Tuesday, January 20, 2009

Around The Horn vol.1,15

Alerts

-- No new Security Alerts this morning.

Security News

7:05 PM (11 hours ago)
Single drive wipe protects data, research finds

from CGISecurity - Website and Application Security News by Robert
An article at securityfocus claims a single drive wipe is enough to prevent electron microscopes from recovering drive data."A computer forensics specialist has a message for security-minded computer users: A single wipe will make drives impossible to read. In research published on Thursday, auditor Craig Wright tested the ability of a...

Jan 19, 2009 (14 hours ago)
Safari RSS Reader Vulnerability

from CGISecurity - Website and Application Security News by Robert
In 2006 I gave a talk at blackhat on the risks of RSS vulnerabilities. It appears Safari has a flaw in its RSS reader as outlined by Brian Mastenbrook."The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I...

Jan 19, 2009 (20 hours ago)
Shrinking Patch Timelines – The Need For HIPS

from McAfee Avert Labs by Vinoo Thomas
Over the years, the window between exploit discovery to its incorporation into a worm candidate has shrunk from months, to weeks, to zero-day. This leaves administrators with very little time to schedule and deploy patches to all servers and workstations on their network. Virus authors, on the other hand, have been at the cutting edge for including exploit code in their creations whenever a critical vulnerability is reported. The chart below shows the time frame between a vulnerability being reported and how long it took for virus authors to incorporate it into a worm candidate.

6:20 AM (8 minutes ago)
MoD networks still malware-plagued after two weeks

from The Register - Security
Officials: But all our base email are belong to us
Ongoing malware problems at the Ministry of Defence have left some officials and service personnel still without desktop computing, a fortnight after infections began. However, the MoD insists that media reports of its email being sent to Russia are untrue.…

Jan 19, 2009 (13 hours ago)
Three in 10 Windows PCs still vulnerable to Conficker exploit

from The Register - Security
Worm food
Three in ten systems remained unpatched against the exploit fueling the spread of the infamous Conficker worm, according to security tools firm Qualys.…

Jan 19, 2009 (20 hours ago)
Security boffins attempt to freeze out cold boot crypto attack

from The Register - Security
Cache from chaos
Security researchers have developed prototype countermeasures to defend against the recently developed cold boot crypto attack.…

Jan 19, 2009 (22 hours ago)
'Obama quits' spam recruits zombie drones

from The Register - Security
President-Elect heading for office, not Pacific island
Scammers are capitalising on worldwide interest about Barack Obama's inauguration via a spam email campaign that claims the Illinois senator turned prez44 plans to turn down the office he fought so long to obtain.…

6:20 AM (8 minutes ago)
McKinnon's lawyers hope UK prosecution will derail extradition

from The Register - Security
Will change of administration mean change of venue?
Pentagon hacker Gary McKinnon has secured a potential lifeline in his long-running fight against extradition to the US on hacking charges.…

Jan 19, 2009 (16 hours ago)
Fake sites spreading malware claim Obama won't take oath

from Network World on Security
Sites claiming President-Elect Barack Obama will refuse to take the oath of office Tuesday...

9:44 PM (8 hours ago)
Acunetix Web Vulnerability Scanner 6 Review

from Darknet - The Darkside by Darknet
As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant - the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“. This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]Read the full post at darknet.org.uk

Jan 19, 2009 (17 hours ago)
Conficker (AKA Downadup or Kido) Infections Skyrocket To An Estimate 9 Million

from Darknet - The Darkside by Darknet
There hasn’t been a viral outbreak of this scale for quite some time, Conficker or Downadup as it’s known was only fairly recently discovered (Oct 2008) and has already infected an estimated 9 million machines! It’s spreading fast though and it auto-updates itself via downloads from random domains making it almost impossible to...Read the full post at darknet.org.uk

9:38 PM (8 hours ago)
DOE report paints bleak picture of our electric future

from Ars Technica by jtimmer@arstechnica.com (John Timmer)
The US Department of Energy has snuck out a report on the future of the US electric grid, one that describes a huge series of challenges that we'll face just to keep the power flowing in the coming decades.
Read More...

7:02 PM (11 hours ago)
DC's CTO prepares for data onslaught on inauguration eve

from Ars Technica by julian.sanchez@arstechnica.com (Julian Sanchez)
Techies in government at CES mull how to protect critical infrastructure—and how DC will deal with the hordes of cell-toting tourists flooding the town for this week's inauguration.
Read More...

Jan 19, 2009 (14 hours ago)
Watch the 2009 Presidential Inauguration without a TV

from Ars Technica by jacqui@arstechnica.com (Jacqui Cheng)
Do you want to watch President-elect Obama's inauguration tomorrow, but don't want to be tied to your TV set? Neither do we. That's why we found a few resources that will let you follow the goings on online and via your mobile phone.
Read More...

Jan 19, 2009 (16 hours ago)
New malware scam claims Obama to resign. Hint: It's not true

from Ars Technica by jhruska@arstechnica.com (Joel Hruska)
Spammers have been taking advantage of President-elect Obama's imminent election over the past few days, but they aren't capitalizing on the excitement surrounding his election. Instead, the authors are spreading rumors that Obama has quit altogether.
Read More...

Jan 19, 2009 (22 hours ago)
Building desktop Linux applications with JavaScript

from Ars Technica by segphault@arstechnica.com (Ryan Paul)
Ars takes a close look at Seed, a new framework that allows software developers to build GTK+ applications with JavaScript. The popular web scripting language could soon become the dominant application extension language on the Linux desktop.
Read More...

1:06 AM (5 hours ago)
Citrix Plans 'bare Metal' Desktop Hypervisor

from PC World Latest Technology News
Citrix Systems is working with Intel to deliver a "bare metal" hypervisor for client PCs, which proponents say could broaden...

Jan 19, 2009 (12 hours ago)
Feds to Shore Up Net Security

from PC World Latest Technology News
In an effort to prevent routing hijack attacks, the U.S. government is ramping up its move to secure the Internet's routing system

12:51 AM (5 hours ago)
Smartphone Security Measures

from PC Magazine Tips and Solutions
Even the simplest cell phones carry enough data to be dangerous in the wrong hands.

-- Aurora Report says time to go work out, extra content courtesy of extra probing due to lack of alerts.

No comments:

Post a Comment

My Blog List