http://www.ranum.com/security/computer_security/editorials/dumb/
http://www.thedarkvisitor.com/2008/04/495/
...
"Beijing’s call for an apology from CNN may have been seen as tacit support for the attack. Or, at least that there would be no retribution if one did take place. This might be the most important factor of all."
...
"The QQ numbers listed six headquarters units (probably the more experienced hackers), 42 regular groups (actually 44, since he started with zero and may have accidentally listed group 32 twice), and one propaganda unit."
ICANN Chooses AEP Keyper to Help Secure the Internet DNS System By Grey McKenzie Today
China's CERT released their annual security report (in Chinese for the time being), outlining the local threatscape with data indicating the increasing efficiency applied by Turkish web site defacement groups, in between the logical increases in spam/phishing and malware related incidents. Here's an excerpt from the report :
"According CNCERT / CC monitoring found that in 2007 China's mainland are implanted into the host Trojans alarming increase in the number of IP is 22 times last year, the Trojans have become the largest Internet hazards.
Britain Reports 96 Percent of Companies With Over 500 Employees Affected By Security Breaches By Grey McKenzie Today
Market's Message to Security Pros: Adapt or DieShifts in economy, business are forcing re-prioritization in the IT security department, studies say
Microsoft Report: Physical Data Theft, Trojans Up; Bug Disclosure DownTrojan attacks jump by 300 percent, but publicly disclosed vulnerabilities reach three-year ebb
US China & Russia Count For 72.4 Percent of Web Based Malware By Grey McKenzie Today
Rock Phish Gang Phishing Sites Rigged For Drive By Downloads By Grey McKenzie Yesterday
Cyber Criminals Shifting Targets To Mobiles By Grey McKenzie 04/21/2008
LONDON MessageLabs Finds 13 Olympic-Themed Targeted Trojans
Tornado exploit kit touches down
Sue Marquette Poremba April 22, 2008
The recently discovered Tornado exploit toolkit is one of the most sophisticated toolkits released and may be precursor of things to come. According to Symantec, it's chilling evidence of how hackers take can advantage of vulnerabilities.
XSS flaw on Obama page sends visitors to Clinton site
Dan Kaplan April 22, 2008
The battle between Democratic presidential hopefuls Barack Obama and Hillary Rodham Clinton extended to cyberspace when a prankster over the weekend exploited a cross-site scripting (XSS) vulnerability on the website of the Illinois senator to redirect traffic to Clinton's homepage.
Microsoft's Final 'Up Yours' To Those Who Bought Into Its DRM Story
from the playsforwhatnow? dept
Remember a few years back when Microsoft launched a new type of DRM under the name "PlaysForSure"? The idea was to create a standard DRM that a bunch of different online music download stores could use, and which makers of digital music devices could build for. Except... like any DRM, it had its problems. And, like any DRM, its real purpose was to take away features, not add them, making all of the content hindered by it less valuable. Yet, because Microsoft was behind it, many people assumed that at least Microsoft would keep supporting it. Well, you've now learned your lesson. Playsforsure was so bad that Microsoft didn't even use it for its own Zune digital media device. Along with that, Microsoft shut down its failed online music store, and now for the kicker, it's telling anyone who was suckered into buying that DRM'd content that it's about to nuke the DRM approval servers that let you transfer the music to new machines. That means you need to authorize any songs you have on whatever machine you want -- and that's the only place they'll be able to reside forever. And, of course, any upgrade to your operating system (say from XP to Vista) and you lose access to your music as well. By now, hopefully, everyone is aware of why DRM is problematic, but it's nice of Microsoft to give one final demonstration by basically taking away more rights for the music it sold people with the promise that Microsoft would keep the music available.
Researcher discovers QuickTime zero-day
Larry Dignan: Hacker Petko D. Petkov has discovered a zero-day vulnerability in a patched version of Apple's QuickTime player for XP and Vista and has the video to prove it.
Laptop searches at the border: No reason? No problem
The Ninth Circuit says that customs agents in the US can legally search laptops without needing a reason. The debate turns on whether a laptop is more like a piece of luggage or the human mind.
April 23, 2008 - 06:45AM CT - by Nate Anderson
"New Scientist reports on a University of Washington project aiming to marshal swarms of 'good' computers to take on botnets. Their approach — called Phalanx — uses its distributed network to shield a server from DDoS attacks. Instead of that server being accessed directly, all information must pass through the swarm of 'mailbox' computers, which are swapped around randomly and only pass on information to the shielded server when it requests it. Initially the researchers propose using the servers in networks such as Akamai as mailboxes; ultimately they would like to piggyback the good-botnet functionality onto BitTorrent."
Adobe Products BMP Handling Buffer Overflow Vulnerability - Highly critical - From remoteIssued 1 day ago. A vulnerability has been reported in multiple Adobe products, which potentially can be exploited by malicious people to compromise a user's system.
NJ Supreme Court Rules That Subscribers Have Privacy Right In Their Internet Data
The Supreme Court of New Jersey became the first court in the nation yesterday to rule that people have an expectation of privacy when they are online, and law enforcement officials need a grand jury warrant to have access to their private information. In state proceedings, the ruling will take precedence over what attorneys describe as weaker U.S. Supreme Court decisions that hold there is no right to privacy on the internet. "The reality is that people do expect a measure of privacy when they use the Internet," said Grayson Barber, a lawyer representing the American Civil Liberties Union, Electronic Frontier Foundation and the Electronic Privacy Information Center, among other groups that filed friend-of-the-court briefs (pdf) in the case.
N.J. justices call e-privacy surfers' right, Newark Star-Ledger, April 22, 2008.
Posted by EPIC on April 22, 2008.Permanent link to this item.
Hannaford to spend 'millions' on IT security upgrades after breach
Microsoft data shows Web attacks on the rise
Microsoft: We took out Storm botnet
April 22, 2008 (Computerworld) Microsoft Corp. today took credit for crushing the Storm botnet, saying that the malware search-and-destroy tool it distributes to Windows users disinfected so many bots that the hackers threw in the towel.
"They realized they were in our gun sights," said Jimmy Kuo, a principal architect with Microsoft's malware protection center, the group responsible for the Malicious Software Removal Tool (MSRT). Microsoft updates and automatically redistributes the software tool to Windows users each month on Patch Tuesday.
No suspicion needed to search laptops at U.S. borders, says Ninth Circuit
No comments:
Post a Comment