The Cyberspace Power Struggle Has Begun
June 4, 2009 · Comment
By Kevin M. Nixon, Information-Security-Resources.com Security Editor
I served on the Executive Board of Directors for the Internet Security Alliance (2001 - 2004) and supported the creation of the Department of Homeland Security. I continue to make the rounds on Capitol Hill meeting with US Senators and Representatives and their Congressional Staffs as a subject matter expert on all types of IT Security, Data Privacy, Cybersecurity and GRC issues to provide our elected officials with a real worldview into the impact their legislative actions can have, both positive and negative.
----------
Data Sniffing Trojans Hit European ATMs
June 3, 2009 · Comment
By Dan Goodin in San Francisco for the Register UK
The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM’s receipt printer, according to analysts from Spider Labs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.
----------
Online Banking’s Innate Security Flaws
June 3, 2009 · 1 Comment
By John B. Frank, Marketing Strategist with HomeATM ePayment Solutions
According to research firm, Gartner, banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks. (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.)
----------
Avoid Housecalls From Rogue ‘Malware Doctor’
Yesterday, we came across to a new variant of a rogue security program. This one is called Malware Doctor, and we detect it as FakeAlert-D Trojan with our DAT 5635.
The new variant comes from the following web pages:hxxp://internetware-sa{blocked}.com/hxxp://mal-ware{blocked}.net
As do most other rogue security programs, Malware Doctor displays misleading fake alerts to entice users into buying a product to “repair” malware problems.
----------
Adobe will deliver its first quarterly patches next Tuesday
Adobe Systems will deliver its first set of quarterly patches next Tuesday as the company seeks to...
----------
Colleges give themselves C+ for network security
Colleges give themselves modest marks in network security and fear malware the most among a long...
----------
Microsoft reveals some of its cloud security measures
Microsoft has published security policies it applies to its cloud services, and sheds some light on...
----------
Threat Level Privacy, Crime and Security Online
Voting System Adds Nearly 5,000 Ballots to Tally
A software glitch in an optical-scan voting system added nearly 5,000 ballots to the tally of a South Dakota election this week. The error was discovered only after the election results were called, according to the Rapid City Journal.
The problem occurred when officials combined tallies from optical-scan machines in three precincts in Rapid City in Pennington County. The tabulation software used to combine the totals added 4,875 phantom ballots to the count. The system indicated 10,488 ballots were cast when, in reality, only 5,613 ballots existed, indicating that the glitch wasn’t simply a matter of doubling the votes.
----------
NSA Whistleblower Meets Anthrax ‘Person of Interest’
By Kevin Poulsen
June 4, 2009
WASHINGTON — They sat near different ends of a long table Thursday: a former Justice Department official who leaked information on Bush’s warrantless domestic spying program to the New York Times, and a former Army scientist who was wrongly linked to the 2001 anthrax attacks by different, but equally-anonymous, government sources.
You couldn’t ask for a starker example of everything good and bad about journalists’ use of anonymous sources in Washington, and both men have had their lives changed by their experiences.
----------
Microsoft readies 10 patches for next week
Dan Kaplan June 04, 2009
Microsoft next week plans to push out 10 patches, six graded "critical" by the software giant.
----------
Switzerland Decides That It's Ok For Private Firm To Violate Your Privacy If It's Searching For 'Pirates'
Last year, Swiss officials told Logistep -- one of a few companies that tries to scan file sharing networks for IPs used by suspected copyright infringers -- that its efforts were an illegal violation of privacy rights. However, a new court ruling has overturned that original ruling, and has said that Logistep is perfectly legal. The court appears to have said that preventing piracy somehow trumps privacy rights -- which seems kind of odd.
----------
Leaked memo hints at Win7 prices
Mary Jo Foley: Microsoft officials may not be ready to share the date of the Vista-to-Windows 7 upgrade program they preannounced this week. But Best Buy is. And they've also got the list price for upgrades.
----------
What's really in each Windows 7 Edition?
Ed Bott: Microsoft has put together a basic feature set that actually makes sense, with a consistent upgrade strategy to move between versions based on your requirements and your budget.
----------
House Says NO! to Airport Strip Searches
The House of Representatives approved by a vote of 310 to 118 a bill that will limit the use of Whole-Body Imaging machines, installed by the Transportation Security Administration, in US airports. The devices photograph American air travelers stripped naked and could easily be programmed to record images. Congressman Jason Chaffetz (R-UT) sponsored the bill that will prohibit the use of the devices as the sole or primary method of screening aircraft passengers; require that passengers be provided information on the operation of such technology and offered a pat-down search in lieu of such screening; and prohibit the storage of an image of a passenger after a boarding determination is made. Privacy Coalition members supported a campaign to raise public awareness about Whole Body Imaging.
House OKs bill limiting body imaging, Lee Davidson, Deseret News, June 4, 2009
----------
FTC Sues, Shuts Down N. Calif. Web Hosting Firm
In an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations.
Sometime on Tuesday, more than 15,000 Web sites connected to San Jose, Calif., based Triple Fiber Network (3FN.net) went dark. 3FN's sites were disconnected after a Northern California district court judge approved an FTC request to have the company's upstream Internet providers stop routing traffic for the provider.
Permalink
----------
Microsoft's Fix for the Firefox Add-on Snafu
Last week, I received a tremendous reader response to a post I wrote about a security update from Microsoft that silently installed a "Microsoft .NET Framework Assistant" add-on for Firefox that was difficult and risky for users to uninstall. Given the emotional buttons this subject pushed among a large number of readers, I've put together a brief update along with some information provided in the comments to the previous post.
Permalink
----------
10 patches planned for Microsoft's Patch Tuesday – but none for DirectShow
The hole in WebDAV also remains unpatched. However, Microsoft will at least finally patch its 2004 and 2008 versions of Office for Mac to close the 14 known security holes in PowerPoint more…
----------
Advance Notification for the June 2009 Security Bulletin Release
Today, we published our Advance Notification indicating that next Tuesday, June 9 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 10 security bulletins consisting of:
· Six updates affecting Windows. Two Critical, three Important, and one Moderate.
· One Critical update affecting Internet Explorer.
· One Critical update affecting Word.
· One Critical update affecting Excel.
· One Critical update affecting Office.
----------
Hackers Arrested In China After Feud Causes Major Outage
Jun 04,2009
DDoS feud between underground gaming services allegedly caused temporary Internet outage across more than 20 provinces
----------
Hacking Tool Lets A VM Break Out And Attack Its Host
Jun 04,2009
'Cloudburst' memory-corruption exploit released with Immunity's new version of Canvas penetration testing software
----------
Researchers crack CEO's e-mail account, want $10,000 prize
Hackers claim $10,000 prize for breaking into StrongWebmail
----------
skip to main |
skip to sidebar
Rather than an introspective blog, I will use this location to gather all the news stories that apply to security professionals.
No comments:
Post a Comment