Wednesday, January 7, 2009

Around The Horn, Volume One, Number Two


Alerts

Cisco IOS Exploitation Technique and Defense In Depth, (Tue, Jan 6th)

from SANS Internet Storm Center, InfoCON: green
As many of you have seen, The Register and other main stream media sources are starting to discuss a ...(more)...

Tools on my Christmas list., (Fri, Jan 2nd)

from SANS Internet Storm Center, InfoCON: green
Every year I create a list of things I would like to do with my spare time over the holiday break.n ...(more)...

Security News

CheckFree warns 5 million customers after DNS hack

from CGISecurity - Website and Application Security News by Robert
"Tolley wouldn't say what banks were affected by the hack, but the majority of these five million customers were CheckFree's own users, she said. In total, about 42 million customers access CheckFree's bill payment site, she said. Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on...

Building a Web Application Security Program, Part 8: Putting It All Together

from CGISecurity - Website and Application Security News by Robert
"Whew! This is our final post in this series on Building a Web Application Security Program (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7), and it’s time to put all the pieces together. Here are our guidelines for designing a program that meets the needs...

Hackers Post Faked Report of Steve Jobs's Death

from CGISecurity - Website and Application Security News by Robert
"MacRumors, one of the many sites which cover Apple's annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs's death to the blow-by-blow reports."Here's the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-death

Pak hackers plan attack on Indian cyber networks: Intel

from CGISecurity - Website and Application Security News by Robert
"After the Mumbai terror strikes, anti-India elements in Pakistan are now planning an attack on Indian computer networks, intelligence agencies have warned. Already Pakistani hackers are trying out a dry run against Indian networks through popular websites registered there after the Mumbai terror strikes, Home Ministry sources told PTI here today....

Paper: Security Assessment of the Internet Protocol

from CGISecurity - Website and Application Security News by Robert
The following was sent to the Full Disclosure mailing list last yesterday."In August 2008 the UK CPNI (United Kingdom's Centre for the Protection ofNational Infrastructure) published the document "Security Assessment of theInternet Protocol". The motivation of the aforementioned document isexplained in the Preface of the document itself. (The paper is availableat:...

Israel hacks Arab TV station

from CGISecurity - Website and Application Security News by Robert
"Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. The hijack of the Al-Aqsa television station last weekend represents the latest phase in a war in cyberspace that has accompanied the ongoing conflict in Gaza. Al-Aqsa is known for featuring allegedly antisemitic childrens' cartoons as part...

Rogue LinkedIn Profiles Lead To Malware

from McAfee Avert Labs by Micha Pekrul
LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to nude “Hulk Hogan” exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture

Google picks up third spot in spam-friendly shame list

from The Register - Security
Blogspot exploits and Gmail scams slammed
Google has leapfrogged Microsoft to reach third place in a blacklist of spam-friendly ISPs and hosting firms, compiled by anti-spam organisation Spamhaus.org.…

Bogus LinkedIn profiles punt malware to fools

from The Register - Security
Beyoncé's not your friend, you berk
Bogus profiles on social networking website LinkedIn are punting malware to the credulous and starstruck.…

Pranksters inflitrate live Macworld feed

from The Register - Security
Blasphemy on Jobsian high holy day
As unfounded as they may be, reports of Steve Jobs's demise have spread to a live feed of Macworld Expo provided by Apple gossip site MacRumors after griefers managed to breach the website's security.…

Twitter Hack: How It Happened and What's Being Done

from Network World on Security
Twitter is tackling a series of security issues, starting with a hack that hit some well-known celebrity accounts. Someone broke into Twitter accounts belonging to President-elect Barack Obama, CNN anchor Rick Sanchez, and Britney Spears over the weekend. At the same time, a phishing scam is trying to trick regular users into handing over their passwords and compromising their profiles.

The 4 Security Rules Employees Love to Break

from Network World on Security
Most CSOs and security managers know employees are taking risks everyday that could set their company up for a breach. What some of the biggest offenses? And what can be done to nip that risky behavior in the bud? John Stewart, CSO of Cisco, offers his take on 4 rules people love to break and offers advice on getting them to stop.

The CAN-SPAM Act as a warning

from Network World on Security by Scott Bradner
It is widely expected that the new Congress and administration will be passing a lot of regulations to deal with all sorts of perceived problems.

Rogue SSL certificate exploit puts VeriSign on the spot

from Network World on Security by Ellen Messmer
Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk.

Google comes in fourth on top 10 list of spam enablers

from Network World on Security
Google has yet to stop a rising number of spammers from abusing Google Docs, its Web-based collaboration and spreadsheet application, according to junk mail watchdog Spamhaus

3 Ways a Twitter Hack Can Hurt You

from Network World on Security
Just days after popular social networking tool Twitter was hit was a phishing scam, the company is now trying to clean up a mess surrounding a separate hacking attack.

Digital Gangster Take Credit for Twitter Hacks

from Network World on Security
Members of the online forum Digital Gangster may have been behind Monday's Twitter hack. On Monday, hacker's gained access to, and posted messages from, 33 Twitter accounts including those of Bill O'Reilly, Britney Spear and CNN's Rick Sanchez

The Five Most Dangerous Security Myths: Myth #2

from Network World on Security
Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a good antivirus program, you're completely safe, right?

CheckFree warns 5 million customers after hack

from Network World on Security by Robert McMillan
CheckFree and some of the banks that use its electronic bill payment service are notifying more than 5 million customers after criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine.

Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement

from Darknet - The Darkside by Darknet
This is an interesting development in router security, Cisco bugs have been popping up now and then - not that often - but usually when they do they are quite serious. The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]

Brief: Researchers claim flaws in Intel's trusted platform

from SecurityFocus News
Researchers claim flaws in Intel's trusted platform

Brief: Celebrities mask malware on Twitter, LinkedIn

from SecurityFocus News
Celebrities mask malware on Twitter, LinkedIn

-- Aurora Report says thats the roundup for today.

No comments:

Post a Comment

My Blog List