Visa Tests Credit Card With Random Number GeneratorNov 11,2008
Built-in second factor of authentication could slow online card fraud
November Black Tuesday Overview
MS08-068
The NTLM protocol allows an attacking server to reflect credentials and use them against the client gaining the rights of the logged on user.Replaces MS06-030 and MS05-011.
MS08-069
Multiple vulnerabilities allow memory corruption (code execution with the rights of the logged on user), cross domain scripting and cross domain information leaks.Replaces MS07-042.
Microsoft's exploit predictions are right less than half the time Microsoft says its efforts to predict whether hackers will create exploit code for its bugs are a success -- even though the company got its first monthly forecast right less than half the time. Read more...
Microsoft explains seven-year-old patch delay
In a post to the Microsoft Security Response Center blog, MSRC spokesman Christopher Budd acknowledged the seven-year stretch between the time when the vulnerability was first discussed and when the patch was released. Then he launched into an explanation.
...
Microsoft may have been prompted to act by the appearance earlier this year of an SMB relay attack module for the popular open-source Metasploit penetration and attack framework, argued Schultze. "It looks like exploit code came out in the last four or five months," he said, which made it easier for someone to create the Metasploit module.
IBM's ISS blasts security rival Trend Micro over bugs
Spam plummets after Calif. hosting service shuttered
Spam volumes plunged by more than 40% after a major bot hosting network was shut down, researchers at IronPort Systems Inc. said today.
On Tuesday, McColo Corp. was kicked offline when its primary Internet providers severed its connection to the Web, reported The Washington Post, which led an investigation of the San Jose-based hosting service. According to the newspaper, McColo's clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets.
...
"McColo was the hosting firm for some of the biggest spam botnets, including Srizbi and Rustock,"
Ancient IBM drive rescues Apollo moon data
Thankfully, the tapes stored at Sydney University were still available. However, what was not readily available was a IBM 729 Mark V tape drive needed to read the data.
The IBM 729 magnetic tape drive was used by IBM from the late 1950s through the mid-1960s. It used a half-inch magnetic tape that was up to 2,400 feet in length on a reel measuring up to 10.5 in. in diameter.
AVG Antivirus Update Mistakenly Deletes System FileNewsFactor - Tue Nov 11, 4:50 PM ET
An update for the AVG 8 antivirus software for Windows 2000, XP and Vista released Saturday mistakenly warned that the Windows system file user32.dll was a Trojan horse. The problem affected the Dutch, French, Italian, Portuguese and Spanish versions.
How Recessions Make Good People Do Bad Things In a corporate environment, we tend to trust our co-workers -- but we might want to fight our instincts on this one.
Survey: Most Data Security Risks Internal One in 10 employees surveyed admitted stealing data or corporate devices, selling them for a profit, or knowing fellow employees who did.
Federal Reserve phishing message leads to pornography.November 11, 2008
Phishing messages sent by the Srizbi botnet appears to be a pornographic advertisment.
Survey style Phish targets JPMorgan Chase & Co.
$1 million reward for arrest of cyberextortionists
Dan Kaplan November 12, 2008
A pharmacy benefits firm offers $1 million for information leading to the conviction of a band of data thief extortionists.
A questionnaire being sent to those seeking high-ranking posts in the Obama administration may be the most extensive — some say invasive — application ever.
Questionnaire for Job Applicants (pdf)
Anti-malware testing group release standardsNews Brief, 2008-11-11
A coalition of security-software companies, testing firms and information-technology publications issue two sets of guidelines setting out the responsibilities of each group during software tests.
Marshal, 8e6 Technologies merge to form Marshal8e6
Internet security vendors Marshal and 8e6 Technologies have announced a merger to form a new...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment