Malicious microprocessor opens new doors for attack
Criminals phish for CEOs via fake subpoenas
MiFare RFID crack more extensive than previously thought
ClamAV confirms critical bug, offers up patch
Hacker releases working GDI-bug attack code
April 16, 2008 Asia Hindered by Lack of Cybercrime Laws
http://www.crime-research.org/news/16.04.2008/3313/
April 16, 2008 FBI cyber crime chief on botnets, web terror and the social network threat
http://www.crime-research.org/news/16.04.2008/3312/
Scott O'Neal oversees the FBI's response to computer hacking and botnet attacks by criminals, terrorists and foreign powers.
The cyber division is one of the faster growing operational departments within the FBI. The growth of international cyber crime and terrorism over the past five years has spurred the FBI to establish dedicated cyber squads at each of its 56 field offices across the US and support 70 cyber task forces nationwide, backed up by global intelligence gathering by its Internet Crime Complaint Centre.
O'Neal works at the cyber division headquarters at the FBI main office in Washington. The division tackles computer intrusion and cyber crime. Computer intrusion mainly focuses on criminal hacking and distributed denial of service attacks but also deals with terrorist and state-sponsored threats. The cyber crime department's main priority is tackling child pornography but it also combats online fraud, such as phishing, and property rights investigations.
Wireless Security Gets Boost From New Round of Products - 4/16/2008 11:55:00 AM Wireless isn't the problem child it used to be, but authentication and management still challenge enterprises
PayPal Outlines Strategy to Slow Phishing - 4/15/2008 6:05:00 PM Web's biggest phishing target published multi-layered plan to reduce delivery of fake emails and warn users of phishing sites
CA Exec: Security Pros Need to Be Unburied From the Org Chart - 4/14/2008 6:00:00 PM To succeed, IT security must raise its profile in the business, says former CIO
SAN FRANCISCO -- RSA Conference 2008 -- Security pros need to stop fighting fires in the data center and start getting themselves noticed in the boardroom, a former CIO and top-ranking security executive said here last week.
Many IT security people see themselves primarily as technologists and problem-solvers, said Dave Hansen, former CIO at Computer Associates and currently senior vice president and general manager of CA's Security Management business unit. But as security becomes more critical to the business, CSOs need to delegate some of the operations functions and get more tied into the business, he said.
"Right now, 46 percent of CSOs spend up to a third of their day just analyzing security event reports," Hansen said. "That’s not the way to maximize value to the organization -- and it needs to change."
Bush Administration Seeks to Use Spy Programs in US Over Congressional Objections
The Bush administration said that it plans to start using the nation's most advanced spy technology for domestic purposes soon, rebuffing challenges by House Democrats over the idea's legal authority. The administration in May 2007 gave DHS authority to coordinate requests for satellite imagery, radar, electronic-signal information, chemical detection and other monitoring capabilities that have been used for decades within U.S. borders for mapping and disaster response. But Congress delayed launch of the new office last October. Critics cited its potential to expand the role of military assets in domestic law enforcement, to turn new or as-yet-undeveloped technologies against Americans without adequate public debate, and to divert the existing civilian and scientific focus of some satellite work to security uses.
Administration Set to Use New Spy Program in U.S., Washington Post, April 12, 2008.
Posted by EPIC on April 15, 2008.Permanent link to this item. --> -->
Microsoft Suggests Tiered Privacy Approach for Online Ads
Microsoft has proposed a tiered approach to protecting the privacy of people targeted by online advertising, saying advertisers should get permission before using sensitive, personally identifiable information to deliver ads. Microsoft filed comments on Friday in response to the U.S. Federal Trade Commission's request for comments on its proposed privacy principles that would be self-administered by the online advertising industry. Microsoft's proposal operates under the idea that the greater the risk to privacy, the greater the protection data should receive, Microsoft officials said.
Microsoft Proposes Tiered Privacy in Online Advertising, IDG News Service, April 11, 2008.
Posted by EPIC on April 15, 2008.Permanent link to this item.
The 10.000 web sites infection mystery solved
Published: 2008-04-16,Last Updated: 2008-04-16 13:32:09 UTCby Bojan Zdrnja (Version: 2)
Back in January there were multiple reports about a large number of web sites being compromised and serving malware. Fellow handler Mary wrote the initial diary at http://isc.sans.org/diary.html?storyid=3834.
Later we did several diaries where we analyzed the attacks, such as the one I wrote at http://isc.sans.org/diary.html?storyid=3823. Most of the reports about these attacks we received pointed to exploitation of SQL Injection vulnerabilities.
Yesterday, one of our old friends, Dr. Neal Krawetz, pointed us to another site hosting malicious JavaScript files with various exploits. While those exploits where more or less standard, we managed to uncover a rare gem between them – the actual executable that is used by the bad guys in order to compromise web sites.
DivX Player Subtitle Parsing Buffer Overflow Vulnerability
Identity Theft Smash & Grab, CEO Style
Tens of thousands of corporate executives were the target of a series of identity-theft scams this week, e-mail-borne schemes that appear to have netted close to 2,000 victims so far.
http://blogs.washingtonpost.com/securityfix/
"Web tripwires" reveal 1.3% of web pages altered in transit
That web page you just received might not be a perfect copy of the original. New research shows that one percent of pages are monkeyed with between the server and your browser, but not all those changes are bad.
April 16, 2008 - 11:04AM CT - by Nate Anderson
Vista SP1 available in more languages
Mary Jo Foley: Users can manually install (x86 and x64) versions of SP1 either manually via Windows Update or by downloading the standalone installer from the Microsoft Download Center.
Did DirecTV Hire Satellite Hackers To Leak Dish TV Smart Cards?
Security experts split on "cyberterrorism" threatReuters - 41 minutes ago
LONDON (Reuters) - International experts called on Wednesday for greater cooperation to fight threats to computer networks but they differed on the definition of cyberterrorism, with a top British security official describing it as a "myth."
Attackers exploit recent Microsoft fix
Sue Marquette Poremba April 15, 2008
Hackers continue trying to exploit a patched vulnerability in Microsoft's Graphic Display Interface (GDI), researchers said this week.
Cybersecurity lobby merges with IT trade group
Dan Kaplan April 15, 2008
The Information Technology Association of America has absorbed the Cyber Security Industry Alliance, a lobby that has been pressuring lawmakers to pass federal data security and breach notification measures.
S.P.A.M. Experiment Update
Wednesday April 16, 2008 at 6:58 am CSTPosted by Toralv Dirro
No CommentsPermanent Link
Meeting the German participants of the McAfee SPAM Experiment for dinner yesterday turned out to be very interesting and provided some unexpected results. After 14 days living on a Spam-mail diet they are still in good shape. Some are so into it that they even installed SiteAdvisor to find out, in advance, if a site is likely to send you spam when you leave your email address there…
No comments:
Post a Comment