STE WILLIAMS

Free whitepaper – Ensure Ease of Recovery with Asigra’s Agentless Software

Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified.

In a post to Kaspersky Lab’s Securelist blog, security expert Roman Unuchek describes the malicious program, dubbed Backdoor.AndroidOS.Obad.a or “Obad” for short, as being closer to Windows malware than to your typical mobile Trojan, owing to its complexity and sophistication.

Obad uses multiple layers of encryption and code obfuscation to conceal what it’s doing, and it exploits previously unknown vulnerabilities in the Android OS to gain near total control over a device.

It runs in the background and has no visible user interface, but communicates with command and control (CC) servers over the device’s internet connection, and can even accept commands via SMS text messages.

Worse, once Obad gains Device Administrator privileges, it takes advantage of an Android vulnerability to hide itself from the list of applications that have such privileges, making it impossible for the user to remove it from the device.

Once installed, Obad can be commanded to perform a variety of functions. It can connect to internet addresses, ping servers, download files from servers and install them, and send text messages. It can also send data about the compromised device to the CC servers, including information about installed applications and the user’s contact data.

Don’t do it

On the more sophisticated side, Obad can allow cybercriminals to execute console commands via remote shell, send files to all detected Bluetooth devices, and can act as a proxy server, sending data to a specified address and returning the response.

What’s more, Obad has the ability to block the device’s screen for up to ten seconds, to help conceal its malicious activity from the user.

Kaspersky Lab has offered no theory as to who might be running the Obad malware, and no point of origin has been identified.

Unuchek says Kaspersky has already informed Google about the Android vulnerabilities exploited by the Trojan, and Obad can now be detected by security software from Kaspersky and other vendors.

If there is a bright spot to any of this, it’s that however sophisticated, Obad is still relatively rare. Over a three-day observation period, Kaspersky Lab found that Obad accounted for no more than 0.15 per cent of all attempts to infect mobile devices with malware – for now, at least. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/android_obad_trojan/

Free whitepaper – Customer Success Testimonial: Recovery is Everything

The Information Commissioner’s Office has fined Glasgow City Council £150,000 for losing two unencrypted laptops, one with the personal details of more than 20,000 people – just two years after a similar blunder.

More than 6,000 bank account details were held one of the stolen computers.

“To find out that these poor practices have returned some two years later shows a flagrant disregard for the law and the people of Glasgow,” said the ICO’s assistant commissioner for Scotland Ken MacDonald. “The council should be held to account, and the penalty goes some way to achieving that.”

The ICO said that the two laptops were pinched from the council’s offices in May last year when the premises were being renovated. One of the machines was locked in a storage drawer, but the key was put in a drawer with the second laptop, which was unlocked.

The office was known to be insecure and a number of thefts had already been reported. The employees who were using the laptops had requested encryption without success.

The council’s creditor payment history file was stored on one computer, containing the personal information of 20,143 people including at least 6,000 bank account details.

The ICO had already warned Glasgow council about security, issuing an enforcement notice three years ago when an unencrypted memory stick with personal data on it was lost. Despite this, the council issued unencrypted laptops to staff when it had problems with its encryption software and 74 unencrypted machines are unaccounted for, with at least six known to have been stolen.

“How an organisation can fail to notice that 74 unencrypted laptops have gone missing beggars belief,” MacDonald said.

“The fact that these laptops have never been recovered and no record was made of the information stored on them, means that we will probably never know the true extent of this breach, or how many people’s details have been compromised.”

A Glasgow City Council spokesman told the BBC: “This data loss should not have happened and we took immediate steps to ensure it does not happen again. The ICO acknowledges there is no evidence that any bank accounts have been targeted, that the council immediately informed it of the theft and that we carried out significant remedial action.” ®

Free whitepaper – Ensure Ease of Recovery with Asigra’s Agentless Software

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/glasgow_city_council_fined_ico/

Free whitepaper – Customer Success Testimonial: Recovery is Everything

Pirate Bay co-founder Gottfrid Svartholm Warg has been named as a suspect in the hacking of a European database containing data about wanted criminal suspects and missing people.

According to Denmark’s justice minister, two hackers are alleged to have accessed “some information” from the Schengen Information System, a controversial database which allows cops from 26 countries to share information. They are also accused of hacking into Denmark’s police driving register, which contains personal identity numbers, and databases held by the Tax Authority and the Modernisation Agency.

A 20-year-old Danish man was detained on Wednesday in connection with the case but 28-year-old Warg is currently languishing in a Swedish prison ahead of a trial for what authorities previously described as the biggest hack in the country’s history. He was arrested in Cambodia during September of last year at the request of Swedish police before being deported back to his home country.

Under Danish privacy laws, the police are not allowed to officially name the suspects. But speaking to the Associated Press, a government source was quoted as saying one of the suspects was the Pirate Bay old hand.

National police chief Jens Henrik Hoejbjerg said that about four million pieces of data were copied, but was not able to find any evidence that they had actually been used in any illegal manner. He reassured the Danish public, telling them that some hackers access sensitive data for financial gain, while others do it just to show they can. Sweden’s Security and Intelligence Agency has now been tasked with making sure the country is safe from any further cyber attacks.

It has been widely reported that the databases were held on systems operated by CSC, a major American IT firm. The Register has contacted CSC’s UK office to confirm this and we are currently awaiting a response.

Danish Justice Minister Morten Boedskov said: “This is a very serious hacking attack on Danish police registers.”

“I can fully understand people who are worried about a security failure involving police registers, and I can fully understand those who want an answer as to whether the failure has any influence on their affairs,” he added.

Before appearing in a Danish court Warg will first face trial in Sweden, where police have claimed a group of hackers accessed the personal data of thousands of people held by IT firm Logica, by hacking into the firm’s IBM mainframe, resulting in the online publication of 9,000 personal identity numbers. These hackers also tried to transfer large sums of money from accounts held by the the Nordea Bank, according to the police.

If Warg is found guilty in Sweden, he may have to serve his sentence before being deported to Denmark to face the next case, although the exact details of this have not been made clear.

Danish cops were first tipped off about the alleged hack attack when Swedish bobbies handed them a Danish IP address they uncovered during an investigation into the Logica incident. Danish police then realised their own databases had been attacked.

The unnamed Danish man has plead not guilty, while Warg has yet to enter a plea. The Danish suspect will be held for four weeks before facing trial.

The European Commission’s website says the Schengen Information System is used by “border guards as well as by police, customs, visa and judicial authorities throughout the Schengen Area”. Britain and Ireland are not part of the Schengen Area, which is the name for a bloc of nations that agreed to allow their citizens to freely travel by dropping passport and immigration controls at their borders. The site continues:

It holds information on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost. Information is entered into the SIS by national authorities and forwarded via the Central System to all Schengen States. The SIRENE Manual lays down the procedures for EU States’ exchanges of supplementary information on alerts stored in SIS.

®

Free whitepaper – Ensure Ease of Recovery with Asigra’s Agentless Software

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/pirate_bay_founder_named_as_suspect_in_paneuropean_police_database_hack/

Police in California have admitted they are baffled by a series of car thefts where robbers use a small hand-held electronic device to unlock supposedly secure car-locking systems.

“This is bad in the sense we’re stumped,” Long Beach deputy police chief David Hendricks told NBC. “We are stumped and we don’t know what this technology is.”

The police force has taken the unusual step of releasing video of two recent car break-ins in the southern California town by robbers using the device, which resembles an electronic key fob. In both cases the device unlocks the passenger side door and appears to disable the alarm system, allowing the thieves to rummage through the car but not drive it off.

Hendricks said that the force has been in discussions with car manufacturers and mechanics to try and find out what the device is, but so far have had no luck and are appealing to the public for information.

“This is really frustrating because clearly they’ve figured out something that looks really simple and whatever it is they’re doing, it takes just seconds to do,” said security consultant Jim Stickley. “And you look and you go, ‘That should not be possible’.”

