Ethical hacker group to counter 'black PR'
Google to push privacy initiatives
Laptops 1, Hackers 0 as $20,000 prize goes unclaimed in hack challenge
Professor: Computers plus people equals risk
http://www.cisco.com/en/US/products/products_security_advisories_listing.html has several possible vulnerabilities
Aurora man gets 20 years for child pornography
Date: March 27, 2008
Source: Chicagotribune.com
An Aurora man charged in 2006 with trading child pornography through an exclusive Internet chat room, was sentenced Tuesday to 20 years in prison.
PC World: Sites' Personal Questions May Pose Security Risk
What did your maternal grandfather do for a living? What was your high school mascot’s name? Your first pet’s name?
If you have an online... {more} Comments (0)
Millions of Russians' Personal Data Posted on Free Website - 3/26/2008 4:15:00 PM Names, addresses, account information, and other data posted by unknown source
Report: More Individuals May Have Improperly Accessed Passport Files
State Department workers viewed passport applications containing personal information about high-profile Americans, including the late Playboy playmate Anna Nicole Smith, at least 20 times since January 2007, The Associated Press has learned. An internal department review has found the additional instances of department employees or contractors looking at computerized passport files of politicians and celebrities, according to preliminary results. It has not been determined if the new cases also involved improper peeking, officials familiar with the review said Wednesday. Smith's case, however, seems legitimate, the officials said. The review is not complete and the exact number of cases was not yet clear.
More passport reviews found at State, Associated Press, March 26, 2008.
Posted by EPIC on March 27, 2008.Permanent link to this item.
Guarding the guardians: a story of PGP key ring theft
Mozilla Firefox Multiple Vulnerabilities
- Highly critical - From remote
Issued 1 day ago.
Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
http://blogs.washingtonpost.com/securityfix/
Posted at 04:46 PM ET, 03/27/2008
U.S.-Based ISPs Count Known Terror Groups as Clients
Herndon, Va.-based Network Solutions said Wednesday that it suspended Hizbollah.org, an official site of Hezbollah, a Lebanese political and paramilitary group.
Turns out, Network Solutions, which was one of the original firms in the domain registration business, was accepting payment for the domain in violation of a U.S. law that bars American companies from doing business with organizations listed by Uncle Sam as terrorist groups. Closer inspection also reveals that Network Solutions and other U.S.-based Internet service providers and domain registrars provide services to other groups on the government's list of terrorist organizations.
Panacea or placebo: electronic health records come to the US
Computers have been surprisingly slow to make their way into the medical records rooms, despite being well-suited to storing records. Ars takes a look at some of the issues surrounding electronic health records, both in the clinic and at home.
March 26, 2008 - 11:55PM CT - by Jonathan M. Gitlin
RIAA doesn't want to pay for a fair defense, says victor
The RIAA is fighting a request for nearly $300,000 in attorneys' fees after it was told to pay Tanya Andersen's legal bills. The RIAA says that her attorney should get at most one tenth of that amount.
March 26, 2008 - 09:10PM CT - by Eric Bangeman
California Reviews... And Decertifies... More ES&S E-Voting Machines
from the a-lesson-in-weak-security dept
Remember how e-voting firm ES&S was so against letting California's Secretary of State have an independent security team review their e-voting machines? Well, now we know why. The state had already released one damning security report and sued ES&S for giving the state uncertified machines. Now the state has come out with another report on more ES&S machines and the story gets worse and worse and worse. The good news is that California won't certify any of them. The bad news is that ES&S appears to not only be belligerent in not wanting to let California review its machines, but it also seems to be incompetent as well. As Dan Wallach notes in reviewing the report, ES&S appears to have outright ignored issues that the state asked them to address. As for the machines themselves? There seem to be all sorts of problems, including an awful lot of data stored in cleartext rather than encrypted, easily accessible and easily changed or corrupted data, and seldom-used and easily-broken password protection. Physical locks were all easily picked (some within 5 seconds, the rest within a minute). In other words, the security is a near total joke. This, despite the fact that people have been pointing out these kinds of security concerns for over five years. I wonder if the guy from ES&S who showed up a year ago and told us all we had no clue what we were talking about and swearing up and down that the machines were safe will come back and explain these latest results.
Leave a Comment..
