Wednesday, March 4, 2009

Wednesday 03/04/09

Individual compelled to decrypt drive in child porn case
A federal judge in Vermont has ordered a man charged with transporting child pornography on his...

----------

Secure Electronic Medical Records: Fact or Fiction?
The Health Information Trust Alliance's new Common Security Framework (CSF) is designed to address new requirements mandated by the American Recovery and Reinvestment Act of 2009. But will it work?
Read more

----------

New anti-fencing bill would turn eBay into eInvestigator
about 19 hours ago - by John Timmer Posted in: Law & Disorder
A set of bills introduced in the House and Senate seek to address the increased resale of stolen goods online. In doing so, however, they would shift the burden of investigating cases from the law enforcement community to the people running the sites.
Read more Comment

----------

Behavior of ActiveX controls embedded in Office documents
... By default, Office applications do not prompt when instantiating a Safe-For-Initialization ActiveX control. This is similar to Internet Explorer’s behavior in the Internet Zone. The main difference between Office and IE is that Office applications such as Word, Excel, or PowerPoint do not care about the ActiveX Safe-For-Scripting setting because they do not have any scripting support besides VBA. If you have malicious VBA code running, you are in big trouble even without using any ActiveX controls.

----------

... As Security Fix documented in When Cyber Criminals Eat Their Own, a common misconception about hacker groups in Russia and the former Soviet nations is that they avoid targeting their own people. On the contrary, aggregate statistics from recent attacks and outbreaks strongly suggest that perception no longer matches reality.

One gradual but notable shift on this front has been the increasing willingness of Russian and Eastern European cyber gangs to target companies in their home countries in virtual shakedowns known as distributed-denial-of-service (DDoS) attacks, according to exclusive data provided by cyber security research firm Team Cymru (pronounced kum-ree).

----------

Three Security Anecdotes from the Insect World
Beet armyworm caterpillars react to the sound of a passing wasp by freezing in place, or even dropping off the plant. Unfortunately, armyworm intelligence isn't good enough to tell the difference between enemy aircraft (the wasps that prey on them) and harmless commercial flights (bees); they react the same way to either. So by producing pollen for bees, plants not only get pollinated, but also gain some protection against being eaten by caterpillars.

The small hive beetle lives by entering beehives to steal combs and honey. They home in on the hives by detecting the bees' own alarm pheromones. They also track in yeast that ferments the pollen and releases chemicals that spoof the alarm pheromones, attracting more beetles and more yeast. Eventually the bees abandon the hive, leaving their store of pollen and honey to the beetles and yeast.

Mountain alcon blue caterpillars get ants to feed them by spoofing a biometric: the sounds made by the queen ant.

----------

President Obama on Tuesday nominated Julius Genachowski as the nation's top telecommunications regulator, picking a campaign adviser who has divided his career between Washington, D.C., political jobs and working as an Internet executive. Genachowski is likely to continue the Democratic push for more Net neutrality regulations, which are opposed by some conservatives and telecommunications providers. He was a top Obama technology adviser and aided in crafting a technology platform that supported Net neutrality rules.

----------

The return of L0phtCrack
Ryan Naraine: More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.

----------

UPS trojan strikes again
Chuck Miller March 03, 2009
A trojan masquerading as an email notice from UPS, the delivery service, tries to dupe users into clicking on an enclosure to download malware. The trick is not new, but seems to be reemerging.

----------

Pirate Bay Trial Ends; Verdict Due April 17

----------

Only 1 Percent of SSL-Secured Sites Use Extended Validation SSL
Mar 03,2009
Calls for widespread EV SSL implementation are on the rise as SSL threats increase

----------

Study: Antivirus Software Catches About Half Of Malware, Misses 15 Percent Altogether
Mar 02,2009
Newly released data from Damballa finds nearly 5 percent of machines in enterprises are bot-infected

----------

March 3, 2009 (Computerworld)
Data Domain Inc. this week announced the availability of its new operating platform, which it said speeds throughput on its deduplication backup device by 50% to 100%.

No comments: