Apple forgets to fix iPhone passcode bug
Apple confirms iPhone security bug, promises patch
iPhone passcode lock rendered useless
Ryan Naraine: The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information.
Trade body to hear Microsoft complaint against Taiwan company
European court won't stop U.K. hacker's extradition to U.S.
Terror threat system crippled by technical flaws, says Congress
Cisco Security Advisory: Vulnerability in Cisco WebEx Meeting Manager ActiveX Control
Identifying and Mitigating Exploitation of the Vulnerability in Cisco WebEx Meeting Manager ActiveX Control
Report: Email Address Dictates Spam Volume - 8/28/2008 5:23:00 PM The first letter of your email address is one factor in your spam risk, a researcher says
"... alice@company.com typically gets a higher volume of spam than quincy@company.com, or zach@company.com. He says that’s simply because there are more combinations of names that begin with “A” than with “Q” or “Z.” "
Report: Popular Web Attacks Go Stealth - 8/27/2008 5:45:00 PM Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security
Microsoft Offers Details on Privacy Features in IE8 - 8/27/2008 4:46:00 PM New browser will allow user to better control access to surfing history, cookies
PCI: Kiss WEP Goodbye
Kevin Mitnick Tells All in Upcoming Book
blog.wired.com — Kevin Mitnick Tells All in Upcoming Book -- Promises No Whining Now that the statute of limitations has lifted on many of his crimes -- as well as a seven-year court ban prohibiting him from writing about them (the ban ended midnight on January 28, 2007) -- former hacker Kevin Mitnick is telling his story in a book to be published next year.More… (Security)
A British Bank Bans a Man's Password
Weird story.
Mr Jetley said he first realised his security password had been changed when a call centre staff member told him his code word did not match with the one on the computer.
"I thought it was actually quite a funny response," he said.
"But what really incensed me was when I was told I could not change it back to 'Lloyds is pants' because they said it was not appropriate.
[...]
"The rules seemed to change, and they told me it had to be one word, so I tried 'censorship', but they didn't like that, and then said it had to be no more than six letters long."
Lloyd's claims that they fired the employee responsible for this, but what I want to know is how the employee got a copy of the man's password in the first place. Why isn't it stored only in encrypted form on the bank's computers?
How secure can the bank's computer systems be if employees are allowed to look at and change customer passwords at whim?
FBI Warns of Hit Man Scam Resurgence
The FBI is warning people not to be disturbed by an e-mail scam that threatens your life and orders you to pay up to avoid being the target of a hired hit man.
The FBI said its Internet Crime Complaint Center continues to receive thousands of reports concerning the hit man e-mail scheme. The FBI notes that while the content of the missive has evolved since similar hit man scams first surfaced in late 2006, the message remains the same, claiming the sender has been hired to kill the recipient.
U.S. to deploy DNS Security in two yearsNews Brief, 2008-08-28
The government issues a memo calling for all major agencies to adopt DNSSEC by December 2009, at which point the top-level .gov domain will transition as well.
States seek workarounds for e-voting systems
"According to a thread on the bind-users mailing list, there is nothing inherent in the DNS protocol that would cause the massive vulnerability discussed at length here and elsewhere. As it turns out, it appears to be a simple off-by-one error in BIND, which favors new NS records over cached ones (even if the cached TTL is not yet expired). The patch changes this in favor of still-valid cached records, removing the attacker's ability to successfully poison the cache outside the small window of opportunity afforded by an expiring TTL, which is the way things used to be before the Kaminsky debacle. Source port randomization is nice, but removing the root cause of the attack's effectiveness is better."
"In a bid to deter people from using pirate versions of Windows XP, Microsoft is now updating its Windows Genuine Advantage (WGA) tool to introduce a few uncomfortable niggles for users of pirated versions of Windows. These include replacing the desktop wallpaper with a black screen every 60 minutes, although you can still replace it with your wallpaper of choice in the intervening period. As well as this, copies of Windows deemed to not be genuine will also have a translucent watermark above the system tray, which Microsoft calls a 'persistent desktop notification.'"
It's official: Comcast starts 250GB bandwidth caps October 1
Comcast has finally announced that it will introduce 250GB per month bandwidth caps for all residential customers this fall. It insists that this is the same policy it always had, but with clearer limits.
August 28, 2008 - 04:16PM CT - by Jacqui Cheng
Steve Jobs death has been greatly exaggerated
Mobile Phones Being Used To Bring Fairer Elections To Africa
from the good-news dept
We report on so many stories where technology is used in bad or oppressive ways, that it's important to note when it's being used in positive ways as well. Technology, itself, is just a tool that can be used in both good and bad ways (not to mention neutral ways), but somehow the good ways don't always get as much attention. CNN has an article detailing how the rise of mobile phones throughout Africa is helping in making elections that are more fair. It's certainly not perfect yet, but the ability to communicate has allowed citizens to report abuses of the election process and get the word out when they see any kind of cheating happening.
Virtual worlds, real attacks
When I see my son playing online computer games I am worried!
I am worried not because he spends too much time in front of a computer - it is the abundance of security issues that surround contemporary online gaming that makes me uneasy. I just had to do something about that.
So what I have tried to do is list the security problems related to online games and humbly suggest some possible solutions. The result is a research white paper that has just been posted on our Web site:
http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_online_gaming.pdf.
If you are interested in topics like game-related money-laundering, virtual terrorist attacks, stolen virtual identities, game-related malware, virtual viral outbreaks - I dare you NOT to click the link!
Spammers bypass filters with SWF file redirects
August 28, 2008
Spammers are stepping up their use of Shockwave Flash file redirects to avoid detection.
Watch Out! Firing IT Workers Can Cost You
When IT employees are dismissed, watch out! A new survey by Cyber-Ark Software, a provider of...
August 29, 2008 Hacker gets into FEMA phone system
http://www.crime-research.org/news/29.08.2008/3544/
August 29, 2008 Hackers attack Iraq's vulnerable computers
http://www.crime-research.org/news/29.08.2008/3543/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment