Monday, June 8, 2009

Around The Horn vol.1,116

When XSS can cost you $10,000

By Robert A. on XSS

"Did you hear the one about the hacker-free e-mail service that was so confident about its enhanced security measure that it offered up $10,000 to anyone who could hack into it? It got hacked. Here’s the part that’s really crazy, though. There was initially some question as to whether or not...

Astalavista.com hacked

By Robert A. on IndustryNews

"For those who don't know of Astalavista, it was a popular website for "hackers" with relatively low-quality content. It started in 1994, and was one of the first search engines for computer security information. It hosted software exploits, and quickly degenerated into a forum for sharing software cracks, spyware, and virii....

Hacker named to Homeland Security Advisory Council

By Elinor Mills

Defcon founder Jeff Moss, aka Dark Tangent, is one of the newest members of the Homeland Security Advisory Council.

Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.

The HSAC members ...

Phishing Attack Targets last.fm Users

By Rik Ferguson on web

The current trend for abusing Web 2.0 sites in co-ordinated phishing attacks continues.   Users of the “world’s largest online music catalogue” are the latest victims. Unfortunate users receive a message in their last.fm shoutbox saying “hey - check out this blog with ur pic - http://ur.lc/[blocked]” or “hey check out this blog” again with an abbreviated [...]

After Twittercut get off the Twittertrain!

By Rik Ferguson on web

In a rapid follow up attempt to capitalise on the seemingly endless supply of users willing to sacrifice their login details for micro-blogging service Twitter please meet Twittertrain.   Yet another third party site, offering the dubious reward of having hundreds more complete strangers following you every single day. Would you want that in real life? Do [...]

The 6 Worst Cloud Security Mistakes

A look at the most common missteps with cloud computing security, and how to avoid them

Identity Protection Survey Rates Identity Force 'Best-in-Class'

ATM Attacks Cash-In on Vulnerable E-Life

In eBay

This week's ATM-based malware run stands as evidence of the fact that as a society we must recognize the ubiquitous threat for attack over any form of computing device.

Sears Settles FTC Spyware Charges

In Virus and Spyware

Sears has agreed to a settlement with the FTC over charges that it did not fully disclose its use of spyware.

Two biometric systems being tested

The Homeland Security Department has started testing two ways in which government officials, not airlines, could collect biometrics from non-U.S. air travelers as they leave the country.

The FCW.com Top Ten

Here's a look at the top stories FCW.com readers were watching for the week of June 1-5.

IG: DHS security clearances need IT help

The Homeland Security Department could improve its security clearance process by beefing up its computer support, IG says.

Air Force Names Cyberwarfare Commander

The 24th Air Force, which will likely be based at Lackland Air Force Base in Texas, will focus exclusively on cyberwarfare as part of the larger Air Force Space Command.

FTC Shuts Down 'Worst ISP In U.S.'

Pricewert LLC is accused of hosting and actively distributing child pornography, malware, and spam.

Federal CIO Kundra Looks Forward To Data.Gov 2.0

The upgrades to the site, which will be available in a few months, will feature new ways to find and use data, including the ability to tag data sets.

Avoid Housecalls From Rogue ‘Malware Doctor’

By Avelino Rico Jr on Web and Internet Safety

Yesterday, we came across to a new variant of a rogue security program. This one is called Malware Doctor, and we detect it as FakeAlert-D Trojan  with our DAT 5635. The new variant comes from the following web pages: hxxp://internetware-sa{blocked}.com/ hxxp://mal-ware{blocked}.net As do most other rogue security programs, Malware Doctor displays misleading fake alerts to entice users into buying a product to [...]

Consensus metrics for information security

On May 20, 2008, the Center for Internet Security (CIS) announced the public release of a set of metrics for information security. The organization is dedicated to helping "organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. Click Here to learn more about CIS's mission." Their charter was last updated in 2002 and is fully described online.

China demands new PCs have Web site-blocking program

China will require that Web filtering software be included with all computers sold in the country, another step up in its efforts to control pornography and other content on the Internet.

Man made $112,000 in bank account hacking scheme

A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers.

Summer Reading for Security Pros: Schneier or Sagan?

In one of the more famous episodes of the original "Star Trek" series -- "The Trouble With Tribbles" -- Capt. Kirk confines Chief Engineer Montgomery Scott to his personal quarters for getting into a bar fight.

Is PCI compliance a ticket to the boardroom?

Here are some PCI-related issues that should be of interest to senior management, and they may require you to make a trip to the boardroom.

Adobe will deliver its first quarterly patches next Tuesday

Adobe Systems will deliver its first set of quarterly patches next Tuesday as the company seeks to improve how it responds to security vulnerabilities in its widely used products.

ATM malware spreading around the world

Cash machines around the world are hosting malware that can harvest a person's card details for use in fraud, a situation that could worsen as the malware becomes more sophisticated, according to a security researcher.

Web 2.0 Security: Things to Know about the Social Web

Websense CTO Dan Hubbard outlines four ways companies can protect their information from threats and compromise on the social Web.

Germany, Google still in conflict over Street View data

Germany and Google remain at an impasse over how long certain data should be retained by the company for its Street View imagery.

Microsoft plans jumbo patch day next week

Microsoft plans to deliver 10 security updates next week to patch serious bugs in Windows, Internet Explorer (IE), Word and Excel.

Hackers claim $10,000 prize for breaking into StrongWebmail

Hackers love a challenge. And more than that, they love cash.

German hacker-tool law snares...no-one
Security researchers are put out

On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.…

Adobe's quarterly patch cycle to commence Tuesday
'Critical' fix for some, but not all

Adobe Software's new quarterly patch cycle will commence on Tuesday with an update that patches a severe vulnerability in some versions its Reader and Acrobat products.…

Pondlife scammers abuse Air France tragedy
Carradine death also cheap fodder

Cybercrooks are once again taking advantage of current events to push malware.…

Money mule cops plea in online brokerage hacking scam
Hee haw

A New Hampshire man has agreed to pay almost $112,000 and face prison time after admitting he was a mule in a scheme that hacked in to online bank and brokerage accounts and siphoned out large sums of cash.…

UK Communist website abused by Chinese hackers
Moaist malware mayhem

Updated The website of the Communist Party Of Britain has been infected with malicious code.…

Hackers scalp StrongWebmail to claim cash prize
$10,000 for successful schedule snoop

Ethical hackers are claiming a $10,000 prize for successfully breaking into the webmail account of the chief exec of StrongWebmail after the firm issued a "hack us if you can" challenge.…

MS warns of bumper patch batch
Six critical updates locked and loaded

Microsoft is having an especially bulky Patch Tuesday, with the release of ten updates - six of which will address critical flaws.…

Scareware Tactics, (Sun, Jun 7th)

It has been an interesting week. Lots of activity, but a slightly weird ...(more)...

Browsers indicating Sourceforge.net connection issue, (Sat, Jun 6th)

We've had a couple of reports about Sourceforge connection issues. Browsers display different messag ...(more)...

seclists.org post - "Like Checkpoint Tmobile has been owned for some time"., (Sat, Jun 6th)

...(more)...

ARRA/HIPAA Breach Reporting Dates Approaching, (Sat, Jun 6th)

September 14th, 2009 or thereafter The American Recovery and Reinvestment Act of ...(more)...

Don't TRY to hit me... Hit me!, (Fri, Jun 5th)

Remember that scene in the Matrix where Neo does that come 'n get me hand wave thing at ...(more)...

Chalk one up for the good guys, (Fri, Jun 5th)

Based on a complaint filed by the U.S ...(more)...

FTC shutters rogue ISP for hosting malicious content, botnets

By Robert Westervelt

Executives at Triple Fiber Network are suspected of recruiting bot herders and hosting botnet command and control servers.

XM Easy Personal FTP Server Multiple DoS Vulnerabilities

XM Easy Personal FTP Server is a easy use FTP server Application.

Joomla JA_Purity Multiple Persistent XSS

. An attacker can inject JavaScript or DHTML that will be saved in the cookie making persistent, running in the context of targeted user browser, allowing him to steal cookies.

HP DDMI Running on Windows Unauthorized Access

The vulnerability could be exploited remotely to gain unauthorized access to DDMI agents.

Drupal Flag Module Multiple Vulnerabilities

. The Flag module also contains cross site scripting vulnerabilities because it fails to properly sanitize content type names. Additionally the Flag module contains a SQL injection vulnerability because it does not properly sanitize variables before concatenating them into a SQL query.

Apple QuickTime Image Description Memory Corruption

. An attacker may overwrite crucial data such as function pointers, flags, heap structures and so forth. Doing so may allow an attacker to alter the normal control flow of the application and execute arbitrary code. A simple attack vector would be to lure the victim to browse to a web site controlled by the attacker, which serves a malicious QuickTime file that exploits this vulnerability.

Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability

Apple iTunes Protocol Handler Buffer Overflow Vulnerabilities

Apple CUPS NULL Pointer Vulnerability

CUPS provides a portable printing layer for UNIX based operating systems. It was developed by Easy Software Products and it is now owned and maintained by Apple Computer Inc. to promote a standard printing solution. It is the standard open source printing system for Mac OS X and other UNIX-like operating systems.

Identity Management as a Service Makes Strides

Identity and access management as a software-as-a-service offering is gaining steam in the market, according to analysts. Organizations are increasingly turning to SAAS approaches to IAM to cut costs and complexity.
- The economy may be in a downturn, but identity and access management as a service appears to be gaining steam. According to analysts, the market is growing steadily among both enterprises and smaller organizations alike. The reason cost savings and an end to the implementation and management ef...

Google Chrome Out for Mac and Linux - Just Don`t Download It

Google released versions of its Chrome browser through its developer channel for Mac and Linux, but warns users that the browser is not yet ready for primetime. The releases, officials said, are designed to get feedback and still have some bugs.
- Google has some advice for the average Mac and Linux user - dont download Chrome just yet. The versions of the Chrome browser released last night via Googles development channel still have some kinks in them and were only made available to allow developers to kick the tires, Google officials s...

Mark Rasch: Hacker-Tool Law Still Does Little

Hacker-Tool Law Still Does Little

News: FTC persuades court to shutter rogue ISP

FTC persuades court to shutter rogue ISP

Crisis 0: Game Over

By Richard Bejtlich

A veteran security pro just sent me an email on my post Extending the Information Security Incident Classification with Crisis Levels. He suggested a Crisis beyond Crisis 1 -- "organization collapses." That is a real Game Over -- Crisis 0. In other words, the cost of dealing with the crisis bankrupts the victim organization, or the organization is ordered to shut down, or any other consequence that removes the organization as a "going concern," to use some accountant-speak.
I guess the hunt is on now to discover example organizations which have ceased to exist as a result of information security breaches. The rough part of that exercise is connecting all the dots. Who can say that, as a result of stealing intellectual property, a competitor gained persistent economic advantage over the victim and drove it to bankruptcy? These are the sorts of consequences whose timeline is likely to evade just about everyone.
Putting on my historian's hat, I remember the many spies who stole the manufacturing methods developed by the pioneers of the Industrial Revolution in Great Britain, resulting in technology transfers to developing countries. Great Britain's influence faded in the following century.
I'm sure some savvy reader knows of some corporate espionage case that ended badly for the victim, i.e., bankruptcy or the like?
Incidentally, I should remind everyone (and myself) that my classification system was intended to by applied to a single system. It is possible to imagine a scenario where one system is so key to the enterprise that a breach of its data does result in Crisis 3, 2, 1, or 0, but that's probably a stretch for the worst Crisis levels. Getting to such a severe state probably requires a more comprehensive breach. So, let's not get too carried away by extending the classification too far.

Extending the Information Security Incident Classification with Crisis Levels

By Richard Bejtlich

Last week I tweaked my Information Security Incident Classification chart. Given recent events I might consider extending it to include Crisis 3, 2, and 1 levels.
Perhaps they would look like this. I previously alluded to "11" in my original post.

  • Crisis 3. 11 / Intruder has publicized data loss via online or mainstream media.
  • Crisis 2. 12 / Data loss prompts government or regulatory investigation with fines or other legal consequences.
  • Crisis 1. 13 / Data loss results in physical harm or loss of life.

I thought about these situations because of the latest Crisis 3, now affecting T-Mobile, as posted to Full-disclosure yesterday:
From: pwnmobile_at_Safe-mail.net
Date: Sat, 6 Jun 2009 15:18:06 -0400
Hello world,
The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is available in 98 of the 100 largest markets and 268 million potential customers.
Like Checkpoint[,] Tmobile [sic] has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.
We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder.
Please only serious offers, don't waste our time.
Contact: pwnmobile_at_safe-mail.net
Name Type Team Application Name ApplicationID Application Operating System IP Address Facility Blank Blank Blank Tier 1 Apps Tier 2 Apps ? Prod
protun03 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.185 HP-UX 11.11 BOTHELL_7 #N/A 64 1
protun04 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.186 HP-UX 11.11 BOTHELL_7 #N/A 64 1
protun05 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.187 HP-UX 11.11 BOTHELL_7 #N/A 64 1
protun06 Prod IHAP Caller Tunes 64 CallerTunes 10.1.16.188 HP-UX 11.11 BOTHELL_7 #N/A 64 1
...edited out 505 more server entries...
proxfr03 Prod Infra Connect Direct 106 Connect Direct 10.133.33.130 HP-UX 11.11 NEXUS #N/A #N/A 1
proxfr04 Prod Infra Connect Direct 106 Connect Direct 10.133.65.37 HP-UX 11.23 NEXUS #N/A #N/A 1

Talk about monetizing an intrusion. Can you imagine your company's data posted to a public forum like this?
This sort of incident is becoming more common. Remember the 8 million Virginian patient records from April?
ATTENTION VIRGINIA
I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(
For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. Now I don't know what all this shit is worth or who would pay for it, but I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver's license #).
...truncated...

Something similar happened to Express Scripts last year.
If this isn't enough to convince management that every active remote command and control channel presents clear and present danger to the enterprise, I don't know what is. All of these incidents started with an intruder gaining access to at least one system. If the organization doesn't take these incidents seriously, the next step could be public humiliation. You might say "the Feds will grab these guys." True, but what is the cost to the reputation of the victim organization?

Digital Situational Awareness Methods

By Richard Bejtlich

I've written about digital situational awareness before, but I wanted to expand on the topic as I continue my series of posts on various aspects of incident detection and response.
Here I would like to describe ways that an enterprise can achieve digital situational awareness, or a better understanding of their security posture. What is interesting about these methods is that they do not exclude each other. In fact, a mature enterprise should pursue all of them, to the extent possible allowed by technical and legal factors.

  1. External notification is the most primitive means of learning the state of the enterprise's security posture. If all you do is wait until law enforcement or the military knock at your door, you're basically neglecting your responsibilities to your organization and customers.
  2. Vulnerability assessment identifies vulnerabilities and exposures in assets. This is necessary but not sufficient, because VA (done by a blue team) typically cannot unearth the complicated linkages and relationships among assets and their protection mechanisms. You have to do it however, and knowing your vulnerabilities and exposures is better than waiting for a knock on the door.
  3. Adversary simulation or penetration testing identifies at least one way that an adversary could exploit vulnerabilities and exposures to compromise a target or satisfy a related objective. AS (done by a red team) shows what can be done, moving beyond the theoretical aspects of VA. Many times this is the only way to really understand the enterprise and prove to management that there is a problem.
  4. Incident detection and response shows that real intruders have compromised the enterprise. If you think it's bad to see your red team exfiltrate data, it's worse when a real bad guy does it. Knowing that intruders are actively exploiting you is almost the best way to achieve digital situational awareness, and it's usually the highest form an enterprise can practice since it's closest to the ground truth of the state of the enterprise.
  5. Counterintelligence operations are the ultimate way to achieve digital situational awareness. As I wrote in The Best Cyber Defense, this means finding out what the enemy knows about you. I covered this extensively in the referenced post, but now you can see where counterintelligence fits in the overall digital situational awareness hierarchy.

Incident Detection Paradigms

By Richard Bejtlich

This is the second in a series of "mindset" posts where I'd like to outline how I've been thinking of various aspects of incident detection and response. My primary focus for these discussions will be intrusions.

I'd like to discuss incident detection paradigms. These are ways that security people tend to think when they are trying to identify intrusions. I'm going to list the three attitudes I've encountered.

  1. Detection is futile. This school of thought says that some intruders are so crafty that it is not possible to detect them. I consider this paradigm short-sighted and defeatist. If you read the intruder's dilemma you'll know that it is generally not possible for intruders to hide themselves perfectly, continuously, perpetually. True, as the intruder's persistence time decreases, and as the amount of data exfiltrated decreases, it becomes more difficult to detect the intruder. However, both conditions are good for the defense. The question for the intruder is how persistent and successful he can be without alerting the defender to his presence.
  2. Sufficient knowledge. This school of thought says that it is possible for a defender to know so much about an intruder's actions that one can apply that understanding to automated systems to detect the intruder. This is essentially the opposite of the futility school. Unfortunately, this paradigm is unrealistic too. As I mentioned in Security Event Correlation: Looking Back, Part 3, the natural question to ask if one believes the sufficient knowledge paradigm is this: if you can detect it, why can't you prevent it?
    As I explained in Why is the Snort IDS still alive and thriving?, that question supposedly made "IDS dead" at the expense of IPS. Users and vendors who believe the sufficient knowledge school expect security people to be satisfied when they receive an alert that something bad happened, but the analyst is not given sufficient evidence to validate that claim.
  3. Indicators plus retrospective security analysis. In good debating style I save the best approach for last. I wish I had a better name but this phrase captures the essence of this paradigm. Here the analyst recognizes that any alert or other input one collects and analyzes is simply an indicator. Indicators may have various levels of confidence associated with them, but the importance of an indicator is that it should signal the start of the analysis process. Validating the indicator to produce a warning that can be escalated to perform incident response is accomplished by analyzing sufficient evidence. This evidence can be network traffic or data about network traffic, system logs, host information, and so on.
    As I discussed in Black Hat Briefings Justify Retrospective Security Analysis, once an analyst has learned of new indicators to detect advanced intruders, he can apply them to stored evidence. Retrospective security analyst finds the crafty intruders missed by traditional approaches, but it requires sufficient digital situational awareness to know how to proceed.

I'll discuss different digital situational awareness paradigms in a later post.

Incident Phases of Compromise

By Richard Bejtlich

This is the first in a series of "mindset" posts where I'd like to outline how I've been thinking of various aspects of incident detection and response. My primary focus for these discussions will be intrusions.

First I'd like to discuss phases of compromise, again primarily designed for intrusions. They can be extended to other scenarios, but as with other recent posts I'm focusing on advanced persistent threats who operate beyond the norms of regular intruders. I've listed the phases elsewhere but they are relevant here; I've also expanded the last phase. I list the information security incident classification for each where appropriate.

  1. Reconnaissance. Identify target assets and vulnerabilities, indirectly or directly. Cat 6.
  2. Exploitation. Abuse, subvert, or break a system by attacking vulnerabilities or exposures. If the intruder does not seek to maintain persistence, then this could be the end of the compromise. Cat 2 or 1.
  3. Reinforcement. The intruder deploys his persistence and stealth techniques to the target. Still Cat 2 or 1, leading to Breach 3.
  4. Consolidation. The intruder ensures continued access to the target by establishing remote command-and-control. Breach 3.
  5. Pillage. The intruder executes his mission. Here we assume data theft and persistence are the goals.
  • Propagation. Intruders usually expand their influence before stealing data, but this is not strictly necessary. At this point the incident classifications should be applied to the new victims.
  • Exfiltration. The intruder steals data. Depending on the type of data, Breach 2 or 1.
  • Maintenance. The intruder ensures continued access to the victim until deciding to execute another mission.

With these phases of compromise outlined I'll have them ready for later reference.

Information Security Incident Classification

By Richard Bejtlich


 

 

 

 

 

 

Thank you to those who commented on my previous post on this subject. I've had a few people ask to use this chart, but I wanted to clarify a few items now that there has been some good public and private discussion about it.
My intention with this chart is to help classify an incident involving compromise of an individual system. There are plenty of other sorts of information security incidents, but at the moment this is the biggest problem I deal with on a daily basis. I need a way to talk about the state of an individual compromised asset. I found the traditional DoD Category system wasn't sufficient, especially in the post-Cat 1 world. I still like those Categories but I needed to go further (post-exploitation) and for one of my constituents, backwards (to when a system is just vulnerable, but no one is yet interested in it -- as far as we can tell).
I decided to call this updated chart a "classification" rather than a "rating," and to remove the label "impact." The words rating and impact imply "risk" and asset value to some degree, and I'm not talking about either here. This is a little bit like assigning a CVE number; it says nothing about the seriousness of the vulnerability, but at least we can all reference the same vulnerability. With my chart I can now build service expectation timelines around the incident type. I can also quickly understand where we are with any incident when one of our team says "we have a Cat 1, but our perimeter defenses appear to have contained the incident so it has not reached Breach 3 status."
I think it is important to keep in mind that having anything remotely approaching a valid understanding of "risk" requires a great deal of understanding about the assets in question. Not only must you understand the nature of the compromised asset (its function, normal usage patterns, its inputs, its processes, its outputs), but you must understand the means by which the asset interacts with the network, any trust relationships, and many other factors. In most cases the only way to gain a real appreciation of these real-world conditions is to either 1) observe the intruder in action, seeing what he can do or get, or 2) red-team the system yourself to see what you can do or get. Modern systems and enterprises are far too complex for anyone to sit back like Mycroft Holmes and truly understand the "risk" of a compromise.
I should also say that I would never expect to tell a manager that we have discovered a Breach 2 and then walk away. The natural next question involves the issues of the previous paragraph, and answering them takes far longer than the process of detecting and validating the incident. If you doubt me, try talking to the office in the DoD that does nothing but computer incident damage assessment all day long.
Incidentally, please feel free to use this diagram, providing you cite the source. I am encouraged when others seek to adopt this sort of language for their own programs, because it moves us closer to having common ways to discuss operational problems. Thank you.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Man Made $112,000 in Bank Account Hacking Scheme (PC World)

In technology

PC World - A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers.

ATM Malware Spreading Around the World (PC World)

In technology

PC World - Cash machines around the world are hosting malware that can harvest a person's card details for use in fraud, a situation that could worsen as the malware becomes more sophisticated, according to a security researcher.

Firewall Flaws and How to Fix Them

Startup warns that traditional firewall strategies aren't keeping up with new threats and methods.

Securing the Social Web at Work

Things every IT manager needs to know about Web 2.0 security as Facebook and Twitter enter the office.

Obama's Cybersecurity Dream Could Come True

Pinch me: The White House's Cyberspace Policy Review is the best news yet for Internet security

ATM Malware Spreading Around the World

ATMs around the world are hosting malware that can harvest a person's card details for use in fraud, a situation that could worsen.

Twitter fights celeb imposters with Verified Account scheme
Attempt to kybosh 'Kanye' and stymie 'Spector'

Twitter has detailed plans to clamp down on celebrity imposters with a "verified account" service.…

Hackers claim T-Mobile scalp
US division puts brown trousers on standby

Updated Hackers claim to have stolen all T-Mobile US's corporate data, customer accounts, network infrastructure - the whole lot.…

Kloxo (formerly Lxadmin) Vulnerability Exploited, (Mon, Jun 8th)

We've had several readers (Kirk being the first) alert us to a vulnerability in Klaxobeing exp ...(more)...

McAfee Makes Network Security Push Against Rivals

McAfee detailed its strategy to take on Cisco, Check Point Software Technologies and others in the network security market. Leveraging technology acquired from Secure Computing, McAfee is starting its network security push with new firewall offerings. The company is also touting new integration with its ePO software.
- McAfee outlined its network security strategy, tracing a bulls eye around companies like Cisco and Check Point Software Technologies. Unveiling three new firewall-related products, McAfee officials said the key to their strategy will be integration and unified management. To that end, McAfee has ...

No comments:

Post a Comment

My Blog List