Open Source Conficker-C Scanner/Detector Released, (Sun, Apr 5th)
SRI International's Malware Threat Center has released the code to their scanner/detector for Confic ...(more)...
Recent VMware Updates Available, (Sat, Apr 4th)Good day, We just received word from the good folks at VMware that two new updates were release ...(more)...
Web Sites Disrupted By Attack on Register.com (SecurityFix Blog) Minister Breaches Security (Stupidsecurity)Zero-Day PowerPoint Attacks Under Way
Microsoft warns of targeted attacks exploiting unpatched PowerPoint flaw
Conficker leaves security industry looking cluelessBy Eric Ogren
The true Conficker story may well turn into an introspective of the security industry. It should start with hard questions of security vendors and service providers.
Attackers exploit critical PowerPoint vulnerabilityFor the second time in five weeks, Microsoft Corp. warned that hackers were exploiting a critical unpatched bug in its popular Office application suite.
Cries of protest, censorship greet news of cybersecurity billCommunism, Fascism, treading on liberties, censorship and other political cries greeted the news of proposed legislation in the U.S. Senate that would give the president power to disconnect the Internet.
PowerPoint Hit with Zero-Day AttacksMalicious PowerPoint files (.ppt) are currently being used to exploit a newly reported security hole in the Office app. The isn't yet any patch available for the zero-day flaw, but Microsoft says the attacks are currently limited and targeted.
Senators introduce texting spam billTwo U.S. senators have introduced a bill aimed at attacking a growing problem: unsolicited commercial text messages or mobile spam.
Bill seeks to give president power over private networksA wide-ranging cybersecurity bill introduced in the U.S. Senate this week would give the president unprecedented new powers to disconnect government and private-sector networks from the Internet in the event of security emergencies. But that provision is expected to be a hard sell in Congress.
Apply Net Neutrality to Skype on Smartphones, Group Asks Feds
By Ryan Singel
After Skype hobbles its new iPhone application to please Apple and AT&T, a rights group is asking the federal government to make it clear that wireless networks have to be as open as the broadband pipes to American's houses.
Watermarking Could Lead to X-Men UploaderBy David Kravets
Forensic codes embedded on the pre-release X-Men movie making the rounds on the latest BitTorrent trackers could help authorities nab the uploader. Movie and music companies are embracing such watermarking to cut down on piracy.
Apple, Stanford Teaching iPhone Development for FreeBy Brian X. Chen
The secrets to developing applications for the iPhone are now publicly available and free — courtesy of Stanford University and Apple, who offer programming lessons through iTunes.
Dear Pentagon: Please Give Me All Your SecretsBy Nick Thompson
Hazing videos. Hillary's mail to the Pentagon. The military's ESP research. Those are just a few of the requests for the Defense Department's documents, filed under the Freedom of Information Act. What else is buried inside?
Week in review: was-Conficker-a-bust? editionBy eric@arstechnica.com (Eric Bangeman) on week in review
A strange case unfolded this week which saw Comcast yank the service of a Maryland man who was using 35 different residential accounts to offer paid WiFi access. Despite the fact that his website looks like it was designed using FrontPage 1.0, OceanNet was apparently able to draw paying customers.
Laptops are ubiquitous on college campuses, which has led some schools to shutter their computer labs. At the University of Virginia, 3,113 of the 3,117 freshmen who enrolled in 2007 owned their own PC. That compares to just 74 percent a decade earlier.
Will the Internet Implode?Analysis: As our virtual lives expand, it's fair to worry whether the Internet structure can keep up.
Comcast E-mail Outage Sparks Twitter Updates GaloreBlockage lasts more than nine hours for some subscribers
New Tech Jobs Emerge Amid LayoffsHeadlines focus on job losses, but the U.S. is still adding new tech jobs, a report finds.
If IBM Buys Sun, Will Solaris Die?IBM lowers its offer for Sun and keeps pushing, but a deal might kill the Solaris OS in favor of IBM offerings.
Special Viruses Recharge BatteriesLithium-ion batteries use genetically engineered viruses and carbon nanotubes
Twitter for Security: Vendors Tweet their UpdatesIn these days of Conficker and other malware, tech security vendors may be worth following on Twitter.
April Foolery, the Conficker Worm virus, Web 2.0 Expo, and BlackBerry App World on PC World Podcast Episode 23Join PC World editors for an entertaining discussion about the dreaded Conficker Worm, the web's best April Fool's Day jokes, and the new Palm Pre
Surf on, Dutiful Cube-DwellerAnalysis: Finally, an official excuse to use Twitter at work.
Good Technology Update Includes Mobile VPNThe new platform allows enterprises to offer secure mobile access to corporate applications
FCC Asked to Investigate Skype for IPhone RestrictionSince its release on Tuesday, Skype for iPhone has been downloaded more than a million times--that's a rate of six downloads a...
FBI Raids Dallas Internet Service Provider Core IPCEO says the raid was due to alleged illegal activity of a former customer.
How to be Heard? 10 Tips., (Mon, Apr 6th)
As an infosec professional, you rarely have the formal power to simply issue a Make it so!quo ...(more)...
