Teleworker Alert: Home Networks Are Growing More Sophisticated
There are two obvious reasons – and perhaps a few more under the radar – for businesses to pay attention to developments on the home-networking front. More complex home networks suggest the growing sophistication of the general populace. This clearly comes into play when designing systems for people to use at work. The other realization is that home networks will be used by teleworkers as well as consumers. Both telework and home networking will be hot issues this year. The increased emphasis on broadband infrastructure that will come with the Obama Administration will make it possible for more folks to work from home. There also has been a spate of home-networking news. At the end of December, Parks Associates released a study suggesting that mobility is the next frontier in home networks.
Hackers hijack Obama's, Britney's Twitter accounts
Three Ways a Twitter Hack Can Hurt You
As Twitter investigates how several high-profile accounts were attacked, security expert Graham Cluley points to the potentials risks to all users when a system is compromised. Full Story »
Exclusive Survey: State of the CIO 2009
The Future of Open Source
11 leaders outline the challenges and opportunities ahead. Full Story »
Data breaches rose sharply in 2008, study says More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center. Read more...
CheckFree warns 5 million customers after hack
CheckFree Corp. and some of the banks that use its electronic bill payment service are notifying more than 5 million customers that criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine.
The Dec. 2 attack was widely publicized shortly after it occurred, but in a notice filed with the New Hampshire Attorney General, CheckFree disclosed that it was warning many more customers than previously thought.
That's because CheckFree is not only notifying users of its own CheckFree.com Web site of the breach, it is also working with banks to contact people who tried to pay bills from banks that use the CheckFree bill payment service.
"The 5 million people who were notified about the CheckFree redirection were a combination of two groups," said Melanie Tolley, vice president of communications at CheckFree's parent company, Fiserv Inc., in a statement. "1.) those who we were able to identify who had attempted to pay bills from our client's bill pay sites and minus those who actually completed sessions on our site, and 2.) anyone enrolled in mycheckfree.com."
Start-up Ctera will offer cloud storage through carriers
Vista's flaws surface again on eve of Windows 7 beta
'Cybergeddon' fear stalks US: FBIAFP - Tue Jan 6, 7:34 PM ET
NEW YORK (AFP) - Cyber attacks pose the greatest threat to the United States after nuclear war and weapons of mass destruction -- and they are increasingly hard to prevent, FBI experts said Tuesday.
Fake celeb LinkedIn profiles lead to malware CNET - Tue Jan 6, 2:03 PM ET
A security researcher has discovered fake profiles for celebrities on LinkedIn that have links to malicious code, according to a blog posting on Trend Micro's site.
The Five Most Dangerous Security Myths
Dispelling these persistent myths can go a long way towards keeping you safe online. Here's the first.
The Five Most Dangerous Security Myths: Myth #3
Today's gotcha: You're fine if you're just careful where you surf.
The Five Most Dangerous Security Myths: Myth #2
The fallacy: All you need is a good antivirus program.
Researchers Hack Into Intel's VPro
Researchers say they've found vulnerabilities in Intel's Trusted Execution Technology.
Hack Simplifies Attacks On Cisco RoutersJan 06,2009
New technique for hijacking routers reinforces need for regular IOS patching
Security researcher Dan Kaminsky says FX's hack disproves conventional wisdom in enterprises that routers are at low risk of attack, and that patching them is riskier than an attack due to the potential network outages that patching can incur.
"Patching is hard. Patching something that, if there's a failure, causes widespread network outages. Having a vaguely credible reason not to patch, like 'the attacker would have to build an attack specifically targeted to my specific version of IOS,' has been something of a mantra for those who haven't wanted to risk updating their systems," says Kaminsky, who is director of penetration testing for IOActive. "The mantra is [now] visibly, irrevocably disproved. FX has shown that however much changes from one version to another, there's a little piece of every Cisco router that's the same, and he can use that piece to attack most of the hardware out there."
Cisco IOS Exploitation Technique and Defense In Depth
As many of you have seen, The Register and other main stream media sources are starting to discuss a new technique to reliably compromise a small subset of Cisco gear. The new technique was discovered by FX of Phenoelit and was presented last week at the Chaos Communication Congress(CCC) and is probably the best known cisco exploit researchers.
At the moment, he did not find a way to reliably run exploit code on all Cisco gears. In fact, the method only runs on a small set of powerpc systems (the 1700 and 2600). The method he found uses the Cisco boot loader (ROMMON) and a tool named CIR from cir.recurity-labs.com which works well for the 1700 and 2600 Cisco routers. Using this technique is may be possible to reliably exploit a vulnerability across a number of routers.
By showing this technique at the CCC, he showed the deep need for multiple layers of defenses for the routing infrastructure. If the attackers are able to send packets directly to the router interfaces, then we will continue to have very serious issues with trusting the infrastructure. However, it is recommended that all routers, switches, and other forms of network gear should have appropriate access controls for any traffic which terminates at the router interface. If ACLs are not a viable option, using rate limiting this same traffic may help to slow attacks which require multiple packets to find the sweet spot for execution.
More detailed information about the technique is available in the presentation by FX.
Scott Fendley ISC Handler
The 4 Security Rules Employees Love to Break
Cisco CSO John Stewart gives his take on four security rules employees bend a lot, and what you can do to set them straight.
Read more
Apple, labels both win with DRM-free iTunes, tiered pricing
Apple has apparently crafted a compromise with the major record labels, dropping DRM and introducing tiered pricing.
January 06, 2009 - 01:48PM CT - by Erica Sadun
Spamhaus: Google Now 4th Most Spam-Friendly Provider
Permalink
Caveat Emptor: Watch Out for Phantom Stores
Permalink
Most people are proud to say they would never fall for a phishing scam, that they would never give their personal and financial information away at fake banking sites, just because someone asked them to in an e-mail. But how many people will use that same common sense when a too-good-to-be-true bargain presents itself at a no-name online electronics shop?
A slew of fake electronics sites, some of them apparently being promoted by major online search engines and comparison-shopping sites, have been swindling consumers out of cash and credit card numbers for several weeks. The Web sites are confusingly named after legitimate electronics and clothing shops in the United States. All say they accept major credit cards and PayPal, and some carry seals boasting that they are "hacker safe."
But customers who order something from these sites soon find their accounts charged increasing amounts for unauthorized transactions.
Censorship on Google Maps
"Blurred Out: 51 Things You Aren't Allowed to See on Google Maps." An interesting list.
http://www.curiousread.com/2008/12/blurred-out-51-things-you-arent-allowed.html
Certification authorities respond to MD5 hack
Certification agencies have responded to work by a research group that demonstrated the lack of security of MD5. The group faked a certificate that allowed them to issue further certificates with arbitrary identities more…
News: $30B IT Stimulus Will Create Almost 1 Million Jobs
"This report takes a look at how many jobs you get if you invest $10 billion each in three different IT infrastructure projects — broadband, health IT and the smart grid. It argues that if you are going to be spending billions on a stimulus package, investing in 'digital infrastructure' creates more jobs than physical infrastructure (e.g. roads and bridges) in the short-term, and you get a whole host of other benefits in the long-term."
Where's the Gold? Man Asks Wachovia
ROCKVILLE, Md. (CN) - Wachovia Bank drilled into a customer's safe deposit box without notice, though its rent was paid up, and removed and lost more than $500,000 worth of gold and gems, the man claims. He says Wachovia did not notify him of it for nearly a year, and drilled into 100 other customers' boxes without notifying them.
Google code project abused by spammers
Google’s code hosting project is the latest free service to be abused by web spammers. We’ve seen one or two previously but over the holidays the situation appears to have got much worse.
CA makes DLP play with acquisition of Orchestria
Dan Kaplan January 06, 2009
CA is the latest heavy hitter to acquire a data-loss prevention provider.
Weak Password Brings 'Happiness' to Twitter Hacker
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News.
The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter's administrative control panel by pointing an automated password-guesser at a popular user's account. The user turned out to be a member of Twitter's support staff, who'd chosen the weak password "happiness."
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
Troubleshooting Kerberos in a SharePoint environment (Part 1)
by Jesper M. Christensen
Articles / Authentication, Access Control & Encryption
Creating a test environment to show which error-messages come from configuration problems.
Broadband on Rails
By Rachel KremenTuesday, December 30, 2008
A compact lens could make high-speed Internet access commonplace on trains.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment