http://www.law.com/jsp/law/careercenter/lawArticleCareerCenter.jsp?id=1202430979440&rss=careercenter
In one of three decisions issued to an unusually sparse courthouse audience, the majority in Montejo v. Louisiana (pdf) overruled Michigan v. Jackson, the 1986 decision that bars police from initiating interrogation of a criminal defendant once he or she has asked for a lawyer at an arraignment or a similar proceeding.
----------
CIS issues free benchmark on iPhone security
The nonprofit Center for Internet Security today released what it termed the industry's only consensus security benchmark for the iPhone. Read more...
----------
RIM patches another BlackBerry Enterprise Server PDF flaw
CIO - BlackBerry-maker Research In Motion Ltd. yesterday issued a security fix to address yet another flaw in its BlackBerry Enterprise Server's (BES) BlackBerry Attachment Service, which processes message attachments for viewing on BlackBerry devices.
Problems with the BlackBerry Attachment Service are somewhat common at this point, and RIM has fixed multiple issues related to the BES PDF distiller component in the past months.
The problem: Flaws in the BES PDF distiller could allow attackers to distribute messages with malicious PDF files attached that, if opened via BlackBerry, could lead to device memory corruption and in turn, harmful code could be executed on corporate computers hosting the BES Blackberry Attachment Service.
This particular flaw is found in BES version 4.1 Service Pack 3 (4.1.3) through 5.0 and BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4). The vulnerability is a critical one with a Common Vulnerability Scoring System (CVSS) rating of 9.3 out of 10, according to RIM.
If you or your organization employs affected BES software click here to download an interim fix. If you use affected BlackBerry Professional Software you'll want to go here.
Visit RIM's website for more specifics on the vulnerability, as well as a handful of potential workarounds to disable PDF viewing on enterprise BlackBerrys.
----------
BC student to get his computers back after high court throws out search warrant
Massachusetts' highest court ruled there was no probable cause for Boston College police to seize computers from the room of a student who was being investigated for allegedly sending an e-mail claiming that a fellow student was gay.
----------
Twitter gets targeted again by worm-like phishing attack
The culprit is a Web site called TwitterCut. Some Twitter users began getting a message that appeared to be from one of their friends and included a link to the TwitterCut Web site. The message implied they could gain more Twitter contacts by following the link.
At one time TwitterCut looked quite similar to the real Twitter login page, said Mikko Hypponen, chief research offer for the security vendor F-Secure.
If a person entered their login details, TwitterCut would then send the same message via Twitter to all of the victim's contacts, a kind of phishing attack with worm-like characteristics. No malicious software is installed on a user's machine, Hypponen said.
----------
90 percent of e-mail is spam, Symantec says
...Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month.
That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.
----------
Sisyphus defined:
Seven AGs call on Craigslist to show plan to prevent racy ads
----------
Ericsson offers phone location service to counter credit card fraud
Banks are increasingly blocking credit card transactions in certain high-risk countries due to increasing levels of fraud. A business traveler who lives in the U.K. but goes to Russia can likely have a transaction rejected if the person hasn't informed the credit card company of travel plans.
Ericsson's IPX Country Lookup service uses a person's mobile phone to provide a confirmation that a person is in the country where the transaction is carried out, said Peter Garside, U.K. and Ireland regional manager for Ericsson's IPX products.
For the service to work, Ericsson's technology must be installed on a mobile operator's network.
----------
Security Experts Raise Alarm Over Insider Threats
May 26,2009
Economic troubles raising the stakes on potential threats, FIRST members say
----------
More research needed here:
NSA-Funded 'Cauldron' Tool Goes Commercial
May 26,2009
Vulnerability analysis tool aggregates, correlates, and visually maps attack patterns and possibilities
----------
WebDAV write-up
Published: 2009-05-27,Last Updated: 2009-05-27 17:50:15 UTCby donald smith (Version: 1)
SusanB wrote in today to tell us about a really good write-up on understanding Microsoft’s KB971492 IIS5/IIS6 WebDAV vulnerability by Steve Friedl of is available here.http://unixwiz.net/techtips/ms971492-webdav-vuln.htmlThis was written because Steve and some of others at unixwiz.net found Microsoft’s "guidance confusing for users who were not IIS experts". This includes a very good flowchart that should assist anyone who is confused, detailed descriptions of WebDAV, remediation ideas, and links to other WebDAV references.
Keywords: WebDAV Friedl microsoft KB971492
----------
US Cyber Security Report Due May 29th
The President will release the 60-Day Cyber Space policy review report at the Whitehouse on Friday, May 29, 2009. The administration recognizes the very serious threats Public & Private sector Networks face from cyber-crime and cyber-attack. Recognizing these threats the President has elevated cybersecurity to a major administration priority by undertaking an early comprehensive interagency review. The administration is also committed to establishing the proper structure within the government to insure that cybersecurity issues continue to receive top-level attention and enhanced coordination.
----------
Bad Program Logic Amplifies Baofeng Attack
A distributed denial-of-service (DDOS) attack on DNS servers of a domain registrar coupled with bad program logic in a popular media application caused network outages in parts of China last week.
----------
Upgrade to Suite B security algorithms
Most companies do not know what level of cryptography is required to properly protect their data...
----------
Obama’s Supreme Court Pick Schooled in Cyberlaw
By Beth Sommer
Today
If elevated to the U.S. Supreme Court, Judge Sonia Sotomayor would become the first justice to join the court with a history of precedent-setting rulings on cyberlaw issues, legal experts say.
----------
Data Breach Exposes RAF Staff to Blackmail
By Kim Zetter
May 27, 2009
Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others.
The breach involves audio recordings with high-ranking air force officers who were being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories — information the military needed to determine their security risk.
The recordings were stored on three unencrypted hard drives that disappeared last year.
----------
AT&T Announces HSPA 7.2 Upgrade
7.2Mbps speeds coming later this year...
----------
Instant Messenger Phishing
An MSN instant messenger phishing attack uses a personalized trick to deceive unsuspecting users.
----------
Microsoft releases Vista SP2 to the public
Chuck Miller May 26, 2009
The latest service packs (SP2) for Windows Vista and Windows Server 2008 have been released to manufacturing and are now publically available as standalone installers.
----------
The Scrap Value of a Hacked PC
Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use.
Permalink
----------
Monster mashup: mapping every plane in the air
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment