DigiNotar certs revoked, Anonymous exposes more data, and other briefs»The Netherlands-based certificate authority, DigiNotar, operated with a lack of basic security, which appears to have helped hackers create and issue 531 counterfeit certificates for a myriad of websites. The company, owned by U.S.-based VASCO, admitted that at least one fake SSL certificate, for Google.com, appeared in the wild. Since the revelation, the major web browsers acted to revoke certificates issued by DigiNotar.
»Just three weeks after launching its bounty program, Facebook already doled out $40,000 in rewards to researchers for privately disclosing security bugs. Facebook in late July announced it would provide bounties for the private disclosure of certain flaws that may “compromise the integrity or privacy of Facebook user data.” Since then, one researcher already has received more than $7,000 for reporting six different issues.»In the face of new arrests and arraignments, Anonymous continues to expose security weaknesses and embarrassing documents. In one of its latest digital heists, the collective leaked 3 GB of data from TexasPoliceChiefs.org. Some of the pilfered emails reveal offensive communications among authorities. Anonymous said its latest attack comes in retaliation for Texas police's campaign to “use border patrol operations as a cover for their backwards racist prejudice.” The Texas Police Chiefs Association is investigating.
»Fourteen individuals believed to be part of the hacktivist group Anonymous pleaded innocent in federal court in California to charges of participating in a DDoS attack against PayPal. The defendants, mostly 20-somethings, are facing felony charges of damaging a protected computer and conspiracy. Their next court date is scheduled for Nov. 1. Meanwhile, British police arrested two men, aged 20 and 24, in connection with acts carried out by a hacker using the alias “Kayla,” who is considered to be a key member of Anonymous' sister hacking group LulzSec.
»A bill that updates California's pioneering data breach notification law was signed into law by Gov. Jerry Brown. Introduced by Democratic Sen. Joe Simitian, SB-24 bolsters SB-1386, the nation's first law requiring companies to alert California residents if their personal data is accessed illegally. Since that legislation took effect eight years ago, nearly all 50 states and territories have enacted their own versions.
»The Chinese government has long been accused of hacking U.S. company and government websites, but now proof appears to have been captured on video. The purported evidence showed up, likely inadvertently, in a 20-minute Chinese military documentary on cyberwarfare. For about six seconds, the video appears to offer a rare glimpse of an actual state-sponsored hacking tool being used to attack a U.S.-based website affiliated with the dissident Falun Gong religious movement, which is banned in China.
»Cybercrime has affected 431 million adults around the world in the past year and cost $388 billion in monetary and time losses, according to the “2011 Norton Cybercrime Report,” from Symantec. The study, based on interviews with nearly 20,000 individuals from 24 countries, found that 14 adults become victims of cybercrime every second, totaling more than one million affected each day.