Data Breach Notification Laws, State By State
Californians are clueless about privacy laws:
http://www.darkreading.com/document.asp?doc_id=154134
Perimeter eSecurity Pushes Into Storage Services - 5/16/2008 5:00:00 PM Managed services specialist is taking aim at EMC with its remote backup offering
XP SP3 issue blog:
http://msinfluentials.com/blogs/jesper/archive/2008/05/08/does-your-amd-based-computer-boot-after-installing-xp-sp3.aspx
Microsoft Word Two Code Execution Vulnerabilities - Highly critical - From remoteIssued 6 days ago. Updated 5 days ago. Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
"Responding to questions about why some users of Windows Vista Media Center were prevented from recording the NBC Universal TV shows 'American Gladiator' and 'Medium,' Microsoft has acknowledged that Windows Media Centers will block users from recording TV shows at the request of a broadcaster. 'Microsoft included technologies in Windows based on rules set forth by the (Federal Communications Commission),' wrote a Microsoft spokeswoman, apparently referring to an FCC proposal that the courts struck down in 2005. 'Microsoft has put the requirements of broadcasters above what consumers want,' said the EFF's Danny O'Brien. 'They've imposed restrictions way beyond what the law requires. Customers need to know who Microsoft is listening to and how that affects their equipment. Right now, the only way customers know what Microsoft has agreed to is when the technology they've bought suddenly stops working. Microsoft needs to come clean and tell its customers what deals it has made.'"
MySpace spammers given largest fine in CAN-SPAM history
Two individuals responsible for using MySpace accounts to spam other users failed to show up in court this week to fight the CAN-SPAM charges. The result was a default judgment of $234 million against the dynamic duo—the largest judgment so far in CAN-SPAM history.
May 16, 2008 - 11:40AM CT - by Jacqui Cheng
Fast-Fluxing SQL injection attacks executed from the Asprox botnet
The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign.
“As of yesterday, we observed the Asprox botnet pushing an update to the infected systems, a binary with the filename msscntr32.exe. The executable is installed as a system service with the name “Microsoft Security Center Extension”, but in reality it is a SQL-injection attack tool. When launched, the attack tool will search Google for .asp pages which contain various terms, and will then launch SQL injection attacks against the websites returned by the search. The attack is designed to inject an iframe into the website source which will force visitors to download a javascript file from the domain direct84.com. This file in turn redirects to another site, where additional malicious javascript can be found. Currently the secondary site appears to be down, however it is likely that when successful, the site attempts to exploit the visitor’s web browser in order to install additional copies of either Danmec, Asprox and/or the SQL attack tool.”
Redmond Magazine Successfully SQL Injected by Chinese Hacktivists
McAfee's HackerSafe: "Um... we go in like a super hacker"
Mass Hacks Likely to Hang Around for a While
Friday May 16, 2008 at 2:42 pm CSTPosted by Craig Schmugar
Permanent Link
In March I blogged about a round of mass Web site compromises. Since then there have been several other instances discovered, as well as a couple of smoking guns. The net net is that the bad guys are using automated tools to find and attack Web applications that are vulnerable to SQL-injection attacks. Many of these applications are homegrown and thus there is no patch or hotfix for administrators to install. This means that simply removing the injected malicious code won’t last long.
Just now I was reviewing the latest batch of hacked sites, and I noticed pages that were previously compromised and “repaired,” only to be compromised again. The entry point for these attacks must be closed in order to thwart future attacks. This means that underlying code must be audited and improper input validation must be corrected. And given that many Web administrators install out-of-support freeware and shareware applications, we can expect many sites to remain vulnerable for a very long time.
McAfee’s Foundstone Hackme Shipping Tool can be a useful resource for those in need of a better understanding of how common Web application attacks occur and how to properly code against them.
Mass SQL Injection Attack Targets Chinese Web SitesPC World - Mon May 19, 6:00 AM ET
Web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web...
NSA's website outage due to lack of topological "diversity"'
Jim Carr May 16, 2008
An easy-to-fix -- but often overlooked -- problem most likely took the National Security Agency's website and its mail services down for six or seven hours on Thursday.
OLPC Laptop Gets Windows
By David TalbotFriday, May 16, 2008
One Laptop per Child inks a deal with Microsoft to put Windows on the "100-dollar" machine.
A Faster, More Energy-Efficient GPS
By Kate GreeneFriday, May 16, 2008
New software could help make location-aware devices ubiquitous.
Secret Data in FBI Wiretapping Audit Revealed with Ctrl-C
Chinese Red Cross Website Hacked to Steal Earthquake Relief Donations
Air Force Cyber Warfare Cyber Command Center Location Coveted By 18 States By Grey McKenzie Today
Power Plant Software Suitelink Can Be Hacked Easily Says Core Security By Grey McKenzie Today
I spy your PC: Researchers find new ways to steal data
May 19, 2008 (IDG News Service) Researchers have developed two new techniques for stealing data from computers that use some unlikely hacking tools: cameras and telescopes.
Non-tech criminals can now 'rent a botnet'
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment