Monday 06/08/09

New version of KeePass Encrypted Password Database available:
http://keepass.info/download.html

The new version adds encryption speed & strength for Vista users. I need to be careful when sharing files with you XP users...

----------

not security, but interesting...
Energy Audits Vex Austin Home Sellers

The city of Austin, Texas, has begun requiring homeowners to conduct energy-efficiency audits before they can sell their house, a move it says provides a model for cities and states seeking ways to push energy conservation.

With its new law effective last week, Austin joined at least two other U.S. cities -- San Francisco and Berkeley, Calif. -- that require the audits, which can include a review of a home's air-conditioning and heating systems, insulation and air-tightness, and generally cost owners from $200 to $300.

----------

China Squeezes PC Makers
BEIJING -- China plans to require that all personal computers sold in the country as of July 1 be shipped with software that blocks access to certain Web sites, a move that could give government censors unprecedented control over how Chinese users access the Internet.

The government, which has told global PC makers of the requirement but has yet to announce it to the public, says the effort is aimed at protecting young people from "harmful" content. The primary target is pornography, says the main developer of the software, a company that has ties to China's security ministry and military.

----------

New iPhone released:
http://www.apple.com/iphone/gallery/ads/

----------

Social Engineering: 5 Security Holes at the Office (Includes Video)
We poked around a secure building with social engineering expert Chris Nickerson and found several ways a criminal could get inside and access sensitive data.
Read more

----------

How Pirates Shook European Politics
torrentfreak.com — With 7.1 percent of the vote, the Swedish Pirate Party has shocked its critics and secured a seat in the European Parliament. The Pirates received more votes from those under 30 than any other party in the European elections yesterday, and this was celebrated with pints of rum and loads of pirate chants.More…

----------

Due Tomorrow:
June 2009 Advance Notification
Advance Notification for the June 2009 Security Bulletin Release
Today, we published our Advance Notification indicating that next Tuesday, June 9 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 10 security bulletins consisting of:

· Six updates affecting Windows. Two Critical, three Important, and one Moderate.
· One Critical update affecting Internet Explorer.
· One Critical update affecting Word.
· One Critical update affecting Excel.
· One Critical update affecting Office.

----------

Posted at 11:10 AM ET, 06/ 8/2009
T-Mobile Investigating Data Breach Claims
Wireless phone giant T-Mobile said today it is investigating claims that hackers have broken in and stolen customer data and company proprietary information.
Continue reading this post »

----------

Hackers claim they raided sensitive T-Mobile information
Dan Kaplan June 08, 2009
T-Mobile has yet to release details about an alleged massive hack of its systems.

----------

Sears Settles With FTC For Putting Spyware On Customers' Computers
You may recall a couple years back, a controversy over the fact that Sears appeared to be installing spyware on the computers of online customers who had agreed to join a "community." Sears insisted this wasn't true, and that it really was software to help create a community of shoppers -- but the evidence suggested otherwise. The FTC eventually got involved, and now Sears has settled the charges that it was unfairly spying on users without clearly indicating this to users. Sears insisted that because the fine print of the terms of service for joining the community said that it would track your online browsing, it was in the clear, but the FTC noted, accurately, that most users would not have gotten that impression from signing up.

----------

Mayor Isn't Liable for Pet Killings, Court Says
By ANNIE YOUDERIAN
(CN) - The mayor of Barceloneta, Puerto Rico, won partial immunity from claims that his no-pet policy led to alarming raids on public housing communities, resulting in the removal and killing of countless family pets. "[T]here is nothing conscience-shocking about the pet policy itself," the 1st Circuit ruled.

----------

Waging war on cyberthreats
Max Huang, founder and president, O2Security May 08, 2009
Compromised information networks can put an organization's very life in jeopardy. Here are ways that firms can take the lead.

----------

Hot or Not: SCADA security is hot

----------

Voting Machine Company Agrees to Hand Over Source Code
By Kim Zetter
June 8, 2009

Election officials in Washington, DC, are finally going to get source code for voting machines that produced ‘phantom’ votes during the state’s primary election last September.
Sequoia Voting Systems agreed on Friday, after the city threatened a lawsuit, to hand over the proprietary code. Sequoia will also give election officials documentation describing how the source code and machines were created and maintained, according to the Washington Post.

----------

2009 Top Urban Legends in IT Security
There are lots of IT Security related urban legends floating around the Internet. Some have malicious intent and others are just for fun. Some have been with us for years but still refuse to die. Here is a list of my top IT Security Urban Legend picks for this year.

----------

10 things you didn't know about cyberwarfare
...2

NEW YORK CITY -- Imagine a situation where a powerful country wants to annex its small neighbor, so it launches a week-long campaign of cyberattacks aimed at disrupting the financial, energy, telecom and media systems of its neighbor's biggest ally. A week later, the aggressor launches a full-scale cyberwar on its neighbor that includes air and naval defenses. With its ally's defenses weakened, the neighbor agrees to become a province of the aggressor in less than a week.

This scenario is not so far-fetched, according to several experts from the National Defense University who spoke at the Cyber Infrastructure Protection Conference held here last week.

----------

Update: Disitool V0.3
Last January, I got a little challenge from @hdmoore via my Twitter account: add data to a signed executable without invalidating the Authenticode signature. I updated my Digital signature tool, but I realize now I had only announced the update on Twitter, not on my blog.

The trick is to increase the size of the image data directory for the digital signature and inject the extra data after the digital signature. This way, the Authenticode validation algorithm ignores the extra data, because it considers it to be part of the signature. Use Disitool’s new inject command:
...

----------

Internet Pharma-Phishing at Epidemic Levels
June 7, 2009 · 1 Comment
By Richard Stiennon, Chief Research Analyst, IT-Harvest
eSoft has determined that there has been a major spike in fraudulent pharmacy sites just this past week. Much like the fake SpySweeper site these pharma-fraud sites present a convincing storefront that appears to sell Viagra and Cialis. They have a sophisticated shopping cart system and take your money but do not bother with actually fulfilling orders. eSoft provided me with data on seven different templates they have discovered. The quantity is amazing.

----------

From the 'Duh!' files:
20% of IT Managers Admit to Cheating
June 7, 2009 · Comment
By Steven Fox, Founder of SecureLexicon
A cross-industry survey of 150 IT managers and technical staff showed that 20% of that population either admitted to cheating on an IT audit or knew someone that did.

----------

DNS Security Webinar: Issues And Challenges

SANTA CLARA, Calif., June 8, 2009 — Infoblox Inc. today announced that it will host a webinar on Wednesday, June 10th, 2009, including three of the world's leading authorities on the domain name system (DNS) and network security.

Many security researchers are expressing growing alarm over the state of DNS security. Every network professional needs to understand DNS security and how the Domain Name System Security Extensions (DNSSEC), a suite of IETF specifications for securing information provided by DNS, may impact their organization.

----------

Twitter "Best Video" Scam Attacks PCs
Scam messages that link to a juste.ru attack site began going out over the weekend.

----------

Adobe will deliver its first quarterly patches on Tuesday

----------