Monday, June 30, 2008

Monday News Feed 6/30/08

DC Goes for a Universal City ID Document
The District of Columbia has announced an ambitious plan to link multi-use documents to a centralized tracking system that would span a wide range of city services including summer jobs programs, public schools, attendance at public meetings, metro fare cards, and city health service offices. The citywide ID plan is proposed in a climate where a national ID debate is advanced under the scheme called REAL ID.
New ID Card Serves Students, Rec Centers, Libraries in D.C., Washington Post, June 27, 2008
Posted by EPIC on June 27, 2008.Permanent link to this item.






Pentagon Consulting Social Scientists on Security
This seems like a good idea:
Eager to embrace eggheads and ideas, the Pentagon has started an ambitious and unusual program to recruit social scientists and direct the nation’s brainpower to combating security threats like the Chinese military, Iraq, terrorism and religious fundamentalism.
The article talks a lot about potential conflicts of interest and such, and less on what sorts of insights the social scientists can offer. I think there is a lot of potential value here.
Posted on June 30, 2008 at 12:13 PM2 Comments
View Blog Reactions






Internet Explorer 6 Window "location" Handling Vulnerability - Moderately critical - From remoteIssued 4 days ago. Updated 3 days ago. Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks.







Internet Explorer 7 Frame Location Handling Vulnerability - Moderately critical - From remoteIssued 4 days ago. Updated 10 hours ago. sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.






http://blogs.washingtonpost.com/securityfix/
Posted at 08:00 AM ET, 06/30/2008
Data Breach Reports Up 69 Percent in 2008
Businesses, governments and universities reported a record number of data breaches in the first half of this year, a 69 percent increase over the same period in 2007 driven by a spike in data thefts attributed to employees and contractors, according to an analysis by identity theft experts.
The San Diego-based Identity Theft Resource Center tracked 342 data breach reports from Jan. 1 to June 27. Nearly 37 percent of reports came from businesses -- an increase from almost 29 percent last year.






Breach-notification laws not working? Robert Lemos, 2008-06-25 Research fails to find a correlation between states with disclosure laws and reduced identity theft, suggesting the best defense for concerned citizens is to take action themselves.







EU advisors: Secure ISPs, form "cyber-NATO"News Brief, 2008-06-26Academic researchers tasked with making information-security recommendations to the European Union call for Internet service providers to clean up their networks and for the creation of a group to aid international investigations.






Controls? What controls?
Pentagon Worker Spent Tax MoneyOn Exotic Dancer, Prosecutors Say
By JOE HARRIS
ST. LOUIS (CN) - A Defense Department civilian employee and an exotic dancer charged more than $56,000 on the employee's Defense Department credit card, federal prosecutors say. Steven C. Brown, 49, of Godfrey, Ill., and the dancer, Teressa V. Shrum, 33, of Hannibal, Mo., were indicted on 20 felony counts of theft of public money.





Phone Phreak Rap: You're In Jail, and I'm Not
With Stuart Rosoff and his gang of SWATters all sentenced to up to five years in prison for sending cops bursting into the homes of their party line enemies, phone hackers and ersatz hip-hop artists Lucky225 and Lotus recorded this (.mp3) nerdcore track to taunt their convicted foes.






FBI access to private data in Europe pending
Richard Thurston June 30, 2008
The European Commission is said to be close to finalizing an agreement with the U.S. that would allow the FBI to see the credit card histories and internet browsing habits of European citizens.






Researchers reveal VoIP vulnerabilities
Sue Marquette Poremba June 27, 2008
VoIPshield Laboratories has alerted companies that market voice over IP systems of new security vulnerabilities.






Report: Montgomery Ward fails to alert victims of breach
Chuck Miller June 27, 2008
Mongomery Ward, an old-line merchant now operating as an internet retailer, suffered a breach of some 51,000 customer credit card numbers, and failed to report it to customers.








New PDF exploits: “Old wine in a new bottle!”
Thursday June 26, 2008 at 8:30 pm CSTPosted by Yichong Lin
No Comments
We came across some samples and some vendors claims that the these samples were exploiting the new PDF vulnerability CVE-2008-2641.
We took a look at this issue and found that this is not the case, it’s still exploiting the old vulnerability CVE-2007-5659, which is a buffer overflow vulnerability in JavaScript function Collab.collectEmailInfo in Adobe PDF Reader’s own JavaScript Engine.






Good Always Comes Out of Bad
Not sure I agree, but it's more reading about the Turkish hackers who grabbed ICANN's DNS records...

No comments: