Alerts8:02 PM (10 hours ago)
Web Application Firewalls (WAF) - Have you deployed WAF technology?, (Mon, Jan 12th)
from
SANS Internet Storm Center, InfoCON: greenWhat is WAF? If your first response to the subject is What is a Web Application Firew ...(more)...
Jan 12, 2009 (12 hours ago)
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout, (Mon, Jan 12th)
from
SANS Internet Storm Center, InfoCON: greenThe storm center handlers mailbox has received a growing number of email inquiries regarding root ca ...(more)...
Security NewsJan 12, 2009 (18 hours ago)
Wireless at the hospital and the threats they face
from
SANS Information Security Reading RoomCategory: Wireless Access
Paper Added: January 12, 2009
Jan 12, 2009 (17 hours ago)
Zombie profiling with SMTP greylisting
from
SANS Information Security Reading RoomCategory: Email Issues
7:35 PM (10 hours ago)
HTTPS-only mode added to Chrome Browser
from
CGISecurity - Website and Application Security News by Robert
Google has added a HTTPS browsing feature to chrome.From the changelog"A new HTTPS-only browsing mode. Add --force-https to your Google Chrome shortcut, and it will only load HTTPS sites. Sites with SSL certificate errors will not load. " Release Notes 2.0.156.1 http://dev.chromium.org/getting-involved/dev-channel/release-notes/releasenotes201561Very cool.
Jan 12, 2009 (17 hours ago)
Gary McKinnon confesses to escape extradition to USA
from
CGISecurity - Website and Application Security News by Robert
"COMPUTER hacker Gary McKinnon has signed a formal confession in a last-ditch attempt to avoid his extradition to the US, his family have confirmed.Former Highgate Wood School pupil Mr McKinnon, 42, is currently awaiting extradition after being accused of causing $700,000 worth of damage when he allegedly hacked into US security...
Jan 12, 2009 (17 hours ago)
CWE & SANS TOP 25 Most Dangerous Programming Errors
from
CGISecurity - Website and Application Security News by Robert
"Most of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors. A list of 25 of the most serious such coding errors is scheduled to be released later today by a group of 30 high-profile organizations, including Microsoft,...
Jan 12, 2009 (13 hours ago)
McAfee Monthly Spam Report Debuts
from
McAfee Avert Labs by David Marcus
Today we at McAfee Avert Labs released the first of our new monthly publications:
the “McAfee January Spam Report.”Within its pages you will find excellent information on current spam trends, campaigns, and maybe even some “winners and losers.” Some of the highlights of the January issue include:
Political SpamTax Relief Junk MailUnemployment and Diploma Spam IncreasesChristmas E-Cards
As well as some 2009 spam predictions! Definitely worth the download and read. Watch for our February issue in about four weeks. All spam reports, as well as other white papers, are available from our whitepaper download area
here.8:34 PM (9 hours ago)
Experts trumpet '25 most dangerous' programming errors
from
The Register - SecurityAnd tips to avoid them
Computer experts from more than 30 organizations worldwide have released a consensus list of the 25 most dangerous programming errors that lead to security breaches.…
7:34 PM (10 hours ago)
Storm worm smackdown as researchers unpick control system
from
The Register - SecurityBut legal fears may kibosh clean-up
A team of security researchers have developed a technique for automatically purging the remnants of the Storm worm infection from the internet. But the approach - which involves turning the botnet's command and control system against itself - could run foul of computer hacking laws in Germany and elsewhere, which ban the modification of computer systems without consent.…
Jan 12, 2009 (20 hours ago)
Vector buys security firm Aladdin
from
The Register - SecurityPrivate equity firm builds up information security portfolio
Private equity firm Vector Capital has agreed to acquire Israeli security tools firm Aladdin Knowledge Systems in a deal valued at $160m.…
Jan 12, 2009 (21 hours ago)
Web 2.0rhea hack mistaken for end of universe
from
The Register - SecurityMuch aTwitter about nothing
Fail and You Kids these days. Used to be, when you were mad at your parents or your professors, you'd write an email worm in Visual Basic and spread it around via Outlook clients.…
5:00 AM (1 hour ago)
Third Brigade unveils Deep Security 6.0
from
Network World on Security by Ellen Messmer
Sixth version of Third Brigade's Deep Security software adds file-integrity monitoring, log inspection and integration with VMware's vCenter management server.
5:00 AM (1 hour ago)
Browser bug could allow phishing without e-mail
from
Network World on Security by Robert McMillan
A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer.
5:00 AM (1 hour ago)
Gears of War 2 patch coming soon
from
Network World on SecurityAccording to Epic vice president Mark Rein, a Gears of War 2 patch will go live sometime this month that fixes a handful of online exploits, improves overall gameplay, and adds new achievement points related to downloadable content. No exact date is mentioned for when the patch will go live, but Rein does assure Gearheads that the patch will come out in "January... we are working hard to get this out the door." Here's the complete, more detailed forum post from Mark Rein:
5:00 AM (1 hour ago)
Paris Hilton's Web site being used in Web attack
from
Network World on Security by Robert McMillan
Paris Hilton's Web site has been hacked and is serving visitors a malicious Trojan program designed to steal sensitive information from their computers.
