About 1,300 debit-ATM cards issued by Fitchburg Savings Bank were disabled yesterday after the bank was told by Visa USA that a “large-scale data compromise” may have included its check cards.

None of the cards was used illegally and all are being substituted, said Martin F. Connors Jr., bank president and chief executive officer. “If someone has the person’s information, at this point they can’t do anything with it,” he said.

Even among growing concern over cyber security, hacker groups defaced at least 340 Indian websites during November 2006, up from 244 sites targeted during last month. This takes the total number of Indian sites (government and non-government), that were under attack by hackers in the first three quarters of the year, to over 4,000.

This report sets out to summarize the major security trends and developments for 2006, outlining the key issues that have developed over the course of the year and how they have affected the security market. The report also aims to provide some insights into the key threats and security issues that are expected to emerge in 2007.

A laptop with personal data on hundreds of thousands of Boeing Co. employees was stolen earlier this month, and the aerospace company will notify those potentially affected by the theft in a company e-mail today.

"In the first week of December, a laptop was stolen from an employee's car," Boeing spokeswoman Kelly Danaghy said. "That laptop had files that contained Social Security numbers for about 382,000 past and present employees, and in most cases it also included a home address, phone number and date of birth."

It started on Feb. 15, 2005 with ChoicePoint (Alpharetta, GA) by bogus accounts established by ID thieves. The initial number of affected records was estimated at 145,000 but was later revised to 163,000.

The latest entry is on Dec. 9, 2006 when Virginia Commonwealth University (Richmond, VA) Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships.

If you are logged into MySpace and view a suspicious crafted QuickTime file on someone else's MySpace page, then JavaScript code can without human intervention change your user profile. The nasty QuickTime file can alter your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The Quicktime file can also copy itself to your MySpace page without your intervention.

A federal grand jury has accused a Romanian hacker on 10 charges of breaking into computers owned by the Jet Propulsion Laboratory, the Goddard Space Flight Center, Sandia National Laboratory and the US Naval Observatory.

Victor Faur, 26, of Arad in Romania, is the suspected leader of a hacking faction called the 'WhiteHat Team' accused of hacking the servers "because they were so secure".

The attack starts with a Quicktime file being set in a Profile page. If the user "runs" the file (simply visiting the infected page is enough to trigger the attack in most cases), it uses the HREF function to activate some Javascript.

An HREF track is a particular type of text track that adds interactivity to a QuickTime movie. HREF tracks enclose URLs that can specify movies that replace the current movie, load another frame, or that loads QuickTime Player. They can also include JavaScript functions or Web pages that load a specific browser frame or window.

EveryDNS, a company that offers free domain name administration services, has been hit by a massive DDoS (distributed denial-of-service attack) that caused damage to thousands of sites, including OpenDNS (another startup that runs the PhishTank anti-phishing initiative).

The 400mbps botnet attack did not affect the core recursive DNS resolution service offered by OpenDNS but the company's home page and business blog were crippled for about 90 minutes on Dec. 1.

Chicago Teachers Union representatives Monday shocked by admitting a security breach that shared the Social Security numbers of 1,700 former Chicago public school employees with hundreds of their colleagues, creating a risk of identity theft.