Wednesday, April 1, 2009

Around The Horn vol.1,75

Conficker: How a Buffer Overflow Works

By Kevin Poulsen

How does the Conficker worm sneak into Windows machines? Play the evil hacker in our interactive Flash game to find out.

Conficker War Room! Live-Blogging Cyber Armageddon

By Kevin Poulsen

It's been called "deadly" and "unthinkable" -- a moderately large botnet of poorly secured Windows computers that's captured the fear and imagination of the world. We've set aside our skepticism about the predicted global disaster in order to cash in on Conficker fever. So check in here for the latest news -- the survival of humanity may depend on it.

Computer Experts Brace for Conficker Worm

By By Jim Finkle

BOSTON (Reuters) - A malicious software program that has infected millions of computers could enter a more menacing phase on Wednesday, from an outright attack to a quiet mutation that would further its spread.

Computer security experts who have analyzed the Conficker worm's code say it is designed to begin a new phase on April 1, and while it's unclear whether it will unleash havoc or remain dormant, its stubborn presence is rattling businesses with multimillion-dollar budgets to fight cyber crime.

Conficker Worm's Creators Foiled

Writers of the pervasive malware lost big, after the Internet successfully braced for attack, security experts say.

DHS Creates Conficker Worm Detection Tool

Tool can be used by can be used by the federal government, commercial vendors, state and local governments.

Legislation Would Create New Cybersecurity Regulations

Details about new bill sketchy, but could include mandate on private organizations

Conficker D-Day Arrives; Worm Phones Home (Quietly)

The feared worm is following instructions and gathering its bots, but virus-hunters are stamping it out as well.

UltraDNS back online after DDoS assault

Back off the canvas

A distributed denial of service attack knocked NeuStar's UltraDNS managed DNS service offline for several hours on Tuesday.…

HP pitches Cloud Assure at corporate world

SaaSy offering

Hewlett-Packard announced a cloud computing service aimed at large businesses yesterday.…

Conficker botnet remains dormant - for now

All quiet on the malware front

Conficker changed the way parts of the botnet communicated overnight, but little else of note has happened so far.…

EC publishes Q&A on overseas data transfer

Where your personal bumf can go on its hols

The European Commission has prepared a set of questions and answers as well as a flowchart to help companies understand when they can and when they cannot send personal data abroad.…

US Supremes flatline Virginia's hardline anti-spam law

AOL junk mailer ignored

A tough anti-spam law passed by the state of Virginia has officially been declared dead following the refusal by the US Supreme Court to reinstate a felony conviction prosecuted under the statute.…

G20 police demand ID as train staff ordered to spy on passengers

Hysteria mounts over crusty onslaught

Hysteria over protests connected to the G20 conference continues to grow, with ID checks for East-end residents and train staff told to tip off police about suspicious passengers.…

Home Office details early ID vendors

Put 3M and nCipher on your Christmas list

The Home Office has listed 3M and nCipher as providers to the early stage of the National Identity Scheme.…

ID cards not compulsory after all, says Home Office

Blunkett plan finding favour?

Plans to make ID cards compulsory for UK citizens at some point in the middle distance have been officially abandoned, apparently. According to the Home Office's revised counter-terrorism strategy document, published today, "It is not our intention that identity cards should be mandatory for UK nationals."…

Lawyer-client privilege no bar to surveillance, say Lords

Yes sir, I can bug you

The state is allowed to bug communication between lawyers and their clients, the House of Lords has said. The UK's highest court ruled that spy law the Regulation of Investigatory Powers Act (RIPA) allows lawyers' conversations to be bugged.…

Netcraft confirms lynx growing in popularity due to browser security flaws

By Robert A. on Funny

Netcraft firms that Lynx is gaining popularity due to the increase in browser security bugs. "Netcraft has observed a surge in popularity of the Lynx browser, particularly since the recent Pwn2Own competition, which was held at the CanSecWest conference in Vancouver last month. During the course of the competition, security researchers...

Metasploit shut down by FBI and DHS

By Robert A. on Funny

After viewing the metasploit site this morning it appears the FBI and DHS has shut it down. According to sources HD Moore is on the run somewhere in Mexico.

Announcing month of new security buzzwords

By Robert A. on Funny

In the tradition of Month of Bugs we're pleased to announce the month of security buzzwords, complete with abbreviations. #1 Remote Command Injection (RCI) #2 Remote Filestream Inclusion (RFSI) #3 Cam Jacking (CJ) #4 Cross-Port Request Forgery (XPRF) #5 Cross-Site Fixation (XSF) #6 HTTP Gerbiling (HTTP-Gerbil) #7 Host Request Splitting (HRS)...

