto (Slate)
Amazon Releases Kindle App For iPhone (TechBlog)
New Kindle Better But Still Pricey (Houston Chronicle)
Surveillance Self-Defense (EFF)

MP3 - iTunes

A study conducted by computer forensics firm Kessler International found four in ten used hard drives for sale on eBay contain sensitive information.

Also mentioned on today's show:

Why More Megapixels Isn't Always Better (Gizmodo)

30+ Websites To Visit When You're Laid Off (Mashable)

MP3 - iTunes

The bad economy is likely to blame for a big increase in identity fraud, according to a new study from Javelin Research.

MP3 - iTunes

Earlier this month, some residents of Grand Forks, North Dakota found parking tickets attached to their car and truck windshields. The tickets instructed them to visit a Web site to get the details of their supposed violations. Turns out the tickets were fake, and directed drivers to a site designed to deliver malicious software to their computers.

MP3 - iTunes

As hacking targets go, they don't come much juicier than a credit card payment processing company. Such firms transmit credit and debit card transactions from merchants to Visa, Mastercard and banks.

We learned this week that malicious hackers managed to install spying software on the computer network of Heartland Payment Systems, the sixth largest payment processor in the U.S. It could go down as one of the biggest credit card theft schemes on record, but you may have missed the news, coming as it did on the day of Barack Obama's inauguration.

Guest: Brian Krebs, Washington Post

MP3 - iTunes

Barack Obama says he's still clinging to his BlackBerry, but it looks like aides will pry the smart phone from the presidential hands in short order. The Secret Service and Obama's lawyers say the Verizon BlackBerry 8830 World Edition phone is too much of a security risk and legal liability.

Guest: Maggie Reardon, CNET News.com

MP3 - iTunes

The Internet is a second front in the war in Gaza, according to a cyber war researcher.

Hackers on both sides are waging a battle of words and vivid imagery by defacing Websites, according to Jart Armin with HostExploit.com. He says Israelis and Palestinians have been waging cyber war on and off since 2001, but now hackers are intensifying their Internet vandalizing campaign outside the Middle East.

MP3 - iTunes

A new report from security company Sophos claims American websites host more malicious software than any other country. Sophos says that's because so many computers in the U.S. are under the control of malicious hackers.

But the attacks that enslave U.S. computers into botnets commonly are launched from outside our borders. How should we respond?

Guest: James Lewis, Center for Strategic and International Studies

MP3 - iTunes

A panel of government and industry experts is urging President-elect Barack Obama to create a new White House office to protect the country from malicious hackers and Internet attacks from foreign governments.

Because cyber attacks are so frequent the government should give them the same level of attention as threats from weapons of mass destruction and global jihad, said James Lewis of the Center for Strategic and International Studies.

For more on this topic, listen to today's Midmorning broadcast:

MP3 - iTunes

Apple this week took down from its Web site a technical bulletin that advised Mac owners to run anti-virus software. Apple's move came after the Washington Post took note of the document, which apparently had been up since the middle of last year.

Apple has made the built-in safety of its computers a selling point, but some security experts have been warning Mac users against complacency, saying the number of security threats is rising.

In revoking its advice on anti-virus software Apple's chose marketing over security, according to Future Tense news analyst Dwight Silverman.

Mac users should be using anti-virus, said Silverman.

MP3 - iTunes

In a recent story in USA Today, Byron Acohido reports that malicious hackers recently broke into the computer network of a large Houston-based technology company, infecting more than 300 work stations with a virus that harvested company documents, sending the data to a gang of thieves in Turkey.

Acohido says the heist underscores a shift in computer crime, where criminals are going after corporate users instead of individuals.

MP3 - iTunes

Security experts who helped shut down a shadowy Silicon Valley Web hosting company this week say the result is an instant 40 percent drop in spam. But that won't last, according to Paul Ferguson of security firm Trend Micro.

Ferguson is part of an alliance of security researchers called HostExploit.com that's been keeping tabs on Web hosting company McColo for the better part of two years now.

HostExploit's sleuthing helped persuade McColo's Internet service providers to pull the plug on the company.

MP3 - iTunes

Malicious hackers are finding it more difficult to exploits flaws in Windows, so they're going after individual programs instead, according to Microsoft's semi-annual Security Intelligence Report.

Microsoft says security holes in its own software are down by 33 percent in the first half of the year, but the number of serious vulnerabilities is increasing overall.

Microsoft has learned a lot about making secure software over the past few years, said George Stathakopolous, general manager of product security.

MP3 - iTunes

Researchers at the University of Toronto have discovered a large surveillance system in China that monitors, censors, and archives text conversations exchanged by customers of Tom-Skype, a joint venture of eBay-owned Skype and a Chinese wireless company.

The university's Citizen Lab, a research group that investigates Internet censorship, discovered the operation in September, and was able to access an archive of messages from inadequately-protected computers. They discovered a list or restricted words - such as "democracy" and "Falun Gong".

UPDATE: Skype responds