At Gap data of 800000 competitors have been stolen

Gap has informed on theft of the laptop, containing data about 800 thousand competitors of work from the USA, Puerto Rico and Canada. Laptop has disappeared from office of the foreign company employed Gap for work with data about applicants for work, and data have not been ciphered.

On the stolen computer there were names, addresses, numbers of social insurance and the resumes sent through the Internet or collected by phone from July, 2006 till June, 2007. Gap has begun the notification of competitors, whose numbers of social insurance have got to the third parties, and suggests to provide year monitoring of credit operations. Now information on use of the stolen data did not act.

Google: loads of new bugs

In services and products of Google on Monday, September, 24th, 2007, three vulnerabilities allowed the malefactor to execute an any code written in language JavaScript on behalf of a site and to steal requisites of registration record, kept in cookies have been found out, and in one case - to steal photos from online-storehouse. Vulnerability to between-sites scripting (CSS/XSS) have been found out in Google Groups, the search machine and Picasa.

Vulnerability in Google Groups to which at once there was a set of exploits, stealing requisites of access to GMail and sending contents of all mail box, has been eliminated. Exploites worked in four most known browsers: IE, Firefox, Opera and Konqueror. That vulnerability has worked, the victim should pass on specially generated URL, being in mail box GMail.

The second vulnerability of the same type is found out in search machines Google. Exploites, published in Mustlive blog, allowed to steal authentification cookies by means of specially generated URL, the leader on site ICANN and University of York.
The first has been eliminated ICANN, and the second while operates. Search in Google has shown, that approximately 200 thousand sites can be used for attack.

The third vulnerability allows to steal photos with Picasa, having enticed a victim on nocuous a web-page. Though in a basis lays between-sites scripting, for successful attack it is necessary a little making: use Flash, unreliability in URI proceeder and a fake of inquiries at data exchange between appendices. Vulnerability is not eliminated yet, however complexity of its operation will stop hackers for some time.

The previous large batch of bugs in Google has been found out in the end of May - the beginning of June. Then four vulnerabilities to between-sites scripting have existed for a week after detection.

Bug in Google Mail

There was an information about new vulnerability in Google web-mail which allows to organize interception of letters of the user privately. Known researcher Petko Petkov GNU Citizen has found out a bug, by the information from his blog having redirected logined Gmail user on a special site it is possible to create the filter which automatically will forward all messages with attachments on a mail box of the burglar in the mail.

Vulnerability is connected with the wrong data processing, transferred in forms (multipart/form-data POST). Petrkov has not laid out exploit for this vulnerability, however the colleague to whom hw showed breaking Gmail, confirm existence especially marking danger of a such mistake - " exploit works without any interaction with the user and it is absolutely imperceptible, it will be difficult to average user to notice, that its mail steal ". Google is engaged in studying of a mistake.

3 000 000 internet crimes in 2006 year

In 2006 year in the Internet it has been accomplished about three millions crimes, the experts of the company 1871 investigated a crime rate in the Network under the order of firm Garlik consider. On the average, cybercriminal makes a crime each 12 seconds, newspaper The Telegraph cites the given researches.

Law enforcement bodies do not know about 90 percent of similar crimes as frequently or cyber criminal's victims do not know that the law has been broken or consider, that the police will not begin investigate.

The majority of crimes, under version of 1871 is remarkable, that, online-squabbles, such as insults and threats and also their less widespread consequences, for example, blackmail concerns not financial frauds and seeming quite ordinary in life of the network community of elements.

Also experts have counted 207000 cases of financial frauds including using stolen data like numbers of credit cards and bank accounts, 144500 cases of breakings of computers and 850 thousand crimes in sexual sphere, such as uploading of a children's pornography or prosecution of minors.

Embassy's e-mails stolen

The Swedish hacker has taken hold of passwords from hundred electronic mail boxes of employees of embassies of the several countries. In this list also the Russian embassy in Sweden.

The hacker has published passwords and e-mail addresses to diplomatic representatives of Russia (embassy in Sweden), Iran, India and of some other states on the web site "DEranged Security".

Uzbek diplomats are the most unlucky: the hacker has published addresses and passwords from e-mails of more than two tens embassies of this country. About how the Swede could take hold of this information, messages did not act yet.

Popular Monster.com hack was carried out from Ukraine

Breaking of the world's largest recruiting site Monster.com, fixed in the end of the last week, has been carried out from a computer located in territory of Ukraine. To such conclusion have come experts from Symantec company which is responsible for the security of web site Monster.com.

Malefactors have stolen about 1,6 million records from Monster database. Though not each of them contained personal information of users of this site, in hands of hackers there were particularies on hundreds thousand person. Administration of Monster has promised "to arrange", however in what they will consist, is not specified yet. Access to databases of site on which placed more than 70 million resume, has been carried out by means of Trojan program Infostealer. Monstres. Users left the following information on: addresses, phones and e-mail; any data of numbers of credit cards and bank accounts was not on the Monster web site.

Malefactors have begun dispatches of letters ostensibly on behalf of Monster with the offer to establish a certain additional module for work with a site. Under a kind of the module hackers try to compel to establish users on the machines espionage programs.

To my mind, each protection system can be hacked, but security companies have to protect user's data. It is simply work of security companies, in this case such company is Symantec. In our real world I can't trust internet my confidential data like number of credit card or something like this because I know that it can be stolen. But when will we be protected completely? Let's wait for the evolution of internet...