When most people think of cyber crime and cyber terrorism, they think of credit card information being stolen, identities being compromised, and, most recently, massive DDOS attacks by organizations like Anonymous and Lulzsec. What they don't tend to think of is the water coming from their faucet, the lights in their home and the gas heating their houses. Yet the ramifications of attacks on these basic utilities could far outweigh those of identity fraud. And these attacks are on the rise.

Despite Recent Threats American Infrastructure Is Still Vulnerable To Cyber Attack

In 2010 the Homeland Security Department responded to only 116 requests for assistance from it's Control System Security Program cyber experts. By September of 2011 there were 342. All of these attacks aren't domestically originated, either. On Nov. 8 an IP address originating from Russia attacked an Illinois based water utility company, managing to control a Supervisory Control And Data Acquisition system, resulting in a burnout of the associated pump. These types of real world results to cyber attacks are not unknown. In 2007 hackers managed to attack a diesel generator, causing it so self destruct.

At this time, companies in the sights of these types of attacks can only prevent between 67% and 76% of these types of attacks. They could prevent more but there's one thing holding them back: money. Right now these companies spend $5.3 billion on cybersecurity. To reach a 95% prevention rate they would have to increase that amount to more than $46 billion, an increase they say their customers won't approve.

With the very real and national threat posed by cybersecurity some would like the government to step in and foot the bill for these improvements. Others may think that this is a private sector issue and the government need not intervene. However, Glenn Derene said it best in his October 2009 article, "The next world war might not start with a bang, but a blackout."

Dog the Bounty Hunter, known for his shirtless leather vest approach to dressing and his less than tactful approach to apprehending bail jumpers, may not be ready for the next round of bounties coming down the pike. This year, at the CanSecWest in Vancouver, companies like HP and Google are offering rewards for hackers and research teams who can exploit zero-day vulnerabilities within the most common browsers.

Pwn2Own Contest Puts Bounty On Browser Vulnerabilities

This contest, known as Pwn2Own, has been an annual event at CanSecWest since 2007. Though in past years it has been criticized for randomly drawing participants and removing browsers once it had been exploited, this year the browsers will be fair game until the end with points awarded to the participant for each successful attack. In addition, the prize money offered is substantially larger, paying out $60,000 for first place, $30,000 for second and $15,000 for third. Google will also offer strictly Chrome based awards, paying $20,000 for a successful sandboxed exploitation and $10,000 for other unique attacks.

The goal of Pwn2Own, of course, is to find the vulnerabilities so they can be patched in the future. Though some may take issue with this methodology, it's common practice these days. As has been said far too many times in literary history, it takes a criminal to catch a criminal. This is simply the software version of hiring an ex theif to expose the weaknesses in your home security system. And while I hope none of the participants come with Dog's cliche catch them then try to recuperate them in the backseat of his car methodology, the increased prize money is sure to attract a plethora of hacker bounty hunters.

AVG technologies is the maker of one of the most successful pieces of anti-virus software in the world, and they are going public.

AVG Makes Its First IPO Of $125 Million

Founded in 1991, and based in the Netherlands, AVG not only offers their widely used free anti-virus software, but they also offer various premium software and services for those who require a bit more protection. Apparently in the 9 months of the last fiscal year, the company's revenue rose a full 24%, or to $191 million. They also more than double their profits from the last year to 68.8 million dollars, which is amazing considering the fact that so much of their manpower goes into free software.

Big name companies such as JP Morgan, Goldman Sachs, Morgan Stanley, and even Intel have chosen to back the growing company. They will be trading under the ticker symbol AVG, so make sure you keep an eye out because this company is making big moves.

Amazon Web Services has made the decision to team up with Check Point Software Technologies to offer their customers reliable security services.

Amazon Gains New Cloud Security Partner

Check Point announced the release of the Virtual Appliance for Amazon Web Services, which according to Check Point, "enables customers to extend their security to the cloud with the full range of protections using Check Point Software Blades." Up until now, Amazon Web Services only provided very basic security measures for users of their services, but that's not the case anymore.

Any user of the EC2 cloud services can get the Virtual Appliance directly from Amazon and set it up. Check Point describes many of the individual blades on as shown below:

"The Firewall and IPS Software Blades protect services in the public cloud from unauthorized access and attacks. The Application Control Software Blade helps prevent application layer denial of service attacks and protects your cloud services. The IPsec VPN Software Blade allow secure communication into cloud resources. The Mobile Access Software Blade allows mobile users to connect to the cloud with an SSL encrypted connection with two factor authentication and device pairing. The DLP Software Blade prevents data breaches with unique User Check technology to allow real-time user remediation."

