In case you've got small kids, make sure to visit: www.noradsanta.org! The USAF tracks Santa's progress across the earth.
Merry Christmas!
Adobe has published a Security Administration Guide for Acrobat. The guide covers the security differences for most of the major releases of the product and is available for download.
Better site for Adobe Security documents: http://www.adobe.com/devnet/acrobat/
December 21, United Press International – (National) Report: EPA allows chemical secrecy.
The U.S. Environmental Protection Agency (EPA) has kept data about potentially dangerous chemicals secret, the Milwaukee Journal Sentinel says. The newspaper said its analysis of more than 2,000 EPA dangerous chemical filings during the last three years found that the U.S. department allowed chemicals’ names to remain undisclosed in more than half those cases. The Journal Sentinel said the secretive EPA entries appear to be in opposition to a federal law that requires EPA officials to publicly report any new data regarding potentially dangerous chemicals. Under the related EPA regulations, the federal department can only agree to retain confidentiality for a company or product under rare circumstances. A University of Texas-Austin law professor said the newspaper’s findings appear to indicate the agency has violated Toxic Substances Control Act rules. Source: http://www.upi.com/Science_News/2008/12/21/Report_EPA_allows_chemical_secrecy/UPI-26121229888569/
FBI uses triage to shift from terror to Madoff, subprime probes. The Federal Bureau of Investigation has engaged in "triage," taking agents off terror and other crimes to respond to a cascade of financial frauds, the head of the bureau’s New York criminal division said. The FBI was forced to reallocate its manpower in New York to deal with recent frauds involving subprime mortgages, auction-rate securities, and a well-known stock broker, who prosecutors said confessed this month to bilking investors out of $50 billion. "We have to work those cases which we think pose the greatest threat," he said. "In this case, it is a threat to the financial system and Wall Street."
Source: http://www.bloomberg.com/apps/news?pid=20601087&sid=aVHDu98R3s6s&refer=home
Survey: Workers facing layoffs could be security threat. Fifty-eight percent of Wall Street office workers surveyed say they would take valuable company data with them if faced with a layoff, if they knew they could get away with it. The survey on the recession and its effects on work ethics were conducted among 226 office workers on New York City’s Wall Street by IT security firm Cyber-Ark. The survey found that many office workers are downloading sensitive company secrets right now under their bosses’ noses in anticipation they could lose their jobs.
Among the survey’s findings were more than half the workers surveyed who admitted to already downloading competitive corporate data said they would use it as a negotiating tool to secure their next post because they know the information will be useful to future employers.
The top-of-list of desirable information being extracted from employers is customer and contact databases. Plans and proposals, product information, and access and password codes are also popular choices. HR records and legal documents were the least favored data employees were interested in taking. Finally, 62 percent of workers admitted it was easy to sneak company information out of the office.
Source: http://www.bizjournals.com/nashville/stories/2008/12/22/daily3.html
If Avian Flu hits us we are toast:
Hospitals under stress. Torrance Memorial Medical Center is the region’s busiest emergency room. Its front entrance is guarded by metal detectors, and the line to get in sometimes stretches into the parking lot. The average wait is about eight hours, the result of an overburdened hospital network with capacity stretched thin.
The recent domino effect of hospital closures and bed reductions — four have closed in the South Bay, 10 emergency rooms in the county have shut down, and at least two other hospitals have reduced bed capacity — has left many worried that the increasingly fragile network will not be able to cope with an event resulting in mass injury, such as a natural disaster, terrorist attack, freeway pile-up, pandemic flu or plane crash.
"If Southern California’s hospitals can’t handle patient inflow even during the course of a normal day, I have grave doubts about how the region would do in a disaster scenario," said the executive director of the Hospital Association of Southern California, a trade group. "Any increase in demand would stretch the system beyond what it could handle." Los Angeles County as a whole has a meager 1,500 excess beds on any given day, according to a 2007 study by PriceWaterhouseCoopers, a consulting firm. More than half of all hospitals are on diversion — meaning they turn away ambulances due to crowding — at least 20 percent of the time.
Source: http://toplistings.dailybreeze.com/ci_11281522
U.S. not ready for cyber attack.