New cert program for Application Security Specialists

By Robert A. on Funny

A new certification program has just been launched, and is brought to you by the same people who brought us ScanLessPCI "The Institute is the industry's leading authority for Certified ASS's. Our curriculum complies with the highest industry standards while still reflecting the operational realities of securing applications in the modern...

Brief: Senators ready bills to beef up cybersecurity

Senators ready bills to beef up cybersecurity

Courts turn aside data breach suits

By Neil Roiter

Class action suits based on data breaches have failed without exception. But, companies still face heavy sanctions and have settled in most cases rather than risk losing in court.

Cloud computing group to tackle security concerns

By Robert Westervelt

A new organization will address the security concerns inherent with cloud computing.

Cybersecurity hearing highlights inadequacy of PCI DSS

By Robert Westervelt

Lawmakers call the PCI standard lacking and seek significant improvements to the payment processing infrastructure to enhance security.

3 Free, Easy Ways To Protect Your Network

Whether the Conficker worm booms or fizzles, take it as a reminder to keep your networks safe. You could spend money on a security consultant--which isn't such a bad investment if helpful--but here are three free tricks to increase your network's security.

Four steps to mastering security kung fu

The current economic melee is forcing a corporate metamorphosis that, when combined with ever broadening security threats, presents information security groups with an opportunity to radically change their identity and value to the business.

How to Tell if 'Conficker' Caught You, and What to Do (PC Magazine) (Yahoo Security)

Mysterious virus quiet, but attack may be in works (Reuters) (Yahoo Security)

Conflicker Worm Threatens Computers Worldwide (WTOV 9 Steubenville) (Yahoo News)

Lawmakers Call for National Cyber Security Czar (E-Week Security)

Conficker worm reaches go time, to no effect (AP) (Yahoo Security)

Canadian Researchers Uncover Huge Cyber Spy Network (March 29 & 30, 2009)

Canadian researchers have uncovered what they say is a vast cyber spy network that has infected government and embassy computers in 103 countries around the world.......

Researchers Find Method to Test for Conficker Infection (March 30, 2009)

Researchers have found a way to detect whether or not a computer is infected with the Conficker worm.......

US Supreme Court Lets Stand Ruling that Anti-Spam Law is Unconstitutional (March 30, 2009)

The US Supreme Court will not reinstate Virginia's stringent anti-spam law.......

FTC Says Companies Must Be Truthful Regarding DRM Technology (March 25, 2009)

The US Federal Trade Commission's digital rights management (DRM) conference in Seattle opened with an admonition to companies that they need to be forthcoming about the DRM technology they use and the limits it places upon their products.......

Former IRS Employee Charged With Unauthorized Computer Access, Filing Fraudulent Returns (March 30, 2009)

Former US Internal Revenue Service (IRS) contract employee Andrea Bennett has been charged with illegally accessing IRS computers and filing false claims.......

Romanian National Sentenced to 50 Months for Phishing Scheme (March 30, 2009)

A Romanian man has been sentenced to 50 months in prison for his role in a phishing scheme.......

Man Arrested, Charged with Stealing Trade Secret (March 27, 2009)

David Yen Lee, a naturalized US citizen, has been arrested by federal agents in Arlington Heights, IL, and charged with theft of a trade secret.......

Proof-of-Concept Exploit Code Published for Mac OS X Kernel Flaws (March 27, 2009)

Proof-of-concept exploit code for five kernel vulnerabilities in Mac OS X has been published on the Internet.......

Mozilla Releases Firefox 3.0.8 to Fix Two Critical Flaws (March 27 & 28, 2009)

Mozilla has released an updated version of Firefox, Firefox 3.......

Data Security Breach at Abilene Christian University (March 26, 2009)

Officials at Abilene Christian University say they know who is responsible for a cyber intrusion that exposed the personal information of an undisclosed number of individuals affiliated with the school.......

Conficker Infects UK Parliamentary Computer Network (March 27, 2009)

The Conficker worm has reportedly infected the UK parliament's computers.......

Most Irish Companies Retain Data, But Few Have Clear Breach Policies (March 27, 2009)

According to a survey from the Irish Computer Society's (ICS) Privacy Forum, nearly 95 percent of Irish organizations retain personal data, but just 31 percent have formal data breach policies in place.......

For Users of Verizon EVDO cards

(Northcutt): I was reviewing my cell phone bill and there was a $199.......

Windows Server 2008 R2 and Windows 7: More Secure Together

By deb@shinder.net (Deb Shinder)

Taking a look at some features that make the Server 2008 R2/Windows 7 combination the best for organizations looking to improve the security of their Windows-based networks.

No comments:

Post a Comment

My Blog List