Judge: Rambus destroyed docs related to patent lawsuit Rambus plans to appeal a decision by a Delaware judge who found that the company had destroyed documents related to patent lawsuits it has filed against other DRAM makers, ruling the patents unenforceable. Read more...
Regarding tomorrows MS patch day:
As part of our regularly scheduled bulletin release, we’re currently planning to release one security bulletin:
· One Microsoft Security Bulletin rated as Critical. The update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
Group to detail 25 most dangerous coding errors hackers exploit
Most of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors.
A list of 25 of the most serious such coding errors is scheduled to be released later today by a group of 30 high-profile organizations, including Microsoft, Symantec, the U.S. Department of Homeland Security (DHS) and the National Security Agency's Information Assurance Division. The initiative was coordinated by the SANS Institute and The MITRE Corp., a federally funded research-and-development center.
LinkedIn pages that promise prurient pics link to malware
It's all about Reputation:
Hackers deface NATO, U.S. Army Web sites
SanDisk puts 'one-touch' backup on flash drive
Web designers admit to trashing client's Web site
Executives from a Seattle-area consulting company are facing prison time after pleading guilty to charges that they wiped a client's Web site off the Internet following a contract dispute.
Minecode, in Bellevue, Wash., had built the online gift shop for wine retailer Vinado, but things soured in late 2006, according to a statement released Thursday by the U.S. Department of Justice. In December, Minecode President and CEO Pradyumna Samal ordered Sandeep Verma, a project manager at the company, to disable the Web site's gift shop. The next month, Samal "caused commands to be transmitted to Vinado's Web site that resulted in the deletion of Vinado's Web site, e-mail server and database in its entirety," the DOJ said.
Oracle to issue 41 security patches
E-mail snafu exposes names of confidential witnesses in federal probe
From the how-not-to-keep-a-secret department comes the tale of an official at U.S Attorney Patrick Fitzgerald's office in Chicago who inadvertently e-mailed a document containing the names of more than 20 confidential witnesses in a federal probe to the media.
Fake CNN malware attack spins Gaza angle
Opinion: Most CIOs 'dinosaurs,' heading for career Ice Age
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=331923
The mass extinction that IT professionals should be worried about will very nearly wipe out CIOs as we know them. You can be certain that it will happen; in fact, the events are already in motion. I predict that when the dust clears, 60% of the CIOs on the planet will not have survived to see the next era.
The asteroid has already hit. It is the macroeconomic meltdown now besetting the world's markets. As with the dinosaurs, there is no escape for most CIOs.
UK hacker offers guilty plea to avoid extraditionAP - Mon Jan 12, 10:27 AM ET
LONDON - A British man accused of hacking into U.S. military computers is offering to plead guilty to a criminal charge in Britain to avoid extradition to the United States, his lawyer said Monday.
Slow And Silent Targeted Attacks On The RiseJan 08,2009
Targeted, methodical attacks difficult to detect
Reports: Spammers Cooking Up More Financial FraudJan 09,2009
Financial spam scams tripled so far this year over last, spammers to target 'tiny URLs'
Crafting a Security RFP
Creating RFPs for security solutions and processing the responses is not an easy task. Having responded to a fair number of such RFPs, I found that many of them are created hastily, and don’t allow the issuer to benefit from quality responses.
Here's my list of the top 10 mistakes organizations make when crafting a security RFP:
- Create the RFP in a silo, without considering input from stakeholders throught the organization.
- Provide very little information about the infrastructure in scope for the security solution.
- Use the RFP process in situations where it slows you down, without offering substantial benefits.
- Avoid defining a criteria for objectively evaluating RFP responses.
- Select the solution or vendor in advance, using the RFP to mark a checkbox.
- Underestimate the time your staff needs to devote to processing RFP responses.
- Don't define a process for allowing RFP responders to ask clarifying questions.
- Don't ask detailed clarifying questions after receiving RFP responses.
- Forget to define your business requirements, hoping that RFP responders will do that for you.
- Issue the RFP before your organization is ready to make use of the requested solution.
Obama Inauguration Puts Spotlight on Executive Protection
Between the pending presidential inauguration and roiling anti-corporate sentiment, executive protection is more critical than ever. Expert Robert Oatman explains the elements of a good program, the impact of technology, and more.
Read more
10 Things That WON'T Happen in 2009
GFI's David Kelleher says much of the IT security wish list for this year will still be on the wish list next year.
Read more
Actual UK broadband speeds only 50% of advertised maximum
The UK decided to do something novel: actually go measure its citizens' Internet speeds. On average, broadband users only received 49 percent of the maximum speeds advertised prominently by ISPs.
January 12, 2009 - 11:48AM CT - by Nate Anderson
Tiny Charges Often Precede Big Trouble
Security experts advise consumers to keep a close eye on their bank and credit card statements, and for good reason: Small, unauthorized charges often are the first sign that thieves have made off with your account number and are getting ready to sell it to other crooks or use it to rack up thousands of dollars in fraudulent purchases.
The Boston Globe writes this week about one such scam, which shows up on consumer accounts as 25-cent charges to a mysterious company called Adele Services, supposedly in New York.
Two theories of what is going on have advanced on message boards and among consumer advocates: Someone is trying to find out whether an illegally obtained credit card number will work before making a bigger charge, or they're trying to rip off tiny amounts from tons of people.
Permalink
Six Vista annoyances fixed in Windows 7
Microsoft Windows Server RPC bug finds new way to spread
Dan Kaplan January 09, 2009
One-and-a-half months after the release of an out-of-cycle patch from Microsoft, a vulnerability impacting Windows Server Service is still generating buzz.
China: Number of QQ users now surpasses total US population
... As most of you know, if you want to contact a Chinese hacker for a DDoS attack or any other nefarious reason, you have to do it via his or her QQ number.
No comments:
Post a Comment