MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553)
MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
MS08-023 Security Update of ActiveX Kill Bits (948881)
MS08-024 Cumulative Security Update for Internet Explorer (947864)
MS08-025 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
Symantec Chairman Calls for Information-Centric Approach to Security - 4/9/2008 9:00:00 AM Enterprises need to identify and protect sensitive information as it moves, Thompson says
DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats - 4/9/2008 5:00:00 AM Homeland Security secretary Michael Chertoff says federal government and industry need to do more
RSA Session Features Live Linksys Router Hack - 4/8/2008 5:05:00 PM Researcher Dan Kaminsky plans a live demo to show a DNS rebinding attack in action
RSA Conference: Web Page Can Take Over Your Router
Researcher Dan Kaminsky to show attendees of the RSA security conference how a Web-based attack could be used to seize control of certain routers. 07-Apr-2008
Coviello: Security's a Drag on Business - 4/8/2008 1:20:00 PM RSA exec says more than 80% of businesses have shied away from innovation due to security concerns
Cisco, RSA Partner to Secure Data in Motion, at Rest - 4/7/2008 5:00:00 PM Partnership leverages data loss prevention framework unveiled by RSA last week
April 08, 2008 Judge attacks child porn delays
http://www.crime-research.org/news/08.04.2008/3301/
More Privacy, Security Breaches at UCLA Medical Center
California first lady Maria Shriver is among more than 30 celebrities and other high-profile patients who had their confidential records breached at UCLA Medical Center, medical officials said. The woman responsible, whose name was not released, is the same employee who sneaked into actress Farrah Fawcett's medical records, officials told the Los Angeles Times on Sunday. That worker was fired in May 2007 after UCLA learned of the widespread breaches, but patients were not notified, the hospital said. In all, the woman improperly looked at 61 patients' medical records in 2006 and 2007, according to state and local medical officials.
More Snooping Into UCLA Medical Records, Associated Press, April 7, 2008.
Posted by EPIC on April 07, 2008.Permanent link to this item.
Critical vulnerabilities in Adobe Flash Player
Published: 2008-04-09,Last Updated: 2008-04-09 00:43:18 UTCby Raul Siles (Version: 1)
Adobe has released a security bulletin today, APSB08-11, to address multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures.
It is strongly recommended to update to the newest Adobe Flash Player version, 9.0.124.0!
College Degrees in Homeland Security
It's a growing field:
More than 200 colleges have created homeland-security degree and certificate programs since 9/11, and another 144 have added emergency management with a terrorism bent.
Stolen hardware basis for most breaches News Brief, 2008-04-08While the number of unique variants of malicious software more than quadrupled in 2007, lost laptops and storage devices were the most common cause of a data breaches, a report finds.
"Hewlett-Packard has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company said last week in a security bulletin. Dubbed "HP USB Floppy Drive Key," the device is a combination flash drive and compact floppy drive, and is designed to work with various models of HP's ProLiant Server line. HP sells two versions of the drive, one with 256MB of flash capacity, the other with 1GB of storage space. A security analyst with the SANS Institute's Internet Storm Center (ISC) suspects that the infection originated at the factory, and was meant to target ProLiant servers. "I think it's naive to assume that these are not targeted attacks," said John Bambenek, who is also a researcher at the University of Illinois. Both versions of the flash-floppy drive, confirmed HP in an April 3 advisory, may come with a pair of worms, although the company offered few details. It did not, for instance, say how many of the drives were infected, where in the supply chain the infections occurred or even when they were discovered."
"Hubble is a system that operates continuously to find persistent Internet black holes as they occur. Hubble has operated continuously since September 17, 2007. During that time, it identified 881,090 black holes and reachability problems. In the most recent quarter-hourly round, completed at 04:40 PDT, 04/09/2008, Hubble issued 46,846 traceroutes to 1,815 prefixes it identified as likely to be experiencing problems (of 78,772 total prefixes monitored by the system). Of these, it found 195 prefixes to be unreachable from all its vantage points and 139 to be reachable from some vantage points and not others."
"One of the more interesting tidbits in Symantec's Global Internet Threat Report (PDF, 105 pages) is the price sheet, which suggests that someone's 'full identity' is worth in the range of $1-$15. Your email password goes for $4-$30 and your bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it? There's also an executive summary (PDF, 36 pages)."
New Kraken worm evading harpoons of antivirus programs
Botnet research firm Damballa Solutions has discovered evidence that a botnet twice the size of Storm has made its home within 50 of the Fortune 500. Dubbed Kraken, the cyber-cephalopod has eluded most commercial antivirus scanners and remains lurking in the deep.
April 08, 2008 - 01:42PM CT - by Joel Hruska
Flood of revelations in Vista-capable suit paused for appeal
The "Vista Capable" lawsuit against Microsoft that has generated so many revelations about the company's deliberations surround Vista will be put on hold until the Ninth Circuit can rule on whether the case should be a class action.
April 08, 2008 - 12:41PM CT - by Nate Anderson
IBM set to lock down virtual machines with PHANTOM project
IBM has announced a new project, codenamed PHANTOM, that's aimed at securing virtual servers. True to its name, it's a bit wispy on details so far, but it does address a real need.
April 08, 2008 - 11:21AM CT - by Jon Stokes
From saboteur to member: Microsoft joins Kerberos Consortium
MIT has turned development of the Kerberos authentication standard over to an executive committee, and Microsoft is now on the marquee. Once accused of trying to sabotage the standard's interoperability, Redmond will now have a hand in its future development.
April 08, 2008 - 05:56AM CT - by Joel Hruska
Buffalo Squeezes Palm-Sized Terabyte Network-Attached StorageIn a world where Network-Attached Storage devices easily fill up the space under your... [read >>]
in Storage, 09 April, 13:56 GMT
Genuine Advantage 'nag' coming to Office
Mary Jo Foley: Microsoft is set to begin a pilot of a new Genuine Advantage anti-piracy mechanism for Office that will add a "nag-like" feature, akin to what is now part of Windows Vista.
EMC buys Iomega
Larry Dignan: Remember Zip drives? Once the $213 million deal is completed, Iomega will be the core of a new EMC consumer and small business product division.
Storm CodecApril 8, 2008Storm's latest website asks users to install the 'Storm Codec' in order to view a phony video clip.
New RIAA Argument: Throwing A Promo CD In The Garbage = Unauthorized Distribution
Marilyn Monroe's Estate Loses Rights To Photos After Fighting To Make Her A New Yorker
from the figure-this-one-out dept
It appears Marilyn Monroe's estate didn't think all the way through its strategy of posthumously moving the famed star to New York. Apparently, her family convinced California tax authorities that Monroe had been a New York resident, in an attempt to avoid paying taxes on the estate in California. Unfortunately for the estate, that would also mean that Marilyn Monroe's publicity rights died with her. As Against Monopoly points out in the latest example of the bizarre effects of intellectual property rules, California allows "rights of publicity" to live on after death -- meaning that images of famous people still need to be licensed. However, New York says your right of publicity dies when you die. So, a court has now ruled that, thanks to Monroe's own estate claiming that she was a New Yorker, there's no longer a right of publicity for Monroe, and photographers who own Monroe photographs shouldn't have to pay her estate (as they've done since her death). This has photographers claiming that the estate has been unfairly demanding licenses for many years. Next time, perhaps Monroe's estate will just pay the taxes it owes. But, in the meantime, we get to see the bizarre impact of rules such as "publicity rights" which have forced photographers to pay to use photographs they took for many years.
4 Comments Leave a Comment..
Endpoint security products doomed, RSA exhibitors say
Jim Carr April 08, 2008
The endpoint security product is doomed, to be replaced by the umbrella coverage of overriding security solutions.
U.S. Has Launched a Cyber Security 'Manhattan Project,' Homeland Security Chief Claims
Hackers infiltrate search engines, social networks USATODAY.com - Wed Apr 9, 6:57 AM ET
SAN FRANCISCO - Consumers who use search engines, online social networks, browsers and the like face a gantlet of viruses and malicious software code, according to a cybersecurity report from Symantec, issued Tuesday as security experts gather here for the sprawling RSA Conference on tech security.
Microsoft: Ask us and we'll kill your ActiveX control
Microsoft calls for talks on Internet trust, safety
No comments:
Post a Comment