Friday, June 12, 2009

Around The Horn vol.1,119

Forefront Threat Management Gateway Beta 3 arrives

By emil.protalinski@arstechnica.com (Emil Protalinski) on Microsoft Forefront

Microsoft Forefront Threat Management Gateway (TMG) is a secure Web gateway that helps protect corporate assets and employees from Web threats while also delivering unified perimeter security to protect networks from attack. Beta 3 of Forefront TMG is available for download from the Microsoft Download Center (1062.7 MB) along with the accompanying release notes and deployment guide. This is the last planned beta; the final version is still slated for the first half of 2009.

Microsoft readying details on Morro

By emil.protalinski@arstechnica.com (Emil Protalinski) on Morro

Morro is the codename for a free real-time antimalware solution for consumers to be released in the second half of 2009. It will offer basic features for fighting viruses, spyware, rootkits, and trojans. I'm very interested in checking out Morro, if only because I see it as something like the free Windows Defender with a much wider scope. Microsoft has kept pretty quiet on Morro, but it appears that the software giant is getting ready to lift up the curtain. According to Reuters report, Morro will soon be going into test mode:

Phrack 66 is out!

By Robert A. on Research

IntroductionTCLH Phrack Prophile on The PaX TeamTCLH Phrack World NewsTCLH Abusing the Objective C runtimenemo Backdooring Juniper FirewallsGraeme Exploiting DLmalloc frees in 2009huku Persistent BIOS infectionaLS and Alfredo Exploiting UMA : FreeBSD kernel heap exploitsargp and karl Exploiting TCP Persist Timer Infinitenessithilgore Malloc Des-Maleficarumblackngel A Real SMM RootkitCore Collapse Alphanumeric RISC...

SHA-1 collisions achievable

By Robert A. on Research

"The researchers, from Macquarie University in Sydney, Australia, found a way to break the SHA-1 algorithm in significantly fewer tries than previously required. Although the hash function was previously believed to withstand attempts numbering 263, the researchers have been able to whittle that down to 252, a number that puts practical...

Look Ma, I created a botnet!

By Elinor Mills

The abstract concepts of "botnet" and "Trojan" just became a lot more concrete for me.

In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them ...

Two new Mac attacks surface

By Elinor Mills

This is the message visitors to the porn site get which tricks them into installing an ActiveX object to watch a video but instead downloads a Trojan. This screenshot shows a Windows machine, but the malware targets Macs too.

Security experts have discovered two new attacks targeting Mac ...

Google Native Client grows out of research phase

By Stephen Shankland

Satisfied that its security underpinnings are solid, Google has promoted its open-source Native Client technology to accelerate Web applications out of its research phase and is taking steps to build it into the Chrome Web browser.

"Based on our experience to date, we believe that the basic architecture of our ...

What's your identity fraud risk level?

By Elinor Mills

The My ID Score site said I had a low risk of identity fraud.

Like many people, I'm worried about identity fraud. Not paranoid, just generally curious what the chances are that I could be victimized by things like mail theft. Sure, I could sign ...

Microsoft takes aim at fake antivirus program

By Elinor Mills

Updated 2:45 p.m. PDT with Barracuda Networks warning of Web site promoting rogue program using the Barracuda brand.

Microsoft's Malicious Software Removal Tool was updated this week to detect a generic type of fake antivirus program known as "Win32/InternetAntivirus."

The Microsoft Malware Protection Center gives Win32/...

NASA hacker McKinnon 'at risk,' lawyer says

By Tom Espiner

Lawyers acting for Gary McKinnon say the self-confessed NASA hacker runs the risk of becoming psychotic and suicidal if his extradition to the U.S. goes ahead.

Edward Fitzgerald, QC, described the risk during a hearing on Tuesday at the Royal Courts of Justice in London. Judges Lord Justice Stanley ...

FBI Unclassified E-mail Network Owned By Virus

By Darknet on national-security

If the FBI e-mail network can get owned by a virus, what hope does the average joe have when it comes to keeping their e-mail secure? It must be pretty serious too if it actually forced them to shut down the Internet facing e-mail network, it seems like it was down for at least a week [...]

FTPXerox v1.0 – FTP File Transfer Sniffer

By Darknet on network-sniffing

This is an old tool, but still useful. I saw someone asking for a tool to grab FTP files from the wire without using something like Wireshark, which brought me to this tool – FTPXerox. FTPXerox grabs files that are transferred across the network using the FTP protocol. It was written to demonstrate the fact that [...]

Report: No Magic Bullet For Database, Server Security

New Forrester Research report says encryption, data monitoring technologies key tools for now

Researcher Attempts To Dispel Damaging Botnet Myth

Enterprises getting bitten with bot infections by assuming botnets use a single form of malware, researcher says

Microsoft Joins Aero & Defense Consortium

In Vulnerability Research

Microsoft has joined the TSCP, an international standards body for aerospace and defense contractors, to help improve governement security.

IT Security's Weakest Link May Be Us

In Intrusion Detection/Prevention

A chain is only as strong as its weakest link, and in IT security, that sometimes is the end user. A study by the Ponemon Institute has found that nearly half of those surveyed said security policies at their company were largely ignored.

Experts urge federal efforts on cybersecurity

Experts from industry and academia today urged more federal involvement in cybersecurity research, development and education.

IG: Dulles IT security needs more work

The Homeland Security Department has made progress on IT security at Dulles International Airport, but gaps remain, says a new report.

China's Internet Filtering Plan Widely Criticized

Critics claim "Green Dam Youth Escort" Internet filtering software for PCs violates licensing agreements and anti-monopoly laws.

Microsoft To Launch Morro Antivirus 'Soon'

The free offering will replace subscription Windows Live OneCare service.

Rollout: How Much Is Bot Detection Worth To You?

Damballa's appliance shows promise, but it still has a lot of ground to cover.

Insider Snooping Becoming More Common

In a survey, most respondents acknowledged being able to circumvent security access controls at their workplace.

Symantec, McAfee In Settlement Over Subscriptions

Both companies will pay $375,000 in penalties and costs and will now make detailed disclosures to consumers.

Microsoft Fixes Record Number Of Vulnerabilities

The company's June Patch Day included 10 security bulletins to fix 31 threats in Microsoft products.

Air Force Names Cyberwarfare Commander

The 24th Air Force, which will likely be based at Lackland Air Force Base in Texas, will focus exclusively on cyberwarfare as part of the larger Air Force Space Command.

Worms Dig Further Than Thumb Drives

By Kevin Beets on Web and Internet Safety

Most every day I see AutoRun worms such as this one. You may know the kind, the worms that are designed to replicate onto removable drives. There is certainly no shortage of these little monsters. Often the worm, although problematic itself, is just the harbinger of potential doom. More malicious malware obtained by these worms [...]

Dumb Malware Authors Cause More Damage Than Smart Ones

By Pedro Bueno on Web and Internet Safety

I don’t really know which is worse: a dumb or a smart malware writer. Brazilian malware writers fall into the first category: bad coders and dumb. It’s as simple as that. While checking a very recent PWS-Banker Trojan (the malware that steals banking information), I came across a variant. This one targets three Brazilian banks–Bradesco, Itau, [...]

Spammers Take Advantage of Air France Crash

By Francois Paget on Spam and Phishing

As we foresaw, spammers have used the Air France AF447 disaster to catch people’s attention and prompt them to open fake news emails related to this event. Less than two weeks after the crash, the firsts emails started to spread. We’ve seen the following subjects: A-330 blackbox record Another plane crushed Last seconds of plane When opened, all these [...]

Zero-day Exploit Leads to Apparent Suicide

By Gaith Taha on Zero-Day

This is tragic news, indeed. We have heard of software flaws costing customers hefty amounts of money, man hours, bandwidth, disk space, etc. But now the cost has reached an unprecedented level–causing HyperVM’s creator to apparently commit suicide. The problem started earlier this week, when a large web host company that relied on HyperVM to [...]

