Ass Bomber
Nobody tell the TSA, but last month someone tried to assassinate a Saudi prince by exploding a bomb stuffed in his rectum. He pretended to be a repentant militant, when in fact he was a Trojan horse:
The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince -- the target of al-Asiri's unsuccessful assassination attempt.
...
Lewis Page, an "improvised-device disposal operator tasked in support of the UK mainland police from 2001-2004," pointed out that this isn't much of a threat for three reasons: 1) you can't stuff a lot of explosives into a body cavity, 2) detonation is, um, problematic, and 3) the human body can stifle an explosion pretty effectively (think of someone throwing himself on a grenade to save his friends).
----------
A Stick Figure Guide to AES
Nice.
----------
Ants vs. worms
Since ants are pretty good at locating and defending against enemies in the real world, a team of researchers decided to try reproducing an ant-type model on computer networks. Initial tests proved to be a success more…
----------
Internet Explorer supports free certificates
With its last update, Microsoft has added StartCom to the pre-installed root certificates in its operating system. As a result, Microsoft products (such as Internet Explorer) now accept certificates issued by StartCom without prompting the user or requiring any special configurations for the certificates. Third-party programs that use the operating system's certificate memory will also accept the certificates without asking further questions.
StartCom offers free certificates for the signing of e-mails (S/MIME) and for SSL server access, such as HTTPS. Unfortunately, with these "Class 1 certificates", the applicant's email address is generally the only thing tested.
While StartCom has been in the certificate store of Mozilla programs like Firefox and Thunderbird for some time, other issuers who offer free server certificates (such as CACert) are not currently included in the Root CA lists of commonly used programs. Users therefore have to inspect and confirm each server certificate or add the root certificate of such issuers to their certificate store.
The root certificate update is available as an option via Windows Update.
----------
Reddit Attacked by XSS Exploit
An XSS hole allowed comments to be booby-trapped with JavaScript code which posted multiple comments into the social news aggregator. The script was triggered by logged in users merely hovering the cursor over a comment. more…
----------
Belgian Government Workers Ordered to Drop Firefox and Return to IE6
The government of the Walloon Region has ordered its local administrations to ban the use of Firefox on their networks...
----------
Windows 7 reliability scorecard
Adrian Kingsley-Hughes: Since December Windows 7 has been my default OS on several systems that are in daily use. During that time I've captured a lot of real-world reliability data for the OS.
...
So, how reliable is Windows 7?
In a word, very.
...looking at a small number of shutdown issues <== ERIC SEES THESE TOO!
----------
Rampant brute-force attack against Yahoo Mail
A widespread brute-force attack against Yahoo email users aims to obtain login credentials and then use the hijacked accounts for spamming, a researcher at Breach Security disclosed last week.
Yahoo Mail's main login page utilizes a number of security mechanisms to protect against brute force attacks -- when crooks try every possible combination of username/password until they can break in -- including providing a generic "error" page that does not reveal whether it was the username or password that the user got wrong. Also, Yahoo tracks the number of failed login attempts and requires that users solve a CAPTCHA if they have exceeded a certain number of incorrect tries.
----------
Judge Orders Gmail Account Deactivated After Bank Screws Up
By Kim Zetter
September 25, 2009
A California federal judge has ordered Google to temporarily de-activate a Gmail account after a bank mistakenly sent sensitive data to the account.
U.S. District Judge James Ware also ordered Google to disclose the identity of the Gmail account holder.
----------
AT&T Cleverly Flips Google Voice Fight On Its Head
... it wasn't too surprising to see AT&T flip the Google Voice fiasco on its head by sending a letter to the FCC late last week accusing Google of anti-competitive behavior for blocking user access to FreeConferenceCall.com. In AT&T's letter, the carrier suggests this violates a looming fifth neutrality principle
----------
Phishing fraud hits two year high
Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor.
----------
Computer hacker may have tapped personal data on 236,000 women in UNC mammography study By News Room Today
----------
Drudge, other sites flooded with malicious ads
Criminals flooded several online ad networks with malicious advertisements over the weekend,...
----------
http://www.nytimes.com/2009/09/27/weekinreview/27shane.html?_r=1
... those news reports masked a surprising and perhaps heartening long-term trend: Many students of terrorism believe that in important ways, Al Qaeda and its ideology of global jihad are in a pronounced decline — with its central leadership thrown off balance as operatives are increasingly picked off by missiles and manhunts and, more important, with its tactics discredited in public opinion across the Muslim world.
“Al Qaeda is losing its moral argument about the killing of innocent civilians,” said Emile A. Nakhleh, who headed the Central Intelligence Agency’s strategic analysis program on political Islam until 2006. “They’re finding it harder to recruit. They’re finding it harder to raise money.”
----------
Blast from the past: Fresh wave of targeted attacks using PowerPoint
The use of social engineering to grab attention of recipients and to deliver malware is not something novel. The latest trend in spreading malware is to manipulate a happening celebrity story, disaster or other high profile news event. The threat could be delivered as emails or poisoned search engine results which leads to malware. In the past, we have come across innumerable incidents like Michael Jackson demise or Benazir Bhutto assassination used as an arena to spread malware. Lately, we have observed an increase in the number of OLE files being used as targeted attacks against various high profile users.
----------
Microsoft buys Interactive Supercomputing, kills top product: Microsoft has purchased the assets of Interactive Supercomputing (ISC), maker of the desktop parallel computing platform Star-P. Redmond plans to discontinue Star-P but to integrate ISC's technologies into its own solutions.
----------
Google v Microsoft: Giants War Over $7.25M Deal for LA Email
latimes.com — The two tech giants are clashing over a $7.25-million contract to replace Los Angeles' outdated e-mail system. City officials have been told that Microsoft Chief Exec Steve Ballmer and Google CEO Eric Schmidt "would be more than happy to come and visit with you." More…
----------
http://www.neatorama.com/2007/01/04/the-5-smallest-countries-in-the-world/
The official languages of the Vatican City are Latin and Italian. In fact, its ATMs are the only ones in the world that offer services in Latin! And here you thought that Latin is a dead language…
----------
Cyber Security Awareness Month OCTOBER
----------
Organized Crime and Retail Theft: Facts and Myths
Small, loosely connected gangs illustrate the challenge of stopping organized retail theft.
----------
Organized Cybercrime Revealed
The shadow economy for stolen identity and account information continues to evolve.
----------
Sep 26, 10:42 am
Security Software Sales Expected to Climb
The market for security software will grow 8% in 2009, Gartner analysts predict.
----------
IRS Scam Now World's Biggest E-mail Virus Problem PC World – Fri Sep 25, 6:40 pm ET
Criminals are waging a nasty online campaign right now, hoping that their victims' fears of the tax collecter will lead them to inadvertently install malicious software.
----------
Med students' tweets, posts expose patient info
Future doctors are too frequently putting inappropriate postings and sometimes confidential patient information on social sites like Facebook and Twitter, according to a study published in the Journal of the American Medical Association.
In a survey of medical colleges, 60% reported incidents of medical students' posting unprofessional content online. Thirteen percent reported that students had violated patient confidentiality in postings on social networking sites.
The survey also showed that 39% of colleges found medical students posting pictures of themselves in which they were intoxicated, and 38% reported medical students posting sexually suggestive material. The study, published this week, surveyed deans or their counterparts at 78 U.S. medical colleges.
----------
Microsoft's Server Message Block (SMB) has been a vulnerability for years, so they introduced a new version (SMB 2). Now they recommend turning off SMB2 due to too many vulnerabilities...
http://blogs.technet.com/srd/
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment