IT security spending not darkened by economic gloom
...In fact, despite the gloomy financial outlook, some analysts actually think IT security spending will increase.
In its annual Global State of Information Security Survey published this month, consultancy PricewaterhouseCoopers (PWC) said the more than 7,000 IT security professionals from 119 countries who responded indicated that 44% would increase their spending on security, while 31% said IT security spending would remain the same, 5% anticipated a decrease and 20% didn't know.
25 Percent Of UK Law Firms Admit To Losing Clients Electronic Data By Grey McKenzie Today
... 37% of lawyers believed that if they did lose their mobile device it would be insecure as a hacker, or identity thief, is “cleverer than the average lawyer” and could access the data it contains. A paltry 13% of those that had lost a mobile device were confident it couldn’t be breached, or used against them, as only this small percentage of law firms were security savvy enough to encrypt the data residing on them.
Former sysadmin sentenced for wrecking corporate servers
A federal judge sentenced him Tuesday to six months in prison, followed by three years of supervised release. Patel has separately agreed to pay Pratt-Read $120,000 in restitution, but he may be ordered to pay additional fines by the judge, prosecutors say.
...
In court filings, prosecutors say that the on the Sunday after Thanksgiving, Patel "had a few drinks," and then accessed the Pratt-Read servers from home...
Ohio gov't. contractor suspected in 'Joe the Plumber' privacy breach
Microsoft vows Windows 7 will fix Vista mistakes
In his speech, Sinofsky said Microsoft is learning its lessons from Vista, which was widely criticized by users and the press, and spoofed famously in television advertisements by Apple Inc.
Hackers publish attack code for last week's Windows bug
October 28, 2008 (Computerworld) Just a day after downplaying the vulnerability that caused it to issue an out-of-cycle patch last week, Microsoft Corp. late yesterday warned customers that exploit code had gone public and is being used in additional attacks.
"We've identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067," said Mike Reavey, operations manager of Microsoft's Security Response Center, in a post to the MSRC blog Monday evening. "This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000."
...
Just the day before, another Microsoft employee had downplayed the threat posed by the bug in the Windows Server service that Microsoft patched last week...
Microsoft, Yahoo form alliance to tackle lottery scams
Microsoft: We didn't 'forget' Azure trademark
see http://www.microsoft.com/azure/default.mspx for more info on their "cloud-computing" initiative.
Reputation litigation, here we come!
When Dates Attack October 20, 2008
Dating 'alert' sites allow women to put an 'ex' on trial without rebuttal
Economic Crisis May Be Boon For Cybercriminals, Experts Say October 28, 2008
How the global financial crisis is affecting organized cybercrime
"...Organized cybercrime has already begun capitalizing on the global financial crisis, cybercrime experts say, with targeted phishing attacks on customers whose banks have folded, and attacks that scam consumers who may be shopping less online, but are now spending more time at home.
Why Virtualization Security Is Such a Mess
Audio: Security expert Chris Hoff explains why he believes virtualization is not properly understood and how, as a result, "security in the cloud" is a myth. [Security Insights Podcast with CSO Senior Editor Bill Brenner. Runtime 7 minutes, 45 seconds]
Read more
We saw one of these black screens on a legitimate home laptop Monday in the CCC:
Microsoft goes black, making Chinese see red
tech.yahoo.com — An anti-piracy tactic by Microsoft Corp. that turns some computer users' screens black has set off a wave of indignation among Chinese consumers, posing renewed problems for the software maker in the huge China market.More…
Don't Be Dragooned Into the Botnet Army A favorite multipurpose weapon of online thieves is growing larger and more powerful, according to those who combat the threat.
McCain Volunteer Invents Attack Hoax, The Nation, October 24, 2008
From Bruce Schneier's blog:
The Skein Hash Function
NIST is holding a competition to replace the SHA family of hash functions, which have been increasingly under attack. (I wrote about an early NIST hash workshop here.)
Skein is our submission (myself and seven others: Niels Ferguson, Stefan Lucks, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker). Here's the paper:
Microsoft Windows Path Canonicalisation Vulnerability
Issued 6 days ago.
DESCRIPTION:
The vulnerability is caused due to an error in netapi32.dll when processing directory traversal character sequences in path names. This can be exploited to corrupt stack memory by e.g. sending RPC requests containing specially crafted path names to the Server Service component.
Successful exploitation allows execution of arbitrary code, but requires authenticated access on Windows Vista and Windows Server 2008.
NOTE: The vulnerability is currently being actively exploited.
Windows Live ID just became yet another OpenID-provider.
... they have undoubtedly put even more weight behind the OpenID initiative.
OpenID is an emerging, de facto standard Web protocol for user authentication. It helps eliminate the need for multiple user names across different Web sites, thereby simplifying a user's online experience. Stated another way, you can reuse your OpenID account at different Web sites without having to create a new user name and password at each site you use.
Microsoft Office will float to the cloud with Office Web
With the upcoming release of Office 14, Microsoft today announced Office Web, a suite of five core Office components that will float up into the clouds.
October 28, 2008 - 02:17PM CT - by David Chartier
Big change in business model:
What Does It Mean For The Christian Science Monitor To Go Web Only?
Turkish hacker arrested by FBI made video giving tips for installing ATM skimmers
Paul Fisher October 28, 2008
A Turkish hacker known as "Chao" and arrested as part of the FBI operation against underground forum DarkMarket produced his own training videos. You can watch it here.
Security group: Vulnerability disclosure is impractical
Mark Mayne October 29, 2008
An advisory group contends that the scramble over Dan Kaminsky's DNS flaw discovery proves that full disclosure is simply not feasible.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment