Around The Horn vol.1,38

Alerts

6:55 PM (1 minute ago)
ProFTPd SQL Authentication Vulnerability exploit activity, (Wed, Feb 11th)

from SANS Internet Storm Center, InfoCON: green
We had a reader report seeing exploit attempts related to a new ProFTPd authentication vulnerability ...(more)...

Security News

2:50 PM (4 hours ago)
The Business Justification for Data Security

from SANS Information Security Reading Room
Category: Data Loss Prevention

2:24 PM (4 hours ago)
MS09-002 - Critical: Cumulative Security Update for Internet Explorer (961260) - Version:1.0

from Microsoft Security Content: Comprehensive Edition
Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

2:24 PM (4 hours ago)
Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution

from Microsoft Security Content: Comprehensive Edition
Revision Note: V2.0 (February 10, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-004 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-004. The vulnerability addressed is the Microsoft XML Core Services Vulnerability - CVE-2008-5416.

2:24 PM (4 hours ago)
Microsoft Security Advisory (960715): Update Rollup for ActiveX Kill Bits

from Microsoft Security Content: Comprehensive Edition
Revision Note: Advisory published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.

2:44 PM (4 hours ago)
Popular Security Website Hit By Big DDoS Attack

from CGISecurity - Website and Application Security News by Robert A.
"Several renowned white-hat hacker security sites have been hit during the past few days with a distributed denial-of-service attack (DDoS). Immunity, Milw0rm, and Packet Storm were in the clear as of this posting, but attackers were still hammering away at Metasploit. The attackers behind the DDoS -- which began on Feb....

1:44 PM (5 hours ago)
Putting Vulnerabilities in Perspective

from CGISecurity - Website and Application Security News by Robert A.
"AppSec Notes complains that Netflix has not fixed all of their CSRF vulnerabilities. You can no longer access account information, billing information, change shipping address, or anything of value, but you can still add movies to someone’s queue. This apparently still bothers the author who has a note of annoyance that...

5:38 PM (1 hour ago)
Fugitive VOIP hacker cuffed in Mexico

from The Register - Security
More than 10 million minutes hijacked
A fugitive hacker accused of illegally rerouting millions of dollars worth of VOIP calls through telecommuncations companies' networks has been apprehended in Mexico.…

2:37 PM (4 hours ago)
Hackintosh maker leaves web doors unlocked

from The Register - Security
'Enough junk to choke a horse'
Add Psystar to the growing list of companies that have have allowed sophomoric mistakes to jeopardize the security of their websites in recent days.…

11:35 AM (7 hours ago)
German Interior minister's website pwned in wiretap protest

from The Register - Security
Schäuble Schadenfreude
Lax password security allowed hackers to bust into the German interior minister’s website.…

8:35 AM (10 hours ago)
Obama orders 'root and branch' cybersecurity review

from The Register - Security
Reboot
President Obama has ordered a wide-ranging review of the US's cybersecurity defences.…

10:34 AM (8 hours ago)
What's new on the security front with Windows 7?

from WindowSecurity.com by deb@shinder.net (Deb Shinder)
Taking a look at Windows 7 security features and whether, from a purely security standpoint, it is worth the upgrade.

7:11 PM (6 minutes ago)
Security Pro: Redmond Should Sever IE's Ties to Windows

from PC World Latest Technology News
By cutting the connections, Microsoft could better protect users with more frequent browser patches.

11:30 AM (7 hours ago)
Identity Theft: It's Out of Your Hands

from PC Magazine Tips and Solutions
The most important thing you have is you, right? And online, you are your identity. If xyz.com doesn't value you enough to keep you safe, then does that company really deserve your business?

Other News

IT grows up: consortium launches new framework for IT
http://arstechnica.com/business/news/2009/02/it-grows-up-consortium-launches-new-framework-for-it.ars

A consortium of academic and business groups has launched the IT Capability Maturity Framework, a buzzword-heavy abstraction that provides a fascinating snapshot of a discipline in transition.
By Jon Stokes Last updated February 11, 2009 8:30