5:00 AM (1 hour ago)
What Free Security Programs Can Protect My PC?
from
Network World on SecurityYou really can protect your PC with free software, but there's a price. Multiple free security programs usually aren't as easy to use as one pricey suite. Your less likely to get decent support (perhaps I should say even less likely). And they lack features like antispam and child protection which you may or may not need. All of the companies that give away security programs sell more feature-rich versions, which come with better support and additional features.
5:00 AM (1 hour ago)
Top 25 software screw-ups
from
Network World on Security by Ellen Messmer
Most IT security woes, from software patching to cyberespionage and cybercrime, can be traced to the devastating effects wrought by the Top 25 programming errors made in software, according to a broad consensus of government and security firms.
5:00 AM (1 hour ago)
Group lists 25 most dangerous coding errors hackers exploit
from
Network World on SecurityMost of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors.
5:00 AM (1 hour ago)
Startup launches cloud application management tool
from
Network World on SecurityCloud-computing startup Kaavo's software for deploying and managing cloud-based applications is now out of beta, the company said Monday.
5:00 AM (1 hour ago)
'Huge increase' in worm attacks plague unpatched Windows PCs
from
Network World on SecurityA computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said Monday, as it boosted its overall threat ranking and warned users to patch their PCs.
Jan 12, 2009 (17 hours ago)
How to tell which employees are more of a security risk
from
Network World on SecurityRecently I have read quite a bit about "insider threats" and the potential for losing customer data. But not everyone is bad, so how can I tell if I need to pay attention to certain employees?
Jan 12, 2009 (17 hours ago)
Security Experts ID Top 25 Programming Errors
from
Network World on SecurityA group of security experts and luminaries have created a list of the 25 most significant programming errors that can lead to serious software vulnerabilities.
Add starShareEmailKeep unread
Jan 12, 2009 (17 hours ago)
(title unknown)
from
Network World on SecurityJan 12, 2009 (17 hours ago)
Obama Inauguration Highlights Executive Protection
from
Network World on SecurityBetween the pending presidential inauguration and roiling anti-corporate sentiment, executive protection is more critical than ever. Expert Robert Oatman explains the elements of a good program, the impact of technology, and more.
Jan 12, 2009 (17 hours ago)
NSA helps name most dangerous programming mistakes
from
Network World on Security by Robert McMillan
A group of more than 30 computer organizations has taken what some are calling a big step toward making software more secure.
Jan 12, 2009 (12 hours ago)
Brief: DARPA awards $30m to create security test bed
from
SecurityFocus NewsDARPA awards $30m to create security test bed
Jan 12, 2009 (12 hours ago)
Brief: Army, NATO sites defaced by Mideast protesters
from
SecurityFocus NewsArmy, NATO sites defaced by Mideast protesters
10:31 PM (7 hours ago)
China online porn crackdown: 91 sites down, thousands to go
from
Ars Technica by jacqui@arstechnica.com (Jacqui Cheng)
The Chinese government has taken down 91 websites for hosting or linking to pornographic content since last week, and it vows to continue doing so in order to protect young minds.
Jan 12, 2009 (14 hours ago)
Cable Hacker Charged With Selling Illicit-Broadband Modems
from
Wired Top Stories by Kevin Poulsen
In the first case of its kind, a Pennsylvania man faces federal criminal charges for selling hacked cable modems capable of stealing free, anonymous internet service from broadband providers.
5:43 AM (46 minutes ago)
Executive Charged With Exporting Dual-use ICs to China
from
PC World Latest Technology NewsA business executive has been charged in California with the illegal export of integrated circuits considered to have dual...
9:43 PM (8 hours ago)
Browser Bug Could Allow Phishing Without E-mail
from
PC World Latest Technology NewsSecurity vendor Trusteer says its found a way to do phishing without the e-mail, thanks to a bug in all major browsers.
6:39 PM (11 hours ago)
Disaster Recovery Budgets Feel the Pinch
from
PC World Latest Technology NewsExecs figure cutting DR for new projects will save half their cost. But to a security manager, it feels like living on the edge.
Jan 12, 2009 (14 hours ago)
Hacker Leaves Message for Microsoft in Trojan Code
from
PC World Latest Technology NewsA Zlob Trojan writer has left messages for Microsoft in his malicious code.
Jan 12, 2009 (21 hours ago)
Court Says Feds Need A Warrant To Listen To Touchtone Beeps Too
from
Techdirt by Michael Masnick
While there are still arguments over the legality of the government's warrantless wiretap program, apparently there's been a separate court case looking at whether or not a warrant is needed if the authorities are
just listening to your touchtone dialing, rather than the contents of the call itself. The feds felt that if it was just the touchtone beeps, then they didn't need any warrant at all -- but a court has now shot that theory down. The feds tried to claim that such data was not "content" which would trigger the need for a warrant -- but considering that with today's touchtone IVR systems, such data could include passwords, PINs, social security numbers and other private data, it seems perfectly reasonable to suggest a warrant is necessary.
-- Aurora Report says bonus material included for free.
Posts
No comments:
Post a Comment