Spam Finds New Paths Into Corporate Nets
... Often, he said, a spammer will rent legitimate network services, often in an Eastern European country, and then blast a large amount of spam at the network of a specific ISP. The idea is to push as many messages as possible onto the network before any kind of filtering software detects the incident. O'Donnell estimates that hundreds of thousands of such messages are sent each day without detection.
Social networks are also becoming an increasingly important tool for spammers.
Security experts note that social-networking spam can't be filtered at the corporate firewall and appears to come from friends of the recipients.
----------
FBI e-mail clobbered after virus
The FBI confirmed today that it had been forced to shut down its Internet-facing unclassified network, but disputed a report that the incident had left the agency unable to e-mail counterparts in other intelligence and law enforcement agencies.
"The external, unclassified network was shut down by the FBI as a precautionary measure," the FBI said in a statement. "Within 48 hours of identifying the issue and mitigating risks, e-mail traffic was largely restored to the external, unclassified network."
FBI agents can send e-mail on the agency's more secure internal network or via BlackBerry, but many use this unclassified network to send messages via a Web-based e-mail system, said a source familiar with the situation. That webmail service was down throughout the week and continued to be unavailable for some users, the source said.
...
----------
U.S. advisory panel calls for new privacy rules
It's time for Congress to overhaul the Privacy Act of 1974 by revamping arcane privacy notices called systems of records notices (SORNs), by requiring the creation of chief privacy officers at 24 major U.S. agencies and by developing a privacy.gov site where privacy notices from all agencies are available, members of the Information Security and Privacy Advisory Board (ISPAB) said Thursday.
----------
New US command to focus on cyber battlefield
AFP – Sat May 30, 1:50 pm ET
WASHINGTON (AFP) - The US military is moving ahead with plans to create its first "cyber command" designed to bolster America's potential to wage digital warfare as well as defend against mounting cyber threats, officials said on Friday.
...
The precise details of US cyber military power remain secret, but it includes technology capable of penetrating and jamming networks, including the classified Suter airborne system, analysts say.
The technology has been reportedly added to unmanned aircraft and allows for users to take over enemy sensors to "see what enemy sensors see, and even take over as systems administrator so sensors can be manipulated into positions so that approaching aircraft can't be seen," according to Aviation Week.
Speculation has persisted that Israel may have used the technology in a 2007 air raid against a Syrian construction site.
...
----------
Whoa! Did the President Just Say 'Botnets?'
President Obama has mapped out an aggressive new cybersecurity policy and CSO Senior Editor Bill Brenner chats with security expert Ariel Silverstone about what works and what could be better.
Read more
----------
Dump the File Cabinet and Scan Your Important Papers
Sue Bulot wants advice about digitizing all of her important papers
----------
Kaspersky: A Profile of the Virus-Fighter
Here's an introduction to the person behind the antivirus software: Eugene Kaspersky.
----------
L0phtcrack is Back!
Many thanx to Rob V. for providing the update that l0phtcrack is back in full force! I have personally used LC4 & LC5 for quite some time, and am looking forward to the presentation features of LC6. LC is back in the "hands of the original authors from the L0pht who are giving it the care and feeding it deserves" which gives pen testers and auditors more great things to look forward to in the near future.
----------
Yet another "Digital Certificate" malware campaign
This time a "Bank of America Digital Certificate Updating" scheme is used, where a victim of the luring EMail is directed to a fake website that looks like this: ...
----------
Talking about the vulnerability disclosed last week:
Posted at 7:15 AM ET, 06/ 1/2009
Microsoft Warns of Attacks on Unpatched Windows Flaw
Microsoft is warning that hackers are using booby-trapped QuickTime media files to exploit a newly discovered security hole in Windows 2000, Windows XP, and Windows Server 2003 systems.
Microsoft said it is aware of "limited attacks" against an unpatched vulnerability in a Windows DirectShow component designed to process QuickTime files. The vulnerability is present in those operating systems and can be exploited whether or not users have QuickTime installed.
Permalink
----------
The Telegraph Website Leaks Subscriber Information
Romanian grey-hat hacker Unu has hit the Daily Telegraph website for a second time in un...
----------
U.S. Army servers breached by Turkish hackers
Hackers based in Turkey penetrated two US army web servers and redirected traffic from those websites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.
The hackers, who go by the group name 'm0sted', breached a server at the army's McAlester Ammunition Plant in Oklahoma on 26 January and a server at the US Army Corps of Engineers' Transatlantic Center in Winchester, Virginia, on 19 September, 2007, the report said.
Investigators believe an SQL injection attack was used to exploit a vulnerability in Microsoft's SQL Server database in order to gain access to the servers.
----------
Cable Companies Aren't Immune From The Economy As More People Go Online-Only For TV
People are cutting back on lots of spending these days, but one area that was supposedly relatively safe was in-home entertainment expenditures. Things like cable and satellite TV and Netflix were thought to even thrive during economic downturns as people looked to limit going out, choosing instead to stay in and be entertained. While that seems to be working out for Netflix, cable companies are starting to feel the pinch as people drop their subscriptions and get their TV fix online. While it's a relatively small number of people that are making the move, it's the sort of thing that cable companies have been concerned about for a while. The WSJ story talks about some moves by the likes of Comcast and Time Warner to grab more online viewers, but if the cable companies continue to try and treat their online efforts in the same way as their traditional offerings, it's hard to see much success.
----------
Upgrade to Suite B security algorithms
Most companies do not know what level of cryptography is required to properly protect their data...
At the same time on the public-key front, NIST and the American National Standards Institute published guidance that stated: RSA 1,024 should no longer be used to protect sensitive data by 2010; and for AES-128, RSA with a key size of 3,072 bits or ECC with 256 bits should be used.
...
----------
McAfee Releases June Spam Report
Monday June 1, 2009 at 12:04 am CST
Posted by David Marcus
What does the future of spam hold for us? Spam is all about making money and, as with most businesses, spammer CEOs need to worry about costs and their bottom lines. As long we continue to behave as suckers, spammers will use sophisticated tactics to separate us from our money. Download the full report here.
----------
skip to main |
skip to sidebar
Rather than an introspective blog, I will use this location to gather all the news stories that apply to security professionals.
No comments:
Post a Comment