Men fall harder than women for Internet fraud, study finds
Adobe claims it knew of 'Pwn to Own' bug
Apple patches 11 QuickTime bugs in year's third update
Microsoft to patch Vista SP1, Server 2008 next week
Vermont ski area reports Hannaford-like theft of payment card data
FaceTime security product scans Skype's encrypted IM
Next-Gen Crypto Method Will Help Secure Mobile Apps - 4/3/2008 4:55:00 PM Certicom will demo new Elliptic Curve Cryptography (ECC)-based mobile ticketing, RFID tag technologies at the RSA conference
Enterprise Networks Rife With Unauthorized Apps, Study Says - 4/3/2008 12:55:00 PM Employees use variety of tactics to circumvent IT policies and misuse the corporate network
Microsoft will extend life of Windows XP--again
news.com — Microsoft has decided to extend the life of Windows XP, although only for a limited class of machines. More… (Microsoft)
April 2008 Advance NotificationPosted Thursday, April 03, 2008 9:57 AM by MSRCTEAM
Hello, Bill here.
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, April 8, 2008 around 10 a.m. Pacific Standard Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release:
· Five Microsoft Security Bulletins rated Critical and three that are rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
Finally, we are planning to release five high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as three high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS).
Internet Service Providers Test Increasingly Track Users' Keystrokes
The online behavior of a small but growing number of computer users in the United States is monitored by their Internet service providers, who have access to every click and keystroke that comes down the line. The companies harvest the stream of data for clues to a person's interests, making money from advertisers who use the information to target their online pitches. The practice represents a significant expansion in the ability to track a household's Web use because it taps into Internet connections, and critics liken it to a phone company listening in on conversations.
Every Click You Make, Washington Post, April 4, 2008.
Posted by EPIC on April 04, 2008.Permanent link to this item. --> -->
Legal Questions Surround Surreptitious DNA Gathering
The two Sacramento sheriff detectives tailed their suspect, Rolando Gallego, at a distance. They did not have a court order to compel him to give a DNA sample, but their assignment was to get one anyway — without his knowledge. The practice, known among law enforcement officials as “surreptitious sampling,” is growing in popularity even as defense lawyers and civil liberties advocates argue that it violates a constitutional right to privacy. Critics argue that by covertly collecting DNA contained in the minute amounts of saliva, sweat and skin that everyone sheds in the course of daily life, police officers are exploiting an unforeseen loophole in the requirement to show “probable cause” that a suspect has committed a crime before conducting a search.
Lawyers Fight DNA Samples Gained on Sly, New York Times, April 3, 2008.
Posted by EPIC on April 04, 2008.Permanent link to this item.
VB detection: is it so difficult?
KeeLoq Still Broken
That's the key entry system used by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Lexus, Volvo, Volkswagen, Jaguar, and probably others. It's broken:
The KeeLoq encryption algorithm is widely used for security relevant applications, e.g., in the form of passive Radio Frequency Identification (RFID) transponders for car immobilizers and in various access control and Remote Keyless Entry (RKE) systems, e.g., for opening car doors and garage doors.
We present the first successful DPA (Differential Power Analysis) attacks on numerous commercially available products employing KeeLoq. These so-called side-channel attacks are based on measuring and evaluating the power consumption of a KeeLoq device during its operation. Using our techniques, an attacker can reveal not only the secret key of remote controls in less than one hour, but also the manufacturer key of the corresponding receivers in less than one day. Knowing the manufacturer key allows for creating an arbitrary number of valid new keys and generating new remote controls.
We further propose a new eavesdropping attack for which monitoring of two ciphertexts, sent from a remote control employing KeeLoq code hopping (car key, garage door opener, etc.), is sufficient to recover the device key of the remote control. Hence, using the methods described by us, an attacker can clone a remote control from a distance and gain access to a target that is protected by the claimed to be "highly secure" KeeLoq algorithm.
We consider our attacks to be of serious practical interest, as commercial KeeLoq access control systems can be overcome with modest effort.
I've written about this before, but the above link has much better data.
Posted on April 04, 2008 at 06:03 AM • 7 Comments •
View Blog Reactions
Ottawa-based VoIPshield Systems, a company that makes products to help secure voice-over-IP (VoIP) networks, said it located more than 100 security holes in Internet-based phones made by the biggest players in the business, including Avaya, Cisco and Nortel. The company currently displays information on 44 of the vulnerabilities on its Web site, and it says many of the flaws are medium- to high-risk, meaning they could be used to intercept, redirect or initiate phone calls, or to simply disable phone service for the targeted user or company.
FBI: Cybercrime racks up more profitsNews Brief, 2008-04-04
Damages from online fraud jumped more than 20 percent, according to the latest data from the U.S. Federal Bureau of Investigation.
Ruling: No safe harbor when the questions discriminate
The Ninth Circuit has reaffirmed a previous decision which ruled that Roommates.com is not entitled to Safe Harbor protection for asking discriminatory questions that could potentially violate the Fair Housing Act.
April 04, 2008 - 09:20AM CT - by Ryan Paul
As April 15 approaches, tax-related spam is on the rise
Symantec's April spam report is now available, with information on the distribution of spam by topic and focus over the past thirty days. TurboTax users and US taxpayers in general may want to keep an eye on the inbox—the industry that brought you herbal Viagra would like to tell you about some sudden changes to the tax code.
April 04, 2008 - 05:27AM CT - by Joel Hruska
Spam Message Size Lowest on RecordApril 3, 2008Small message size provide little comfort sys admins and end users inundated with spam
Pennsylvania is suing a website that promised to help people get access to unclaimed money they were owed after investigators determined that the site was convincing people to pay $24.95 for a membership by telling them they had unclaimed money, no matter who they were. Investigators used the scientific method of testing whether Spiderman, Batman and Wile E. Coyote had unclaimed money. After discovering that all three were told they did (on a free search, details only available if you paid), they decided that the site was perhaps being less than honest with users.
Microsoft to deliver eight patches, five "critical"
Dan Kaplan April 03, 2008
Microsoft on Thursday announced it will to push out eight fixes next week, including five for flaws graded critical, as part of its monthly patch cycle.
TJX settles with MasterCard for $24 million
Jim Carr April 03, 2008
Discount retailer TJX, parent of T.J. Maxx and Marshalls, has agreed to a $24 million settlement with MasterCard over a security breach that left tens of millions of credit card accounts at risk to identity theft.
Microsoft: June 30 XP cut-off set in stone
Mary Jo Foley: Microsoft makes it official: There will be no new reprieves for Windows XP (other than on Ultra Low-Cost PCs).
The Vista license "loophole" that isn't
No comments:
Post a Comment