Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Power grid takedown: A new how-to

A Chinese academic led a team at a Chinese university that studied how well targeted attacks can create failure within the US’ west coast power grid.

Analyzing various scenarios the team found where targeting a small power grid subnetwork can have a cascading effect on the rest of the power grid; creating a major outage. Instead of targeting the more heavily used portions of the power grid first the researchers found that targeting a smaller power grid subnetwork would have a greater effect towards achieving an outage.

Click here for more information.

New Africa broadband ‘ready’

The second undersea cable to serve East Africa is set to go live. Last August News Bits highlighted the first cable to go live with service to East Africa. Until then many only had access to the Internet via satellite connectivity. With the arrival of the first cable to go live last August many were expecting to see prices drop while speeds increased. As a result speeds increased slightly and only businesses and the more wealthy could afford the new connectivity. With second cable will deliver greater amounts of bandwidth with an expectation that costs will decrease with higher speeds.

Click here for more information.

Smart Card Alliance: End-To-End Encryption Won’t Stop Credit-Card Fraud

In the wake of breaches, such as of Heartland Payment Systems where millions of customer credit and debit card information was exposed, the Smart Card Alliance is calling for the electronic payment industry to adopt contactless chip cards with dynamic cryptograms.

Contactless chip cards are where payment cards do not need to come in physical contact with a device in order for the transaction to complete. A common example of a contact card is when a credit or debit card needs to be inserted into a device for the transaction to be conducted. A contactless transaction is when the credit or debit card comes in close proximity to a device without having to come in contact with the device to complete the transaction. An example is where people could pay for transit on a bus or subway without having to remove their card from their wallet. All the individual needs to do is position their wallet in close proximity of the payment device. The information is read via RFID.

The Smart Card Alliance is pushing for this method over regular end-to-end encryption because cards that require contact with a device for a transaction can still have code implanted on the device that not only reads the cards data but also can be used to determine the PIN used. The contactless technology uses a chip that includes dynamic cryptograms whereby each transaction will receive a dynamic key generated by the card. The key from the card must also match the key generated from the processor. If a hacker is able to capture the data from a single transaction, the same data can not be used again as a new key will need to be generated for future transactions.

Click here for more information.

Sears told to destroy data gathered by online tracking software

As reported in News Bits earlier this year, Sears initiated a social networking community whereby customers could sign up to become part of their community. Software was installed on the computers of the community members that not only tracked their browsing while on the Sears or Kmart sites, it also tracked browsing on third party website. The software also tracked banking and other transactions as well as non-Internet activity.

The earlier News Bits posting about this was about the FTC telling Sears and Kmart to stop collecting the information. The latest is the FTC has now asked the companies to destroy the data gathered.

Comment: One of the goals of organizations, such as the European Commission is to help increase the level of confidence Internet users have in actually using the Internet, especially for making purchases online. Such programs used by Sears is an example of why confidence over Internet use wanes.

Click here for more information.

Trial set for ‘botnet for hire’ duo

Facing 5 years in prison and a $250,000 fine each, two people have been charged for building and trying to sell their botnet. To illustrate the power of their newly created 22,000 zombie network they used a part of their network to attack ThePlanet.Com with a DDoS attack. A pricing schedule was developed for use of the BotNet. They are also charged with breaching T35.net and extracting hundreds of thousands of user IDs and access codes.

Click here for more information.