Cracking electronic car keys is perfectly possible. Back in 2011 a Swiss team of researchers opened and started cars from eight different manufacturers using inexpensive hardware.

The team positioned one aerial next to the target car and another within eight meters of the car key itself. By transmitting data between the two using both wired and wireless communication the car could be unlocked and disarmed.

More recently, El Reg reported last year on a $30 kit that can be used to hack cars using the On-board diagnostics (OBD) computer system. The system was being used in Britain to scan and copy key fobs for high-end BMW vehicles.

This latest device looks like it could be somewhat similar, but it’s not known if the car thieves staked out the two robbed Long Beach cars in the police video to copy their owner’s keys, or if this new device is the car robber’s dream: a universal access key that works on most models.

California police have advised motorists to empty their car of all valuables at night – including garage door openers that could be used to burgle a property. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/06/electronics_skeleton_key_has_police_stumped/

It has been a rough 24 hours for the US National Security Agency. First a leaked court order (and the political reaction) showed that the agency routinely harvests US mobile-use data, and now a new document has been uncovered that claims to show the larger internet companies do the same thing.

A 41-page presentation, given in April this year and obtained by the Washington Post, details the PRISM project, a system described as being the largest single source of information for NSA analytic reports. PRISM apparently gives the NSA access to email, chat logs, any stored data, VoIP traffic, files transfers, social networking data, and the ominously named “Special Projects”.

Nine companies are currently part of PRISM. Microsoft was the first firm to sign up on Sept 11, 2007, with Yahoo! coming in the following year, the presentation states. Google and Facebook joined in 2009, the following year YouTube got on board, followed by Skype (before Redmond took it over) and AOL in 2011.

Apple held out for five years, but signed up in October last year, and video chat room provider PalTalk is also on board, with DropBox billed as coming soon. Twitter is conspicuous in its absence from the presentation’s list – which is reassuring – but given the other big names apparently playing ball, the social networking firm’s stand makes little difference.

The claimed PRISM participants

According to the Post, the presentations states that data from PRISM made it into 1,477 presidential briefing articles last year and is used in one out of seven NSA intelligence reports. The NSA’s searches are supposed to target non-US citizens, it appears, but an analysts was told “it’s nothing to worry about” if US data got purloined.

El Reg has contacted companies named in the report and has receive few answers. Microsoft says a statement is being prepared and only Google was prepared to go on the record.

“Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data,” it said in a statement.

Meanwhile, Apple told CNBC “We have never heard of PRISM. We do not provide any government agency with direct access to our servers,” with Facebook also denying it allows “direct access” to its servers.

But you can do a lot of twisting with language – as Bill Clinton showed with his quibbling over the meaning of the word “is” during the Monica Lewinsky saga. Every government agent this hack has talked to says the US government never spies on its own people, but is it spying if this data collection is legal?

The Verizon scandal, and not the accusations of PRISM, makes a statement by the Director of National Intelligence James Clapper in congressional testimony somewhat suspect.

Clapper was asked by Senator Ron Wyden (D-OR) if the NSA collected information on millions or hundreds of millions of Americans. “Not wittingly,” was Clapper’s reply. “There are cases where they could inadvertently perhaps collect, but not wittingly.” Those words now sound rather hollow. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/prism_plan_for_nsa_surveillance_of_internet_companies/

CyCon 2013 A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime.

Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers.

However, the perception remained that crooks in Russia and the Ukraine were free to target victims with Trojan-based scams, fake anti-virus, ransomware and other swindles – providing the victims were non-Russians.

Back in 2007, outfits such as the so-called Russian Business Network were rumoured to be handing kickbacks to corrupt politicians in St Petersburg whilst operating botnets, carrying out wholesale ID theft and running spam networks; all activities targeted against non-Russians.

Later, principal actors from the RBN were linked to DDoS attacks against Estonia and Georgia, and security researchers believe these were carried out on behalf of Russia’s FSB – the modern successor to the Soviet KGB spy agency.

As net use in latter-day Russia has increased, cybercrime has become a domestic problem as crooks set their sights on “soft targets” within Russia. The FSB, along with Russia’s internal security and policing services, lack the technological expertise, computer forensics and legal expertise to tackle cybercrime – so private sector organisations are having to pick up the slack, according to Keir Giles, a director at the UK’s Conflict Studies Research Centre.

“When top-level domain managers gave a presentation about the fight against cybercrime in Russia they didn’t mention the police,” Giles told El Reg. “This was an oversight, but a telling one nonetheless.”

Cyber response teams, ISPs, Russian security consultancies (such as Group-IB) and big Western software firms like Microsoft are the main agents behind bonnet busts and other activity in Russia that would be tied to law enforcement in the West.

Russian computer crime laws are outdated, or “imperfect” as Giles more diplomatically described them. Outdated technology and a lack of expertise in key areas, such as computer forensics, have meant that police agencies have turned to commercial providers.

Giles is due to present a session entitled Divided by a Common Language: Cyber Definitions in Chinese, Russian and English at CyCon in Tallinn, Estonia on Friday. Giles, an expert in Russian security policy and international relations of many years standing, explained that the Russian government’s attitude to the internet is markedly different from those in Europe and the US.

He explained that elements of the Russian security services, such as the FSB, want control of content and have a long-standing suspicion of social media, which they view as a forum for whipping up dissent – and, consequently, presents a threat to the state.

These suspicions were reinforced by protestors using social media to communicate and broadcast propaganda during the Arab Spring. But there’s a recognition by other sectors of the government that free connections with the outside world, and technologies such as encryption, are needed to allow e-commerce to take off.

Several Western politicians and governments are concerned about sourcing key components of internet infrastructure from the likes of Huawei, citing fears about hidden backdoors and similar concerns. Politicians in Russia have similar concerns about sourcing internet routing kit from firms like Cisco, Giles explained.

Further insights into Russian attitudes towards the internet can be gleaned from the English-language version of the draft convention on International Information Security, put forward by the Russians here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/06/private_sector_leading_russian_cybercrime_cleanup/

CyCon 2013 A shift in perspectives in Russia over the last 18 months means the country has ceased to be a safe haven for cybercrime.

Crackdowns on e-crime have taken place in the past, most notably the successful prosecution of the extortionists who were behind denial-of-service attacks against online bookmakers.

However, the perception remained that crooks in Russia and the Ukraine were free to target victims with Trojan-based scams, fake anti-virus, ransomware and other swindles – providing the victims were non-Russians.

Back in 2007, outfits such as the so-called Russian Business Network were rumoured to be handing kickbacks to corrupt politicians in St Petersburg whilst operating botnets, carrying out wholesale ID theft and running spam networks; all activities targeted against non-Russians.

Later, principal actors from the RBN were linked to DDoS attacks against Estonia and Georgia, and security researchers believe these were carried out on behalf of Russia’s FSB – the modern successor to the Soviet KGB spy agency.

As net use in latter-day Russia has increased, cybercrime has become a domestic problem as crooks set their sights on “soft targets” within Russia. The FSB, along with Russia’s internal security and policing services, lack the technological expertise, computer forensics and legal expertise to tackle cybercrime – so private sector organisations are having to pick up the slack, according to Keir Giles, a director at the UK’s Conflict Studies Research Centre.

“When top-level domain managers gave a presentation about the fight against cybercrime in Russia they didn’t mention the police,” Giles told El Reg. “This was an oversight, but a telling one nonetheless.”

Cyber response teams, ISPs, Russian security consultancies (such as Group-IB) and big Western software firms like Microsoft are the main agents behind bonnet busts and other activity in Russia that would be tied to law enforcement in the West.

Russian computer crime laws are outdated, or “imperfect” as Giles more diplomatically described them. Outdated technology and a lack of expertise in key areas, such as computer forensics, have meant that police agencies have turned to commercial providers.

Giles is due to present a session entitled Divided by a Common Language: Cyber Definitions in Chinese, Russian and English at CyCon in Tallinn, Estonia on Friday. Giles, an expert in Russian security policy and international relations of many years standing, explained that the Russian government’s attitude to the internet is markedly different from those in Europe and the US.

He explained that elements of the Russian security services, such as the FSB, want control of content and have a long-standing suspicion of social media, which they view as a forum for whipping up dissent – and, consequently, presents a threat to the state.

These suspicions were reinforced by protestors using social media to communicate and broadcast propaganda during the Arab Spring. But there’s a recognition by other sectors of the government that free connections with the outside world, and technologies such as encryption, are needed to allow e-commerce to take off.

Several Western politicians and governments are concerned about sourcing key components of internet infrastructure from the likes of Huawei, citing fears about hidden backdoors and similar concerns. Politicians in Russia have similar concerns about sourcing internet routing kit from firms like Cisco, Giles explained.

Further insights into Russian attitudes towards the internet can be gleaned from the English-language version of the draft convention on International Information Security, put forward by the Russians here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/06/private_sector_leading_russian_cybercrime_cleanup/

British bobbies and Vietnamese rozzers have joined forces to smash a web forum allegedly dedicated to trading stolen credit card data.

Three men were arrested in the UK, while eight were taken off to the cells in Vietnam over their alleged involvement with a site called Mattfeuter.ru, which is suspected of facilitating credit-card fraud totalling $200m.

Forum bosses are alleged to have hacked into corporate websites to steal 1.1 million people’s credit card details, before selling them on the forum to 16,000 members.

The site was so organised that it even offered discounts on bulk purchases of card numbers.

The Vietnamese High-Tech Crime Unit and the Criminal Investigation Division of the Ministry of Public Security of Vietnam (MPSVN) organised a rare international collaboration with Blighty’s Serious Organised Crime Agency (SOCA), the Metropolitan Police’s e-Crime Unit and the FBI.

Officers from SOCA, the e-crime unit and the Dedicated Cheque and Plastic Crime Unit made three arrests in London, collaring a 37-year-old from West Ham, a 34-year-old from Thornton Heath and a 44-year-old from Manor Park. The US Department of Justice has charged Duy Hai Truong, 23, of Ho Chi Minh City in Vietnam, with conspiracy to commit bank fraud. Truong, who is one of the alleged ring leaders, was arrested in the southeast Asian country.

The cops aren’t finished with the operation just yet. The British plod are working to track down users of the forum, while also taking down a number of other websites that, we’re told, offer stolen credit card data. British and Vietnamese police are also sharing intelligence to help carry out more operations and make further arrests.

In Vietnam, the arrests were made under legislation introduced in 2009, which makes it a criminal offence to steal or fraudulently obtain credit card information from domestic and foreign sources.

Future operations in Britain will soon be carried out by the National Cyber Crime Unit, which is currently being formed as a joint venture between The Police Central e-Crime Unit and SOCA.

SOCA’s Andy Archibald, interim Deputy Director of the National Cyber Crime Unit, said: “One of the world’s major facilitation networks for online card fraud has been dismantled by this operation, and those engaged in this type of crime should know that that they are neither anonymous, nor beyond the reach of law enforcement agencies.”

The investigation is also being helped by Europol and companies including Visa and MasterCard. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/06/cops_smash_stolen_credit_card_forum/

British bobbies and Vietnamese rozzers have joined forces to smash a web forum allegedly dedicated to trading stolen credit card data.

Three men were arrested in the UK, while eight were taken off to the cells in Vietnam over their alleged involvement with a site called Mattfeuter.ru, which is suspected of facilitating credit-card fraud totalling $200m.

Forum bosses are alleged to have hacked into corporate websites to steal 1.1 million people’s credit card details, before selling them on the forum to 16,000 members.

The site was so organised that it even offered discounts on bulk purchases of card numbers.

The Vietnamese High-Tech Crime Unit and the Criminal Investigation Division of the Ministry of Public Security of Vietnam (MPSVN) organised a rare international collaboration with Blighty’s Serious Organised Crime Agency (SOCA), the Metropolitan Police’s e-Crime Unit and the FBI.

Officers from SOCA, the e-crime unit and the Dedicated Cheque and Plastic Crime Unit made three arrests in London, collaring a 37-year-old from West Ham, a 34-year-old from Thornton Heath and a 44-year-old from Manor Park. The US Department of Justice has charged Duy Hai Truong, 23, of Ho Chi Minh City in Vietnam, with conspiracy to commit bank fraud. Truong, who is one of the alleged ring leaders, was arrested in the southeast Asian country.

The cops aren’t finished with the operation just yet. The British plod are working to track down users of the forum, while also taking down a number of other websites that, we’re told, offer stolen credit card data. British and Vietnamese police are also sharing intelligence to help carry out more operations and make further arrests.

In Vietnam, the arrests were made under legislation introduced in 2009, which makes it a criminal offence to steal or fraudulently obtain credit card information from domestic and foreign sources.

Future operations in Britain will soon be carried out by the National Cyber Crime Unit, which is currently being formed as a joint venture between The Police Central e-Crime Unit and SOCA.

SOCA’s Andy Archibald, interim Deputy Director of the National Cyber Crime Unit, said: “One of the world’s major facilitation networks for online card fraud has been dismantled by this operation, and those engaged in this type of crime should know that that they are neither anonymous, nor beyond the reach of law enforcement agencies.”

The investigation is also being helped by Europol and companies including Visa and MasterCard. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/06/cops_smash_stolen_credit_card_forum/

Women are shunning cyber security even more than they shun the rest of IT, according to a survey.

Of the 2,500 people who took cyber security training at QA in 2012, just 6.2 per cent were women.

The number of women choosing to take up security courses also declined overall by 19.5 per cent between 2011 and 2012, while the number of men on the courses more than doubled, growing by 118 per cent in the same period. The training firm blames the shortfall on sexism as well as rubbish lessons in school focused on teaching basic office skills rather than hard computer science.

Women are generally rare in the IT and telecoms industry, making up just 18 percent of the total workforce, but it appears they’re even rarer in security.

Bill Walker, QA technical director and cybersecurity wonk, said:

“It’s unclear why women are so under-represented in such an important and fast-growing part of Britain’s IT economy. Various theories abound – from gender stereotyping to teaching the wrong kind of technology.

“Despite the huge rise in men taking cyber security training over the past year, Britain is still falling short of the number of people needed … It needs to be easier, more affordable and more appealing to women, in order for them to enter this vital segment of the IT economy.”

A National Audit Office report in February claimed that cyber crime costs the UK between £18 billion and £27 billion a year. It also suggested there is a severe lack of decent workers who can step it to help stop online attacks and warned this skills gap was so severe it could take 20 years to close.

In 2011, the National Cyber Security Programme pledged to splurge £650m over five years to shore up the UK’s cyber-security defences after suggesting that cyber attacks posed a threat to Britain as severe as terrorism.

The QA figures were released following a report from the Women’s Business Council which insisted that “women should not just try to fit into the economy, they should be shaping it”.

The report found that 2.4 million women who are currently out of work would like to find a job, while a further 1.3 million women want more hours at their current role. It also claimed that getting more women involved in work could increase economic growth by 0.5 per cent a year, resulting in a GDP boost of about 10 per cent by 2030. ®

Bootnote

Just in case anyone’s in a rage about our dog-bites-woman headline, the reference is to the classic Blackadder episode “Ink and Incapability”, in which the following exchange takes place:

Edmund: Sir, the Prince is young and foolish, and has a peanut for a brain. Give me just a few minutes and I will deliver both the book and his patronage.

Dr Johnson: Oh, will you, sir… I very much doubt it. A servant who is an influence for the good is like a dog who speaks: very rare.

E: I think I can change his mind.

J: Hmpf! Well, I doubt it, sir. A man who can change a prince’s mind is like a dog who speaks *Norwegian*: even rarer! I shall be at Mrs. Miggins’ Literary Salon in twenty minutes. Bring the book there. (exits)

– Ed.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/06/cyber_security_becomes_a_testosteronefuelled_man_ghetto/