RSA 2009: A yawner at best
By Jon Oltsik
In my humble opinion, the RSA 2009 security conference, held this week in San Francisco, was extremely flat compared with past years. Yes, the economy had a lot to do with it. I believe last year's attendance was around 17,000 people, and I've heard that this year ...
Salma Hayek’s Email Account Hacked.
By Rik Ferguson on Salma Hayek
The actress Salma Hayek has reportedly had her MobileMe account broken into. Images that would appear to prove the exploit, along with details necessary to reset the account password have been published over on the well known web site 4chan.org. The anonymous poster also left the information: Her email address is [removed]@mac.com Go to me.com, forgot password, type [removed]@mac.com Her [...]
Splunk, GlassHouse Launch Joint Security Management Service
Splunk search engine teams with GlassHouse IT consultants to offer security management services
SANS: Newest WLAN Hacks Come From Afar
Expert warns that a deadly combination of long-distance remote and wireless hacking could be the next big threat
Security Expert Calls For New Model For 'Demonetizing' Cybercrime, Botnets
Proposal recommends attacking cybercriminals on technical, legal, and financial fronts
Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs
Over 70 government-owned domains infected
Savvis Launches Web App Firewall Service
Savvis introduces Web application firewall service
Symantec Rolls Out Small Business Offerings
Symantec launches new round of security products targeted at small business
DHS opens Global Entry program to Netherlands
DHS has signed an agreement with the Netherlands to jointly recognize each other's trusted traveler programs for air passengers.
Survey: IT high on wish list for new money
State and local public safety agencies want to use new federal money to help fund technology projects, according to a new survey.
Beware of Shady Installers
By Karthik Raman on Web and Internet Safety
Today I came across a program that claims to be an installer for the VLC media player. Innocent, right? Guess again. For starters, the installation file was different from that supplied by the legitimate VLC media player site. At Step 3 of the installation I saw this dialog box: The translation of the message from French is, [...]
Hacking Exposed at RSA
By David Marcus on iPhone
RSA is pretty much over now and it has been a blurry several days. Some real good sessions. Some real good panels. Lots of meeting and interviews and many old friends were seen (shout outs to Dave Perry, Larry Bridwell and Lysa Myers) but I digress….. For me the best session hands down was the Hacking [...]
How can you handle risks that come with social networking?
Social networking — whether it be Facebook, MySpace, LinkedIn, YouTube, Twitter or something else — is fast becoming a way of life for millions of people to share information about themselves for personal or business reasons. But it comes with huge risks that range from identity theft to malware infections to the potential for letting reckless remarks damage corporate and personal reputations.
How scared should you be about security statistics?
Did you know the number of crimeware-spreading Web sites infecting PCs with password-stealing crimeware reached an all-time high of 31,173 in December, according to the APWG (formerly Anti-Phishing Working Group) coalition?
Is mobile computing the Achilles' heel in your organization?
Mobile computing, from laptops to the myriad handheld devices such as smartphones, BlackBerries, iPhones, USB tokens and PDAs, can certainly be regarded as a weak spot in terms of security, says Jonathan Gossels, analyst at consultancy SystemExperts
Seven burning security questions
There's no shortage of burning questions about IT security these days, some sparked by nasty threats, others by economic concerns and some by growing use of social networking and cloud computing.
Can you no longer avoid closely monitoring employees?
The insider threat has always existed, but in an era of economic upheaval and uncertainty, the problem is only magnified. That point came across in a recent Ponemon Institute survey of 945 individuals who were laid off, fired or quit their jobs during the last year, with 59% admitting to stealing company data and 67% using their former company’s confidential information to leverage a new job
Should you choose a strategic security vendor or shoot for best-in-breed?
A huge debate these days is whether to select a strategic security vendor to provide the majority of security products and services the enterprise might require, or opt to evaluate point products, including those from start-ups, with an eye toward best of breed.
Can security processes finally be automated?
Automation of security is a concept with momentum this year as some of the larger federal agencies, including the Department of Defense, National Security Agency, Agriculture and Energy, are pushing for a new direction beyond the current FISMA audit mandate for compliance.
Are security issues delaying adoption of cloud computing?
Security concerns will continue to keep some companies out of the cloud, Mandel acknowledges
Can you say for sure who has access rights to your sensitive data?
In a Ponemon Institute survey of almost 700 experienced IT practitioners from U.S. business and governmental organizations, more than half of the respondents can't say with confidence that the process of assigning access rights is well-managed and tightly controlled within their organizations. That means there are a lot of application or data owners and caretakers that believe their business data can be accessed by people who probably shouldn't have access at all. Where do you fall in this spectrum, and what can you do about it?
The biggest losers in the Oracle, Sun deal
Last week was the annual RSA Conference, which was the reason for lots and lots of press releases being, well, released. Unfortunately (depending on your point of view), most of them got overlooked because two Silicon Valley "legends-in-their-own-time" shook hands on a blockbuster deal as Oracle agreed to purchase Sun.
Ex-federal IT worker charged in alleged ID theft scam
A former IT analyst at the Federal Reserve Bank of New York and his brother were arrested Friday on charges that they took out loans using stolen information, including sensitive information belonging to federal employees at the bank.
The legal risks of ethical hacking
Tracking down malicious computer activity can put researchers on shaky legal footing.
Conficker.E to self-destruct on May 5th?
The evolution of the multi-faceted Conficker worm is expected to take another turn this May 5th when the latest version, Conficker.E, will simply self-destruct
AT&T sends mixed message on behavioral advertising
AT&T's chief privacy officer told U.S. lawmakers Thursday that the company does not engage in behavioral advertising, but the company has apparently used the controversial technology to sell its products, according to a vendor of such services.
Security: The ugly business
Security problems usually don't have elegant solutions. A report from Commonwealth Bank concerning serious ATM vulnerabilities illustrates the issues perfectly.
Rigged Word docs exploit 2008 bug, say researchers
Attackers, probably based in China, are exploiting a December bug in Microsoft Word to hijack Windows PCs, Vietnamese security researchers warned Thursday.
Conficker hype a 'problem,' says FBI cyber-chief
Mainstream media hype leading up to the Conficker worm's April 1 software update may have distracted people from legitimate cyber threats, the U.S. Federal Bureau of Investigation's head of cyber security said Thursday.
Worm solves Gmail's CAPTCHA, creates fake accounts
A Vietnamese security company has detected what it believes is a new worm that thwarts Google's security protections in order to register new dummy Gmail accounts from which to send spam.
McAfee: It's not green to push 'delete spam'
When end users purge unwanted spam from their inboxes, the potential environmental impact of hitting that delete button is probably the last thing on their minds. But Santa Clara-based McAfee said the act of deleting spam and searching for legitimate e-mail contributes to green house gas (GHG) emissions equivalent to 3.1 million passenger cars using 2 billion gallons of gasoline annually.
My Dream Netbook: IT Pros Describe the Ideal Device
Netbook sales will likely grow by 50% in the next two years, according to research firm IDC, but the gadgets will need some more bells and whistles to gain popularity inside enterprises, say IT professionals.
After mass security lapse, RBS Worldpay gets IRS contract
No bad deed goes unrewarded
RBS Worldpay - the electronic payment processor that admitted it exposed sensitive financial records for millions of customers - has been awarded a contract by the Internal Revenue Service to process tax return payments next year.…
Security experts rate the world's most dangerous exploits
Pass the hash...
Criminal hackers continue to penetrate many more company networks than most administrators care to admit, according to two security experts who offered a list of the most effective exploits used to gain entry.…
Odd DNS Resolution for Google via OpenDNS, (Sun, Apr 26th)
We had a report from one of our readers (Deoscoidy) from Puerto Rico had issues reading Google earli ...(more)...
Pandemic Preparation - Swine Flu, (Sun, Apr 26th)
Lots of news about the Swine Flu outbreak in Mexico. Right now, cases are reported in the US, New Ze ...(more)...
To filter or not to filter?, (Sat, Apr 25th)
A reader wrote in today asking about egress filtering. It seemed like a perfect topic consider ...(more)...
Did you check your conference goodies?, (Fri, Apr 24th)
Normal 0 false false false MicrosoftInternetExplorer4 ...(more)...
SANS Internet Storm Center Winner of RSA Social Security Award for Best Technical Blog, (Fri, Apr 24th)
We've been informed that we have won the Best Technical Blog award (though we'd dispute that w ...(more)...
Conficker Virus Begins to Attack PCs: Experts
Conficker now appears to have been activated and is slowing making its ways through different PCs, according to security experts. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware.
- BOSTON (Reuters) - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal ...
Security Vulnerabilities on Tap at RSA
There was plenty of talk about the latest threats at the RSA Conference in San Francisco this past week. Here are a few of the highlights discussed at the show.
- The RSA Conference is much more vendor-driven than shows like Black Hat or ShmooCon, but there is always room for talk about security vulnerabilities and threats in the wild. This year, discussion of the threat landscape touched on everything from browser hijacking to wireless security to attacks ...
Conficker Remains Mystery at RSA Security Conference
After all the hype and a concerted effort by the security research community, much still remains unknown about those behind the Conficker worm. At the RSA Conference in San Francisco, attendees express a mix of skepticism and anticipation about the worm still plaguing Windows PCs.
- The Cyber Secure Institute recently added one more number to think about when the security community hears the name Conficker 9.1 billion. That is how many dollars were lost in terms of wasted time, resources and energy as the cyber-community dealt with the worm, variants of which over the past...
