Microsoft wants data center legal protection

Actually, not a bad idea.

From the link:

Microsoft Corp.’s (MSFT) top legal official yesterday called on Congress to create new laws that would give data stored in the cloud the same protections as data stored on a PC. He also called for tougher penalties for hackers who access data centers, citing significant damage that’s often done in such attacks.

Brad Smith, senior vice president and general counsel at Microsoft, told an audience at a Brookings Institution forum here today that laws now protecting electronic data were written in the early days of PCs. “We need Congress to modernize the laws and adapt them to the cloud,” he said.

While many consumers have adopted cloud computing by subscribing to e-mail services like Google (GOOG) Gmail, to social networks like Facebook and to Microsoft’s increasing online services offerings, enterprises have been somewhat cautious about moving corporate data to hosted systems due to legal and security concerns both here and abroad. Those fears have been causing problem for IT vendors, forcing some to provide significant protections to large users.

Was the Twitter DoS attack a product demonstration?

You have to admit it’s an interesting theory and more than a bit cybercloak-and-daggerish.

From the link:

Randy Abrams, director of technical education at ESET, an IT security company based in Bratislava, Slovakia, said his best guess is that a major botnet herderwas offering a demonstration of the power of his botnet to a potential client with a major target in mind.

“They could have been saying, ‘Look what I can do to Twitter. I think my botnet can handle whatever you want it to do,'” said Abrams. “I’d put my money on this being a demonstration, a show of force, by someone looking to hire out their botnet.”

Update — Or maybe not.

Be on the lookout …

… for this new phishing attack. Sounds like it might catch the unwary.

From the link:

A vulnerability in major browsers recently discovered by Trusteer could make this trick much more dangerous, by allowing for “in-session phishing” and a more tailored attack. Using this new vulnerability, a phisher could detect, via the hacked site, when a user was already logged in to a banking website. The hacked site could then launch a pop-up warning the user that her session has timed out and asking her to reenter her login details. This approach would be less likely to raise a red flag, says Klein, since the pop-up does not appear completely out of the blue.

The core vulnerability discovered by the Israeli researchers is a Web browser flaw that lets the phisher see what other websites a person is visiting. Klein explains that a certain JavaScript function, commonly used by online retailers, financial institutions, and other sites, leaves a footprint revealing that the user is logged in to that site. Klein says that protections such as pop-up blockers wouldn’t necessarily derail the attack because the hacked site could itself be altered to seem like a request to log in again.