Making the most of your runbooks, (Fri, Mar 20th)
To perform effective security incident handling, a standard model is often used. SANS throug ...
Updates to ISC BIND, (Sat, Mar 21st)Internet Systems Consortiumhave released a new version of their popular DNS implementation.
BBC says U.K. credit card information for sale in India (NetworkWorld Security) CVE-2009-1028 (ezipwizard) (Natl. Vulnerability Database) CVE-2008-6500 (aspshoppingcart) (Natl. Vulnerability Database)iWonder Surf offers managed browsing on iPhone, iPod touch (NetworkWorld Security)
Bugtraq: SECURITY DSA 1749-1 New Linux 2.6.26 packages fix several vulnerabilities (SecurityFocus Vulnerabilities)
From Microsoft Internet Explorer 8 to Mozilla Firefox, Web Browsers Tighten Security (E-Week Security) CVE-2008-6494 (aspuserengine.net) (Natl. Vulnerability Database)Power grid is found susceptible to cyberattack
An emerging network of intelligent power switches, called the Smart Grid, could be taken down by a cyberattack, according to researchers with IOActive, a Seattle security consultancy.
Online Fraud Hits Airlines Hard
A report finds airlines worldwide lost more than $1.4 billion to fraudsters in 2008.
Dealing with Security Challenges, (Sun, Mar 22nd)
Do you ever feel like you are the lone gunman? Taking pot shots into the dark while trying to ...
Vuln: POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability (SecurityFocus Vulnerabilities) Brief: Cybercriminals optimize search for cash (SecurityFocus News) Zinf Audio Player 2.2.1 (.pls) Universal Seh Overwrite Exploit (milw0rm) Mac OS X xnu < 1228.3.13 (zip-notify) Remote Kernel Overflow PoC (milw0rm) Bugtraq: SECURITY DSA 1751-1 New xulrunner packages fix several vulnerabilities (SecurityFocus Vulnerabilities) Fear and the Availability Heuristic (Schneier blog) Apple says sorry for Mac Perl breakage (The Register) Finjan: Bogus Anti-virus Is Big Business (E-Week Security) Former gov't worker sentenced for passport snooping (NetworkWorld Security) Microsoft releases !exploitable crash evaluation tool (CGISecurity.com) Scareware affiliates playing search engines (The Register) NetWitness Launches Online Intelligence Service Enabling Customers to Protect Against Emerging Threats (Business Wire via Yahoo! Finance) (Yahoo News) Research in Explosive Detection (Schneier blog) CVE-2008-6502 (prochatrooms) (Natl. Vulnerability Database) Pin Down Your Passwords (NetworkWorld Security) CVE-2009-1038 (Natl. Vulnerability Database) CVE-2009-1040 (Natl. Vulnerability Database) CVE-2009-1029 (poppeeper) (Natl. Vulnerability Database)sqlsus 0.2 Released - MySQL Injection & Takeover Tool
By Darknet on sqlsus
sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of data gathered [...]
Securing the Smart Power Grid from HackersPosted by InfoSec News on Mar 23
http://www.businessweek.com/technology/content/mar2009/tc20090320_788163.htm
By Katie Fehrenbacher
BusinessWeek
GigaOm
March 23, 2009
Imagine if the havoc caused by Internet viruses and worms - downed web
sites, snatched credit card data, and so forth - were unleashed on the
power...
Posted by InfoSec News on Mar 23
http://online.wsj.com/article/SB123733224282463205.html
By AUGUST COLE and SIOBHAN GORMAN
The Wall Street Journal
MARCH 18, 2009
WASHINGTON -- The biggest U.S. military contractors are counting on
winning billions of dollars in work to protect the federal government
against electronic...
Posted by InfoSec News on Mar 23
http://www.stripes.com/article.asp?section=104&article=61487
By Charlie Reed
Stars and Stripes
European edition
March 21, 2009
RAF MILDENHALL, England - British authorities are still looking for a
stolen computer containing the personal information of thousands
assigned to the base.
...
Posted by InfoSec News on Mar 23
http://news.cnet.com/8301-13578_3-10200710-38.html
By Stephanie Condon
Politics and Law
CNET News
March 20, 2009
Forthcoming legislation would wrest cybersecurity responsibilities from
the U.S. Department of Homeland Security and transfer them to the White
House, a proposed move that...
Posted by InfoSec News on Mar 23
http://www.cw.com.hk/content/hong-kong-information-security-watchdog-heads-apcert
By Search SMB Asia
March 18, 2009
The Hong Kong Computer Emergency Response Team Coordination Centre
(HKCERT) has been elected as the chair of the APCERT (Asia-Pacific
Computer Emergency Response Team)...
Posted by InfoSec News on Mar 23
http://blog.seattlepi.com/microsoft/archives/164680.asp
By Andrea James
The Microsoft Blog
Seattlepi.com
March 20, 2009
A 25-year-old German graduate student who goes only by Nils has hacked
Internet Explorer 8, along with Safari and Firefox, at CanSecWest's
hacking competition. ...
Posted by InfoSec News on Mar 23
Forwarded from: Caspian Kilkelly <Caspian (at) random-interrupt.org>
RE: HIPAA security rules-
These rules are basically a bare minimum for compliance, and don't
usually end up passing muster for other standards (IHE, HITTSP, HL7, the
various ISOs, etc) which most hospital and care...
Posted by InfoSec News on Mar 23
http://www.wbbm780.com/Been-In-An-Ambulance-Lately--Your-Identity-May-Be-/4051123
By Steve Miller
WBBM780.com
19 March 2009
CHICAGO (WBBM) -- The city of Chicago now says more than 60,000 people
may be at risk of having their identities stolen - after a laptop
computer was stolen from an...
