Wednesday, July 9, 2008

Wednesday News Feed 7/9/08

Major DNS flaw could disrupt the Internet , 07/08/2008 The discovery of a flaw in Domain Name System protocol that would allow an attacker to remotely disrupt or even take control of the Internet has been discovered by a researcher, leading to a CERT advisory and a multi-vendor DNS patch released today that should be applied on vulnerable ISP and corporate DNS servers.

From ISC.SANS.ORG:
Multiple Vendors DNS Spoofing Vulnerability
The overall issue has been known for a long time, and is a fundamental problem with the way DNS currently works. However, full details about what makes this so special will be revealed at Blackhat.






Adware company refines opt-out, notification technology
It's hoping to reassure critics who claim NebuAd's targeted advertising spies on users

Senate Scrutinizes Privacy Issues of ISP User Tracking






Microsoft confirms active Word attacks
Microsoft Word Unspecified Code Execution Vulnerability - Extremely critical - From remoteIssued 8 hours ago. A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.





Microsoft plugs nine holes in Windows, DNS, SQL






Not patched yet:
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability - Extremely critical - From remoteIssued 2 days ago. A vulnerability has been reported in Snapshot Viewer for Microsoft Access, which can be exploited by malicious people to compromise a user's system.






Don't give Google a free pass on data collection, privacy advocates say after YouTube ruling





French ruling on counterfeit goods could have far-reaching effects for eBay





iDefense Revamps Bucks for Bugs Contest - 7/8/2008 5:55:00 PM Changes aimed at making vulnerability research 'sexy' again, iDefense says





Washington Post: Justice Breyer among victims in data breach







MSRC Blog: Microsoft Security Advisory 953635
Posted Tuesday, July 08, 2008 6:55 PM by MSRCTEAM
Hello, Bill here,
I wanted to let you know that we have just posted Microsoft Security Advisory (953635).
This advisory contains information regarding a new public report of a possible vulnerability within Microsoft Office Word which could allow for remote code execution. Our investigation thus far has shown that this vulnerability affects Microsoft Office Word 2002 Service Pack 3 only.





How to Not Get Hacked Like Sony The U.S. Sony Playstation Web site is the latest high-profile victim of a hacker attack on business sites that's spreading...

The U.S. Sony Playstation Web site is the latest high-profile victim of a hacker attack on business sites that's spreading malware at breakneck pace, says a security vendor.

Sophos PLC reported that Sony had suffered an SQL injection attack last week. Malicious code was planted on pages of two popular Playstation games -- SingStar Pop and God of War.





Breaking the law: one-third of US residents rip DVDs
A third of consumers have made copies of DVDs in the last six months, according to new survey results from the US and UK. This number is up from a year ago, but a majority of these users say they only copy their own DVDs for personal use.
July 08, 2008 - 07:20PM CT - by Jacqui Cheng






Spiraling bandwidth demands spur undersea cable deployment
Food and fuel costs may be skyrocketing, but there's no sign yet that either expense is limiting worldwide demand for bandwidth, which is on track to grow by 50 percent or so between 2007 and 2008. International telecoms continue to lay cable across the globe, but if things continue as they are, demand may outstrip supply.
July 08, 2008 - 05:10PM CT - by Joel Hruska






Malicious Spam Using Dramatic Subjects to Lure Users
July 7, 2008

Storm Worm says the U.S have invaded Iran
Dancho Danchev: Right after the U.S Independence Day fireworks, Storm Worm latest campaign says the U.S have invaded Iran--attempting to once again exploit client-side vulnerabilities.






Microsoft to deliver SQL Server 2008 in August









Record $46M Awarded for Manager's Firing
By MATTHEW HELLER
Evidence including a "smoking e-mail" has helped persuade a Cleveland jury to award a record $46.6 million to a former trash company manager who was fired after he refused to dismiss three employees, all of whom were about 60 years of age. more








Survey says: Government employees enjoy wireless internet
Sue Marquette Poremba July 08, 2008
Nearly half of all federal government employees use wireless internet that allows them to work outside the office, according to a new survey.






Bejtlich on last month’s Cyber Panel
Published by jumper under Hacker Organization, Nationalism
Richard Bejtlich blogged about the AF Cyber Panel last month and provides a plug for the TDV book which he reviewed a while ago. The Cyber Panel had some informal discussion about the cyber-militia:

In the US, our DoD relies upon professional, uniformed military members, government civilians, and an immense contracting force to defend the nation and project its military power. In China, their PLA mixes uniformed military with ordinary civilians, some of whom act at the behest of the military and government, with others acting on their own for “patriotic means.”

The discussion turns into a comparison of the US/PRC capabilities and specifically how the US can recruit and retain qualified cyber warriors. The problem seems to be that the PRC can call up an army of qualified patriotic hackers while the US is having problems recruiting and retaining talent.






http://www.nationalcybersecurity.com/blogs/796/Virus-Scanners-Clear-Attackers-a-Path-To-Your-Computer-With-Approximately-800-Vulnerabilities-Detected.html
"During the past few months, specialists from the n.runs AG, along with other security experts, have discovered approximately 800 vulnerabilities in anti-virus products. The conclusion: contrary to their actual function, the products open the door to attackers, enable them to penetrate company networks and infect them with destructive code. The positioning of anti-virus software in central areas of the company now poses an accordingly high security risk."






Verizon data breach report
Learning from the Verizon Business RISK Team's valuable analysis of four years of data on security breaches among their clients.






Top Ten Worst Uses for Windows by Richard Stiennon

No comments: