Aurora Report: Around The Horn vol.1,57

Alerts

Mar 7, 2009 (13 hours ago)

Daylight Saving Time Already?, (Sun, Mar 8th)

from SANS Internet Storm Center, InfoCON: green

Yes, readers, it's that time of year already. Hopefully all of our North American readers will ...(more)...

Security News

Mar 7, 2009 (yesterday)

Mahalo CEO who hired convicted botnet leader

from Network World on Security by Jaikumar Vijayan

Jason Calacanis, founder and CEO of search engine start-up Mahalo.com, defends his decision to allow former security researcher John Scheifer to continuing working at his firm even after discovering he was a convicted felon.

Mar 7, 2009 (yesterday)

California's data breach law may get an update

from Network World on Security by Robert McMillan

California's landmark data-breach notification law will get another update, if State Senator Joe Simitian gets his way.

Mar 7, 2009 (yesterday)

Job 1 for New Federal CIO: Balance Openness with Security

from Network World on Security by Meridith Levinson

President Barack Obama has repeatedly pledged to make the federal government more open, transparent and accountable to American citizens. After assuming office on January 19, 2009, he immediately took steps to act on his promise, which included issuing new, more open guidelines for the Freedom of Information Act, and more recently, ordering an overhaul of the federal government's contracting system.

Mar 7, 2009 (yesterday)

Unpatched PDF bug poses growing threat, say researchers

from Network World on Security by Gregg Keizer

An unpatched bug in popular PDF viewing and editing applications is much more dangerous than first thought, according to security researchers who have created exploits that sidestep Adobe's defensive recommendations.

Mar 7, 2009 (yesterday)

Conficker Worm Strikes Back With New Variant

from Network World on Security by Erik Larkin

The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.

Mar 7, 2009 (19 hours ago)

Brief: Cybersecurity chief resigns, dings NSA

from SecurityFocus News

Cybersecurity chief resigns, dings NSA

Mar 5, 2009 (3 days ago)

Security admin, botmaster sentenced to four years in prison

from Ars Technica by jhruska@arstechnica.com (Joel Hruska)

One-time security consultant and significant black hat John Schiefer has been sentenced to four years in federal prison after pleading guilty to multiple counts of fraud last April. Schiefer's case began in 2007 when he was charged with having installed malware on computers without the consent of the owner. The responsibilities and permissions granted to Schiefer as a security consultant during his day job afforded him ample opportunity to play black hat on the side; Schiefer and his associates were charged with creating a botnet of up to 250,000 zombies. Both the case and today's ruling are the first of their kind in the United States; presiding Judge Howard Matz apparently wanted to send a strong message to anyone engaged in similar activities.

Mar 5, 2009 (3 days ago)

Opinion: Windows 7's UAC is a broken mess; mend it or end it

from Ars Technica by drpizza@quiscalusmexicanus.org (Peter Bright)

I wrote a few weeks ago about changes Microsoft has made to Windows 7's User Account Control (UAC) that make the component less secure than it was in Vista. Though the company has responded by saying it will change some of the problem behaviors, yet more problems have emerged that indicate that a real fix will be harder than first expected. But more than that, the flaws call into question the entire purpose of the Windows UAC feature, at least in its commonplace "Admin Approval" mode.

Mar 4, 2009 (4 days ago)

'Net scammers go after gullible with fake stimulus offers

from Ars Technica by jhruska@arstechnica.com (Joel Hruska)

Scammers are always on the lookout for sociopolitical events they can craft into a phishing hook; we've seen the thieves try lures flavored with everything from holiday celebrations to information on international assassinations. The various security firms and organizations in the United States have been warning of an uptick in recession-themed spam for the past few months. Families feeling the pinch—particularly those where one or more providers is in their second to third month of unemployment—are more likely to take a chance on an ad that seems too good to be true, even if they logically know the chance of finding a golden ticket is slim indeed.

Mar 6, 2009 (2 days ago)

Cyber Security Czar Quits Amid Fears of NSA Takeover

from Wired Top Stories by Noah Shachtman

Rod Beckström, the Department of Homeland Security's controversial cybersecurity chief, has suddenly resigned, amid allegations of power grabs and bureaucratic infighting.

Mar 7, 2009 (20 hours ago)