Both companies want to attract a wide range of potential customers, especially small companies and startups that are building their infrastructure in the cloud. They seem to realize that most people see it as a very risky move to have sensitive data there, so this should be accessible for just about everyone. According to an article from SecurityWeek.com, the base price for these services is $2000, and that comes with the firewall and virtual gateway. Everything else is icing on the cake and will cost you more money on top of that, but hopefully not too much.

A presentation at a German security conference has many people worried about a this newly realized vulnerability that is present is most web frameworks.

HashDOS: Important Vulnerability Coming into the Spotlight.

According to a post from Sophos, "The type of hashing used by PHP, Java, Python and JavaScript in this attack is not a cryptographic hash, it is a simple mathematical hash used to speed up storing and retrieving data posted to web pages."

Under normal circumstances, the collisions in the hashes are managed by built-in language constructs and are not really an issue. However, in these types of attacks, the attacker can send pre-calculated values that will result in all of the hash values being the same, which will crash the majority of servers. On that same Sophos post, they stated that, "An example given showed how submitting approximately two megabytes of values that all compute to the same hash causes the web server to do more than 40 billion string comparisons." which is an nearly inconceivable for just looking some data for a webpage.

Apparently the keepers of the language Perl, went ahead and did something about this vulnerability some time ago, but nobody else followed suit, so they are all at risk. Hopefully, the people behind PHP, Python, and other applicable languages will actually pay attention this time and go ahead and make the necessary changes.

When is comes to security for mobile platforms, there is a very serious learning curve to getting it right and keeping it strong.

Mobile Security Will (Probably) Always Be More Difficult

Every day that goes by, mobile devices are getting smaller, sleeker, and more powerful, and to some people out there, that just means the they are new and vulnerable. This is a huge problem considering the rate at which people are acquiring smart phones for personal and business use, which also tend to hold sensitive data.

Large corporations are steadily gaining the power to do something about the situation, and most are taking advantage. Many products have come out lately that allow these corporations to monitor the mobile devices given to their employees for business use. Most also allow administrators to delete/block unwanted applications, block malicious incoming data, and disable the device completely. This is fantastic for new phones and ones that haven't been compromised yet, but what about the ones that aren't so lucky?

According to Lookout, a leading mobile security firm, mobile botnets are going to be one of the biggest problems for mobile platforms in the coming year. In fact, some of these have already been created, like the DroidDream scam that was removed from the marketplace not too long ago. One issue that I always like to bring up when talking about mobile security is the universal fragmentation of the world of Android, which is a huge part of the reason attacks like DroidDream can occur. The vast majority of the Android enabled devices out in the market right now are 2-3 OS releases behind, which poses a huge security threat whether your phone is actively tracked by a company admin or not. There will always be third-party solutions for fighting off attacks, but the issue will not be resolved until the Android (and is some ways, Apple) actually does something about it.

Users of the popular online gaming service have been getting phony emails from sites claiming to give away Microsoft points (the online currency for Xbox Live).

Widespread Xbox Live Phishing Scams Plague Gamers

These emails are made to look very official and many unwary consumers have been getting dragged in to the scam. These emails redirect to these sites where people are asked to enter sensitive information that can be used to purchase more points. Many users have been making reports of checking their bank statements and finding many charges on these cards that they did not make. The transactions are generally very small and they victims don't actually notice until it has already been going on for some time.

This is apparently not the first time something like this has happened with the service, as hackers have shown in the past to have multiple methods of getting customer information. While it is clearly wrong on the part of the cyber-criminals to participate in these activities in the first place, it is also the victims fault in this case. Unlike other, more direct methods of stealing customer information, such as directly from a database, this method requires the customer to give away their info. So, what that means is that any savvy user can avoid such situations by simply paying attention to what they are doing.

DO NOT GIVE YOUR INFORMATION AWAY TO STRANGE WEBSITES. This is something every company offering web services should remind their customers just to make sure that they are safe. As these customers have trusted the companies to protect their information, their should actually be a little effort on both sides. However, if you or anybody you know has already been affected by these scams, go here to the Xbox site to report the incident.