Thursday, January 8, 2009

Around The Horn vol.1, 3


Alerts


Jan 7, 2009 (18 hours ago)
Cisco Global Site Selector Appliances DNS Vulnerability

from Cisco Security Advisories
The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS.

Jan 7, 2009 (17 hours ago)
An Israeli patriot program or a trojan, (Wed, Jan 7th)

from SANS Internet Storm Center, InfoCON: green
Recently we have been witnessing a rise of politically motivated hacking attacks by supporters both ...(more)...

9:31 PM (9 hours ago)
BIND 9.x security patch - resolves potentially new DNS poisoning vector, (Wed, Jan 7th)

from SANS Internet Storm Center, InfoCON: green
The Internet Systems Consortium [http://www.isc ...(more)...

Security News

Jan 7, 2009 (12 hours ago)
Microsoft Security Advisory (961509): Research proves feasibility of collision attacks against MD5

from Microsoft Security Content: Comprehensive Edition
Revision Note: Advisory publishedSummary: Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method would allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.

Jan 7, 2009 (18 hours ago)
Twitter hacked via weak passwords to admin system

from CGISecurity - Website and Application Security News by Robert
"A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing...

Jan 7, 2009 (17 hours ago)
Sacked Croydon hacker spied on former colleagues' e-mails

from CGISecurity - Website and Application Security News by Robert
"An IT expert sacked for lying on his CV hacked into his company's computer system to spy on his former colleagues - and deleted vital information which led to the loss of jobs. Julius Oladiran, 46, was dismissed from after his employers discovered his boasts of a master's degree, and top...

Jan 7, 2009 (17 hours ago)
Google code project abused by spammers

from McAfee Avert Labs by Chris Barton, Research Scientist and Artemis Geek
Google’s code hosting project is the latest free service to be abused by web spammers. We’ve seen one or two previously but over the holidays the situation appears to have got much worse. They are creating lots of new projects with the following type of website on:

Jan 7, 2009 (20 hours ago)
Weak sigs found on one in seven SSL sites

from The Register - Security
Survey highlights serious spoofability
One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks.…

Jan 7, 2009 (18 hours ago)
Password guessing attack exposed in Twitter pwn

from The Register - Security
The pursuit of 'happiness'
Miscreants broke into Twitter's admin system on Sunday night using a simple password guessing hack, it has emerged.…

Jan 7, 2009 (23 hours ago)
Researchers poke holes in Intel's anti-tampering tech

from The Register - Security
Unlocked and loaded
A practical attack on Intel's trusted execution technology (TXT) is due to be demonstrated at a hacking conference next month.…

Jan 7, 2009 (13 hours ago)
Sacked IT admin sentenced for hacking ex-employer

from The Register - Security
The telltale cursor
A British IT admin was ordered to pay more than £3,000 and given a three-months jail sentence after being accused of hacking into his former employer's computer system so he could install spyware and delete emails.…

Jan 7, 2009 (22 hours ago)
Symantec Altiris SecurityExpressions - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing

from WindowSecurity.com by info@WindowSecurity.com (The Editor)
Symantec Altiris SecurityExpressions was selected the winner in the Network Auditing category of the WindowSecurity.com Readers' Choice Awards. Karalon Traffic IQ Professional was first runner-up and i-Sprint Enterprise AdminGuard and Stealthbits StealthAUDIT were second runners-up.

Jan 7, 2009 (22 hours ago)
Troubleshooting Kerberos in a SharePoint environment (Part 1)

from WindowSecurity.com by blue@jinx.dk (Jesper M. Christensen)
Creating a test environment to show which error-messages come from configuration problems.

Jan 7, 2009 (17 hours ago)
Best practices for removable media encryption

from Network World on Security
USB flash drives, iPods and other portable storage devices are pervasive in the workplace and a real threat. They can introduce viruses or malicious code to the network and be used to store sensitive corporate information. While IT has responded with policies and audits, the best way to safeguard data taken outside of a managed envrionment is encryption.

Australian Tax Office again the target of phishing scam

from Network World on Security
Just like it did this time last year, the Australian Tax Office is again warning taxpayers of a fraudulent email being circulated that claims to offer citizens a tax refund.

Jan 7, 2009 (17 hours ago)
Data breaches rose sharply in 2008, says study

from Network World on Security
More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).

Jan 7, 2009 (17 hours ago)
Recession Be Damned! IT Security Spending Up For Some

from Network World on Security
The economy may be in tatters, along with legions of IT security budgets. But a new report from Forrester Research suggests security spending is actually on the rise in some enterprises.

Will Microsoft Corner the Desktop Security Market?

from Network World on Security
Microsoft plans to offer a free antivirus product, code-named "Morro," in the second half of this year, when the company removes Windows Live OneCare from the retail market. But cautious consumers may want to keep their current antivirus programs, given Microsoft's dubious track record with antivirus apps.

4:49 AM (1 hour ago)
Kerio unveils Mac client for its VPN

from Network World on Security
Messaging and security vendor Kerio in March will release a Mac-based VPN client for its WinRoute Firewall.

4:49 AM (2 hours ago)
Hack Forces Twitter Into 'Full Security Review'

from Network World on Security
Twitter Inc. has launched a comprehensive review of the defenses in its popular social network and microblogging service after hackers last week hijacked the accounts of several high-profile users.

4:49 AM (2 hours ago)
Social networks link terrorists

from Network World on Security
A new breed of terrorists are using online forums to recruit people who align themselves with the mission of Al Qaeda, creating global networks of would-be terrorists who pose a growing threat, a senior cyberterrorist researcher warned this week.

4:49 AM (2 hours ago)
Fake LinkedIn profiles promise pics, send malware instead

from Network World on Security
Hackers have seeded LinkedIn , the business networking service, with bogus celebrity profiles that link to malicious sites serving up attack code, a security researcher said Wednesday.

4:49 AM (1 hour ago)
Pocket Credit Card Reader Takes Transactions on the Go

from Network World on Security
Taking credit card payments on the road--whether it's door-to-door or on a trade show floor--can be a frustrating task. Old-fashioned mechanical readers (known as addressographs) are insanely bulky, and leave you with a mass of paper to contend with at the end of each day. Dedicated electronic card readers, meanwhile, tend to be even bulkier, and often require a power source and Internet connection to function. These hassles make the ProPay MicroSecure Card Reader look pretty inviting.

4:49 AM (1 hour ago)
Kerio unveils Mac client for its VPN

from Network World on Security
Messaging and security vendor Kerio in March will release a Mac-based VPN client for its WinRoute Firewall.

4:49 AM (1 hour ago)
Clock ticking for gas stations to pump up data security

from Network World on Security
Lower gas prices aren't the only thing that's new at the pumps these days. Data encryption tools are also becoming part of the picture.

Jan 7, 2009 (20 hours ago)
Root inside: researchers claim crack for Intel's vPro

from Ars Technica by jon@arstechnica.com (Jon Stokes)
A pair of security researchers claim to have cracked Intel's trusted execution technology (TXT), a critical part of the vPro platform. Few details on the attack are available, so it's hard to suss out what, if anything, this means for the chip giant's plans.

Jan 6, 2009 (2 days ago)
Constable HaX0r loose in the UK? Well, yes and no

from Ars Technica by julian.sanchez@arstechnica.com (Julian Sanchez)
ZOMG, did you hear about how British cops are elite haxx0rz in ur base killing all ur d00dz!!!1! Let's all take a deep breath, shall we?

Jan 5, 2009 (3 days ago)
Israel/Hamas battle goes Web 2.0

from Ars Technica by nate@arstechnica.com (Nate Anderson)
Forget the Iraqi Information Minister; governments are now turning to Twitter, YouTube, and blogs to shape public opinion about war, and the Israel/Gaza conflict looks to be one of the most wired yet.

-- Aurora Report says that'll do donkey - ya gotta love Shrek.

No comments:

Post a Comment

My Blog List