ATM Malware Makes Withdrawals in Russia

By Francois Paget on Rootkits and Stealth Malware

We frequently encounter password stealers and backdoors in computers after their owners have browsed unsafe websites or opened unknown email attachments. It is more unusual, however, to see these malware directly implemented in banks’ automated teller machines. In these cases, Trojans have to be installed by people who have physical access to the machines. Data [...]

French court to pirates: Three strikes and ... then what?

France's highest legal authority has ruled as unconstitutional a government plan to cut off, without trial, Internet users accused of copyright infringement.

Free Microsoft antivirus 'coming soon'

A beta version of Microsoft's free antivirus software - codenamed Morro - will soon be available from the company's website, according to a report.

Insider snooping on the rise: IT security survey

Over a third of IT staff admit to abusing admin rights to snoop at confidential information like colleagues' salary details and redundancy lists, according to a new study.

Microsoft Readies Free Antivirus App

Microsoft will soon launch a public beta version of its new free security software product for Windows 7, Vista, and XP Service Pack 3 customers. The antivirus program, which is code-named Morro, will replace Windows Live OneCare, Microsoft's retail security suite, which will be discontinued at the end of this month.

Brand Protection: The Expanding CSO Portfolio

Pizza isn't typically a topic of conversation in company meetings at Caterpillar, the world's largest maker of construction and mining equipment, diesel and natural gas engines, and industrial gas turbines. But a recent unfortunate incident involving Domino's Pizza had a special team tasked with protecting Caterpillar's brand integrity taking notes and buzzing about how quickly a simple video can suddenly drag a massive corporate name through the mud.

Parents in the dark about children's web habits

Over half of all parents admit they have no idea what their children get up to when they log on, according to research from Trend Micro.

ICO gives mobile number database the go-ahead

The Information Commissioner's Office (ICO) has given a new directory enquiry service for mobile phone numbers the go-ahead, despite concerns raised by privacy campaigners.

The Internet is incomplete, says its co-designer, Vinton Cerf

Vinton Cerf, the co-designer of the Internet's basic architecture, said the Internet "still lacks many of the features that it needs," particularly in security, in a blunt talk to a tech industry crowd.

Govt 'obsession' killed national access card

A former head of Australia's failed $1.1 billion Access Card said the project crashed because of the then Howard government "obsession" with delivering a mandatory single identity card, rather than back-end efficiency.

Adobe fixes security bugs in Reader, Acrobat

Adobe has released critical security patches, fixing 13 bugs in its Reader and Acrobat software.

Symantec, McAfee to pay fines over auto-renewals

Antivirus vendors Symantec and McAfee have agreed to pay the New York Attorney General's office US$375,000 in fines to settle charges that they automatically charged customers software subscription renewal fees without their permission.

Experts: Gov't needs to spend more on cyber R&D

The U.S. government needs to spend more money on cybersecurity research and development and on education programs in order to fight a rising tide of attacks against government and private groups, cybersecurity experts told U.S. lawmakers.

Web App Firewalls: How to Evaluate, Buy, Implement

A Web application firewall (WAF) is designed to protect Web applications against common attacks such as cross-site scripting and SQL injection. Whereas network firewalls defend the perimeter of the network, WAFs sit between the Web client and Web server, analyzing application-layer traffic for violations in the programmed security policy, says Michael Cobb, founder of Cobweb Applications, a security consultancy.

More employees neglecting data security, survey says

More employees are ignoring data security policies and engaging in activities that could put a company at risk, according to a survey released by Ponemon Institute on Wednesday.

Working with consultants

One of the great developments of evolution and of civilization was specialization or the division of labor: allowing individuals to become really good at specific tasks without having to worry about all the other kinds of activity required to support life.

Adobe patches 13 critical PDF bugs in first quarterly update

Adobe issued its first regularly-scheduled security updates on Tuesday, fixing at least 13 critical flaws reported by outside researchers and secretly patching an unspecified number of bugs found by its own team.

Carphone Warehouse slams gov't web piracy tactics

Charles Dunstone, CEO of Carphone Warehouse, has slammed plans by the government to restrict the broadband speed of web users caught illegally downloading.

