Friday, October 10, 2008

Security News Feed Friday 10/10/08

Windows 7 UAC, the Evolution







Microsoft investigates exploit reports for Windows flaw
Dan Kaplan October 10, 2008
Attackers have posted public exploit code for a zero-day Windows vulnerability that could result in privilege escalation.






Microsoft set to deliver 11 patches next week
Dan Kaplan October 09, 2008
Microsoft on Thursday announced plans to push out 11 fixes in next week's security update.






Iowa ISP owner wins $236 million spam judgment
Dan Kaplan October 09, 2008
The owner of a small Iowan ISP has been battling spammers for years. His most recent victory came in the form of a $236 million judgment.






10,000 LinkedIn users targeted in spear phishing attack
Angela Moscaritolo October 09, 2008
A LinkedIn "spear phishing" email scam loaded malicious software to steal usernames and passwords.






Prices for stolen information plummet
Dan Raywood October 09, 2008
The black-market price for stolen credit and debit card details has dropped to as little as $1.50, according to a newspaper investigation.







Mac OS X Patch Day: 40 security flaws fixed
Ryan Naraine: Apple has shipped another whopper of a patch to cover a total of 40 documented vulnerabilities affecting the Mac OS X ecosystem.






NSA Abused Wiretap Rights: Intercepted, Shared Private Calls Of Americans
from the funny-how-that-works dept






American Citizen Detained At Border Due To Drawing Of An SUV
from the think-how-much-worse-it-could-be dept
If you want to understand why we're so troubled by the ACTA treaty that many nations are working on in secret, we just need to look at a story highlighted recently at Boing Boing about an American woman who was detained for a while at the US-Canadian border because she had a drawing of an SUV. The customs officials accused her of being an industrial spy and copyright infringer. In actuality, she's a professor and artist, who was doing an art project involving an SUV.






Cyber Credit Card Thieves Payment Processor of Choice is Western Union By Grey McKenzie 10/7/2008






Free Cyber Security Awareness Materials From ISC By Grey McKenzie 10/7/2008








Romanian pleads guilty to phishing-related charges
A Romanian man pleaded guilty earlier this week to charges related to possession of stolen credit...








U.S. gov't proposes digital signing of DNS root zone file
The U.S. government is soliciting input on a way to make the Internet's addressing system less...






Saudi-owned TV website hit by cyber attackAFP - 34 minutes ago
DUBAI (AFP) - Computer hackers claiming to be Shiite shut down the website of Saudi-owned satellite channel Al-Arabiya on Friday, a month after Iran reported similar attacks on many of its websites by hardline Sunnis.







Update 1: Microsoft Security Advisory 951306
Posted Thursday, October 09, 2008 4:00 PM by MSRCTEAM
Hello, Bill here,
I wanted to let you know that we have just updated Microsoft Security Advisory (951306).
Exploit code has been published on the Internet for the vulnerability addressed by this Advisory. Our investigation has shown that it does not affect customers who have applied the workarounds listed in the Advisory.






Remote Workers Care About IT Security -- Really
A new survey finds that mobile users actually do make sure to use secure Internet and Wi-Fi connections, they love IT for helping keep them on the go, and they'd rather live without their car than Internet connectivity.






Fake Microsoft Update Email






When the Hackers Hack Back






Data Mining for Terrorists Doesn't Work
According to a massive report from the National Research Council, data mining for terrorists doesn't work.






CUPS Multiple Vulnerabilities
Issued 10 hours ago. // Moderately critical // From local network // 436 viewsSome vulnerabilities have been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system.






Posted at 01:33 PM ET, 10/ 9/2008
Spam Volumes Plummet After Atrivo Shutdown
Security Fix has spilled quite a bit of digital ink chronicling the demise of Atrivo (a.k.a. "Intercage"), a now-defunct Northern Calif. based Internet service provider that served as home base for a large number of cyber criminal operations. Happily, data released this week about a short-lived but precipitous decline in the level of badness online after Atrivo was shut down illustrates just how bad Atrivo was.
Posted by Brian Krebs Permalink






Interorganizational wrangling begins as .gov studies DNS fix
In the wake of recent DNS hijacking hacks, a number of top-level Internet domains have deployed DNSSEC. Now, the US Commerce Department is requesting comments on proposals to roll it out for the root DNS servers.
October 09, 2008 - 12:48PM CT - by John Timmer







Users, Enterprises Pay for Poor Privacy Policies, Study Says - 10/7/2008 4:10:00 PM
Research paper seeks to quantify loss of time spent reading confusing, overwritten privacy policies

No comments: