December 2009 Bulletin Release Advance Notification
"we will be addressing the vulnerability discussed in Security Advisory 977981 in the IE bulletin on Tuesday" - Not the SSL/TLS bug!
----------
Great research paper on security and user education:
http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf
----------
Louisiana firm sues Capital One after losing thousands in online bank fraud
An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year.
In August, Security Fix wrote about the plight of Baton Rouge-based JM Test Systems, an electronics testing firm that in February lost more than $97,000 from two separate unauthorized bank transfers a week apart.
According to JM Test, Capital One has denied any responsibility for the losses. On Friday, JM Test filed suit in a Louisiana district court, alleging breach of contract and negligence by the bank. The firm says it is still out a total of $89,000, and that it has spent roughly $70,00
0 investigating and responding to the breaches.
"Capital One was not willing to make good on our losses or attempt any type of settlement," said Happy McKnight, JM Test's controller. "The banks are clearly taking a 'Hey, don't look at me!' stance. It is so sad to wonder how many business failures this type of fraud has caused."
Permalink
----------
Sprint Provides U.S. Law Enforcement with Cell Phone Customer Location Data
Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year
----------
Phishing losses add up
Although the number of banking customers who fall victim to phishing attacks is small, it all adds up to a lucrative business for cyber criminals. It's estimated that every US banking institute loses more than $9 million per million customers more…
----------
Wall Street Journal Website Hacked
A Romanian grey hat hacker has disclosed a serious SQL injection vulnerability on the Wa...
----------
Dell releases BIOS updates
Adrian Kingsley-Hughes: "Throttlegate": Some owners of Dell notebooks were experiencing severe underperformance and overthrottling, so much so that performance was being cut to a fraction of what it should be.
----------
Can You Copyright An SQL Query?
... the district had contracted out the process to a guy who charged them $500 per year, to basically write and then run an SQL query that exported the data. Each year, all he had to do was change the date, but he still charged them $500.
----------
Former Partner Blasts Seyfarth Shaw
By TIM HULL
LOS ANGELES (CN) - An attorney with Seyfarth Shaw says the firm's managing partners forced him to take the fall for Tae Boe creator Billy Blanks' $30 million legal malpractice suit, and turned the office into a place where "the pursuit and collection of money" from clients - referred to as "bozos on the bus" - became "the primary directive" for attorneys and "the chief preoccupation" of the managers.
----------
NASA sites hacked via SQL injection
Angela Moscaritolo December 07, 2009
Two of NASA's sites were accessed by an individual, apparently claiming to demonstrate they were susceptible to SQL injection.
----------
Adobe plans Flash update, investigates Illustrator flaw
Dan Kaplan December 04, 2009
An Adobe Flash Player update is due out on Tuesday to close a number of security holes.
----------
Microsoft slates six fixes for year's final Patch Tuesday
Dan Kaplan December 03, 2009
Microsoft's planned patches for Tuesday include a fix for a null pointer reference vulnerability in Internet Explorer, for which proof-of-concept code has been published.
----------
TSA Leaks Sensitive Airport Screening Manual
Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures badly bungled their redaction of the .pdf file. Result: The full text of a document considered “sensitive security information” was inadvertently leaked.
Anyone who’s interested can read about which passengers are more likely to be targeted for secondary screening, who is exempt from screening, TSA procedures for screening foreign dignitaries and CIA-escorted passengers, and extensive instructions for calibrating Siemens walk-through metal detectors.
The 93-page document also includes sample images of DHS, CIA (see above) and congressional identification cards, with instructions on what to look for to verify an authentic pass.
----------
Ex-KGB Officers May Be Behind the Hacked Climate Emails
treehugger.com — The computer hack, said a senior member of the Inter-governmental Panel on Climate Change, was not an amateur job, but a highly sophisticated, politically motivated operation. And others went further. The guiding hand behind the leaks, the allegation went, was that of the Russian secret services.
----------
The Fruit of the Poisoned Tree
Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated.
----------
Mapping the Mal Web: McAfee’s 3rd Annual Report
For the first time combining data from McAfee’s SiteAdvisor and TrustedSource, the report is even more comprehensive than last year’s, naming Cameroon (.cm) as the riskiest place to surf with a whopping 36.7 percent of the domains posing a security risk.
----------
Microsoft Warns Of Malware-Laced Counterfeit Software
Dec 07,2009
Complaints about counterfeit software infected with malware doubled in past two weeks
----------
Thanksgiving Webcam Promo Leads to Malware PC World – Thu Dec 3, 8:20 pm ET
The US$10 webcam that Anna Giesman bought her daughter at Office Depot over the Thanksgiving weekend sounds like one of those deals that's too good to be true. And for her, it was.
----------
Update: Judge affirms $675k verdict in RIAA music piracy case
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment