Vista notebook falls in hacker challenge
Mac easiest to hack, says $10,000 winner
Details on Vista Pwn2Own Flash flaw
Nate McFeters: Hackers Alexander Sotirov and Shane Macaulay took advantage of a flaw that was a cross-platform bug which took advantage of Java to circumvent Vista's security.
Vista Hacked Through Adobe Flash, Ubuntu Stands NewsFactor - Mon Mar 31, 12:01 PM ET
Last week saw the MacBook Air hacked through a Safari browser at the CanSecWest security conference. But before the week ended, Microsoft's Vista Ultimate also fell victim to hackers in the Pwn to Own challenge.
Analyst: Money will lead to more mobile spying programs
Hackers expand massive IFrame attack to prime sites
Hannaford says malware planted on its store servers stole card data
U.K. Considers E-crime Unit
LONDON -- The U.K. Home Office last week confirmed that it is "considering" funding a national e-crime unit proposed by the country's Association of Chief Police Officers.
Earlier this month, Home Office Minister Vernon Coaker met with Charlie McMurdie, head of Scotland Yard's Computer Crime Unit, and other law enforcment officials to discuss the proposal.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=315777&taxonomyId=17&intsrc=kc_top
Tech Insight: Keeping Your Thumb on Thumb Drives - 3/28/2008 5:30:00 PM Those little USB drives certainly are handy, but how do you keep your company's sensitive data from walking away? Here are a few ideas
CastleCops Hit by Another DDOS Attack - 3/28/2008 3:20:00 PM But this time, attackers employ a 'POST' attack
Security watchdog site CastleCops is currently under yet another distributed denial-of-service (DDOS) attack. The anti-spam, anti-malware site manned by volunteers has been under siege from waves of botnet traffic since Wednesday.
CastleCops is no stranger to DDOS attacks -- it gets hit regularly, with its most recent attack back in August -- but this one took a different spin on an old trick.
"Typically, attacks involve some sort of HTTP GET, but this one seems to include a POST instead," says Paul Laudanski, founder and administrator for the CastleCops site, who says he first detected the attack on Wednesday morning after noticing some performance problems with the site.
Q: Who Helped Katrina Victims the Most? A: Wal-Mart (???)
nationalpost.com — Who did the most to help victims of Hurricane Katrina? According to a new study, it was the company everyone loves to hate. More… (Business & Finance)
Online Supermarket Sells Stolen Credit Cards
A security firm has uncovered a Web site that hawks the fruits of identity theft. 30-Mar-2008
Phishers Use Google to Find Exposed Servers
Hacked servers are frequent tools in phishing scams, and they're located by Web search, consultants warn. 30-Mar-2008
Major Web Sites Hit With Growing Web Attack
A blossoming Web attack, first reported earlier this month, has expanded to hit over a million Web pages, including many well-known sites. 28-Mar-2008
Church's Pastor Is an ID Thief
The more trusted a thief is, the harder he is to catch.
Posted on March 31, 2008 at 01:07 PM
http://blogs.washingtonpost.com/securityfix/
Posted at 03:08 PM ET, 03/31/2008
Cyber Attacks on the Campaign Trail
It is rare for the key topics typically covered in this blog -- cybercrime and computer security -- to be wielded as talking points by a major presidential candidate. But in a foreign policy speech last week, presumptive Republican Party presidential nominee John McCain cited cyber attacks from Russia as a reason for strengthening NATO and for excluding Russia from the Group of Eight.
The reference to cyber attacks came in remarks McCain made at the Los Angeles World Affairs Council, wherein he argued that the future of the transatlantic relationship lies in confronting the challenges of the 21st century worldwide, such as "developing a common energy policy, creating a transatlantic common market tying our economies more closely together, addressing the dangers posed by a revanchist Russia, and institutionalizing our cooperation on issues such as climate change, foreign assistance, and democracy promotion."
Researchers dive into memory dumpsNews Brief, 2008-03-31Armed with a USB thumb drive or an iPod, an attacker can grab passwords from the physical memory of untended computers.
Web developers, fix thy Flash Robert Lemos, 2008-03-28 Flaws that allow cross-site scripting attacks through Adobe Flash files could let attackers compromise online accounts and local networks. Yet, Web publishers have been slow to fix their sites, a security researcher says.
Sony BMG's hypocrisy: company busted for using warez
Sony BMG has been caught using pirated Windows administration software. It's an embarrassing development for a company that has fought so hard to keep its own content from being pirated.
March 31, 2008 - 02:12PM CT - by David Chartier
Adobe joins list of companies not reading own EULAs
It's all fun and games until an unchecked EULA ruins someone's day. Adobe's licensing mixup with photos uploaded to its new Photoshop Express service only highlights the growing trend of EULAs that sneak out the door without a proofreading.
March 29, 2008 - 11:49AM CT - by David Chartier
PayPal now the top Phishing target March 28, 2008Typically attracting far fewer attacks than the banks, PayPal now the primary target.
Forced Head Scarf Removal: $65,000
By JOE HARRIS
ST. LOUIS - Client Services, a collection company, will fork over $65,000 in back pay to a Muslim woman who was forced to remove her head scarf to comply with a company dress code. The EEOC sued on her behalf, saying the employer violated Mariam Soultan's civil rights by demanding she remove the scarf, and fired her when she refused for religious reasons.
http://www.avertlabs.com/research/blog/
A vulnerability has popped up (no pun intended…really) in Internet Explorer (IE) — or at least is claimed by a researcher named Juan Pablo Lopez Yacubian on the popular Bugtraq mailing list. It allows one to spoof the address of a popup without affecting the underlying page. This means that a bad guy could send the victim a legitimate link, have them follow it, and popup a spoofed window when they land on the attacker-controlled site (or hacked legitimate site). If this popup window is enticing enough, the attacker could persuade the victim to disclose information, click malicious links, or do other nefarious stuff.
Airport Screening Makeover Promises Soothing Music, See-Through X-Rays
Hacker gets 3 years for 911 hoax AP - Thu Mar 27, 5:02 PM ET
SANTA ANA, Calif. - A computer hacker was sentenced to three years in prison for placing a phony 911 call that led a SWAT team to storm a family home at gunpoint.
Guantánamo Detainee Charged in Embassy Attack 2:44 PM ET