Business fears ICANN domain changes will fuel crime

A high percentage of UK businesses have no idea that the Internet's top-level domains (TLDs) are to be liberalised next year and some of those who do fear it will simply put them at the mercy of cybersquatters, an in-depth survey for domain outfit Gandi has found.

Evolution of the CSO

It's been almost 15 years since David Kent first came to Genzyme, a biotech firm headquartered in Cambridge, Mass., that develops medical treatments for ailments such as certain genetic diseases and some forms of cancer. In 1994, the company had less than $200 million in sales, and only about 1,000 employees-a stark contrast to its worldwide workforce of 11,000 today and the $4.6 billion in revenue it reported in 2008.

Symantec issues wireless keyboard warning

Symantec is urging wireless keyboard users to consider the security of the devices following a project that interpreted keystrokes by analysing the electromagnetic signals produced when keys are pressed.

Alarm sounded over wireless keyboard sniffer

Security vendor Symantec is so concerned about the potential misuse of a new wireless keyboard sniffer it has put out a warning about the technology.

RSA chief: The job of security guy is not to be 'Doctor No'

IT security managers should enable cloud computing by learning how to manage risk, says RSA chief Art Coviello.

Warning letter would stop 30% of illegal downloaders

Just one third of illegal downloaders would stop their file sharing activities if they received a letter from their ISP, says Wiggin.

1Password adds support for Safari 4

With Apple's release of Safari 4, Agile Web Solutions has updated its 1Password software to 2.9.19, adding support for the new version of the Web browser. It's a free update for version 2.x users, and costs $40 for a new license.

Latest Kaspersky suite overloads on security

Kaspersky Lab has pre-announced its latest all-in-one security suite with the lure that it has packed even more protection layers of into one software product.

Chrome update completes busy browser patch week
Time for an industry patch day?

Google has pushed out an update designed to fix a pair of vulnerabilities involving the WebKit application framework that underpins its Chrome browser.…

Chinese firm hits back at cyberspy claims
Huawei welcomes UK.gov backdoor probe

Exclusive Chinese networking giant Huawei is battling suggestions it could be in collusion with the Beijing government and could cause massive disruption to UK communications in a future cyber conflict.…

Firefox update squashes 9 security bugs, 4 critical
Get yours today

Mozilla has released a new version of its Firefox browser that plugs nine security holes, four of which are rated "critical," the foundation's highest vulnerability level.…

Apple fans targeted by smut-punting malware
Uh, it's a booby trap

VXers are targeting Mac fans via a pair of new malware-themed attacks, one of which is on offer through what purports to be a portal for adult videos.…

Security holes poked in Chinese compulsory PC filter plan
Green Dam it all

Plans to mandate the use of a particular brand of censorware software in China pose a grave security risk, security watchers and net privacy activists warn.…

Symantec, McAfee cough up $750,000 on auto-renewals
'Hide the ball' suspended

Symantec and McAfee have agreed to pay $375,000 apiece to settle charges they charged fees against customer credit cards without authorization.…

Crypto attack puts digital sig hash on collision course
SHA-1, your time is near

Cryptographers have found new chinks in a widely-used digital-signature algorithm that have serious consequences for applications that sign email, validate websites, and carry out dozens of other online authentication functions.…

T-Mobile downplays hacking fears
'No evidence customer data compromised'

T-Mobile USA is fighting suggestions its systems were breached by hackers with a new statement clarifying that although the limited data posted on an underground forum was genuine its ongoing investigation has uncovered no evidence of a wider compromise.…

Amazon, Apple dish up $300,000 to 'musical crims'
Better than busking for a living

A gang of cyber fraudsters were arrested this morning after allegedly making tens of thousands of pounds by buying their own records from Apple iTunes and Amazon using stolen credit cards.…

StrongWebmail holds up hands to hack, plots further challenge
Er... best of three, chaps?

StrongWebmail has conceded that a group of ethical hackers beat its systems to claim a $10,000 prize, while reiterating its commitment to callback verification technology and plotting a further "hacker challenge".…

Virtual Rapid Response Systems

Category: Incident Handling

Paper Added: June 11, 2009

DTV Flag Day, (Fri, Jun 12th)

Today is transition day for digital television in the United States. This reminds me of ...(more)...

