In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about. It's just making a copy of a document, right? How risky could that be?

Very risky, as it turns out. You might want to press cancel on the copy machine right about now.

The multi-purpose copy machines in your office keep a wealth of copied data on a hard drive that any one can hack.

Security experts say businesses are completely unaware of the potential information security breach when the office photocopier is replaced. They think the copier is just headed for a junkyard but, in most cases, when the machine goes, so does sensitive data that have been stored on the copier's hard drive for years.

Even though high-volume photocopy machines with hard drives have been around for more than five years – most large offices today would have them, the kind that photocopy 35 to 60 pages a minute – people rarely think of them as computers.

Modern, large, office-type photocopiers are computers. The whole system is controlled by a computer, it has a hard disk. It scans images and they are stored on the disc. They are also networked computers and have all the same security issues that a computer does.

Ref: http://www.thestar.com/news/gta/article/781567--high-tech-copy-machines-a-gold-mine-for-data-thieves

A group of nations including the United States, China and Russia have for the first time signaled a willingness to engage in reducing the threat of attacks on each others computer networks.

It is recommended that the U.N. create norms of accepted behavior in cyberspace, exchange information on national legislation and cybersecurity strategies, and strengthen the capacity of less-developed countries to pr otect their computer systems.

For about the past decade, U.S. efforts to work with global partners in cyberspace have centered on combating crimes online. This left aside the more sensitive issues of state involvement in or responsibility for cyber intrusions into critical computer systems.

The Russians proposed a treaty in 1998 that would have banned the use of cyberspace for military purposes. But the United States has not been willing to agree to that proposal, given that the difficulty in attributing attacks makes it hard to monitor compliance.

Others in the group are Britain, France, Germany, Estonia, Belarus, Brazil, India, Israel, Italy, Qatar, South Korea and South Africa.

Ref: http://www.washingtonpost.com/wp-dyn/content/article/2010/07/16/AR2010071605882.html

Microsoft unveiled a program to alert banks and online services when accounts they oversee are compromised.

The Internet Fraud Alert will serve as a centralized repository for stolen account credentials and personal information, Microsoft said in a press release announcing the system. It creates a single place for researchers to match researchers who discover large caches of pilfered passwords and payment card numbers with the organizations responsible for the compromised accounts. The service is supported by almost a dozen online businesses and fraud-prevention groups.

The vast amount of stolen credentials stashed on servers and sites such as Pastebin.com often makes it hard for people who discover the information to bring it to the attention of the service providers, retailers and other groups whose customers are affected by the breaches. Whats more, many organizations don't provide a prominent email address or weblink where compromises can be reported. The Anti-Phishing Working Group alone received more than 410,000 unique phishing reports last year.

Microsoft Internet Fraud Alert as a secure location where researchers can systematically report information about compromised accounts. The service then alerts the proper banks, service providers or authorities.

Ref: http://www.theregister.co.uk/2010/06/17/internet_fraud_alert/

It was ascertained that certain internet facing computers belonging to Indian Defence Networks which were compromised by the hackers had no sensitive defence data. To mitigate such incidents from recurring in the future organisations under Ministry of Defence have worked out a Crisis Management Plan for measured response in case of any untoward incident.

Defence Information Assurance and Research Agency (DIARA), a nodal agency mandated to deal with all cyber security related issues of Tri Services and Ministry of Defence is having a close coordination with national agencies like Computer Emergency Response team – India (Cert-In) and National Training Research organisation (NTRO). Specific Cyber Security Policies have been devised at all levels. Services Headquarters have an information security policy and their networks are audited as per the guidelines.

Ref: http://pib.nic.in/release/release.asp?relid=63588

A security firm claims as many as 100,000 smartphones have been compromised with malware which typically poses as a game and affects Symbian Series 60 3rd edition and 5th edition devices. The malware appears to be programmed to send SMS messages from compromised devices.

These botnets either send messages to all the contacts of the address book directly or send messages to the random phone numbers by connecting to a server.

The viruses even deletes sent messages from the users Outbox and SMS log. All messages contain URLs linked to malicious sites that users won’t be able to see until after they’ve fallen into the virus trap.

The Symbian Foundation said that the certificate used to sign has been revoked, so if revocation checking is enabled on a phone the malware will not run.

Ref: http://www.theregister.co.uk/2010/07/08/symbian_malware/