Congress Comes to 'Help' Run the Internet
OPINION: To the proposed Cybersecurity Act of 2009, add work in the House on a privacy act that could end up banning security functions by ISPs. Government regulation at its best is coming to the Internet.
- The early life of the Internet has, perhaps, suffered from an excess of libertarian impulse, even from those who don't think of themselves as libertarians. Fear that the government would impede freedom of individuals on the Internet has led to opposition to just about any opening for law enforce...
Security Vendors Keep Head in the Cloud at RSA Conference
At the RSA Conference in San Francisco, much of the focus was on cloud computing and what vendors are doing to push security into the cloud. From IBM to Cisco to McAfee, vendors were talking up their approaches during the show, which ends today.
- Every RSA Conference has a popular buzzword or phrase. This year it was quot;the cloud. quot; In one way or another, vendors were pushing their answer to handling security in the cloud. Cisco unveiled a number of tools and services in the cloud April 21, even though a day later Cisco CEO John...
Brief: Conficker holds lessons for security firms
Conficker holds lessons for security firms
Congress Considers Limits on Deep-Packet Inspections (NewsFactor)
In business
NewsFactor - At a hearing of the House Energy and Commerce Internet subcommittee Thursday, Congress began the tricky business of trying to understand Internet privacy issues and launched another round of debates about legislation regulating the collection and handling of personal data online.
Conficker virus begins to attack PCs: experts (Reuters)
In technology
Reuters - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.
Conficker Virus Starts to Attack PCs, Experts Say (PC Magazine)
In technology
PC Magazine - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.
Pentagon To Centralize Cyber Warfare Command (April 22 & 23, 2009)US Defense Secretary Robert Gates said he is looking at establishing a "sub-unified command at STRATCOM for cyber (warfare).......
Hathaway Paints Overview of Cyber Security Review (April 23, 2009)
Speaking at the RSA conference, Melissa Hathaway, the US National Security Coucil official, offered a preview of her recently completed 60-day review of the US government's cyber security preparedness.......
EU Telecommunications Bill Held Up by Three-Strikes Implementation Concerns (April 20 & 22, 2009)
The European Parliament's industry committee approved an amendment to a major European Union telecommunications bill that would require approval from "a competent legal authority" before cutting off Internet service.......
Teen Draws Prison Sentence for Botnet and Swatting Activity (April 20 & 21, 2009)
A Massachusetts teenager has been sentenced to 11 months in jail for using a botnet to conduct distributed denial-of-service (DDoS) attacks and for "swatting," or making phony emergency calls that lead to SWAT teams being sent out needlessly.......
IRS Awards Payment Processing Contract to RBS WorldPay (April 23, 2009)
RBS WorldPay, the payment processor that recently acknowledged a security breach that compromised an estimated 1.......
NSA Director Says Agency Does Not Want to Control Cyber Security (April 22, 2009)
National Security Agency Director Lt.......
Defense Science Board Report: DOD Needs Integrated Cyberspace Plan (April 23, 2009)
A Defense Science Board report said that DOD cannot adequately defend its networks from cyber attacks because it lacks centrally managed networks and systems that can respond to the attacks.......
House Committee Seeks Information on P2P Data Theft, Briefing on Fighter Jet Data Theft (April 22 & 23, 2009)
The US House Committee on Oversight and Government Reform has sent letters to Attorney General Eric Holder and Federal Trade Commission (FTC) chairman Jon Leibowitz asking what the Justice Department and the FTC have done to prevent illegal use of peer-to-peer (P2P) filesharing applications.......
Mozilla Releases Firefox Update (April 23, 2009)
Mozilla has released Firefox 3.......
Turnabout is Fair Play (April 22, 2009)
A tool that is used to sniff out Conficker worm infections has been updated to use the same peer-to-peer (P2P) protocol that the malware itself uses to receive communication from those who control it.......
Massive Botnet Claims PCs at 77 Government Domains Worldwide (April 21 & 22, 2009)
Finjan security says it has discovered a botnet that comprises nearly 2 million PCs.......
FBI Arrests Oklahoma Teabagger for Twitter Threats
By Kevin Poulsen
And then they came for me, and there was no one left to tweet it.
A Single Infected PC Spawns Spam by the Millions
Just one bot-infected PC can send 600,000 spam messages daily, when powered by top spam-generators Rustock and Xarvester.
Conficker Variant Expected to Self-Destruct Soon
The Conficker E variant of the worm will detonate on May 5, security researchers say.
News of Mac Botnets Doesn't Mean an Increased Threat (Yet)
The real story behind the Mac malware threat is less sensational than some would make it.
Posts
No comments:
Post a Comment