Firefox 3.0.11 is available, (Thu, Jun 11th)

One thing is for sure! Our ISC readers love their Firefox. We have received a number of ...(more)...

Dshield Web Honeypot going beta, (Thu, Jun 11th)

We started the Dshield Web Honeypot project roughly one year ago. The goal of this project is to rep ...(more)...

WHO Declares Flu A(H1N1) a Pandemic, (Thu, Jun 11th)

Several media outlets are reporting that the World Health Organization (WHO) has officially declared ...(more)...

MIR-ROR Motile Incident Response - Respond Objectively Remediate, (Thu, Jun 11th)

Anybody who reads my diaries has long since figured out that I am a big fan of the Sysinternals tool ...(more)...

Guilty Plea in Brokerage Account Trojan Scam (June 5 & 6, 2009)

Alexey Mineev has pleaded guilty to one count of conspiracy to defraud the US and one count of money laundering for his role in a scam that stole thousands of dollars from online brokerage accounts.......

Attack on Web Hosting Provider Knocks Out 100,000 Sites (June 8, 2009)

An attack on UK web hosting provider Vaserv has reportedly destroyed data for about 100,000 websites.......

Four Detained In Connection With Attack on Chinese DNS Provider (June 3, 2009)

Four people have been detained by Chinese police in connection with a distributed denial-of-service (DDoS) attack that interfered with Internet access in several provinces on May 19, 2009.......

No Bias in Pirate Bay Convictions (June 8 & 9, 2009)

The Stockholm District Court of Appeals has ruled that the judge who found the four co-founders of Pirate Bay guilty of copyright infringement was not biased.......

DEFCON/Black Hat Founder Among New Members of Homeland Security Advisory Council (June 8, 2009)

Among the 16 members of the Homeland Security Advisory council sworn in on Friday, June 5 is DEFCON and Black Hat security conference founder Jeff Moss.......

Sweden's Pirate Party Wins European Parliament Seat (June 8, 2009)

The Pirate Party has won one of Sweden's 18 seats in the recent elections to the European Parliament.......

UK Information Commissioner Publishes Updated Data Privacy Handbook (June 5 & 8, 2009)

The UK Information Commissioner's Office (ICO) has issued an updated version of the Privacy Impact Assessment Handbook.......

Japanese Online Marketplace Rakuten Selling Customer Data to Some Vendors (June 6, 2009)

The operator of Japanese online retail site Rakuten Ichiba has been accused of selling customers' personal information.......

Wisconsin DOT Officials Sued for Alleged Violation of Driver's Privacy Protection Act (June 4, 2009)

Three Wisconsin women are suing state Department of Transportation (DOT) officials for allegedly selling drivers' personal information.......

Adobe's First Quarterly Security Update Slated for Tuesday (June 5, 6 & 8, 2009)

Adobe is scheduled to release its first scheduled quarterly security update on Tuesday June 9, 2009.......

T-Mobile Looking Into Data Theft Claims (June 8, 2009)

T-Mobile is investigating reports that cyber criminals have stolen data from the company's internal servers.......

China to Require Anti-Pornography on PCs Sold Domestically (June 8 & 9, 2009)

As of July 1, 2009, the Chinese government will require PCs sold in that country to come with pre-installed pornography-blocking software.......

BITS releases guide for implementing email authentication protocols

By Marcia Savage

Organizations aims to help financial-services firms fight phishing attacks with paper on deploying Sender Policy Framework and Domain Keys Identified Mail protocols.

Cloud computing security begins with infrastructure assessment

By Eric Ogren

The challenge for security teams is to safely integrate extended cloud capabilities into corporate policies and procedures.

Cloud security begins with infrastructure assessment

By Eric Ogren

The challenge for security teams is to safely integrate extended cloud capabilities into corporate policies and procedures.

Dynamic Data Obfuscation Comes to U.S.

Silos-Connect Technologies CEO Tony Cannizzo says notorious data breaches are leading people to overemphasize endpoint security, when it is equally important to secure data at its database source. Cannizzo says protecting data in databases goes beyond static encryption and requires a flexible approach to data obfuscation.
- Thieves making off with laptops, hackers planting a Trojan in a store kiosk to send data to the Ukraine these are the data breaches that gather the headlines. The result is an overemphasis on endpoint security, according to Tony Cannizzo, CEO of Silos-Connect Technologies, a distributor of data...

Microsoft Exec May Be Obama's Cyber-Czar Pick

Microsoft Corporate Vice President for Trustworthy Computing Scott Charney has made President Obama's short list to become the nation's cyber-czar, according to reports. Also on the list are Sun Microsystems Distinguished Engineer Susan Landau and Paul Kurtz, who led Obama's cyber-security transition team.
- Scott Charney, head of Microsoft's cyber-security division, and Paul Kurtz, who led Obama's cyber-security transition team, are heading the list to serve as President Obama's new cyber-security czar, according to Reuters. Citing unnamed sources, Reuters also said former Rep. Tom Davis, Sun Mic...

Trojan Targeting Mac Spreads as Attackers Eye Apple

Security researchers at Sophos and ParetoLogic uncover a new variant of a Trojan targeting Mac computers. The discovery follows buzz triggered by Apple once again publishing old advice suggesting its customers use anti-virus software for additional protection.
- Security researchers have uncovered an updated version of malware targeting Mac computers. The discovery comes after some in the security industry called attention to Apple again repeating old advice on using anti-virus software as an additional layer of protection in the Security Advice section ...

Five iPhone Security Tips for IT Departments

With the popularity of Apples iPhone on the market, IT managers need to think about how to secure the iPhone when it comes into their networks. Smart policy is the name of the game. With that in mind, The Center for Internet Security recently released a security benchmark for the iPhone to help both administrators and end-users better secure data stored on the device. In a document entitled the CIS Security Configuration Benchmark for Apple iPhone, CIS included 20 recommendations on subjects such as system settings and instructions on creating strong passwords. The advice, which applies to those who have not yet upgraded to iPhone 3GS, was created based on input from a diverse set of experts from the worlds of IT security, software developers and other fields. eWEEK has selected some of the recommendations and included how to set your iPhone to be more secure.
- ...

How to Combat Software Piracy: From Reaction to Revenue Recovery

Software piracy is not a new issue for software vendors. After all, software is valuable intellectual property. However, in different segments of the software market, the strategies and opinions on how to combat the software piracy issue can be very different. Here, Knowledge Center contributor Victor DeMarines explains the stages of an anti-piracy strategy, and how software vendors' strategies evolve from denial and reaction to realization and revenue recovery.
- As someone who has spent a lot of time discussing piracy with the ISV community and researching the piracy scene, I believe what a software vendor does to combat piracy is directly proportional to its knowledge of the piracy scene motivations and its own piracy activity trends. In fact, you can...

Symantec, McAfee Reach Settlement with N.Y. AG over Probe

Symantec and McAfee both agree to pay a fine and change their procedures in response to a probe by the New York attorney general's office. According to investigators, Symantec and McAfee failed to adequately notify customers about the terms of the subscription renewal process and charged customers without their consent.
- Security software vendors McAfee and Symantec have agreed to pay $375,000 apiece as part of a settlement with the New York Attorney General's office, Attorney General Andrew M. Cuomo announced June 10. At issue were accusations that the companies renewed customers' software subscriptions withou...

Spear-Phishing Gang Resurfaces, Nets Big Catch

In Latest Warnings

A prolific phishing gang known for using sophisticated and targeted e-mail attacks to siphon cash from small to mid-sized business bank accounts appears to be back in operation after more than a 5-month hiatus, security experts warn. From Feb. 2007 to Jan 2009, analysts at Sterling, Va., based security intelligence firm iDefense tracked 38 separate phishing campaigns from am Eastern European gang they simply call "Group A." iDefense believes this group was one of two responsible for a series of successful phishing attacks that spoofed the U.S. Better Business Bureau (BBB), the U.S. Department of Justice, the IRS, as well as Suntrust and payroll giant ADP. Last summer, authorities in Europe and Romania are thought to have arrested most members of a rival BBB phishing gang that iDefense called Group B. While the type of tricks that Group A employs once victims are hooked have grown more sophisticated, the initial

Adobe Issues Security Updates for Reader, Acrobat

In New Patches

Adobe Systems Inc. on Tuesday released security updates to remedy at least 13 security flaws in its PDF Reader and Acrobat software. Updates are available for Mac and Windows versions of both programs. Last month, Adobe said it would begin rolling out security updates every three months, and yesterday was the first installment under that program, which is timed to coincide with Microsoft's Patch Tuesday in a bid to lighten the load on businesses that have to test these patches before deploying them. The latest update brings both Reader and Acrobat to version 9.1.2. Users can grab the latest versions via the updater built-in to the programs (from the menu, click "Help," then "Check for Updates") or from the links in the accompanying security advisory for this rollup.. Adobe said security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009.

Brief: MSFT, Adobe and Apple patch together

MSFT, Adobe and Apple patch together

China take steps to deal with SMS spam messages (Reuters)

In technology

Reuters - China will limit the number of messages that a mobile number can send per day to battle rampant spam messages clogging cell phones, state media said on Friday.

Microsoft Confirms Plans to Release Free Anti-Virus Service (NewsFactor)

In business

NewsFactor - As it gets ready to launch a new operating system, Microsoft confirmed Wednesday that it is getting ready to release a free anti-virus service later this year.

U.S. Mobile Phone Virus Threat Low, But Growing (PC Magazine)

In technology

PC Magazine - Cell phone-based viruses and security threats are not yet a major threat in the U.S. thanks to the variety of mobile operating systems, but they will have their day in the sun in this country, so consumers need to be vigilant, a Symantec executive said Thursday.

Will Microsoft's Free Antivirus App be Worth the Price? (PC World)

In technology

PC World - Microsoft is getting ready to offer Windows users a free antivirus product (code name Morro), something it should have built into one of its operating systems a long time ago. But, of course, Microsoft never makes things simple. So the big question is will Morro be worth the price?

Microsoft Readies Free Antivirus App (PC World)

In technology

PC World - Microsoft will soon launch a public beta version of its new free security software product for Windows 7, Vista, and XP Service Pack 3 customers. The antivirus program, which is code-named Morro, will replace Windows Live OneCare, Microsoft's retail security suite, which will be discontinued at the end of this month.

Microsoft to unveil free anti-virus software (Reuters)

In technology

Reuters - BOSTON (Reuters) Microsoft Corp is getting ready to unveil a long-anticipated free anti-virus service for personal computers that will compete with products sold by Symantec Corp and McAfee Inc.

Microsoft will soon unveil free anti-virus software (Reuters)

In technology

Reuters - BOSTON (Reuters) Microsoft Corp is getting ready to unveil a long-anticipated free anti-virus service for personal computers that will compete with products sold by Symantec Corp and McAfee Inc.

Symantec, McAfee to Pay Fines Over Auto-renewals (PC World)

In technology

PC World - Antivirus vendors Symantec and McAfee have agreed to pay the New York Attorney General's office US$375,000 in fines to settle charges that they automatically charged customers software subscription renewal fees without their permission.

ISPs Report Success in Fighting Malware-infected PCs (PC World)

In technology

PC World - Computers infected with malicious software remain a big headache for ISPs, but two companies have designed systems that have made the problem much more manageable.

Europe Looks to Step up Fight Against Cybercrime (PC World)

In technology

PC World - The European Commission is seeking to strengthen cooperation between law enforcement and private industry worldwide as well as increase penalties for those engaged in cybercrime, a senior official said on Wednesday.

TA09-160A: Microsoft Updates for Multiple Vulnerabilities

Microsoft Updates for Multiple Vulnerabilities

TA09-161A: Adobe Acrobat and Reader Vulnerabilities

Adobe Acrobat and Reader Vulnerabilities

Active Directory information exposed to users?

By blue@jinx.dk (Jesper M. Christensen)

What information normal domain users can see in Active Directory and why this is available to users.

Google News Alert for: cybersecurity | information security | computer security

 

China's Internet Filtering Plan Widely Criticized
InformationWeek - Manhasset,NY,USA
InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration ...
See all stories on this topic

 

NORTH KOREA UN RESOLUTION: THE GOOD, THE BAD, THE UGLY
Huffington Post - New York,NY,USA
UNITED NATIONS - The UN Security Council is about to adopt a resolution that would appreciably tighten weapons and financial sanctions against North Korea. ...
See all stories on this topic

 

us fights an information war in Afghanistan
Los Angeles Times - CA,USA
Counts said US officials understood that they needed to improve their information efforts, but often were constrained by security regulations that keep ...
See all stories on this topic

 

New information surfaces in Holocaust museum shooting
WGNtv.com - Chicago,IL,USA
As he approached the front door the security guard thought he was helping an elderly individual get in to the museum. CHICAGO - New information surfaced ...
See all stories on this topic

 

Symantec CEO Focused On Boosting Security Mkt Share
Wall Street Journal - USA
The company has an addressable market in the security and information management markets, of around $20 billion, Salem said, and while it's the market ...
See all stories on this topic

 

Ex-government cyber official, exec mulled for czar job
Reuters - USA
His main competitor is likely Paul Kurtz, who led Obama's cybersecurity transition team and who worked on the National Security Council under both Bush and ...
See all stories on this topic

 

Insider Snooping Becoming More Common
InformationWeek - Manhasset,NY,USA
And to an information security company, everyone looks like a thief. In its third annual survey of IT professionals, Newton, Mass. ...
See all stories on this topic

 

Cyber Threats Are Real and Growing, Security Expert from EDS, an ...
Eds - TX,USA
WASHINGTON – Global reports about cyber security threats to America's infrastructure are accurate and the number, types and sophistication of the attacks ...
See all stories on this topic

 

Pentagon: Sooner is better for cybersecurity testing
NetworkWorld.com - Southborough,MA,USA
Hutchison's team engages in developmental, operational interoperability and security testing for the Defense Department's command and control and business ...
See all stories on this topic

Google Blogs Alert for: cybersecurity | information security | computer security

 

SHB Session 4: Methodology « The New School of Information Security
By adam
“This information is for me only.” This information is only for a subset of the group. Some of Bashar's work: A Multi-Pronged Empirical Approach to Mobile Privacy Investigation; Security Requirements Engineering: A Framework for ...
The New School of Information Security - http://newschoolsecurity.com/

 

Amitai Etzioni Notes: Progressive Security and Conserving Rights
By Amitai Etzioni
Given the way U.S. computer networks are now exposed, little information—whether it concerns security or the economy—can be kept confidential. Moreover, cyber attacks can readily disrupt key elements of US infrastructure, ...
Amitai Etzioni Notes - http://blog.amitaietzioni.org/

 

Adobe kicks off official patch cycle – yet no one is patching ...
By Steve Ragan
“While the scheduled release cycle for Adobe updates is a big improvement in helping enterprise security teams effectively manage resources, today's security bulletins are still missing information. Security managers need Adobe to step ...
The Tech Herald Security News - http://thetechherald.com/security/

 

Computer Security Research - McAfee Avert Labs Blog
By Pedro Bueno
McAfee Avert Labs Blog provides the latest computer security research. ... While checking a very recent PWS-Banker Trojan (the malware that steals banking information), I came across a variant. This one targets three Brazilian banks– Bradesco, Itau, and Real–to steal the basic information: bank account, branch office, user, password, and paper token info. Next this malware sends the information to a remote SQL database. Nothing new to see here because password-stealing ...
McAfee Avert Labs - http://www.avertlabs.com/research/blog/

 

Read this before you sell or recycle your computer! | csmonitor.com
There are programs available designed to find this data and easily re-create the original information,” explains Michael Helander, a spokesman for Lavasoft, a Swedish software security firm, in an e-mail. ...
Innovation - http://features.csmonitor.com/innovation/

No comments:

Post a Comment

My Blog List