Friday 05/29/09

Police can forcibly take DNA samples during arrests, judge rules
In the first case of its type, a federal judge in California has ruled that police can forcibly take DNA samples, including drawing blood with a needle, from Americans who have been arrested but not convicted of a crime.

U.S. Magistrate Judge Gregory Hollows ruled on Thursday that a federal law allowing DNA samples upon arrest for a felony was constitutional and did not violate the Fourth Amendment's prohibition of "unreasonable searches and seizures."

----------

Experts: Gumblar attack is alive, worse than Conficker
The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K., ScanSafe said last week.

----------

Microsoft to patch new DirectX hole
Microsoft on Thursday said it is working on a security patch for a vulnerability in its DirectX streaming media technology in Windows that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.

Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable but all versions of Windows Vista and Windows Server 2008 are not vulnerable, according to the advisory.

----------

Hackers exploit unpatched Windows bug For the third time in the last 90 days, Microsoft Corp. has warned that hackers are exploiting an unpatched critical vulnerability in its software.
Late Thursday, Microsoft issued a security advisory that said malicious hackers were already using attack code that leveraged a bug in DirectX, a Windows subsystem crucial to games and used when streaming video from Web sites.

----------

Snort To Go Virtual
Open source IDS/IPS celebrates its tenth year with an all-new platform in the works, a new release candidate, and plans for a commercial a virtual appliance

----------

Obama outlines cybersecurity plans, cites grave threat to cyberspace
The nation's digital infrastructure is under grave threat from a range of adversaries and needs to be protected as a strategic national security asset, President Barack Obama said this morning at a news conference outlining his administration's proposals to secure cyberspace.

Speaking to reporters at the White House, the President also announced the creation of a cybersecurity coordinator role at the White House who will be responsible for overseeing a national strategy for securing American interests in cyberspace.

----------

Microsoft not only firm banning IM access to U.S. enemy nations
Microsoft confirmed late last week that it had stopped offering its Windows Live Messenger service to users in Cuba, Syria, Iran, Sudan and North Korea.

All five countries are subject to trade embargoes overseen by the United States Office of Foreign Assets Control (OFAC), a division of the Department of the Treasury.

A Google spokesperson also confirmed that it bans the download of both Google Talk, its instant messaging app, and Google Earth, its satellite mapping software, to Sudan, due to "U.S. export controls and economic sanctions regulations."

----------

New travel rules kick in June 1 amid concerns over RFID-tagged passport cards
New travel requirements go into effect June 1 at U.S. land and sea borders amid security concerns over an RFID-enabled passport card that has been approved for U.S. travelers.

----------

Aetna warns 65,000 about Web site data breach
Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.

The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.

----------

Time Warner ditches troubled AOL unit

----------

ID Theft Use of Credit Cards Leaps
Thieves’ use of stolen credit card numbers has more than doubled in ID theft cases, according to a new report, but there’s good news as well.

----------

May 28, 2009 VMSA-2009-0007
VMware Hosted products and ESX and ESXi patches resolve security issues
[more]

----------

Blog: More on the MS IIS WebDAV Vulnerability
Just weeks ago, on May 18th, Microsoft released their Security Advisory 971492 (1), on the vulnerability regarding Internet Information Services, which is Microsoft web server solution. The problem found in the WebDAV extension allows anonymous, remote and unauthorized access to the server, bypassing access and authentication controls.

I would like to explain what WebDAV actually does and then discuss some actions to avoid or mitigate this risk.

----------

Senate goes medieval on Web loyalty programs, monthly fees
May 29, 1:55 p.m. UTC - by Nate Anderson
Thousands of consumers have complained about "mysterious" $9-12 charges that appear monthly on their credit card bills, and the Senate Commerce Committee has heard the scream of their collective rage. The source of the charges is "online loyalty programs" that appear on sites like Orbitz, and Sen. Jay Rockefeller has some tough questions for the operators.
Read more

----------

Microsoft Update Quietly Installs Firefox Extension
A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser.
Continue reading this post »

----------

News from the Fingerprint Biometrics World
A Singapore cancer patient was held for four hours by immigration officials in the United States when they could not detect his fingerprints -- which had apparently disappeared because of a drug he was taking.

----------

No Smiling in Driver's License Photographs
In other biometric news, four states have banned smiling in driver's license photographs.

The serious poses are urged by DMVs that have installed high-tech software that compares a new license photo with others that have already been shot. When a new photo seems to match an existing one, the software sends alarms that someone may be trying to assume another driver's identity.

But there's a wrinkle in the technology: a person's grin. Face-recognition software can fail to match two photos of the same person if facial expressions differ in each photo, says Carnegie Mellon University robotics professor Takeo Kanade.

----------

29 May 2009
Steganography with TCP retransmissions
A hidden channel, said to be hard to spot in normal internet traffic, can be established by provoking data retransmissions and replacing data content more…

----------

29 May 2009
DSL router remotely controlled by URL
Attackers can make the Linksys WAG54G2 DSL WLAN router execute system commands hidden in a URL more…

----------

Wired is reporting that Palm's new handheld device, the Pre, will be able to sync automagically with Apple's iTunes. Thanks to a team of ex-Apple engineers the Pre will sync everything but iPhone applications and some of the older Fairplay DRM music.

"It does it by faking out iTunes, making the jukebox software think that it is connected to a real iPod. Hook it up and you'll be given three options: USB mass storage device, charging only or iTunes sync. This is a ballsy move from Palm, and we totally love it: a big fat middle finger at Apple. Apple will, we are sure, be readying its legal attack dogs as I write, and don't be at all surprised if an iTunes update pops up around June 6th. This fight just got a lot more interesting."
Read More...

----------

Wikipedia Bans Church of Scientology
In what is the first move on behalf of Wikipedia against such a large group of users, members of the Church of Sciento...[ more >>

----------

Big ID Theft Ring Used Bank Tellers, DA Says
By JONATHAN PERLOW
MANHATTAN (CN) - Two Bronx men and 16 others have been charged with running an identity theft and counterfeit check ring that cashed millions of dollars in bogus checks with the help of bank tellers throughout the city. The two leaders allegedly used 950 "soldiers" to deposit and cash counterfeit checks from bank accounts belonging to schools, hospitals, churches and businesses - including the Police Department.

----------

Digital Translators, Propeller Counterweights, Taiwanese Longan & More
Click on the document icon for new federal regulations.
http://www.courthousenews.com/2009/05/27/Federal%20Regulation%20Brief%20May%2021,%202009.doc

----------

McAfee documents riskiest search terms
Dan Kaplan May 28, 2009
Be wary while searching the internet for screensavers or lyrics -- or anything free, for that matter, according to a new report from McAfee.

----------

Vista SP, Windows Server 2008 available
Mary Jo Foley: As one Microsoft official acknowledged last week, Microsoft has begun making the second service pack for Vista and Windows Server 2008 available to the public on May 26.

----------