Friday 05/08/09

Web site offline as police, FBI investigate $10M extortion bid

----------

Microsoft dumps notorious 'WGA' name, keeps anti-piracy tech in Windows 7

----------

Microsoft to patch PowerPoint zero-day bug on Tuesday
Microsoft today said it will deliver just one security update next week, a fix for PowerPoint that's probably the patch for a month-old bug that developers admitted they missed during stress testing.

The single update, which will be labeled "critical," Microsoft's highest threat ranking, is a big drop from last month, when the company issued eight updates that patched 23 vulnerabilities.

----------

Audit finds 700 high-risk vulnerabilities in air traffic systems
The flaws, which were discovered in 70 Web applications tied to ATC operations, give attackers a way to gain access not just to underlying Web servers but potentially to other more critical backend systems, the report ( download PDF) from the U.S. Department of Transportation's Office of Inspector General (OIG) noted.

----------

Hackers breach UC Berkeley computer databaseAP - 39 minutes ago
BERKELEY, Calif. - Officials at the University of California at Berkeley say hackers infiltrated restricted computer databases, and the personal information of up to 160,000 people may be compromised.

----------

Hackers taking advantage of Windows 7: Microsoft AFP - Thu May 7, 3:35 PM ET
SAN FRANCISCO (AFP) - Microsoft said Thursday that cybercriminals are already hawking booby-trapped versions of just-released Windows 7 operating system software.

----------

California open source digital textbook plan faces barriers
May 8, 1:20 p.m. UTC - by Ryan Paul Posted in: Open Ended
The governor of California has launched a new initiative to compile open source textbooks for the state. He hopes that the plan will help cut costs and improve the quality of education. The effort seems very promising, but the state's complex standards and arduous textbook evaluation process will pose major challenges.
Read more

----------

Web designer opposes France's "3 strikes" law, loses job
May 7, 7:11 p.m. UTC - by Nate Anderson Posted in: Law & Disorder
An employee of French broadcaster TF1 was fired after privately expressing opposition to the new "graduated response" bill moving through the National Assembly. He e-mailed his MP, who forwarded the message to the Ministry of Culture, which passed it to TF1.
Read more

----------

May 2009 Advance Notification
Posted Thursday, May 07, 2009 9:16 AM by MSRCTEAM
Summary of the May 2009 Advance Notification for the 5/12/2009 security bulletin release.

Today we are letting customers know that next week we will be releasing one security bulletin affecting Microsoft Office PowerPoint with an aggregate severity rating of critical. Customers should review the Advance Notification and prepare appropriately for deployment.

The update should not require a restart unless the updated files are in use at the time they are installed. Customers can also detect systems requiring the update using the Microsoft Baseline Security Analyzer. Note that since this is an Office related update, it will not be available via Windows Update but will be available through the Microsoft Update service.

We are also planning to release at least one high priority, non-security update and additional detections to the Microsoft Windows Malicious Software Removal Tool.

----------

ZeusTracker and the Nuclear Option

One of the scarier realities about malicious software is that these programs leave ultimate control over victim machines in the hands of the attacker, who could simply decide to order all of the infected machines to self-destruct. Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control.

But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.
...
Continue reading this post »

----------

"Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be 'moving in an orderly fashion toward the theater exits,' deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US govt. federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results). ... So what can you do to help facilitate the move away from SHA-1? I'll outline three steps that current gpg users can do today, and then I'll walk through how to do each one..."
Read More...

----------

Woman's Attorneys Seek Probation and Fine in MySpace Suicide Case
By JOE HARRIS
(CN) - Attorneys for Lori Drew request probation and a $5,000 fine for the woman convicted of computer crime in the MySpace suicide case, court documents show. Drew's lawyer, H. Dean Steward, filed a brief in Los Angeles Federal Court that revealed the recommendation.

----------

U.S. missile defense information found in disk bought on eBay
Angela Moscaritolo May 07, 2009
A hard disk containing the launch procedures for a U.S. military missile defense system was recently purchased on eBay.

----------

Lawmaker Defends Imprisoning Hostile Bloggers

Rep. Linda Sanchez responded Wednesday to Threat Level’s tirade against her proposed legislation outlawing hostile electronic speech. Her answer: “Congress has no interest in censoring.”

----------

Heartland Breach Cost Company $12.6 Million So Far
Heartland Payment Systems reported on Thursday that the hack it experienced last year has cost the company $12.6 million so far. The amount includes legal costs and fines from Visa and MasterCard, who say the company was not compliant with payment card industry rules.

----------

Recession Accelerates Death Of LandlinesCDC shows large boost in cell-only households...08:38AM Friday May 08 2009 by Karl Bode

The Centers for Disease Control and Prevention continually tracks landline versus mobile use, as part of their efforts to keep survey data accurate. Their latest numbers on landline use were released earlier this week, indicating that 20% of households were cell only during the second half of 2008. Nudged by the recession, that was a jump of 3%, the highest bump seen since the government started tracking the numbers in 2003. For the first time ever, homes with cell phones but no landline outnumber homes with landlines but no cell phone.

----------

Cisco Releases refreshed Security Best Practices Guide - SAFE by Jamey Heary
Cisco's SAFE Security Design and Implementation Guide is back. Cisco has given its SAFE Guide a complete makeover and brought it up-to-date with today's threat environment. True to...

----------

Military Office Director Resigns
By JEFF ZELENY 13 minutes ago
An administration official said Friday that Louis Caldera has resigned after he authorized an Air Force One flyover of the Statue of Liberty two weeks ago.

----------

McAfee Releases First-Quarter Threats Report
You can find the full text of the “McAfee Threats Report: First Quarter 2009″ here.

----------

Control Freaks: Hulu Now Blocks Anonymous Proxies Too

----------