Welcome to Montebello Partners' security home page. Here we include important current alerts, resources, and announcements. If this is your first visit here, you may want to browse:

• Our introduction to Internet Security,
• Description of our security services
• Monthly email news and updates
• The monthly meetings of the SDForum Internet Security SIG
• The FBI-sponsored bay area Infragard chapter
• Useful security links and tools
• Various presentations given by us.

November, 2004 Update

Hacks

• A cyber-criminal hacked into a UC Berkeley computer that contained up to 600,000 personal files. The files included home address, social security number, dates of bith, and telephone number for members of In-Home Supportive Services, a state program for the elderly and disabled. The disclosure of this breach was in part motivated by California's new privacy breach disclosure law.

• Authorize.net, a credit processing firm, was the victim of a cyber-extortion scheme. After receiving an extortion letter, and refusing the demands, their services were intimittently interrupted by a distributed denial-of-service (DDoS) attack. These DDoS extortion schemes have been endemic in the online gambling industry, and are usually launched from networks of "zombie" machines compromised by worms and viruses.

Holes

• A number of vulnerabilities in Microsoft Internet Explorer allow hackers to take over your computer when you view a web page they've created in your browser or your email in-box. Patches are available, and XP service pack 2 or later is not vulnerable to this. On a related note, Microsoft has announced plans to stop delivering IE security updates for Windows versions older than XP service pack 2. "We recommend that customers upgrade to XP and SP2 as quickly as possible," says Microsoft

  A number of vulnerabilities were disclosed in the Mozilla suite of free browser and email applications. A patch is available.

Upcoming Events

• Increasingly, professional cyber-criminal, often linked with traditional organized crime, are using the Internet to perform scams and thefts. "Phishing", where a criminal entices the victim to enter sensitive data, like credit card numbers and passwords, onto a phony website that looks identical to web pages from legitimate services. Come listen to an expert on this trend discuss it and what we can do about it. For more information, please join our monthly mailing list, and we will send you details.

Other Updates

• June, 2006
• May, 2006
• November, 2005
• August, 2005
• June, 2005
• May, 2005
• April, 2005
• March, 2005
• January, 2005
• December, 2004
• November, 2004
• October, 2004
• September, 2004
• August, 2004
• April, 2003
• March, 2003