Norway pressures Apple to ditch iTunes DRM
Gartner: Security risks rise as smart phones get smarter
EMC to offer advanced storage features to consumers
Web Mail Rivals at Risk of Password-Reset Hacks
September 29, 2008 (Computerworld) Yahoo Mail isn't the only Web-based e-mail service that hackers could dupe into giving up user passwords, the tactic that was apparently used to break into the e-mail account of Alaska Gov. Sarah Palin, the Republican nominee for vice president.
Google Inc.'s Gmail and Microsoft Corp.'s Windows Live Hotmail also rely on automated password-reset mechanisms that can be abused by someone who knows the username associated with an account and an answer to a single security question, according to tests done by Computerworld.
Limbo malware grabs personal banking data
September 26, 2008 (IDG News Service) A Trojan horse program now available to a growing number of fraudsters can add data entry fields to legitimate online banking sites and entice consumers to give up sensitive information such as bank card numbers and personal identification numbers.
The malware, Limbo, integrates itself into a Web browser using a technique called HTML injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions. Because it's so closely integrated in the browser, it can operate even while the user is at the real bank site and can actually change the layout of that site, he said.
Microsoft, Washington state to sue 'scareware' pushers
September 26, 2008 (IDG News Service) Microsoft Corp. and Washington state are cracking down on scammers who bombard computer users with fake warning messages in the hope of selling them useless software.
On Monday, the state's attorney general and lawyers from Microsoft's Internet Safety Enforcement team will announce several lawsuits against so-called "scareware" vendors, who are being charged under Washington's Computer Spyware Act.
Security researchers warn of new 'clickjacking' browser bugs
September 26, 2008 (Computerworld) Security researchers warned today that a new class of vulnerabilities dubbed "clickjacking" puts users of every major browser at risk from attack.
Details of the multiple flaws -- six different types, by one count -- are sketchy, because the researchers, who presented some of their findings at a security conference earlier this week, have purposefully kept their information confidential as at least one vendor works on a fix.
Although the clickjacking problem has been associated with browsers -- users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack -- the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, and one of the two researchers who discussed the bug in a semi-closed session at OWASP AppSec 2008 on Wednesday.
In an interview on Friday, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by CSRF or "sidejacking." But clickjacking is different enough that the current anti-CSRF security provisions built into browsers, sites and Web applications are worthless.
Mozilla rushes to fix Firefox password bug
Visa to develop e-payment applications for Android, Nokia phones
Nokia announces potential new ownership of its security businessNokia today announces that it is in the advanced stages of discussions with a financial investor to purchase the security business from Nokia. “The investor is committed to continuing the development and growth of the business, to serving its current network of customers, and to retaining and motivating its employees. I am pleased to say that this is an extremely positive development for the security business, which will be able to realize its full potential under new ownership.” - Niklas Savander, EVP, Services & Software, Nokia. Read the full press release.
http://www.pcmag.com/article2/0,2817,2331225,00.asp
The 10 Most Mysterious Cyber Crimes
New ID Theft Service Crawls the Web on Consumers' Behalf - 9/26/2008 11:45:00 AM
For $15, Affinion penetrates hacker chat rooms and warns users when their data is for sale
Tiger Team Member Attacks Developers, Not Apps - 9/25/2008 5:28:00 PM
Expert shows how he can get into a Web app without touching the application itself
Shadowserver to Build 'Sinkhole' Server to Find Errant Bots - 9/24/2008 4:25:00 PM
New initiative will emulate IRC, HTTP botnet traffic
Sep 28, 3:10 pmFirms Urged to Boost Web 2.0 Security
Three out of 10 businesses have experienced security breaches because of employees using social nets or other community services at work.
http://blog.makezine.com/archive/2008/09/metal_plates_send_message.html
Send your personalized message to TSA x-ray screeners using metal plates you can put in your carry-on luggage.
Apple, Cisco fix serious security flawsNews Brief, 2008-09-25
The consumer technology maker pushes out a large patch for Java on Mac OS X, while Cisco publishes a dozen updates to fix serious issues in its networking hardware.
Congress finally passes broadband data collection bill
Days before recessing for the year, the Senate has at last passed the Broadband Data Improvement Act. It directs the FCC to gather far more detailed (and useful) information about the US broadband market, including better deployment maps and price information.
September 29, 2008 - 01:04PM CT - by Nate Anderson
Classmate PC gets a boost with million-unit Venezuelan order
The government of Venezuela has ordered one million low-cost Classmate PC laptops to be shipped to students with Linux preinstalled.
September 29, 2008 - 08:42AM CT - by Ryan Paul
iPhone 3G/iPod touch 2G is a tougher nut to crack
Adrian Kingsley-Hughes: The iPhone 3G was unveiled in June, but hackers are having a tougher time cracking the software to make the iPhone carrier-free and jailbreak the iPod touch.
Kaspersky: Worry About Trojans, Mobile Phone WormsPC Magazine - Wed Sep 24, 11:20 AM ET
Russian security giant Kaspersky Lab on Wednesday released its mid-year report on current trends in malware along with a report on spam trends. The upshot? Trojans continue to dominate the threat radar, and mobile-phone viruses are now a valid concern.
Bypassing the Great Firewall of China - iaminchina.com