Fix on the way
Apple has apologized for breaking Perl with its latest Mac OS X security update, saying it will distribute a solution to the problem with a future update.…
Cybercrime server exposed through Google cacheUK and US IDs exposed to world
A reported 22,000 card records have been exposed through cached copies of data stored on a defunct cybercrime server.…
Russian spy agencies linked to Georgian cyber-attacksFollow the bear prints
More circumstantial evidence has emerged linking the Russian authorities to cyber-attacks on Georgia that coincided with a ground war between the two countries in July and August last year.…
Scareware affiliates playing search enginesScam gets results
The growing trade in rogue security software is being driven by the gaming of search engines to direct surfers to sites peddling scareware.…
SWFScan - Free Flash Security ToolBy Robert A. on Security Tools
"HP SWFScan is a free security tool to developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security...
Microsoft releases !exploitable crash evaluation toolBy Robert A. on Tools
"Aiming to better identify bugs that could lead to security issues, Microsoft announced on Wednesday that it planned to release a tool to help developers classify and assess program crashes. The tool, known as !exploitable and pronounced "bang exploitable," is a plugin for the Windows debugger that categorizes crash information using...
Cloud on the horizonBy Igor Muttik on Testing
Guys from AV-Comparatives have just posted a new scanners’ review on their Web site - http://www.av-comparatives.org/comparativesreviews/main-tests: AV-Comparatives is a non-profit independent test organization based in Austria and they have been running comparative tests for many years but this last one in February 2009 was different for two reasons: Firstly, the criteria for getting awards were more stringent than ever. [...]
Breaking the Codec…By Kevin Beets on Scams
I ran across a new twist on the by-now well known FakeAlert series. Just in case you have been lucky enough not to have dealt with this malware, it goes roughly like this: You get an email from what looks to be a legitimate source, or visit a legitimate looking website that is offering the [...]
Brief: Cybercriminals optimize search for cashCybercriminals optimize search for cash
Free HP SWFScan tool detects Adobe Flash flawsBy Erin Kelly
SWFScan analyzes Adobe Flash to identify dozens of source code errors.
Managed security services gain as companies seek expertiseBy Neil Roiter
Enterprises are shifting key security functions to service providers, according to a new survey. Companies cited the need for outside expertise and 24/7 coverage.
Visa Slaps Payment Firms On Breaches, Defends PCI
Two payment processors that recently disclosed data breaches have been dropped from Visa Inc.'s list of companies that comply with the PCI data security rules. But analysts said the move may be more about Visa protecting itself than about improving the security of payment card data.
Skype to run beta of VoIP for business over SIP, IP switchesSkype Technologies SA announced Monday a beta version of its popular voice-over-IP service for businesses that have IP-based switches running on the Session Initiation Protocol.
Spam filters block legitimate email, finds testMany anti-spam products still block an inconvenient amount of legitimate email, a new test of leading products has suggested.
iCABLE combats TV piracy with Cisco toolsCisco announced Friday that Hong Kong-based pay TV operator i-CABLE is deploying Cisco's set-top boxes and video system to fight pirated TV viewing.
10 IE Browser Settings for Safer SurfingAsk a room full of security practitioners for a list of security settings that'll make Internet Explorer (IE) safe to use and you'll either hear laughter or advice to get a new browser like Mozilla Firefox, Opera, Safari or Google Chrome.
Free tool from HP scans for Flash vulnerabilitiesHewlett-Packard has released a free development tool that finds vulnerabilities in Flash, Adobe System's widely used but occasionally buggy interactive Web technology.
Former gov't worker sentenced for passport snoopingA former employee at the U.S. Department of State has been sentenced to 12 months of probation and ordered to perform 100 hours of community service for illegally accessing more than 150 confidential passport applications files, the U.S. Department of Justice said.
Ex-Sun ID wizards unveil the UnboundID Directory ServerWhile I was writing this newsletter last week the press was rampant with rumors of an IBM buyout of Sun. Such a deal would dramatically change the identity management landscape, but it's not what I want to talk about today. Instead, we'll look at news from a group of former Sun employees in Austin, Texas. Surprisingly, though, this isn't about SailPoint.
Symantec's last ManageFusion conference was full of high pointsMarking the end of an era, Symantec held its last-ever ManageFusion user conference in early March. This conference will be rolled into Symantec's other user conferences in the future. Meanwhile, there were lots of high points at ManageFusion, including the long-awaited general availability of Altiris Client Management Suite 7.0 and Altiris Server Management Suite 7.0. Read what else transpired and learn about cool new technologies in development.
Twitter Flies into the Enterprise
Analysis: Companies are already leveraging Twitter to gain an edge, and some are doing it rather well.
Conficker to Phone Home on April Fools' Day
While it's unclear what will happen next week when the newest variant of Conficker begins trying to contact its controllers, it likely won't be good news.
Keep Computer Spies at Bay
Analysis: Computer espionage headlines abound, but you can fight back by following a few simple steps.
Site Hacks, Fake Security Rakes in Serious Cash
Digging into the underhanded tricks online crooks use reveals site hacks that can harm business - and plenty of illicit profit.
New Unisys Service Offers Single View of IT Infrastructure
C-RIM service can provide visibility across service providers to enterprises
VMware to Manage Virtual Machines From Mobile Phones
New tool set for preview release in April
Skype Will Let Its VOIP Service Talk to SIP Phone Switches
Skype is beta-testing a link between its proprietary VOIP system and switches using the open Session Intiation Protocol
Symantec Says Credit Card Data May Have Leaked From India
Stops routing calls to Indian call center after BBC report of data theft
Internet Archive Upgrades Wayback Machine
The Internet Archive is unveiling a massive Wayback Machine data center to preserve Web history.
Posts
No comments:
Post a Comment