Microsoft ignores standard definition, does what it THINKS is right...
http://dotnet.org.za/codingsanity/archive/2009/07/05/by-design-bugs.aspx
----------
"MySpace mom" Lori Drew's conviction thrown out
Read more
----------
http://blogs.iss.net/archive/sql-injection-ers.html
SQL Injection Lessons from X-Force Emergency Response Service Investigations
Posted by Harlan Carvey on May 08, 2009 at 1:46 PM EDT.
----------
Forrester: A Close Look At Cloud Computing Security Issues
Chenxi Wang examines security, compliance and contractual issues in cloud computing.
Read more
----------
PC Invader Costs Ky. County $415,000
Posted at 5:14 PM ET, 07/ 2/2009
Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks.
Continue reading this post »
----------
The Pros and Cons of Password Masking
Usability guru Jakob Nielsen opened up a can of worms when he made the case for unmasking passwords in his blog. I chimed in that I agreed. Almost 165 comments on my blog (and several articles, essays, and many other blog posts) later, the consensus is that we were wrong.
I was certainly too glib. Like any security countermeasure, password masking has value. But like any countermeasure, password masking is not a panacea. And the costs of password masking need to be balanced with the benefits.
The cost is accuracy. When users don't get visual feedback from what they're typing, they're more prone to make mistakes. This is especially true with character strings that have non-standard characters and capitalization. This has several ancillary costs...
----------
Update: Apple patching serious SMS vulnerability on iPhone
Apple may be working to fix an iPhone vulnerability that could possibly allow an attacker to remotely install and run unsigned software code with root access to the phone.
The theoretical attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday.
----------
Court orders spammers to pay $3.7 million
A federal court has ordered members of an alleged international spam ring to give up $3.7 million that they made while sending out illegal e-mail messages pitching bogus weight-loss products and human growth hormone pills.
The operation, with key players located in Canada and St. Kitts, used spammers to drive traffic to Web sites selling an extract of the hoodia gordonii plant that the sellers claimed would cause significant weight loss and a "natural human growth hormone enhancer" that sellers claimed would reverse the aging process, the U.S. Federal Trade Commission said Thursday.
----------
'Jailbroken' iPhones leave users more vulnerable
Jailbreaking an iPhone leaves users vulnerable to attack by stripping away most of the handset's security protections, a security researcher warned Thursday.
----------
Security guard charged with hacking hospital systems
The grainy video shows a bleary-eyed young man in a hoodie inside the Carrell Clinic in Dallas. As he hits the elevator button, the theme music from Mission Impossible plays in the background. "You're on a mission with me: Infiltration," he says to the camera.
Then in the course of the next five minutes, the man, who says he hasn't slept in three days, uses a security key to roam the halls of the hospital and install malicious botnet software on a computer there.
He says he's "infiltrated a very large corporate office," but according to the FBI, he was just working the night shift as a security guard, pretending to break into the very building he was supposed to be guarding.
----------
Chinese security company shares huge malware database
A Chinese company that has created a massive database of malware found on Chinese Web sites opened up the information to other security organizations on Thursday.
Beijing-based KnownSec gathered the viruses and other information with a crawler that scans nearly 2 million Chinese Web sites each day, Zhao Wei, CEO of the security company, said in an interview in Beijing. He planned to give a presentation on the subject at the Forum of Incident Response and Security Teams (FIRST) security conference in Kyoto, Japan this week.
----------
Facebook simplifies privacy settings, calls them too complex
Facebook will simplify the way in which it offers privacy options to its users, as it gets ready to give its members for the first time the option to make the content they post on their profiles available to anyone on the Internet.
Right now, Facebook privacy controls are too scattered across multiple settings pages and they lack uniformity, creating confusion among members, Facebook Chief Privacy Officer Chris Kelly said Wednesday during a press conference.
----------
Conficker: Forgotten but not Gone PC World – Thu Jul 2, 12:56 pm ET
Conficker may not dominate the headlines any longer, but it's still going strong, according to Trend Micro's Malware Blog and stats from the Conficker Working Group.
----------
Jun 30, 2:26 pm
Microsoft Antivirus Software: Like Fox Guarding Hen House
Analysis: Why can't users trust antivirus software from Microsoft to protect their own stuff?
----------
Online Scams Jump as More Africans Go Online
Cybercrooks are targeting new Internet users within Africa, along with the longstanding Nigerian money scams.
----------
New Tool Exposes Stealthy Metasploit Hack
Jul 02,2009
Researchers will demonstrate forensics tool, technique for unmasking attacks using Metasploit's stealthy Meterpreter anti-forensics function
----------
Month Of Twitter Bugs Goes Live With Mini-URL Flaws
Jul 01,2009
Researcher launches Day One of daily third-party Twitter app vulnerability disclosures, while some members of Twitter christen July 1 "TwitterSec Day"
----------
0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks
A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites.
----------
Embedding and Hiding Files in PDF Documents
My corrupted PDF quip inspired me to program another steganography trick: embed a file in a PDF document and corrupt the reference, thereby effectively making the embedded file invisible to the PDF reader.
The PDF specification provides ways to embed files in PDF documents. I’m releasing my Python program to create a PDF file with embedded file (I used make-pdf-embedded.py to create my EICAR.pdf).
----------
Prepare Yourself For iPod Video
... One of our sources in Asia say that Apple has placed an order for a massive number of camera modules of the type that they include in the iPhone. These are inexpensive cameras, in the $10 range. And the size of the order, our source says, means they can only be used for one thing - the iPods.
----------
Only a couple of days after George Hotz became the first hacker to release a jailbreak app for the iPhone 3GS on Windows, there’s a Mac-compatible version out too. This time, Hotz got some help from two fellow coders to be able to please the Mac folks, but he also made some improvements to the Windows version.
Happy jailbreaking, and in case you didn’t know yet: happy unlocking too.
Read More
----------
Since March, Internet Explorer Lost 11.4 Percent Share To Firefox, Safari, And Chrome
http://gs.statcounter.com/#browser_version-US-monthly-200807-200907
----------
Sensors for Tracking Home Water Use
By Kate Greene
Tuesday, June 30, 2009
Sensors track devices' electricity, water, and gas consumption from one spot.
----------
On Facebook, a Spy Revealed (Pale Legs, Too)
http://www.nytimes.com/2009/07/06/world/europe/06britain.html?hp
LONDON — The man in the Facebook photographs seems like your average guy having a little fun. Here he is in a festive scene at a park, gamely wearing a red fleece and a Santa Claus hat. Here he is again, playing Frisbee on the beach, clad in a pair of snug bathing trunks that show off his muscular, if pale (he is British) legs.
Oops. It turns out that this is not a regular person at all. He is in fact Sir John Sawers, diplomat and spy, currently the British ambassador to the United Nations and soon to be the chief of MI6, the Secret Intelligence Service.
----------
New Attacks Against Internet Explorer
If you have read Geok Meng and Xiaobo’s blog published in December last year, this would almost seem like a movie sequel. Over the July 4th weekend, an exploit targeting a 0-day vulnerability in the Microsoft Microsoft DirectShow ActiveX object was widely discovered on many Chinese websites.
----------
Understanding China’s cyber threat perception
Nations develop defense capabilities and weapon systems based on threat perception. While it is extremely difficult to predict future war, it is something each country must take seriously. You don’t spend all of your military budget on coastal defense if estimates show it is more likely you will engage in land warfare. If military decision-makers predict that future combat will center around non-contact war, using drones, cyber attacks and space-based weaponry, you focus your energy and resources on those areas.
China has openly announced that they are moving toward an “informationized” force and it is one of their top priorities. While we do not have to agree with their rational, it is imperative that we understand it.
----------
British Telecom Drops PhormConsumer privacy backlash proved too much for project...09:02AM Monday Jul 06 2009 by Karl Bode
Controversial adversnooping company Phorm used to be named 121Media and has a history with rootkits and spyware. So it wasn't surprising when privacy advocates began opposing the the company's efforts to push behavioral advertising systems in the UK dressed up as anti-phishing solutions. story continues..
----------
Ships Must Use Cleaner-Burning Fuels, Judge Says
By AVERY FELLOW
(CN) - Ships approaching the California coast must use cleaner-burning fuels, a federal judge ruled in Sacramento. U.S. District Judge Morrison C. England, Jr. upheld new regulations set by the California Air Resources Board limiting sulfur in fuel for ships traveling within 24 miles of the state's coast.
----------
Juniper pulls researcher's Black Hat ATM talk
Dan Kaplan July 01, 2009
Black Hat is still a month away, but it is already making news after a planned presentation, which would have shown how to force ATMs to give cash, was pulled.
----------
skip to main |
skip to sidebar
Rather than an introspective blog, I will use this location to gather all the news stories that apply to security professionals.
No comments:
Post a Comment