New features can open up Cisco IOS to hackers
New features embedded in Cisco IOS like VoIP and Web services -- which could be enabled by default -- can present an opportunity for hackers, according to this story in SearchSecurity.com. A security researcher at this week's Black Hat conference in Las Vegas delivered a presentation in which he outlined ways hackers can infiltrate Cisco routers through these new IOS features.
----------
Some IT skills hot, even in down economy
Foote Partners’ latest analysis shows that pay for 28 IT skills and certifications is on the rise, while 46 skills and certifications saw a decrease in pay in Q2.
----------
Recession no reason to neglect IT workforce, Gartner says
Gartner survey shows companies continue to put hiring and staff development on hold, despite specific skills being in demand.
----------
IT cost management must: Chargeback
Forrester Research report details why IT chargeback practices and technologies will become mandatory for most IT organizations.
----------
'MonkeyFist' Launches Dynamic CSRF Web Attacks
Researchers release tool that automates cross-site request forgery attacks
----------
Researcher Uncovers Massive, Sophisticated Trojan Targeting Top Businesses
Trojan may already have infected hundreds of thousands of PCs, botnet expert says
----------
Metasploit Meterpreter For Mac Coming Soon From Evil Bytes
Meterpreter is by far one of the most powerful and most advanced payloads included in the Metasploit Framework. It's been the joy of penetration testers and the bane of incident responders and until now, it's only been a payload targeted at Windows systems, while Mac users have dodged a bullet. But that won't be the case for much longer...
----------
McAfee Buys Cloud Security Provider MX Logic For $140 Million
Acquisition expands McAfee's security software-as-a-service offerings
----------
· Ban on peer-to-peer software for contractors, government in the works
Rep. Edolphus Towns (D-N.Y.) said he plans to introduce a bill that would ban the use of peer-to-peer software on all government and contractor computers and networks.
Towns, chairman of the Oversight and Government Reform Committee, held a hearing July 30 about the security issues associated with peer-to-peer software.
Possible information leaks about the electronics for the president’s Marine One helicopters and financial information belonging to Supreme Court Justice Stephen Breyer onto the peer-to-peer network LimeWire make such a ban necessary, Towns said. “LimeWire does not deny those reports but claims that recent changes to the software prevent inadvertent file sharing,” Towns said.
----------
Microsoft kills Windows 7E, puts IE back in upcoming OS http://cwflyris.computerworld.com/t/5597713/6339517/208277/0/
----------
Remote BIND 9 DoS Vulnerability Patched
A new, remotely exploitable denial-of-service (DoS) vulnerability affecting BIND Version 9 was reported by ISC on July 28. It’s also reported that exploits have been seen in the wild. Because BIND is widely used, these attacks can affect many critical infrastructures. Here’s a little description of the problem.
The vulnerability exists in the DNS dynamic-update request message. Dynamic update (RFC 2136) was implemented in DNS to deal with constantly updating DNS records in various DNS servers. The individual DNS servers can send update messages back to the DNS zone master so that the master record can remain current. Each update message should contain at least a zone record, a prerequisite record, and an update record. The zone record specifies which zone the update message is for. Only the zone master can update the record for itself. The prerequisite record specifies the condition in which the server should check before updating, and the update record contains the updated record.
----------
Security analyst: Las Vegas ATMs may have malware
The U.S. Secret Service said on Monday it is investigating a group of ATM machines in Las Vegas...
----------
Report: Chinese hackers deface Melbourne film festival site
The organizer of 2009 Melbourne International Film Festival shuts down online ticket sales after...
----------
Fast-Food FAIL: Drive-Thru Displays Point-of-Sale LAN Info
Rick Lawhorn went to a local fast-food chain one recent evening and found a potential security...
----------
Black Hat 2009: How to hack a parking meter
How to hack a San Francisco parking meter: This is how a San Francisco parking meter should look; a...
----------
Times Takes Aim At 15-Second Voicemail Cash Cow
David Pogue of the New York Times last week raised a simple but interesting point about the short messages carriers tack on to the end of your voicemail greeting. In most instances, after your pre-recorded greeting, the alerts tell a caller to your voicemail inane things like "at the tone, please record your message" (Verizon) or "when you are finished, you may hang up" (AT&T). Pogue notes these aren't just there for convenience, but --and this may surprise you about the wireless industry -- to milk consumers out of money:
These little 15-second waits add up–bigtime. If Verizon’s 70 million customers leave or check messages twice a weekday, Verizon rakes in about $620 million a year...In 2007, I spoke at an international cellular conference in Italy. The big buzzword was ARPU–Average Revenue Per User. The seminars all had titles like, “Maximizing ARPU In a Digital Age.” And yes, several attendees (cell executives) admitted to me, point-blank, that the voicemail instructions exist primarily to make you use up airtime, thereby maximizing ARPU.
----------
Apple patches iPhone text message vulnerability
Dan Kaplan August 03, 2009
A much hyped SMS vulnerability in the Apple iPhone has been fixed -- one day after details of the bug were presented at the Black Hat conference in Las Vegas.
----------
College Says It Owns Global Disease Monitor
By BARBARA LEONARD
WASHINGTON (CN) - Georgetown College sued two former employees who refuse to give up their patent rights to inventions for "Project Argus," a federally funded project for "technology capable of supporting a worldwide biosurveillance system" that can detect outbreaks of disease before they become pandemics.
----------
Spammer Discovers His Insurance Policy Doesn't Cover $6 Million Spam Fines
Scott Richter was a bigtime spammer, who was so proud of being a spammer, at one point he planned to release his own line of "Spamking" clothing (seriously). In 2005, though, he filed for bankruptcy (even though it appeared his spamming operations were still rolling in cash. That same year, there were reports that Richter had actually gone legit and he was actually removed from the infamous ROKSO list of known spammers (not an easy list to get removed from). Except... sometimes it's just difficult to stay away. MySpace sued Richter in 2007 and won a $6 million award against him (though, Richter claimed victory since MySpace wanted much more).
Now, Michael Scott alerts us to the news that Richter tried to have his insurance company pay the fines, but a court has now said that these fines were excluded from the policies, and thus Richter is on the hook for the fines instead. That seems like a good thing. It would be pretty troubling if spammers were able to buy insurance against getting fined.
----------
Announcing OffVis 1.0 Beta
We’ve gotten questions from security researchers and malware protection vendors about the binary file format used by Microsoft Word, PowerPoint, and Excel. The format specification is open and we have spoken at several conferences (1, 2, 3) about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called “OffVis”. We first shared the tool with our MAPP partners in May and have now released it as a no-charge download from the Microsoft Download Center for everyone to benefit from this work. We have also recorded a 30-minute training video that describes the file format. We will announce the video here on the blog when it is ready to be released.
OffVis displays an OLESS-based binary files in two ways. It shows a hex view of the raw file contents on the left side of the window and the tree of objects built up from parsing those raw file contents on the right side of the window.
...
----------
Hidden gay slur, search terms, get campaign site blacklisted
August 3, 5:23 p.m. UTC - by Nate Anderson Posted in: Law & Disorder
US Senator Kay Bailey Hutchison is running for governor of Texas, but her new campaign website has already managed to get itself blocked from Yahoo and Google. Stuffing a site with 2,000+ hidden search terms, including "rick perry gay," is a good way to get the wrong kind of attention.
Read more
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment