Computerworld
, USA
- Apr 21, 2008
- 6 hours ago
... the Chinese hacking group "Revenge of the Flame" postponed their attack, claiming there was too much public awareness of their plans. ...
clipped from Google - 4/2008
Rupert Murdoch Firm Goes on Trial for Alleged Tech Sabotage
Wired News
- Apr 20, 2008
- 10 hours ago
As laid out in the allegations, NDS' hacking is said to have begun in 1997 after its own access cards were cracked and it was at risk of losing clients like ...
clipped from Google - 4/2008
Browsing centres are now dens for hackers
Times of India
- Apr 20, 2008
- 11 hours ago
According to information gathered by the cyber crime cell of central crime branch (CCB), there is a hacking community functioning out of browsing centres in ...
clipped from Google - 4/2008
INTERNET LAW - Cyber Crimes Tool Kits for Sale on Internet with ...
IBLS INTERNET LAW (subscription)
, USA
- Apr 21, 2008
- 13 minutes ago
These cyber crime tool kits make possible automated fraud, and the top hacking tools are now being sold for prices ranging from less than $100 up to $1000. ...
Web-Hosting Providers – Beware!
Friday April 18, 2008 at 12:39 pm CSTPosted by Karthik Raman
No CommentsPermanent Link
Late on Thursday Microsoft released an advisory about a new privilege escalation vulnerability affecting IIS and SQL Server on Windows XP, 2003, Vista, and Server 2008.
It’s likely that this is the same flaw discussed by Cesar Cerrudo in his talk, “Token Kidnapping”, at the HITB Security Conference 2008 in Dubai. Cerrudo had discovered a privilege-escalation vulnerability earlier, and said in March, “Design weaknesses can be abused on Windows XP, Vista, Internet Information Services 7 and Windows Server 2003 and 2008”.
University of Miami admits to stolen medical records
Dan Kaplan April 18, 2008
The University of Miami disclosed on Friday that one of its storage vendors lost a number of back-up tapes containing the personal information of more than two million patients.
ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses
By Ryan Singel April 19, 2008 2:00:00 PM
Srizbi maintains large spam botnet April 18, 2008Srizbi maintains a large spam botnet using simple techniques to recruit new bot members.
Does Microsoft's Plan To Sell Software As A Service Make Sense?
from the keep-an-eye-on-this dept
I Don't Want To Burst Your Bubble
By ROBERT KAHN
Quoz. That was the answer to everything 200 years ago. So says Charles Mackay in "Extraordinary Popular Delusions and the Madness of Crowds." Mackay, whose excellent book was published in 1841, reviewed a litany of human idiocies - most of which are still with us today.In his chapter, "Popular Follies of Great Cities," Mackay wondered why it is that nonsensical sayings spring suddenly to everyone's lips, remain there for months, then disappear until the next idiocy appears.
"Quoz" was an all-purpose term to express disbelief, challenge, ridicule, boredom, or just about anything, in London, in the early 1800s. It was replaced, in this order, by "What a shocking bad hat!", "Walker!", "There he goes with his eye out!", "Has your mother sold her mangle?" and then the fabulously popular, "Flare up," which could be used for almost anything.
http://www.courthousenews.com/
Digital Sound Separator
By John BorlandWednesday, April 16, 2008
New software can modify the individual notes of a recorded chord.
Data Leakage, preserving confidentiality
by Ricky M. Magalhaes
Articles / Content Security (Email & FTP)
Article focusing on data leakage and how this information asset is lost and the result of exposure. This vulnerability may be the result of inadequate measures, or poorly implemented controls that expose organizations and their clients.
RIAA spent $2 million lobbying for tougher IP laws in 2007
All groups lobbying Congress and the executive branch are required to disclose how much they spent on the task each year. During 2007, the RIAA spent $2.08 million lobbying lawmakers for tougher copyright laws, among other things.
April 21, 2008 - 05:05AM CT - by Eric Bangeman
PayPal to fight phishers by blocking old browsers
Paypal has long been a prime target for phishing attacks, and the company is anxious to shed both the image and underlying problem. Paypal demonstrated the approach its taken to limit customer exposure to phishing attacks at the RSA Conference this week, with impressive results.
April 19, 2008 - 02:33PM CT - by Joel Hruska
EU states agree that inciting terrorism on the Internet is a crime
It's official: "public provocation to commit a terrorist offense" will be a crime in the EU, and that includes "terrorist propaganda" distributed via the Internet. Enforcement will be another matter.
April 19, 2008 - 08:30AM CT - by Jon Stokes
"The Transportation Security Administration has announced that it's beginning pilot tests of millimeter wave scanning technology at Los Angeles International Airport (LAX) and John F. Kennedy International Airport (JFK) that allow TSA personnel to see concealed weapons and other items that may be hidden beneath clothes. TSA Administrator Kip Hawley says that that the potentially revealing body scans (YouTube) would not be stored and that 90% of passengers subject to secondary screening opt for a millimeter wave scan over a pat-down. The agency added that security officers viewing the scans would do so remotely, where they will not be able to recognize passengers but will be able to trigger an alarm if needed. The agency also said that a blurring algorithm is applied to passengers' faces in scanned images as an additional privacy protection."
Chertoff Says Fingerprints Aren't Personal Data
Homeland Security Secretary Michael Chertoff says:
QUESTION: Some are raising that the privacy aspects of this thing, you know, sharing of that kind of data, very personal data, among four countries is quite a scary thing.
SECRETARY CHERTOFF: Well, first of all, a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world, they're like footprints. They're not particularly private.
Sounds like he's confusing "secret" data with "personal" data. Lots of personal data isn't particularly secret.
Posted on April 21, 2008 at 06:54 AM • 16 Comments •
View Blog Reactions
IIS Vulnerability Documented by Microsoft - Includes Workarounds
Published: 2008-04-18,Last Updated: 2008-04-19 22:25:00 UTCby John Bambenek (Version: 1) 0 comment(s)
digg_url = 'http://isc.sans.org/diary.html?storyid=4306&rss';
digg_title = 'IIS Vulnerability Documented by Microsoft - Includes Workarounds';
digg_skin='compact';
digg_topic = 'security';
Microsoft has just put out an advisory for a privilege escalation vulnerability in Windows that affects IIS and potential SQL server (951306). Basically, authenticated users can use this vulnerability to become LocalSystem. This is probably more of a problem for shared hosting environments were clients could upload malicious code to the webserver and run the exploit to gain additional rights. SQL is less of a problem because permissions have to be explicitly given to allow a SQL user to run code.
The advisory contains workarounds for IIS 6 and 7 that is claimed to blunt this vulnerability. The only negative impact of those workarounds is to add some extra work when adding users but does block the vector of attack.
There is a public report of this, but apparently no exploits yet. More when we get additional information, but refer to MSFT's advisory with details on how to workaround.
Update
Cesar's paper has been released and you can see it here
http://isc.sans.org/diary.html?storyid=4310
The Patch Window is Gone: Automated Patch-Based Exploit Generation
Microsoft admits it sent Office nag to all WSUS servers
Bull crams crypto chips into bootable USB hard disk drive
Universities Rocked by Data Thefts - 4/18/2008 4:20:00 PM The Universities of Miami and Virginia acknowledge lost data on stolen tapes and laptops
An Rx for Doctors Suffering From Spam Attacks - 4/18/2008 1:05:00 PM Health Care Notification Network (HCNN) for physicians aims to streamline alerts, as well as protect doctors from spam and other attacks
Microsoft XP SP3 on track to RTM on April 21
No comments:
Post a Comment