The Lieberman Collins “Cybersecurity and Internet Freedom Act” (CIFA) – so designated because the proposed law is being sponsored by Senator Joe Lieberman of Connecticut, and co-sponsored by Senator Susan Collins of Maine and also Senator Tom Carper of Delaware (and perhaps, more strategically important, supported by the Obama administration), is intended to help tighten up cyber security and thwart cyber attacks. Ironically, however, say opponents, this ‘Internet freedom act’ means exactly the opposite for businesses, particularly businesses that are designated as “critical infrastructure” companies. That is because CIFA would mandate – require – businesses to meet a Federal standard of network security, and out of their own pocket. (The full text of the proposed legislation is below.)

Up until now Mac owners have been relatively safe (and smug) when it came to the infectability of their computers. Worms, trojans, viruses, and other malware were considered to be primarily the domain of Windows. That may have changed last week, however, when the Russian security company, Dr. Web, reported that as many as a half a million Macs are already infected with what is being called the “Flashback Trojan”. Here’s how to know if you have Flashback Trojan, and how to get rid of Flashback Trojan.

Many of us take free wifi at coffee shops for granted. Many, if not most – or even all – coffee shops now offer free wifi, and lots of people don’t give it a second thought before connecting to and using the free wifi. Some people even make a point of going to a coffee shop and using their wifi rather than using their own home wifi, particulary if they are going to do something of questionable legality. But even if you are not planning on doing anything illegal, certain actions on your part while logged onto the coffee shop’s wireless Internet could cause that coffee shop to have their Internet services suspended! Betcha never thought of that before, did you?

The Federal Trade Commission (FTC) has fined game developer RockYou.com $250,000 for, among other things, failing to adequately secure their customers’ user data. While the FTC slammed Rock You for COPPA (the Children’s Online Privacy Protection Act rule) violations, in part because RockYou collected information from children under the age of 13 without parental consent, the Feds made a point of noting that “the company’s security failures put users’ including children’s personal information at risk” while at the same time claiming that they had adequate security measures in place. Adequate security measures our foot! They stored their user data in plain – i.e. unencrypted – text! The FTC settlement and fine follows a 2 year investigation into the hacking of RockYou servers in 2009 which exposed the date of 32 million users.

Internet security firm Symantec (proprietors of, among other things, Norton Anti-Virus) have released the results of research that they have dubbed the “Honey Stick Project”. In Project HoneyStick, researchers “lost” a total of 50 cell phones in various cities around North America, including NYC, Washington D.C., LA, San Francisco, and Ottawa, Canada. The aim was to see what the average citizen would do with a found cell phone: would they try to reunite it with its owner, or would they do something more sinister with it? It turns out that the answer is “both”.

With the recent decision in the Fricosu case, ruling that one can be forced to provide the password to your encrypted hard drive, you may be thinking it is better to store things “in the cloud”. In fact, it can be worse, as cloud storage currently requires no warrant for law enforcement to access any of your data which has been stored in the cloud for at least 180 days.

The FBI, in conjunction with the Bureau of Justice Assistance (BJA) has released their list of “Potential Indicators of Terrorist Activities Related to Internet Cafe” (sic). It may surprise you that your own Internet cafe activities render you suspicious. For example, if you attempt to shield your screen (like when, you know, you are entering a password?) you may be a terrorist. Or, if you travel an “illogical distance” to use an Internet cafe, you may be a terrorist. (We can’t help but hear Jeff Foxworthy’s voice as we read this list.) The list also includes suspicious computer activities and uses, as well as advice on what to do if you suspect that the guy next to you sipping his double light-foam mochaccino latte is a terrorist.

A Federal court ruling this week by Judge Robert Blackburn, of Peyton, Colorado, says that you can be ordered by the court to provide the password to decrypt encrypted data, or face contempt of court, and that being forced to reveal your passphrase does not violate the Fifth Amendment (the 5th Amendent includes, among other things, the right against self-incrimination). In the ruling, Judge Blackburn ordered Ramona Fricosu, whose laptop hard drive is encrypted with PGP, and who is charged with taking part in a mortgage scam, including charges of wire fraud, bank fraud, and money laundering, to decrypt her hard drive or face, among other sanctions, contempt of court.

Akamai Technologies released its current “State of the Internet” report this week and, according to Akamai, there has been a 2000% increase in DDOS attacks over the past 3 years, with nearly half of all attacks coming from Asia. According to Akamai’s State of the Net report, Indonesia has leapfrogged over China and Taiwan to take its place as the top source of these attacks, with Taiwan and China coming in second and third. Akamai also rated, among other things, the fastest cities in the world, meaning which cities have the fastest average Internet connection speed.

Several email providers that normally compete with one another, like Google Gmail and Microsoft Hotmail, have teamed up in an effort to better protect email users from spam and fraudulent messages. The new system is called DMARC, short for Domain-based Message Authentication, Reporting & Conformance. With a united front, the war against spam may have a powerful new weapon.

A massive data breach at Amazon subsidiary Zappos.com has led to the personal information of as many as 24 million customers being exposed. Below is all of the information, as well as the statement from Zappos CEO, Tony Hsieh.

Florida Marine Lt. Col. Karl Trenker and his fiancee will probably think twice before posting jewelry for sale on Craigslist again. (Actually, they will probably never use Craigslist again to post a sale – at least, we wouldn’t.) It all started when his fiancee posted a gold chain for sale on Craigslist. And ended with Trenker being shot three times, and plugging the bullet holes with his fingers while waiting for help to arrive.

If you were one of an untold number of people who received a particular iTunes update, it will likely have planted a Trojan backdoor on your computer or smartphone (primarily iPhone or Blackberry) which allows government and law enforcement agencies access to your personal data. Let us be quick to add that this is a fake iTunes update. The malware (or “commercial software” depending on which side of this you are on) is sold primarily by three companies: Gamma FinFisher, Vupen Security, and HackingTeam. Gamma’s FinFisher product is from the UK, Vupen Security is out of France, and HackingTeam is in Italy, however all of the companies sell their software around the world.

“Take This Lollipop”, the creepy Facebook tour through your personal information, is an excellent example of something we have been trying to pound into your heads all along: putting personal information on the Internet (such as location based check ins) can be dangerous. More to the point: most people have no idea how much personal information they really have revealed online, and how easy it is to track them down, stalking them, and worse. “Take this Lollipop” is technically a Facebook app, which is how (and why) it asks for you to log in using Facebook Connect, something that we also advise against.

The worm that infected an Iranian nuclear site, Stuxnet, or something very much like it, may be getting ready to strike again, say researchers. A recently discovered malware dubbed Duqu (for the prefix of its files, ~DQ, is designed to steal information needed to mount another such attack, and provide remote access to industrial installations such as, well, nuclear plants.