The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on December 18 after participating in a two-day "cyberwar" simulation. The game involved 230 representatives of government defense and security agencies, private companies, and civil groups. It revealed flaws in leadership, planning, communications, and other issues, participants said. "There isn’t a response or a game plan," said senior vice president of the Booz Allen Hamilton consulting service, which ran the simulation. "There isn’t really anybody in charge," he told reporters afterward. Officials cited attacks by Russia sympathizers on Estonia and Georgia as examples of modern cyberwarfare, and said U.S. businesses and government offices have faced intrusions and attacks. Source: http://uk.reuters.com/article/technologyNewsMolt/idUKTRE4BI00520081219?sp=true
Microsoft confirms it's been working on SQL Server bug since April
Microsoft warns of critical bug in SQL Server
More information about the SQL stored procedure vulnerability
From the Security Advisory (961040);What systems are primarily at risk from the vulnerability?"Clients and applications that utilize MSDE 2000 or SQL Server 2005 Express are at risk of remote attack if they have modified the default installation to accept remote connections, if they allow untrusted users access to MSDE 2000 or SQL Server 2005 Express, or if an application that uses MSDE 2000 or SQL Server 2005 Express has a SQL Injection vulnerability.
Microsoft warns of SQL Server vulnerability
Dan Kaplan December 23, 2008
Exploit code has been published for a new vulnerability in Microsoft SQL Server.
Chinese hackers to face up to seven years in jail: report AFP - Tue Dec 23, 12:23 PM ET
BEIJING (AFP) - Hackers in China could face up to seven years in jail according to a draft law, as the country moves to fight rampant computer data theft, state media said Tuesday.
The Big Security Threat of Small Laptops
Ultraportables forgo size, weight, power -- and security.
Description of someone dealing with the virus named "AntiVirus 2009":
I'm sure you are all too familiar with the Antivirus 2009 virus? Well, I'd never heard of it until last Saturday and wished I hadn't. It blew right by my firewalls and install of McAfee, trashed IE, imbedded itself in the taskbar, Documents and Settings, Windows\system32 and other crannies. It wiped system restore and spawned processes that were impossible to kill. A scan with McAfee didn't find anything. Kapersky's online scan found 6 infected files and showed me their locations but didn't provide any hints on how to get rid of them. All the files were attached to running processes, so it wouldn't let me delete them + wouldn't let me kill the processes.
The next morning, after quite an exhaustive search with Google, I came across Avira's free rescue CD:http://www.avira.com/en/support/support_downloads.html
I powered up another Windows PC that we don't normally use, made sure it was current on patches, downloaded and burned the Avira image. Then, I booted the infected PC off the CD, waited for it to detect my Internet connection and update it's signatures. After that, I had it run it's scan and in a short time, it finished saying it had detected 13 infected files. It said it couldn't delete them but renamed them, placing a .XXX at the end. I was then able to boot the PC, perform a search for those files using *.XXX and delete them. After that, I performed a scan with F-Secure's Blacklight rootkit detection and elimination tool: http://www.f-secure.com/security_center/, which found no malware.
Mobile data is vulnerable data:
Global notebook shipments finally overtake desktops
Notebooks recently overtook desktop PCs in the US, and a new report says the trend went global in Q3 as well, thanks to the rise of the netbook.
December 23, 2008 - 09:35PM CT - by David Chartier
From an article on Symantec:
"According to McAfee, malicious software that steals personal data has risen tenfold from 130,000 samples last year to 1.3 million this year. "
On ABC:
Every day the men and women of the Department of Homeland Security patrol more than 100,000 miles of America's borders. This territory includes airports, seaports, land borders, international mail centers, the open seas, mountains, deserts and even cyberspace. Now viewers will get an unprecedented look at the work of these men and women while they use the newest technology to safeguard our country and enforce our laws, in "Homeland Security USA," which debuts with the episode "This is Your Car on Drugs," TUESDAY, JANUARY 6 (8:00-9:00 p.m., ET) on ABC.
Sure it's propaganda, but the agency can use the image boost.
Wait, You Mean Homeland Security Isn't Already Scanning Blogs & Forums For Terrorists?
from the uh,-yikes? dept
USA Today is reporting that Homeland Security is looking to start scanning blogs, forums and message boards to try to track terrorists and terrorist activity. My first reaction to this, honestly, was shock. Shouldn't they have been doing this already? As in, for many, many years? To be fair, the article suggests that the real difference here is that in the past Homeland Security has done static searches that they check on every so often -- and now they're hoping for a more real-time solution. Even so, it strikes me as odd that Homeland Security didn't already have something that was at least close to real-time in alerting them to certain things online. For all the talk of sophisticated monitoring on internet activities, could it be that we're really that far behind in internet terrorist monitoring?
A New spam circulating fake wire transfer statements
Wednesday December 24, 2008 at 9:33 am CST
Posted by Shinsuke Honjo
Digital picture frame viruses back for ChristmasNews Brief, 2008-12-24
Samsung warns consumers that a virus managed to hitch a ride on at least one model of its digital picture frames.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment