Spear-phishing attacks have hooked 15,000, says VeriSign VeriSign estimates that spear-phishing attacks have taken in 15,000 victims over the past 15 months. Read more...
Security Advisories
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco PIX and Cisco ASA
Microsoft slates seven fixes for next week
http://blogs.technet.com/msrc/
As part of our regularly scheduled bulletin release, we’re currently planning to release:
· Three Microsoft Security Bulletins rated Critical, three Important, and one Moderate. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.
XP SP3 omits critical security update
Full Appeals court hearing sought in border laptop search case
UnitedHealthcare data breach leads to ID theft at UC Irvine
Medical ID Theft Threatens Finances and Lives
Medical identity theft adds a new twist to identity theft by potentially creating not only financial problems, but health risks. The theft of health insurance benefits to obtain health care can add erroneous information to the health records of victims. These changes to health records may go unnoticed, if ever detected, for years before they are caught.
Medical ID Theft can injure finances, endanger lives, Dallas Morning News, June 2, 2008
Posted by EPIC on June 3, 2008.Permanent link to this item.
Why your privacy still comes at a cost
http://www.latimes.com/business/la-fi-lazarus4-2008jun04,1,7565391.column
In case you missed it, your elected representatives bowed to intense pressure from phone companies last week and voted to allow them to keep charging whatever they want to protect your privacy.I'm talking, of course, about the up to $24 a year that millions of Californians are charged to keep their numbers out of the phone book and its electronic cousins.
June 06, 2008 KY Attorney General Creates Unit To Combat Cybercrime
http://www.crime-research.org/news/06.06.2008/3402/
A New Spin on Adaptive Security - 6/5/2008 5:25:00 PM
Gartner's next-generation security model has its roots in other efforts
The real-time, adaptive security infrastructure (ASI) posed by Gartner this week has triggered déjà vu and debate among security experts. (See Gartner Details Real-Time 'Adaptive' Security Infrastructure.)
Neil MacDonald, vice president and fellow at Gartner, described the vision of this next-generation security model during his keynote at the Gartner Security Summit on Tuesday. ASI adapts to threats in real time rather than in the aftermath of an attack, with interconnected services and tools that communicate and share information so that network, host, application, database, and content security are no longer separate “silos,” but one synchronized security system.
But some experts say this concept unveiled by Gartner is really nothing new. Network Associates (now part of McAfee), for example, in the late 1990s offered the Active Security family of products, which integrated a security assessment scanner, an early generation policy manager, firewall, and a PKI server. But Active Security never really caught on.
...
Skype File URI Code Execution Vulnerability - Moderately critical - From remoteIssued 1 day ago. A vulnerability has been reported in Skype, which can be exploited by malicious people to compromise a user's system.
Software Update Prompts Nuclear Plant Shutdown
http://blogs.washingtonpost.com/securityfix/
A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.
The incident occurred on March 7 at Unit 2 of the Hatch nuclear power plant near Baxley, Georgia. The trouble started after an engineer from Southern Company, which manages the technology operations for the plant, installed a software update on a computer operating on the plant's business network.
Opera sings anti-malware tuneNews Brief, 2008-06-06The alternative browser's next version will block Web sites and links that attempt to compromise users' computers.
The number of moves necessary to solve an arbitrary Rubik's cube configuration has been cut down to 23 moves, according to an update on Tomas Rokicki's homepage (and here). As reported in March, Rokicki developed a very efficient strategy for studying cube solvability, which he used it to show that 25 moves are sufficient to solve any (solvable) Rubik's cube. Since then, he's upgraded from 8GB of memory and a Q6600 CPU, to the supercomputers at Sony Pictures Imageworks (his latest result was produced during idle-time between productions). Combined with some of Rokicki's earlier work, this new result implies that for any arbitrary cube configuration, a solution exists in either 21, 22, or 23 moves. This is in agreement with informal group-theoretic arguments (see Hofstadter 1996, ch. 14) suggesting that the necessary and sufficient number of moves should be in the low 20s.
Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?
Study paints grim picture of automated P2P enforcement
University of Washington researchers show that BitTorrent DMCA complaints aren't always accurate, and they prove it by "framing" a printer, a PC, and a wireless access point.
June 05, 2008 - 07:50PM CT - by Nate Anderson
Brand-jacking threatens customer trust
Dancho Danchev: Increasingly, online scammers are abusing the reputation of trusted brands in order to build more legitimacy into their phishing campaigns.
How Could Anyone Possibly Mess With With E-Voting Machines... When They're Left Unguarded For Days?
from the oh,-that's-right,-it's-easy dept
One of the common complaints from the e-voting companies about the various independent security tests that find problems with their machines, is that those test occur under conditions that would never happen in the real world. Specifically, the e-voting companies like to claim that most of the "hacks" revealed would require a lot of access to the machines with no one noticing -- and that just wouldn't be feasible during an election with election officials all around. While even that might be questioned, a much bigger issue is that most polling places leave the e-voting machines totally unguarded and totally unprotected, sometimes for days before the election -- giving anyone with nefarious intent plenty of time to mess around with the machines. Ed Felten has been pointing this out for years. He took photos of such machines at Princeton in 2006 and then again at the primary election earlier this year. This past Tuesday was another election day in many places, including New Jersey, and Ed Felten, once again, took photos of a whole bunch of totally unguarded e-voting machines that any passerby could have accessed. Of course, given that the software itself doesn't seem to work maybe someone will actually adjust the machines to make them work better. Always look on the bright side.
15 Comments Leave a Comment..
Trend Micro to boycott security tests
Richard Thurston June 05, 2008
The security vendor's chief technology officer said today the company will withdraw from the popular VB100 anti-malware tests, launching a tirade against the testers' methodology.
Ethical hacking site falls victim to hackers
Richard Thurston June 05, 2008
Metasploit, the hacking tools site which is widely used by white hat hackers, has itself fallen victim to ARP poisoning, which led to the defacement of the site.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment