Aurora Report

Roseman wrote in with a pointer to a techrepublic blog that points out the well known danger to the ...(more)...

5:16 PM (5 hours ago)

Did your DST rollforward work?, (Mon, Mar 9th)

If you have a Cisco IP phone, your DST rollfoward may not have worked, so you might want to rely on ...(more)...

5:16 PM (5 hours ago)

Yes, the w00tw00t continues., (Mon, Mar 9th)

Every day we get at least one email asking about a string they find in their own weblogs. It'll loo ...(more)...

10:01 AM (12 hours ago)

Foxit Reader update, (Mon, Mar 9th)

With all the talk about Adobe Reader 0-days lately, many people have written into the ISC suggesting ...(more)...

Mar 8, 2009 (yesterday)

Behind the Estonia Cyber Attacks, (Sun, Mar 8th)

Radio Free Europe / Radio Liberty ran a story on Friday that we just discovered. According to ...(more)...

8:41 PM (1 hour ago)

Revisiting Browser v. Middleware Attacks In The Era Of Deep Packet Inspection

from CGISecurity - Website and Application Security News by Robert A.

Dan Kaminsky has just published his latest paper on middleware attacks that I recommend checking out. "For CanSecWest this year, I thought it’d be interesting to take a look at the realm of Deep Packet Inspectors. It turns out we were doing a lot of this around 2000 through 2002, and...

8:41 PM (1 hour ago)

Socket Capable Browser Plug-ins Result In Transparent Proxy Abuse

from CGISecurity - Website and Application Security News by Robert A.

For over a year in my spare time I've been working on a abuse case against transparent proxies at my employer, and have just released my latest paper '"Socket Capable Browser Plugins Result In Transparent Proxy Abuse". When certain transparent proxy architectures are in use an attacker can achieve a partial...

2:36 PM (7 hours ago)

Google Docs suffers serious security lapse

from CGISecurity - Website and Application Security News by Robert A.

"Google confessed to a serious bug in its Docs sharing system over the weekend, but downplayed the security cockup by claiming only a tiny number of users had been affected. The internet search kingpin said that less than 0.05 per cent of Google Docs accounts were hit by a privacy breach...

8:41 PM (1 hour ago)

Building Security In Maturity Model is online

from CGISecurity - Website and Application Security News by Romain Gaucher

"The Building Security In Maturity Model (BSIMM) described on this website is designed to help you understand and plan a software security initiative. BSIMM was created through a process of understanding and analyzing real-world data from nine leading software security initiatives. Though particular methodologies differ (think OWASP CLASP, Microsoft SDL, or...

8:41 PM (1 hour ago)

Dan Bernstein Confirms Security Flaw In Djbdns

from CGISecurity - Website and Application Security News by Robert A.

"Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running...

8:41 PM (1 hour ago)

Firefox 3.0.7 fixes multiple security flaws

from CGISecurity - Website and Application Security News by Robert A.

"Mozilla Corp. today patched eight security vulnerabilities in Firefox, half of them critical memory corruption flaws in the browser's layout and JavaScript engines. Firefox 3.0.7, the second security update this year to the open-source browser, fixes about the same number of bugs that Mozilla patched a month ago. Of the eight...

4:17 PM (6 hours ago)

McAfee Monthly Spam Report for March

from McAfee Avert Labs by David Marcus

The third edition of our monthly spam report was released today. This edition discusses some fascinating topics. Key findings include:

Spam campaigns are taking advantage of “partitioning” to increase their effectiveness and combat the efforts of security tools to reduce their reach.

Replica-watch spam has taken over the number one position for holiday spam.

Business leaders and legislatures have promised to stamp out spam, yet the plague persists. Does reputation-based security hold the key?

Putting a dollar value on productivity lost due to spam.

The topic of lost productivity and bringing quantifiable numbers to the impact of spam on a business is particularly interesting and worth a solid read. Download a copy here.

6:20 PM (4 hours ago)

Feds file new felonies against alleged Sarah Palin hacker

Circular reasoning straightened out

A University of Tennessee student accused of illegally breaking into the email account of Alaska governor Sarah Palin has been hit with three new felony charges in connection with the case.…

4:01 PM (6 hours ago)

FoxIT update defends against PDF peril

Not just an Adobe problem

It's not only Adobe Reader that needs patching against maliciously constructed PDF files. Targeted attacks against an unpatched flaw in Adobe Reader over recent weeks has stimulated interest in alternative PDF viewers, such as FoxIT.…

1:20 PM (9 hours ago)

Scottish hospitals laid low by malware infection

Worm causes appointment bother

Appointments for cancer patients had to be rescheduled after a computer virus infected the networking systems at two Scottish hospitals last week.…

9:20 AM (13 hours ago)

Daily Telegraph hit by SQL hack attack

Middle England pwned

Vulnerabilities on a Daily Telegraph website have been exposed by serial grey-hat hacker Unu.…

8:20 AM (14 hours ago)

Twitter users hit by smut spam hack attack

Wasn't Britney's four foot vagina warning enough...

Poor beseiged Twitter users were hit by a new series of attacks on Friday.…

Mar 8, 2009 (yesterday)

eBay scammers work unpatched weaknesses in Firefox, IE

Other sites also vulnerable to CSS attack

Updated eBay scammers have been exploiting unpatched weaknesses in the Firefox and Internet Explorer browsers to deliver counterfeit pages that try to dupe people surfing the online auction house to bid on fraudulent listings.…

11:43 AM (10 hours ago)

Hackers update Conficker worm, evade countermeasures

from Network World on Security by Gregg Keizer

Computers infected with the Conficker worm are being updated with a new variant that sidesteps an industry effort to sever the link between the worm and its hacker controllers, researchers at Symantec Corp. said Friday.

11:43 AM (10 hours ago)

Excel Bug Will Be Ignored on Patch Tuesday

from Network World on Security by Gregg Keizer

Microsoft last week said that three Windows security updates, including one rated "critical," will be released tomorrow.

11:43 AM (10 hours ago)

Vyatta adds security tools to open source routing platform

from Network World on Security by Stephen Lawson

Open source routing vendor Vyatta is adding SSL VPN, intrusion prevention, Web caching, URL filtering and other features in Vyatta Community Edition 5, the latest version of its software, set to be released Monday.

11:43 AM (10 hours ago)

Rod Beckstrom resigns as director of National Cybersecurity Center

from Network World on Security by Ellen Messmer

Rod Beckstrom, director of the National Cybersecurity Center, resigns his position in a letter to Department of Homeland Security Secretary Janet Napolitano, complaining about the large role of the National Security Agency in the NCSC's efforts.

11:43 AM (10 hours ago)

Federal cybersecurity director quits, complains of NSA role

from Network World on Security by Jaikumar Vijayan

In a move that highlights differences over who should be in charge of national cybersecurity efforts, the director of a federal office set up to protect civilian, military and intelligence networks has submitted his resignation after less than a year in the job.

11:43 AM (10 hours ago)

Job 1 for New Federal CIO: Balance Openness with Security

from Network World on Security by Meridith Levinson

President Barack Obama has repeatedly pledged to make the federal government more open, transparent and accountable to American citizens. After assuming office on January 19, 2009, he immediately took steps to act on his promise, which included issuing new, more open guidelines for the Freedom of Information Act, and more recently, ordering an overhaul of the federal government's contracting system.

5:21 PM (5 hours ago)

What's behind the rash of university data breaches?

from Network World on Security by Jay Cline

Purdue University last month reported its seventh data breach in the past four years. But Purdue is hardly alone. According to my records, over 300 publicized privacy incidents have occurred at U.S. institutions of higher learning since 2001, with at least 53 colleges and universities experiencing multiple breaches.

11:43 AM (10 hours ago)

Data About Presidential Helicopter Leaked via P2P

from Network World on Security by Jaikumar Vijayan

A company that monitors peer-to-peer networks said it found classified information about the systems used onboard the U.S. president's helicopter in a shared folder on a computer in Iran, after a file containing the data was accidentally leaked on a peer-to-peer network last summer.

11:43 AM (10 hours ago)

Visa Backtracks on Breach Disclosure

from Network World on Security by Jaikumar Vijayan

Visa and MasterCard have probably been slow to identify the cause of a breach that they warned banks about in mid-February because they want to complete an investigation into the incident, analysts say.

5:21 PM (5 hours ago)

Foxit PDF viewer also open to attack, say researchers

from Network World on Security by Gregg Keizer

Security researchers Monday warned of several vulnerabilities in Foxit, a free PDF document viewer that many have recommended as an alternative to Adobe Reader, which currently contains an unpatched critical bug of its own.

3:42 AM (18 hours ago)

The last word on federated provisioning...for now

from Network World on Security by Dave Kearns

I'd thought we'd probably had the last word on federated provisioning, but a couple of old friends (and regular readers) had some more information which they've allowed me to share with you.

3:42 AM (18 hours ago)

Take the complexity out of firewall configuration changes

from Network World on Security by Linda Musthaler

As network security infrastructure grows larger and more complex, the likelihood of omissions and misconfigurations that can lead to data breaches and other serious problems is a growing concern. Tufin Technologies has solutions for security lifecycle management that take the human judgment factor out of firewall and router configuration changes. Read about the tools that reduce the risk level that's inherent in security configuration changes.

12:01 PM (10 hours ago)

Brief: Conficker update attempts to foil Cabal

from SecurityFocus News

Conficker update attempts to foil Cabal

6:31 PM (4 hours ago)

Panda: ID Theft Trojans Are on 1 in 100 PCs We Scan

Panda says that just over 1 percent of the PCs it scanned last year had ID stealing Trojans on them.

3:30 PM (7 hours ago)

Charges Beefed up Against Alleged Sarah Palin Hacker

David Kernell was arraigned Monday on four felony charges relating to the illegal access of Sarah Palin's Yahoo account last...

9:29 AM (13 hours ago)

Vyatta Adds Security Tools to Open-source Routing Platform

Open-source routing vendor Vyatta is adding security features to Vyatta Community Edition 5, coming Monday.

Mar 8, 2009 (yesterday)

Symantec Warns of Worm's Return

Symantec identifies a third variant of the destructive Downadup/Conficker worm.

Mar 8, 2009 (yesterday)

Security Worries Stall Mobile Shopping

Concern about security still stops consumers from shopping via smartphones or other mobile devices, studies show.

Mar 8, 2009 (yesterday)

Build Security into Every Product, Coders Advised