Microsoft: Old Worm Copies Conficker For New Twist (E-Week Security)
Report Says Interior Dept. Failed to Secure Network
Posted by InfoSec News on Apr 6
http://www.washingtonpost.com/wp-dyn/content/article/2009/04/04/AR2009040403162.html
By Brian Krebs
Washington Post Staff Writer
April 5, 2009
Years after the Interior Department was warned that its computer network
was dangerously exposed to hackers and was ordered by a federal judge to
...
Posted by InfoSec News on Apr 6
---------- Forwarded message ----------
Date: Fri, 3 Apr 2009 10:10:20 -0400
From: Richard Forno <rforno (at) infowarrior.org>
To: Infowarrior List <infowarrior (at) attrition.org>
Subject: [Infowarrior] - Comments: Proposed Cybersecurity Legislation
Several security and...
Security breach under scrutiny at the Clark County auditors office
Posted by InfoSec News on Apr 6
http://www.newsandtribune.com/clarkcounty/local_story_094202804.html
By MATT KOESTERS
News and Tribune
April 04, 2009
Concerns over applications installed on a computer in the Clark County
auditor’s office have prompted an internal investigation, but law
enforcement officials have not...
Posted by InfoSec News on Apr 6
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=216402732
By Kelly Jackson Higgins
DarkReading
April 03, 2009
Microsoft's PowerPoint application is being used in a new attack that
exploits an unpatched vulnerability in the popular Office app. The
software giant...
Posted by InfoSec News on Apr 6
http://gcn.com/articles/2009/04/06/nist-dnssec-in-play.aspx
By William Jackson
GCN.com
April 03, 2009
The digital signing of the .gov top-level domain in February completed
the first step of the implementation of DNS Security Extensions (DNSSEC)
in the government’s Internet space. The...
Posted by InfoSec News on Apr 6
http://cbs11tv.com/local/Core.IP.Networks.2.974706.html
By Jay Fink
CBS 11
April 2, 2009
Dallas - If you were online and couldn't access some websites today, we
might know the reason why. The FBI raided a Dallas building that houses
servers for several different websites.
CBS 11 News has...
Donbot - Joining The Club of Million Dollar BotnetsBy Vitaly Zaytsev on Web and Internet Safety
Microsoft recently reported a new worm found to be exploiting the MS08-067 software flaw in the wild. Even though our products already detected it generically as W32/IRCbot.gen.a, we decided to take a closer look and make sure we proactively detect all components that the worm might be dropping or downloading. When run, W32/IRCbot.gen.a copies itself to <system [...]
ContentKeeper Command Execution and Privilege Escalation"ContentKeeper is an industry leading Internet content filter that allows organisations to monitor, manage, control & secure staff access to Internet resources." Unauthenticated users with access to the management IP address of the ContentKeeper device may execute commands remotely as the apache user. Furthermore, a privilege escalation vulnerability is present allowing for unauthenticated remote root compromise.
FortiClient Format String VulnerabilityA local format string vulnerability was discovered within FortiClient version 3.0.614 VPN .The vulnerability is due to improper processing of format strings specifiers within the VPN connection name. When special crafted format strings are entered as the VPN connection name and the connection is initiated the format string vulnerability is triggered. Making it possible to read and write arbitrary memory at System level.
Autodesk IDrop ActiveX Control Heap Corruption VulnerabilityThe Src, Background, PackageXml properties of the Autodesk IDrop ActiveX can be manipulated to trigger a heap use after free condition resulting in arbitrary remote code execution. Other properties may be vulnerable as well.
Asterisk SIP Responses Expose Valid UsernamesAsterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running with Digest authentication and authalwaysreject enabled, generates different responses depending on whether or not a SIP username is valid, which allows remote attackers to enumerate valid usernames.
Websense unveils its first Web security applianceThe V10000 Web Gateway Appliance will run the vendor’s Secure Web Gateway Software including anti-malware filtering, SSL traffic inspection, application controls, and threat protections for Web surfing.
Fraud fighting serviceNext month at the European Identity Conference I'll be talking about Risk Management ("Risk Management for Better Health, Fiscal and Physical"). In doing some research for that keynote, I came across a company which hosts what they call a "fraud fighting" service, but which comes under the risk management heading and just might be the pre-cursor to a type of service we've only thought of as "pie in the sky" until now.
Linux, Unix devices benefit from a unified Active Directory environmentAn oil exploration company has numerous Linux and Unix devices that it's bringing into Active Directory through a unified directory tool. The project is already providing payback through operational efficiency, audit compliance and better security through privileged user access control.
Conficker copycat prowls for victims, says MicrosoftAn old, but little-known worm has copied some of the infection strategies of Conficker, the worm that raised a ruckus last week, Microsoft security researchers said late Friday.
UTM Appliances: How to Choose 'Em and Use 'EmTo protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances.
Security Suffers in Small Firms When Money's Tight
Cutting corners in security policies hurts from different dangers than a company usually expects.more than they expect Security spending is slashed during a difficult economy, but at what cost?
Posts
No comments:
Post a Comment