Microsoft warns of DirectX flaw; Vista users unaffected
By emil.protalinski@arstechnica.com (Emil Protalinski) on Windows XP
Microsoft has posted Security Advisory 971778 to warn its users that it is investigating public reports of a new vulnerability in Microsoft DirectX (versions 7.0 through 9.0) that hackers are actively exploiting. The vulnerability could allow for remote code execution if a user running Windows 2000, Windows XP, or Windows Server 2003 opens a specially crafted QuickTime media file. The software giant emphasized that all versions of Windows Vista and Windows Server 2008 are not vulnerable. The company also notes that the investigation is ongoing and that it will either provide a security update on Patch Tuesday or issue an out-of-cycle security update if needed.
L0phtCrack is back, finally available for download
By Robert A. on Security Tools
"It's official: The famous password-cracking tool L0phtCrack is back, and its creators plan to keep it that way. L0phtCrack 6 tool, released Wednesday, was developed in 1997 by Christien Rioux, Chris Wysopal, and Peiter "Mudge" Zatko from the former L0pht Heavy Industries -- the hacker think tank best known for testifying...
Data backup service leads to recovery of stolen laptop
By Elinor Mills
Using a data backup program helps recover lost data but can also help get a stolen laptop back--if you're lucky.
A Berkeley, Calif., man recently recovered his stolen laptop after seeing photos the thief took of himself with the built-in camera via his Internet-based data backup program.
That's ...
Report: Turkish hackers breached U.S. Army servers
By Elinor Mills
Hackers based in Turkey penetrated two U.S. Army Web servers and redirected traffic from those Web sites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.
The hackers, who go by the group name "m0sted," breached a server at the Army's ...
Obama: Hackers accessed campaign files in 2008
By Stephanie Condon
This was originally published at CBSNews.com.
President Obama on Friday confirmed that his presidential campaign suffered a cyber intrusion in which hackers gained access to a range of files.
Barack Obama says of cyberattacks: "It has happened to me."
In a speech in which he...
Tech Insight: To Go Deep On Security, Get Past The Surface
Reducing the "attack surface" of Microsoft applications and systems could improve overall security
Obama Puts Cybersecurity Front And Center As An Economic, Public Safety, And National Security Concern
President says he will "personally select" a White House-based cybersecurity coordinator, and ensures privacy and civil liberties will be maintained as U.S. cybersecurity efforts intensify
Lawmakers praise Obama on cybersecurity approach
President Barack Obama’s plans to improve cybersecurity received positive reviews from several senior lawmakers on Friday.
New DOD command planned for cyber warfare
A new cyber warfare command at the Pentagon would engage in offensive and defensive missions, according to media reports.
Obama action plan calls for cybersecurity coordinator
President Obama will appoint a cybersecurity coordinator who will anchor a suite of initiatives recommended in the findings of the 60-day review of the nation’s cybersecurity posture.
Obama unveils new cybersecurity strategy
President Obama today said his administration would take “a new comprehensive approach” to cybersecurity and establish a new office in the White House to coordinate government efforts.
Rolling Review Wrap-Up: Smartphone Security
Each product we looked at showed different core strengths. Know your environment to find the best tool for your mobile device fleet.
Google Executive To Become Federal Deputy CTO
Andrew McLaughlin will find that he isn't the only ex-Google employee serving the Obama administration.
Cybersecurity Review Finds U.S. Networks 'Not Secure'
The report dovetails with President Obama's call for the creation of a cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas.
Obama Announces White House Cybersecurity Position
Names that have been bandied about include acting White House cybersecurity chief Melissa Hathaway and Microsoft VP Scott Charney.
Firefox Extension Malware Raises Security Questions
Mozilla's diligent cleanup rather than catching malicious add-ons before they reach the public has rankled some in the security community.
Dr. Johnston's Security Maxims: Sense and Humor
Having graduate students is like having a thousand sets of eyes and ears: they are always noticing neat stuff and sending pointers that stimulate thought or – as often – cause delighted laughter.
Spam Finds New Paths Into Corporate Nets
MessageLabs' monthly report on Internet threat trends found that more than 90% of e-mail sent to corporate networks in April was spam, up 5.1% from March.
Group Creates iPhone Security Benchmark
The nonprofit Center for Internet Security has released a set of security benchmarks to help ensure that data stored Apple's iPhone is protected from hackers -- and that the device meets the security requirements of IT managers.
FBI e-mail clobbered after virus
A virus has reportedly disrupted Web-based e-mail services at the U.S. Federal Bureau of Investigation.
Obama's cybersecurity initiative wins praise
U.S. President Barack Obama's announcement Friday of a new cybersecurity push by the U.S. government won widespread praise from the technology industry, with many people saying his attention to the issue is a major step toward better securing the nation's computer networks.
Obama's cybersecurity plan gets cautious praise
President Obama's vision for securing cyberspace -- and his plan to hire a new White House cybersecurity coordinator -- are being greeted with cautious optimism within the security industry. But challenges remain.
Obama outlines cybersecurity plans, cites cyberspace threat
The nation's digital infrastructure is under grave threat from a range of adversaries and needs to be protected as a strategic national security asset, President Barack Obama said this morning at a news conference outlining his administration's proposals to secure cyberspace.
Obama expected to unveil cybersecurity proposals today
President Obama today is expected to unveil his administration's proposals for protecting the nation's interests in cyberspace against international and domestic threats. He is also expected to announce the creation of a senior White House cybersecurity adviser role though it's unclear if he will name anyone to the job.
Hackers exploit unpatched Windows bug
For the third time in the last 90 days, Microsoft Corp. has warned that hackers are exploiting an unpatched critical vulnerability in its software.
Microsoft not only firm banning IM access to U.S. enemy nations
In addition to Microsoft Corp., Google Inc. and possibly AOL LLC have also cut access to their instant messaging services to citizens of countries deemed hostile to the U.S.
The Grill: Eugene Kaspersky
Evgeniy Valentinovich Kasperskiy (Eugene Kaspersky)
Securing the Desktop
Given rapidly evolving dangers such as Conficker and silent threats that lurk on otherwise innocent Web sites, having traditional antivirus software on your desktop isn't enough today. You need a suite of tools--antivirus, firewall, antispam, antiphishing--to combat the traditional threats, stop the new Web threats, and manage all the spam and phishing sites that clog up the Internet today.
AVG Internet Security 8.5
AVG Internet Security Version 8.5 (one-year subscription for one computer: US$55; one year for three computers: $75, as of 5/21/2009), has been steadily building a solid following for its protection products. Unlike some security vendors, AVG allows you to opt in to various partnerships (as opposed to opting out), such as the Yahoo Search box, during installation.
CheckPoint ZoneAlarm Extreme Security 8.0
CheckPoint ZoneAlarm Extreme Security 8.0 (one-year three-user license: $70 as of 5/21/2009) provides solid firewall protection along with a host of other security functions If anything, ZoneAlarm Extreme may be guilty of having too many pieces: It bundles together the basic security suite with the unique features of ID theft mitigation and recovery service, online data storage, and the optional PC utility. This premium suite gives a lot of bang for the money, including one year of free identity fraud monitoring.
G-Data Internet Security 2010
G-Data Internet Security 2010 (one-year, one-user license: $30; one-year, three-user license: $40 as of 5/21/09) may not yet be a household name, but this German security suite--now sold in the United States, too--was among the best on malware detection and removal. In a number of categories G-Data scored the best test results and offered more protection features than many other suites. And it's a good value for its price.
PC Tools Internet Security
PC Tools Internet Security (US$60 for up to three computers for one year as of 5/21/09) offers a decidedly mixed bag of protections. Symantec acquired the security vendor in 2008 to increase its worldwide market share with consumers in new and emerging regional markets. Since the acquisition, PC Tools maintains a separate development operation from Symantec's consumer business unit (responsible for the Norton Internet Security Suite), and its entry in the Internet security suite market comes with strong heuristic malware detection, but it's weaker in other areas such as traditional malware detection.
Comodo Internet Security Pro 3.8
Comodo Internet Security Pro 3.8 (one-year, one-user license at $40; no three-user license listed as of 5/21/09) is a newcomer to the consumer Internet security suite market. And based on our experience, the suite is clearly in its infancy. (Note: As this review was being prepared, Comodo released its Internet Security Pro 3.9 suite, addressing some of the performance issues we encountered in version 3.8, such as adding dynamic file inspection for the real-time virus scanner.)
Obama announces new cybersecurity direction
U.S. President Barack Obama will appoint a government-wide cybersecurity coordinator and elevate cybersecurity concerns to a top management priority for the U.S. government, he announced Friday.
PC-pwning infection hits 30,000 legit websites
And counting
A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday.…
Turkish hackers breach US Army servers, says report
SQL injection strikes again
US government investigators are probing breaches of two sensitive Army webservers by suspected Turkish hackers, according to a report by InformationWeek.…
Obama fights cyber threats with new White House post
Barack's brush with cyber espionage
US President Barack Obama will create a new White House post that's responsible for protecting the country's critical computer networks, a step he said was crucial to confronting one of the biggest national security challenges.…
IOScat - a Port of Netcat's TCP functions to Cisco IOS
Category: Tools
Paper Added: May 29, 2009
L0phtcrack is Back!, (Sun, May 31st)
Many thanx to Rob V. for providing the update that l0phtcrack is back in full force! I have pe ...(more)...
Embedded Devices: An Avenue for Cyberterrorism?, (Sat, May 30th)
There has been growing concern with the security of embedded devices as they continue to proliferate ...(more)...
Its summer...Do you know what your kids are doing?, (Fri, May 29th)
School is over or about to be over for many kids. With that comes many families whose parents ...(more)...
Bank Sues Company That Certified CardSystems Solutions Before Breach (May 26 & 27, 2009)
Merrick Bank has filed a lawsuit against Savvis, alleging negligence because the company certified CardSystems Solutions as compliant with Visa and MasterCard security requirements less than a year before the payment processor suffered a massive data security breach.......
Cyber Security Status Report Due Out Friday; President May Announce Cyber Czar Position (May 26, 2009)
The report on the 60-day review of the state of US government cyber security is scheduled to be released on Friday, May 29; President Obama will discuss the report at a press conference shortly before 11:00 am Eastern Time.......
European Commission Suing Sweden for Failing to Implement Data Retention Law (May 26 & 27, 2009)
The European Commission is suing Sweden for failing to implement data retention legislation.......
Phisher Sentenced to Eight-and-a-Half Years in Prison (May 27, 2009)
US District Court Judge John Tunheim has sentenced Sergiu D...
Foreign Hacker Group Targeted Army Servers (May 28, 2009)
A hacking group based in Turkey has allegedly gained access to at least two sensitive US Army servers...
Eighteen Percent of Computers at Interior Missing or Lost (May 28, 2009)
According to a report from the US Department of the Interior's inspector general (IG), the Department cannot account for the whereabouts of 18 percent of its computers...
Information Commissioner Sends Harsh Letter to National Health Service Over Data Breaches (May 25, 26, 27 & 28, 2009)
The UK Information Commissioner (ICO) has sent a letter to the National Health Service directing the organization to tighten patient information security controls in the wake of numerous data security breaches...
RIM Issues Advisory on PDF Vulnerability (May 28, 2009)
Research in Motion (RIM) has issued an advisory warning users that a vulnerability in the way BlackBerry servers handle malformed PDF files could be exploited to launch a code injection attack...
Missing Laptop Holds Pension Data (May 28, 2009)
A laptop computer stolen from an office of NorthgateArinso, the company that provides the Pension Trust's computerized administration system, contains personally identifiable information of 109,000 Pension Trust members...
Aetna Notifies 65,000 Current and Former Employees of Data Breach (May 28, 2009)
Aetna has notified 65,000 current and former employees that their Social Security numbers (SSNs) and email addresses were compromised in a security breach...
Microsoft Offers Workarounds for Zero-Day DirectX Flaw (May 28, 2009)
Microsoft is investigating reports of a remote code execution vulnerability in the DirectX Windows component that is being actively exploited through limited attacks...
Report: 90 Percent of eMail is Spam (May 26 & 27, 2009)
According to a report from Symantec, nine out of every 10 emails sent over the Internet last month were spam messages...
Authorities Searching For Man Who Tried to Steal US $9 Million From Former Employer (May 26, 2009)
State and federal officials are searching for a former California water utility employee who resigned late last month and hours later, gained physical access to the facility to transfer more than US $9 million from his former employer's bank account to accounts in Qatar...
Obama announces creation of cybersecurity coordinator position
By Michael S. Mimoso
The president promised to treat critical infrastructure as a strategic national asset, and that the cybersecurity coordinator would be responsible for orchestrating cybersecurity policy and response to cyberattacks.
Obama's Cyber Security Plan: Deja Vu All Over Again
President Obama issues his long awaited cyber security plan to near unanimous praise from the technology industry, not unlike the industry's cheers that greeted former President Bush's 2003 National Strategy to Secure Cyberspace, which has done little to secure the nation's networks. The difference this time? Industry executives claims it is Obama himself.
- WASHINGTON -- In 2003, then President Bush, with input from government agencies, the private sector, academia and the military, issued the National Strategy to Secure Cyberspace to rave reviews and gushing praise from the IT industry. The plan set guidelines, avoided mandates and promised a vag...
Sizing Up Obama's Plans for Cyber-security
The much-anticipated U.S. cyber-security review ordered by President Barack Obama is now out in the open. But the question of how best to implement its suggestions remains. Members of the security community share their thoughts with eWEEK about where they would like to see the federal government begin.
- Now that the 60-day review of America's cyber-security strategy is public, the hard part can begin. With the challenge of implementing policies to shore up the nation's cyber-infrastructure lying ahead, some in the security community shared their thoughts on the first steps the Obama administrat...
Five Hacks That Will Challenge Obama's Cyber-security Plans
President Barack Obama has made cyber-security a priority since he took office in January. A month into his presidency, Obama appointed Melissa Hathaway to lead a review of the United States' cyber-security posture as acting senior director for cyberspace for the National Security and Homeland Security councils. On May 29, the administration released the report. But the report comes after news of several hacking incidents targeting both the government and the nation's infrastructure made their way into the public eye during the past few months. What are some of the major stories about hacks targeting U.S. government agencies and infrastructure in the past few years? eWEEK provides a short list of some of the better-known examples of hackers penetrating America's defenses in recent history.
Obama Declares Cyber-Security a National Security Priority, Talks Strategy
In a speech today, U.S. President Barack Obama pledged to treat the country's digital infrastructure as a strategic asset and announced the creation of the position of cyber-security coordinator. The White House also released the 60-day cyber-security review completed last month. The report outlines several areas of focus for the administration, from building a clear framework for responding to security incidents to promoting innovation in the security industry.
- U.S. President Barack Obama pledged a new era for the countrys cyber-security efforts today as White House officials pulled the covers off the 60-day review of the governments cyber-security posture. The document, available here, calls for anchoring leadership for cyber-security efforts at t...
Microsoft Warns of Attacks on Unpatched Windows Flaw
In Latest Warnings
Microsoft is warning that hackers are using booby-trapped QuickTime media files to exploit a newly discovered security hole in Windows 2000, Windows XP, and Windows Server 2003 systems. Microsoft said it is aware of "limited attacks" against an unpatched vulnerability in a Windows DirectShow component designed to process QuickTime files. The vulnerability is present in those operating systems and can be exploited whether or not users have QuickTime installed. From a post on the Microsoft's Security Research & Defense blog: The vulnerability is in the DirectShow platform (quartz.dll). While the vulnerability is NOT in IE or other browsers, a browse-and-get-owned attack vector does exist here via the media playback plug-ins of browsers. The attacker could construct a malicious webpage which uses the media playback plug-ins to playback a malicious QuickTime file to reach the vulnerability in Quartz.dll. Please note this type of attack could happen for any browsers, not IE
Obama: Cyber Security is a National Security Priority
In U.S. Government
President Barack Obama today pledged to make securing the nation's most vital computer networks a top economic and national security priority, broadly detailing the results of 60-day cyber security review that calls for a range of responses to help improve the security of information networks that power the government and the U.S. economy. Speaking at the White House this morning, the president said he would work to make sure the nation's core digital infrastructure is treated as a national asset. "Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient." Obama said. "We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage." As expected, Obama said he plans to create a new office at the White House to be led by a cyber security coordinator "responsible for orchestrating and integrating all cyber security
News: Obama launches cybersecurity initiative
Obama launches cybersecurity initiative
Information Security Incident Rating
By Richard Bejtlich
I've been trying to describe to management how close various individual information assets (primarily computers -- desktops, laptops, etc.) are to the doomsday scenario of sensitive data exfiltrated by unauthorized parties. This isn't the only type of incident that worries me, but it's the one I decided to tackle first. I view this situation as a continuum, rather than a "risk" rating. I'm trying summarize the state of affairs for an individual asset rather than "model risk."
…
I've reproduced the text below for future copying and pasting.
- Vuln 3 / Impact 1 / Intruder must apply substantial effort to compromise asset and exfiltrate sensitive data
- Vuln 2 / Impact 2 / Intruder must apply moderate effort to compromise asset and exfiltrate sensitive data
- Vuln 1 / Impact 3 / Intruder must apply little effort to compromise asset and exfiltrate sensitive data
- Cat 6 / Impact 4 / Intruder is conducting reconnaissance against asset with access to sensitive data
- Cat 3 / Impact 5 / Intruder is attempting to exploit asset with access to sensitive data
- Cat 2 / Impact 6 / Intruder has compromised asset with access to sensitive data but requires privilege escalation
- Cat 1 / Impact 7 / Intruder has compromised asset with ready access to sensitive data
- Breach 3 / Impact 8 / Intruder has established command and control channel from asset with ready access to sensitive data
- Breach 2 / Impact 9 / Intruder has exfiltrated nonsensitive data or data that will facilitate access to sensitive data
- Breach 1 / Impact 10 / Intruder has exfiltrated sensitive data or is suspected of exfiltrating sensitive data based on volume, etc.
President Obama's Real Speech on Cyber Security
By Richard Bejtlich
I was very surprised to read REMARKS BY THE PRESIDENT ON SECURING OUR NATION'S CYBER INFRASTRUCTURE, delivered yesterday…
Note: If you read this far I am sure you know this was not the President's "real speech." This is what I would have liked to have heard.
New US command to focus on cyber battlefield (AFP)
In politics
AFP - The US military is moving ahead with plans to create its first "cyber command" designed to bolster America's potential to wage digital warfare as well as defend against mounting cyber threats, officials said on Friday.
Obama to create White House cybersecurity post (Reuters)
In technology
Reuters - President Barack Obama said he will name a White House-level czar to coordinate government efforts to fight an epidemic of cybercrime, which even touched his presidential campaign.
New Obama 'czar' to thwart cyber spies, hackers (AFP)
In politics
AFP - President Barack Obama said Friday he would name a White House "cyber czar" to deter and defend against mounting criminal, espionage and hacker attacks on US government and private computer networks.
I Surf Unprotected (PC World)
In technology
PC World - That's right. I don't use any anti-malware apps.
HP Integrity Non-Volatile RAM Configuration Back-up Utility Firwmare Release Version 1.03.02 (c01755214)
Routine Customer Advisory (May 26 2009)
HP Integrity Non-Volatile RAM Configuration Back-up Utility Firwmare Release Version 1.03.02 (c01755214)
Description
The HP Integrity Non-Volatile RAM Configuration Backup Utility provides the capability to archive and restore critical system settings and EFI Boot Manager options on HP Integrity servers.
Products and Operating Systems
• HP Integrity Entry-level Servers, HP Integrity BL Server Blades, Telco & Carrier-grade Servers
• not applicable
Video: Watch a 'Tobias Attack' on the Medeco3 Cylinder Lock
By Wired.com Video Team
A Wired.com video extra to the Wired magazine story
The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit
By Charles Graeber
Tobias is laughing. And laughing. The effect is disconcerting. It's a bwa-ha-ha kind of evil mastermind laugh—appropriate if you've just sacked Constantinople, checkmated Deep Blue, or handed Superman a Dixie cup of kryptonite Kool-Aid, but downright scary in a midtown Manhattan restaurant during the early-bird special.
Ex-Employee Fingered in Texas Power Company Hack
By Kevin Poulsen
The FBI raids the man's house as it investigates a computer intrusion at a large Texas power company that crippled the firm's electric consumption forecasting for a day.
Obama Says New Cyberczar Won't Spy on the Net
By Kim Zetter
The administration's internet overseer will secure government networks and protect critical U.S. infrastructures, but will not spy on private networks.
U.S. Cyber-Spy Report Leaves Czar Role Open: Sources
By By Diane Bartz
WASHINGTON (Reuters) - The White House report on cyber-spying to be released on Friday is business-friendly and privacy-conscious but leaves the tech community waiting anxiously for a hint of how powerful a new "cyberczar" may be, a cybersecurity expert who has read the draft said.
The draft calls for a series of actions to be taken soon to secure Internet traffic, a critical part of the U.S. economy, said James Lewis, who is with the Center for Strategic and International Studies think tank.
But a second source and Lewis said the draft does not say whether the lead agency in securing the Internet should be the National Security Agency (NSA), which does cyber-spying, or the Department of Homeland Security.
Nor does it spell out how senior the top cybersecurity person would be, they said, raising the question of whether the decision would be made at the last minute or be put off.
A Small Business's Guide to the Cloud
A snapshot of cloud vendors: Amazon EC2, Google, Skytap, and VMware.
5 Tips for Businesses Entering Web 2.0
Tapping into social media to manage projects is a very efficient and forward-thinking way to keep everyone in the loop.
Kaspersky: A Profile of the Virus-Fighter
Here's an introduction to the person behind the antivirus software: Eugene Kaspersky.
Service Assesses Your iPhone's Security
The Center for Internet Security has posted an online analysis tool that assesses an iPhone's security based on its settings and apps.
Windows Bug Attracts Hackers
Microsoft issues security advisory for the third time in the past 90 days.
Obama's Cybersecurity Initiative Wins Praise
U.S. President Obama's cybersecurity announcement Friday elevates the issue to national attention, experts say.
Obama: Cybersecurity 'Coordinator' Won't Be 'Czar'
In addition to announcement, the president shares his plan for protecting the nation's critical IT infrastructure from attack.
FBI E-mail Clobbered After Virus
The FBI has been forced to restrict usage of an external unclassified network after it was reportedly hit by a virus.
Obama Announces New Cybersecurity Direction
U.S. President Obama unveils new cybersecurity goals, including the post of a government-wide cybersecurity coordinator.
I Surf Unprotected
In my experience, common sense and alert surfing are more valuable than antivirus bloatware.
No comments:
Post a Comment