TorrentSpy Gives Up; Shuts Down
IBM Patents Real-Time Auto Insurance Surcharges
from the fair's-fair dept
theodp writes "Better think twice before volunteering to tutor underprivileged kids or delivering Christmas gifts to homeless children. Thanks to IBM, you could be rewarded with a hefty car insurance premium increase for your efforts. A new patent was issued to Big Blue last Tuesday for its 'invention' of the Location-Based Vehicle Risk Assessment System, which describes how surcharges will be added to your auto insurance premium when a GPS device reports that you drove into an area in IBM's bad neighborhood database (stay too long and your car is disabled). It's all about assigning insurance costs more appropriately, explains Big Blue, which used the same argument to justify punishing employees for having fat kids."
How Annoying Is That?
SEATTLE (CN) - Ron Cooke and his company, Messenger Solutions, illegally sell "Messenger Blocker" products by sending streams of annoying, pop-up electronic messages to their victims, "including pornography," via Windows Messenger Service, then claiming that their products will "stop the very messages defendants are sending," the State of Washington says in King County Court. It demands fines and an injunction against the Scottsdale, Ariz.-based defendants.
‘Targeted Attack’ Mania
One of my roles at McAfee Avert Labs is to take a step back from the day-to-day attacks, and look at the bigger picture. To review threat trends and forecast what’s to come. Some threats such as Web Feed Attacks and IM are more easily defined and quantified. Other threats are a little more abstract after you scratch the surface.
In recent years the infamous “targeted attack” has gained much media attention. We often heard about a “segment” of users being hit, such as Myspace or Facebook users. I recall snickering the first time I heard a report stating that “home users” were the most targeted of all. I suppose next we’ll hear that Internet users are the most targeted.
So what does the word targeted in targeted attack really mean? One could argue that anyone hit with an attack that was sent to him or her specifically (as in: the email message containing the virus was sent to your address) was a victim of a targeted attack, but that definition is way too broad, as the vast majority of all attacks would then be considered targeted. I pondered the definition of targeted attacks for a bit, trying to think of a simple yet concrete definition. I landed on the work discrimination. For me the key aspect of any targeted attack is that it must discriminate, otherwise the attack is either random, or one of opportunity.
FTC settles with TJX over breach
Dan Kaplan March 27, 2008
The Federal Trade Commission on Thursday announced a settlement with TJX over the discount retailer's massive breach of customer credit card records.
Washington state sues accused spyware purveyor
Sue Marquette Poremba March 26, 2008
Officials in Washington state have filed a civil lawsuit against an Arizona man accused of coercing consumers into buying pop-up blocking software after first spamming them with pop-up ads.
Rock Fan Claims Stubhub Just the Ticket for a Lawsuit
A class action suit alleging the online ticket broker StubHub aids and abets scalpers is shaping up as a test of a law that protects Internet service providers from liability for the illegal activity of their users.The protection of Section 230 of the Communication Decency Act “extends to such websites” as StubHub and “[a] contrary finding would have severe consequences for the millions of people who buy and sell items on the Internet,” StubHub argues in a motion to dismiss the suit, which was filed in January by a frustrated Bruce Springsteen fan.
FBI's $500 Million Wiretap Retrofitting Fund Empty
Hacker gets 3 years for 911 hoaxAP - 49 minutes ago
SANTA ANA, Calif. - A computer hacker was sentenced to three years in prison for placing a phony 911 call that led a SWAT team to storm a family home at gunpoint.
Microsoft likely to raise offer
Citigroup also upgraded Yahoo shares to "buy" from "hold."
» Full coverage
Gates Orders Inventory of US Nukes
http://www.nytimes.com/aponline/us/AP-Missile-Mistake.html?_r=1&oref=slogin
WASHINGTON (AP) -- Defense Secretary Robert Gates has ordered a full inventory of all nuclear weapons and related materials after the mistaken delivery of ballistic missile fuses to Taiwan, the Pentagon said Thursday.
Gates told officials with the Air Force, Navy and Defense Logistics Agency to assess inventory control procedures for the materials and to submit a report within 60 days.
Cisco patches IOS vulnerabilities
"While we made light of it before, the MIT Review is taking a serious look at China's plans to prevent rain over their open 91,000 seat arena for The Olympics. From the article: 'China's national weather-engineering program is also the world's largest, with approximately 1,500 weather modification professionals directing 30 aircraft and their crews, as well as 37,000 part-time workers — mostly peasant farmers — who are on call to blast away at clouds with 7,113 anti-aircraft guns and 4,991 rocket launchers.' They plan on demonstrating their ability to control the weather to the rest of the world, and expanding on their abilities in the future."
[+] government, science, whatcouldpossiblygowrong, china, earth (tagging beta)
Read More...
No comments:
Post a Comment