Friday, June 27, 2008

Friday News Feed 6/27/08

Hackers hijack critical Internet organizations Turkish hackers on Thursday managed to deface the Web sites of the international organizations that run the Internet's critical routing infrastructure and regulate domain names. Read more...

Turkish gang redirect ICANN, IANA traffic, taunt 'We control the domains!'




Web firewalls trumping other options as PCI deadline nears





'Vista Capable' lawyers bicker over document discovery





Researchers warn of IE6 zero-day bug





Avaya, Cisco and Nortel face VoIP vulnerabilities





Preventing SQL injection






Startup Promises to Slow Software Tampering - 6/25/2008 12:03:00 PM Metaforic says its anti-hacking tools aren't invulnerable, but definitely will make software exploits less fun





News from FIRST 2008: Driving Security Response Excellence and Innovation







Laptop Searches at Airports Raises Privacy Questions
TSA agents' search of air travelers' laptops is under scrutiny by the US Senate. The search of air travelers' luggage is routine, while the search of electronic devices is not. The practice by government agents at airports of accessing and copying the content of computers and other digital devices have raised 4th Amendment questions. The Senate Judiciary Subcommittee hearing Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel explored the issue.
Laptop Searches in Airports Draw Fire at Senate Hearing, New York Times, June 26, 2008
Posted by EPIC on June 26, 2008.Permanent link to this item.






Carrier Pigeons Bringing Contraband into Prisons
In Brazil.
I think this is the first security vulnerability found in RFC 1149: "Standard for the transmission of IP datagrams on avian carriers." Deep packet inspection seems to be the only way to prevent this attack, although adequate fencing will prevent the protocol from running in the first place.
Posted on June 27, 2008 at 6:32 AM






Internet Explorer 7 Frame Location Handling Vulnerability - Moderately critical - From remoteIssued 1 day ago. sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.






Internet Explorer 6 Window "location" Handling Vulnerability - Moderately critical - From remoteIssued 1 day ago. Updated 11 hours ago. Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.






New PDF exploits: “Old wine in a new bottle!”







National health-record privacy law in Congress
Chuck Miller June 26, 2008
A new law in Congress would require every U.S. citizen to have electronic health records by 2014. It would also set up privacy rules for those records, requiring information keepers to notify patients of security breaches.






Privacy standards help safeguard online health data
Dan Kaplan June 26, 2008
Just a few months after Google and Microsoft announced they were launching online consumer health platforms, a nonprofit has unveiled a common framework to protect sensitive medical records.






Man's "Parrot Fever" Death Tests Products Liability Law
The family of a Texas man who allegedly died of a disease contracted from a sick cockatiel has sued PetSmart for wrongful death, but the fate of similar cases around the country suggests their products liability theory will not fly.
http://www.onpointnews.com/







Former White House Advisor: Hackers Didn't Cause 2003 Blackout
By Kevin Poulsen June 27, 2008 1:38:56 PMCategories: Cybarmageddon!
Cyber security consultant Paul Kurtz threw some cold water this week on a report that Chinese hackers caused the massive 2003 northeastern U.S. blackout. He worked for the White House at the time of the outage.






Marshall Islands email paralysed by 'zombie' attack AFP - Tue Jun 24, 6:42 AM ET
MAJURO (AFP) - Email communication in the Marshall Islands was paralysed Tuesday after hackers launched a "zombie" computer attack on the western Pacific nation's only Internet service provider, officials said.







Antispam Group Outlines Defenses to Block Botnet SpamPC World - Thu Jun 26, 9:40 AM ET
A major antispam organization is pushing a set of new best practices for ISPs to stop increasing volumes of spam generated by...






Russian hackers working inside China…






Summary: Chinese cyberwarfare threat by the Heritage Foundation






European Union Study Security Economics and The Internal Market By Grey McKenzie Today







Can Your Employer Read Your Personal Email After You Are No Longer Employed There?
from the questions-for-the-courts dept
While we already know that plenty of companies have systems in place to monitor your corporate email, what about your personal email accounts? And, just to make it more interesting, what about your personal email accounts after you are no longer employed at the firm? That's what's at stake in a new lawsuit, filed by a guy who was fired from a company, and later learned that they were reading his personal Yahoo email -- including messages he sent to his lawyer about responding to the firing.

Apparently, he left a computer at the office logged in to his Yahoo account, and that made it easy for the company to read his email -- and the company claims that since it's on a company computer, it's fair game. It's not exactly clear how he found out they were reading his email, however. Also, the company claims that the reason they looked at his email was because after getting fired, he used a computer (in plain view of other employees) to send himself various confidential company info. Even if that's true, it's not clear that the company should still be able to read emails in his personal account.







Nate McFeters: Another Trojan hits Mac OS X







Nate McFeters: Russian hackers planning attacks against Baltic countries and Ukraine






The World of Warcraft developer is announcing that it plans to release a "Blizzard Authenticator". It’s a keychain addition which gives all WoW players a six digit security code designed especially by the company to "help prevent unauthorized account access".






.confusion: ICANN opens up Pandora's Box of new TLDs
ICANN voted today on a measure that will allow businesses and other organizations to apply for almost any new top level domain they can think of. The organization believes the measure will help foster growth in online properties, despite some looming concerns about user frustration.
June 26, 2008 - 12:11PM CT - by Jacqui Cheng






Breach-notification laws not working? Robert Lemos, 2008-06-25 Research fails to find a correlation between states with disclosure laws and reduced identity theft, suggesting the best defense for concerned citizens is to take action themselves.






EU advisors: Secure ISPs, form "cyber-NATO"News Brief, 2008-06-26Academic researchers tasked with making information-security recommendations to the European Union call for Internet service providers to clean up their networks and for the creation of a group to aid international investigations.

No comments: