Wednesday, September 17, 2008

Security News Feed Wednesday 9/17/08

Poor records organization at root of Palm Beach County recount woes In the wake of a voter recount controversy in a South Florida county, election officials are being advised to use better record-keeping and filing and additional oversight. Read more...






Microsoft looks to spread secure software expertise
September 16, 2008 (Computerworld) Microsoft Corp. said today it will export some of its expertise in writing secure code to developers outside the company with several new initiatives, including ones involving a pair of free tools it plans to unveil in November.

The company has distilled some of the experience gained during the past five years through its Security Development Lifecycle (SDL) process and philosophy into the Threat Modeling Tool 3.0 and the Optimization Model. It will make both available for free download in two months.






Forever 21 says nearly 99,000 cards compromised in data thefts






Apple releases Mac OS X 10.5.5, patches nearly 70 bugs






McAfee, Symantec ready VM security products
September 15, 2008 (IDG News Service) With VMware Inc.'s user conference in Las Vegas this week, security vendors Symantec Corp. and McAfee Inc. are readying new products designed to lock down the software running in virtual machine environments.





GPS Spoofing
Interesting:
Jon used a desktop computer attached to a GPS satellite simulator to create a fake GPS signal. Portable GPS satellite simulators can fit in the trunk of a car, and are often used for testing. They are available as commercial off-the-shelf products. You can also rent them for less than $1K a week -- peanuts to anyone thinking of hijacking a cargo truck and selling stolen goods.
In his first experiments, Jon placed his desktop computer and GPS satellite simulator in the cab of his small truck, and powered them off an inverter. The VAT used a second truck as the victim cargo truck. "With this setup," Jon said, "we were able to spoof the GPS receiver from about 30 feet away. If our equipment could broadcast a stronger signal, or if we had purchased stronger signal amplifiers, we certainly could have spoofed over a greater distance."

During later experiments, Jon and the VAT were able to easily achieve much greater GPS spoofing ranges. They spoofed GPS signals at ranges over three quarters of a mile. "The farthest distance we achieved was 4586 feet, at Los Alamos," said Jon. "When you radiate an RF signal, you ideally want line of sight, but in this case we were walking around buildings and near power lines. We really had a lot of obstruction in the way. It surprised us." An attacker could drive within a half mile of the victim truck, and still override the truck's GPS signals.







Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred - 9/16/2008 3:25:00 PM
Web security researchers bow to Adobe request for time to patch before releasing proof of concept of newly discovered, massive 'clickjacking' attack






Enterprises Gearing Up for Identity, Compliance Management Next Year - 9/16/2008 3:24:00 PM Security event management, database security also rank high among near-term plans






Snort Turns 10, Sourcefire Goes Virtual - 9/15/2008 6:30:00 PM
IDS/IPS vendor joins the ranks of VMWare partners, gears up for commercial rollout of next-generation Snort






Study: Hotel Networks Put Corporate Users at Risk - 9/12/2008 4:10:00 PM
The Center for Hospitality Research's survey and hack confirms worries of weak security on hotel networks






U.S. Port Security Earns a C-






100 groups demand to see secret anticounterfeiting treaty
arstechnica.com — More than 100 public interest groups from around the globe are demanding that Anti-Counterfeiting Trade Agreement negotiators open up their process to scrutiny. At stake could be new ISP monitoring rules, fair use issues, and a P2P crackdown.More…






Best Buy Puzzles With Napster Acquisition
techcrunch.com — Best Buy announced today that it has acquired Napster for $121 million in cash. The company said that it will keep Napster’s executive team and will leave the Napster service and its estimated 700,000 users in place without changing much in the near-term.More… (Software)






Student faces charges for hack-and-tellNews Brief, 2008-09-15
A 20-year-old college student faces charges after he allegedly broke into his school's network and sent network administrators a 16-page report on the security issues he discovered.






"Asus is accidentally shipping software crackers and confidential documents on the recovery DVDs that come with its laptops. The startling discovery was made by a PC Pro reader whose antivirus software was triggered by a key cracker for the WinRAR compression software, which was located on the recovery DVD for his Asus laptop. Along with the key cracker the disc also contained confidential Asus documents including a PowerPoint presentation that details 'major problems' identified by the company, including application compatibility issues. The UK reader is not alone, either — several users in the US and Australia have also found suspicious files on Asus discs."






New bill would tighten rules for DHS border laptop searches
After a public outcry about no-reason-needed searches of laptops and electronic gadgets by Border Patrol and Customs agents, Rep. Loretta Sanchez introduced a bill to slap a few more rules on the process. Also, you'll get a receipt when your laptop is taken away.
September 16, 2008 - 01:30PM CT - by Nate Anderson






Ars puts Spore DRM to the test—with a surprising result
While the DRM built into Spore is getting all the headlines, Ars decided to try to hit the install limit. Bumping into the limits of the DRM proved more difficult than we had thought, and EA also proved that yes, you can rent a PC game.
September 16, 2008 - 08:45AM CT - by Ben Kuchera, Mark DeSanto






Microsoft and Cray to unveil $25,000 Windows-based supercomputer
The pair is expected to tout the new offering as "the most affordable supercomputer Cray has ever offered," with pricing starting at $25,000.
Adrian Kingsley-Hughes: A quick look at the Cray CX1--it can cost $90,000.








Hey VMware--Windows isn't the competition
Mary Jo Foley: Microsoft archrival VMware announced the "Virtual Datacenter OS" that some are comparing with Windows Server 2008. The trouble is that VMware's competition won't be Windows Server 2008.
Paula Rooney: Maritz: VMWare better next-gen OS than Windows and Hyper-V
Dan Kusnetzky: Notes from VMworld
Paula Rooney: Citrix aims high with XenServer 5, cloud center







The Perils Of Leaving Wi-Fi Networks Unsecured
Monday September 15, 2008 at 7:23 am CSTPosted by Vinoo Thomas

People don’t seem to seriously care about Wi-Fi security yet. Inspite of oft-repeated warnings, ignorant folks with unlimited bandwidth plans believe that they are doing a social service by allowing neighbors to leach their Wi-Fi freely. What they fail to understand is that by doing so, they can become an unwitting accessory to cyber crime.








Google Docs flaw could allow others to see personal files
Dan Kaplan September 16, 2008
A security researcher claims to have discovered a vulnerability in Google Docs that could allow other users to intercept personal files.






Cybercriminals use celebrity names to lure victimsReuters - Tue Sep 16, 2:29 PM ET
NEW YORK (Reuters) - Looking for information about Brad Pitt or Beyonce on the Web? It could be risky.






We were pretty darn busy in April, so some things fell through the cracks and I missed this report on nationalist motivated hacking. If you recall, during that time period, there were calls in France to boycott the Beijing Olympics over the crackdown in Tibet. The French magazine Capital posted an online poll on whether or not France should participate in the games…Chinese hackers and nationalists were not pleased:

Capital publisher Jean-Joel Gurviez:

“On the first day, we had about 300 responses, which was normal for this type of poll, and they were 80 percent in favour of a boycott. The next day there were 20,000 responses, with 80 percent opposing a boycott,” he said.

Almost all of the responses arrived via Chinese servers, Gurviez said, leading technicians to initially think the influx was driven by Chinese sites directing patriotic fans to vote.

“But a few days later we had hackers operating off servers in China try to change our content, and there were 2.5 million attempts to access protected files. We had to shut down the site temporarily,” he said.

No comments: