Friday, January 23, 2009

Around The Horn vol.1,18

Alerts

5:59 PM (11 hours ago)
TA09-022A: Apple QuickTime Updates for Multiple Vulnerabilities

from US-CERT Technical Cyber Security Alerts
Apple QuickTime Updates for Multiple Vulnerabilities

10:05 PM (7 hours ago)
iWork 2009 Trojan, (Fri, Jan 23rd)

from SANS Internet Storm Center, InfoCON: green
It's already pretty widely reported in the media, take for instance here and here. First reported b ...(more)...

Jan 22, 2009 (19 hours ago)
Unexpected mass reboots are worth investigating, (Thu, Jan 22nd)

from SANS Internet Storm Center, InfoCON: green
An ISC reader told us that his company observed a large number of their PCs unexpectedly reboot at a ...(more)...

Security News

Jan 22, 2009 (15 hours ago)
Security metrics on flaws detected during architectural review?

from CGISecurity - Website and Application Security News by Robert A.
I recently attended a private event where there was a talk on security metrics. Security metrics can be used to determine if action x is reducing risk y. Software security metrics typically involve counting the number of defects discovered over time to see if things are getting better. Most of these...

Jan 22, 2009 (15 hours ago)
PCI Is Meaningless, But We Still Need It

from CGISecurity - Website and Application Security News by Robert A.
There's a good rant at informationweek on PCI."The Heartland Payment Systems breach demonstrates that PCI is bunk. Unfortunately, unless something better comes along, bunk is better than nothing. The PCI compliance program is like a Zen koan: it's a proposition that can't be understood rationally. Unlike a koan, however, pondering on...

Jan 22, 2009 (15 hours ago)
British hacker gang 'tried to steal £229m from Japanese bank'

from CGISecurity - Website and Application Security News by Robert A.
"A six-strong hacker gang attempted to plunder £229million from a Japanese bank in an audacious high-tech scam, a court heard. A crooked security guard at Japanese bank Sumitomo Mitsui let alleged computer hackers into the building in the dead of night where they installed spy software on computers used for multi-million...

Jan 22, 2009 (13 hours ago)
Mac malware piggybacks on pirated iWork

from The Register - Security
Over 20,000 served
Malware masquerading as part of Apple's iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites.…

Jan 22, 2009 (14 hours ago)
Obama unfurls master plan for US cybersecurity

from The Register - Security
Here comes the cyber czar
On his first full-day as US President, Barack Obama on Wednesday outlined plans to declare the country's computer infrastructure a national asset that will be protected by a cyber advisor who will report directly to the president.…

Jan 22, 2009 (22 hours ago)
OcUK puts £10K bounty on the heads of DDoS varmints

from The Register - Security
Wild West response to week-long hack attack
Overclockers.co.uk is offering a £10,000 ($13,830) reward for information leading to the conviction of attackers who have targeted the technology enthusiast site in a DDoS lasting over a week.…

Jan 22, 2009 (13 hours ago)
PBX phone phreakers ring up huge bills in Oz

from The Register - Security
Security loophole allows bad nattering
Phreakers are using security loopholes in PBX systems to make international calls at the expense of businesses in Western Australia.…

5:07 AM (55 minutes ago)
Obama plan says cyber infrastructure is 'strategic'

from Network World on Security by Robert McMillan
The Obama administration has published a high-level plan to protect U.S. computer networks, saying it considers cyber infrastructure "a strategic asset" and will appoint a cyber adviser who will report directly to the president.

5:07 AM (55 minutes ago)
Unisys: Customer convenience key to future IT security

from Network World on Security
Asia Pacific governments and businesses will face pressure during 2009 to 'put the customer first' with their information security strategies, according to information services company Unisys.

5:07 AM (55 minutes ago)
Place your bets against malware

from Network World on Security by Mark Gibbs
The response to my recent Gearhead and Backspin columns on malware has been amazing! And the range of suggestions has ranged from admit defeat, wipe the system, and start again to fight the good fight and don't give in.


5:07 AM (55 minutes ago)
Microsoft Security Response Center gets new boss

from Network World on Security by Robert McMillan
The point man for security bug fixes at Microsoft has stepped down as director of the Microsoft Security Response Center (MSRC).

5:07 AM (55 minutes ago)
Bugs in tech documentation continue to rise

from Network World on Security by Grant Gross
The number of bugs in technical documentation for Microsoft communication protocols continues to grow, according to court documents filed for ongoing antitrust oversight of the company in the U.S.

5:07 AM (55 minutes ago)
Trojan takes 'Office Space' approach to stealing

from Network World on Security by Paul McNamara
Russian security vendor Kaspersky Lab last week began sounding the alarm about an overseas mobile-phone scam that smacks of the movie "Office Space" and may portend future dangers for global users.

5:07 AM (55 minutes ago)
Symbian malware takes money from phone

from Network World on Security by Robert McMillan
Hackers have discovered a new way to steal your money: texting it out of your phone.

Jan 22, 2009 (17 hours ago)
Clerical error foiled Sumitomo bank hack

from Network World on Security
The largest near heist in banking history failed because the men accused of trying to carry it out didn't properly fill in a single field in an electronic transfer form.

5:07 AM (55 minutes ago)
Heartland breach raises questions about PCI standard's effectiveness

from Network World on Security by Ellen Messmer
While it's not yet known if Heartland Payment Systems' data breach will count as the largest card heist ever, some analysts say what is clear is that the Payment Card Industry (PCI) data security standard isn't sufficient.

5:07 AM (55 minutes ago)
Data breach sparks security concerns in payment industry

from Network World on Security
The lack of details surrounding the potentially massive data breach that Heartland Payment Systems Inc. disclosed this week is fueling questions and concerns within the payment processing industry about the exact nature of the security compromise.

Jan 22, 2009 (17 hours ago)
Pirated iWork '09 installer may contain trojan horse

from Network World on Security
Intego, makers of VirusBarrier and other security software for the Macintosh, issued a security alert for Mac users on Thursday, advising them about the existence of a new Trojan Horse, which they've named OSX.Trojan.iServices.A. This new Trojan Horse can be found in pirated copies of Apple's iWork '09 application suite, has been downloaded over 20,000 times, according to Intego's numbers.

Jan 22, 2009 (17 hours ago)
Mac Trojan Horse found in pirated Apple iWork '09

from Network World on Security
Intego, a maker of anti-virus and firewall software, has issued an alert to warn Mac users not to download Apple iWork '09 installers from sites offering pirated software.

Jan 22, 2009 (17 hours ago)
Sophos may lay off up to 5% of staff

from Network World on Security
Security vendor Sophos plans to lay off up to 5% of its staff, the company said Thursday.

3:06 AM (2 hours ago)
CeWL - Custom Word List Generator Tool for Password Cracking

from Darknet - The Darkside by Darknet
It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic. This application is more towards creating [...]Read the full post at darknet.org.uk

Jan 22, 2009 (21 hours ago)
Using Twitter for Data Mining and Information Gathering

from Darknet - The Darkside by Darknet
We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform. There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following. Due to the large update of Twitter, the amount of datable...Read the full post at darknet.org.uk

Jan 22, 2009 (18 hours ago)
Brief: Apple quashes eight QuickTime flaws

from SecurityFocus News
Apple quashes eight QuickTime flaws

Jan 22, 2009 (18 hours ago)
News: Mac OS X research warns of stealthier attacks

from SecurityFocus News
Mac OS X research warns of stealthier attacks

12:02 AM (6 hours ago)
US cybersecurity ills will be a tough nut for Obama to crack

from Ars Technica by segphault@arstechnica.com (Ryan Paul)
The Obama administration's agenda for boosting homeland security includes a number of issues that relate to cybersecurity. Although the plan reflects an awareness of key security issues posed by emerging technologies, its proposed solutions still need some work.

Jan 22, 2009 (17 hours ago)
An odd choice to help government with open source strategy

from Ars Technica by segphault@arstechnica.com (Ryan Paul)
Obama has asked Sun cofounder Scott McNealy to prepare a paper about the potential cost benefits of adopting open source software in government IT. Although open source adoption would be a smart cost-cutting move, McNealy isn't exactly a fount of wisdom on the subject.

10:13 PM (8 hours ago)
Obama Plan Says Cyber Infrastructure Is 'strategic'

from PC World Latest Technology News
In a new position paper, the Obama administration says it will consider cyber infrastructure a strategic asset.

7:12 PM (11 hours ago)
Symbian Malware Takes Money From Phone

from PC World Latest Technology News
Kaspersky Lab warns that a new mobile-phone Trojan spotted in Indonesia uses SMS messages to steal money.

Jan 22, 2009 (14 hours ago)
Confirmed: Obama gets his BlackBerry, no Sectera Edge in sight

from Engadget by Joshua Topolsky

8:40 PM (10 hours ago)
White House Confirms: President Keeps His Blackberry

from Techdirt by Michael Masnick
There were some stories yesterday saying that, despite earlier worries he'd be forced to give it up, President Obama was able to keep his Blackberry -- and now the White House has confirmed it.

-- Aurora Report says The President has spoken http://www.whitehouse.gov/agenda/homeland_security/.

No comments:

Post a Comment

My Blog List