iPhone OS 3.0 patches 46 known security vulnerabilities
By chris.foresman@arstechnica.com (Chris Foresman) on software
Earlier this week we spoke with security researcher Charlie Miller, who plans to detail a possible method that could allow a hacker to remotely execute arbitrary code on an iPhone. He noted that his method would need to be combined with an exploit of a known vulnerability in the iPhone OS to get the code to execute. The good news for iPhone OS 3.0 users is that Apple has addressed 46 potential security vulnerabilities with the 3.0 update.
The majority of fixes involve the iPhone's Web-handling capability—WebKit alone got 21 patches while Mobile Safari specifically got two. Several fixes are designed to eliminate cross-site scripting attacks as well as plug memory issues that could potentially lead to arbitrary code execution. Fixes in XML and XLST handling prevent possible disclosure of private information, and a fix in the way JavaScript functions are assigned random IDs helps prevent tracking a user without using cookies. These fixes are especially important as browsers are the most common attack point for most malware.
Click here to read the rest of this article
Acunetix Web Vulnerability Scanner (WVS) 6.5 Released
By Darknet on wvs
You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software. Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front. I’m hoping to try out the AcuSensor on a PHP install [...]
Relaunched Google Search Service Fingers Malware-Spreading Advertisers
'Anti-Malvertising' lets Website owners do background checks on potential online advertisers
Google Expands Site Dedicated to Fighting Malicious Ads
In Search
Google has revamped its Anti-Malvertising site to include more information about fighting malware in online ads. The site also includes a custom search engine that allows users to look up information about advertisers for background checks.
E-Verify extension in contention
The Senate and House would each extend the E-Verify program in their Homeland Security appropriations bills, but they differ on by how long.
New bill seeks to replace Real ID with PASS ID
Legislation that proponents say could revitalize the moribund Real ID program would do so by removing expensive and controversial information technology requirements from current law. However, critics said the new bill would not really solve the problems they see with the program.
Lawmakers differ on DHS data center funding
House and Senate bills to fund the Homeland Security Department in fiscal 2010 are at odds over how much money to give DHS for its data center consolidation program.
DOD's cyber command takes shape
Defense Department officials are ironing out the details of a new major military command in charge of DOD’s cyber mission. However, they have not made a formal announcement that spells out the new command's scope.
DHS centralizes cybersecurity programs
Homeland Security Secretary Janet Napolitano said DHS' many cybersecurity functions have been centralized under Philip Reitinger.
The Biggest Threat? It May Be You
When it comes to virtual server security, you might just be the weak link. Or, more precisely, your lack of planning, maintenance, and governance of that VM server farm.
Database Servers: Candy For Hackers
Sensitive information and poor security administration make tempting targets.
Practical Analysis: Follow The Feds' Lead In Identity Management
Harnessing the power of a solid identity management system can substantially improve your company's risk management posture.
Google Tries Blocking Pornography In China
The engineering effort may require disentangling Google.cn from search indexes associated with other Google search sites, like Google.com.
Google Tries Blocking Pornography In China
The engineering effort may require disentangling Google.cn from search indexes associated with other Google search sites, like Google.com.
Google's Anti-Malvertising.com Fights Off Bad Ads
The site was created because Google has a significant interest in making sure that ad blocking doesn't become a standard security practice.
Could Opera Unite be a botmaster's best friend?
Opera has added a lot of cool new features to its upcoming Opera 10 browser, and one of them is almost sure to catch the eye of cyber criminals.
IT managers under-estimate the impact of data loss: survey
A mere seven per cent of respondents to a survey on data management believed data loss has a "high" impact on a business.
Analysis confirms Internet clampdown in Iran
An analysis of the network traffic in and out of Iran over a few days this week during the turmoil surrounding the election is offering a clearer picture of how the manipulation is affecting the ability of its citizens to access certain kinds of online content.
iPhone 3.0 update fixes 46 security flaws
Apple has admitted that the iPhone 3.0 software download patches 46 security holes.
Men are less security savvy than women
When it comes to online security, men are less savvy than women, according to PC Tools.
Tiny-traffic DoS attack spotlights Apache flaw
Denial of Service without the flood
Security guru Robert "RSnake" Hansen has released a novel DoS attack tool that points to a significant flaw in Apache and other webservers.…
US net nanny ratchets Chinese censorware spat
Stall the PC makers. Then sue
US software maker Solid Oak has beefed up efforts to prevent the distribution of China's "Green Dam" app, continuing to claim that the Far East censorshipware includes code lifted from its own net-filtering tool, Cybersitter.…
Samsung demos OLED security card
Powered by an RFID reader?
Samsung has demoed an electronic ID card with integrated low-power OLED.…
MS names ship date for free security suite
Free as in lunch
Microsoft is launching its free security suite next week - the 23rd of June to be precise.…
Explaining Defense in Depth, (Fri, Jun 19th)
Realizing That You Have a Problem Once an organization reaches a certain size, you end up with a si ...(more)...
Cyber Security Review Team to Prepare National Incident Response Plan (June 16 & 17, 2009)
The team that conducted the 60-day review of national cyber security is planning to develop "a comprehensive national incident response plan .......
Jammie Thomas-Rasset Ordered to Pay US $1.92 Million in Music Downloading Case (June 18 & 19, 2009)
On Thursday, a federal jury ruled that Minnesota mother Jammie Thomas-Rasset downloaded music files in "willful violation" of copyright law.......
Experts Suggest Google Cloud Have Security Enabled By Default (June 17, 2009)
Cyber security and privacy experts have written to Google CEO Eric Schmidt, asking that the company "protect users' communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.......
Stolen Bord Gais Laptop Contains Sensitive Customer Information (June 17 & 18, 2009)
One of four laptop computers stolen from the offices of Irish gas and electricity company Bord Gais contains unencrypted, personally identifiable information of 75,000 Bord Gais customers.......
Company Alleges Chinese Green Dam Filtering Software Contains Stolen Code (June 15, 2009)
A California company is seeking an injunction to bar US companies from shipping PCs loaded with filtering software recently adopted by the Chinese government, alleging that the software contains stolen code.......
Court to Rule in Spanish P2P case (June 15, 2009)
On the heels of the Pirate Bay convictions on charges related to copyright violation, the music industry is anticipating a court ruling later this month in the case of Spanish software designer Pablo Soto.......
Apple Issues iPhone 3.0 (June 18, 2009)
iPhone 3.......
Apple Patches Java Flaws in Mac OS X (June 16, 2009)
Apple has issued updates for Mac OS X and Mac OS X Server to address flaws in its Java virtual machine.......
Botnet Clearinghouse Site Discovered (June 17, 2009)
Researchers say they have uncovered what appears to be a clearinghouse for botnets and malware.......
India to Require Mobile Phones Have IMEI Numbers (June 18, 2009)
The Indian government is now requiring that all imported mobile phones have accompanying International Mobile Equipment Identity (IMEI) numbers; mobile service operators have been ordered to block calls from phones that do not have IMEIs.......
Chinese Government Says Use of Green Dam is Not Mandatory (June 16 & 18, 2009)
A Chinese government official now says that people are not required to use the content filtering software it has mandated be preinstalled on PCs sold in that country as of July 1.......
Researchers to Present Browser-Based Darknet Concept at Black Hat (June 15 & 18, 2009)
Researchers plan to present a proof-of-concept, "zero-footprint" darknet called Veiled at next month's Black Hat Security Conference.......
Market for Network Firewall Auditing Tools on the Upswing
Forrester Research expects the market for tools to help enterprises manage and audit their firewall policies to jump 25 percent this year due to the requirements of PCI-DSS. Third-party vendors are competing to take advantage of interest in the space by attempting to surpass the capabilities offered by companies like Cisco and Juniper Networks.
- Forrester Research expects the market for firewall auditing tools to jump 25 percent this year on the back of compliance regulations. Right now the market is relatively small, standing at about $30 million today, Forrester analyst John Kindervag said. But the requirements of the Payment Card Indu...
Google Responds to China Internet Porn Crackdown
China has begun blocking Chinese-language search engine results deemed pornographic and is calling on Google to do more to combat explicit content. Google says it has met with government officials there to address the controversy. China's move follows weeks of controversy over its decision to include Web filtering software with all PCs sold in the country starting next month.
- China has ordered Google to clean up its act when it comes to porn, and has begun blocking some Chinese-language search results, according to a report by China's official news agency. The move by the government is the latest chapter in its assault on Internet porn, and follows weeks of contro...
Web Fraud 2.0: Franchising Cyber Crime
In Web Fraud 2.0
For the most part, cyber gangs that create malicious software and spread spam operate as shadowy, exclusive organizations that toil in secrecy, usually in Eastern Europe. But with just a few clicks, anyone can jump into business with even the most notorious of these organizations by opening up the equivalent of a franchise operation. Some of the most active of these franchises help distribute malicious software through so-called pay-per-install programs, which pay tiny commissions to the franchise operators, or so-called affiliates, each time a supplied program is installed on an unsuspecting victim's PC. These installer programs will often hijack the victim's search results, or steal data from the infected computer. Typically, affiliates will secretly bundle the installers with popular pirated software titles that are made available for download on peer-to-peer file-trading sites. In other cases, the installers are stitched into legitimate, hacked Web sites and quietly foisted upon PCs when
Malicious Attacks Most Blamed in '09 Data Breaches
In From the Bunker
Rogue employees and hackers were the most commonly cited sources of data breaches reported during the first half of 2009, according to figures released this week by the Identity Theft Resource Center, a San Diego based nonprofit. The ID Theft Center found that of the roughly 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12, victims blamed the largest share of incidents on theft by employees (18.4 percent) and hacking (18 percent). Taken together, breaches attributed to these two types of malicious attacks have increased about 10 percent over the same period in 2008. Some 44 states and the District of Columbia now have laws requiring entities that experience a breach to publicly disclose that fact. Yet, few breached entities report having done anything to safeguard data in the event that it is lost or stolen. The ITRC found only a single breach in
Brief: Not all apps equal in Iranian filtering
Not all apps equal in Iranian filtering
Brief: Looking back: GhostNet dismantled in a day
Looking back: GhostNet dismantled in a day
Brief: Coming to terms with cyber warfare
Coming to terms with cyber warfare
Free Microsoft Security Software Due Out Next Week (NewsFactor)
In business
NewsFactor - Microsoft's free software to battle malware will be released Tuesday through its Web site, the company has confirmed. Called Microsoft Security Essentials, it consists of the anti-malware components of Windows Live OneCare, for which there has been an annual charge of $49.95.
How The U.S. Changed Its Security Game (Dr. Dobb's Journal) (Yahoo News)
Malicious Attacks Most Blamed in '09 Data Breaches (SecurityFix Blog)
Worm-bearing Twitter spam on the loose (NetworkWorld Virus/Worms)
Google News: "cyber security" | cyber security | information security | computer security
Cybersecurity To Push For Standard For Info Security Products
Bernama - Jun 19, 2009
KUALA LUMPUR, June 19 (Bernama) -- CyberSecurity Malaysia, the country's vanguard of cyber security, is pushing for the Common Criteria for information ...
Securing critical infrastructure needs holistic approach, panel says GCN.com
Analysis: One Step Behind Nextgov
Smart Grid Security Frenzy: Cyber War Games, Worms and Spies, Oh My!
Reuters - Katie Fehrenbacher - Jun 18, 2009
According to executives at computer security firm IOActive: Studies show that overall project costs are 60 times higher when gaps in information security ...
Smart Meter Security: A Work in Progress
Greentech Media
Itron Highlights Its Continued, Industry-Leading Efforts in ... DMN Newswire (press release)
Public, Private Experts Create Security Guidelines (Opinion)
Government Technology - Mark Weatherford - 15 hours ago
Hey, CIOs and chief information security officers (CISOs). Are you looking for an edge to give you more confidence in your cyber-security program? ...
Cloud computing: Is it secure enough?
FCW.com
10 Quick Wins for IT Security and FISMA 2009 Compliance GovInfoSecurity.com
Designated immigration agents authorized to participate in drug ...
Los Angeles Times - Josh Meyer - Jun 18, 2009
Reporting from Washington -- In an effort to plug a hole in US-Mexico drug enforcement, the US departments of Justice and Homeland Security ...
DEA makes deal to share drug-bust powers with immigration agents Chicago Tribune
ICE Given More Investigative Power Washington Post
The next big thing is cybersecurity but what does it mean for us?
Examiner.com - 21 hours ago
When President Obama said, “And finally, we will begin a national campaign to promote cyber security awareness and digital literacy from our boardrooms to ...
DHS centralizes cybersecurity programs FCW.com
DHS nominee: science for security FederalNewsRadio.com
Free Microsoft Antivirus Software Next Week
New York Times - Riva Richmond - Jun 18, 2009
Contrary to much of the speculation on tech blogs in the last week, Security Essentials will not be an intrusive Web-based service that sucks in information ...
How good is Microsoft's free antivirus software? ZDNet
Microsoft readies free PC security software The Associated Press
A Plan to Secure the Federal Cyberspace
Computerworld - Ariel Silverstone - 21 hours ago
Silverstone also lists his vision for the first (of 23) tasks that he sees as essential for information security in the United States. ...
A Plan to Secure the Federal Cyberspace Computerworld
Somali security minister killed in explosion
The Associated Press - Jun 18, 2009
Information Minister Farhan Ali Mohamud announced the death of National Security Minister Omar Hashi Aden but declined to give any other details. ...
Somali security minister killed in explosion The Associated Press
US-Indian security ties boosted after Mumbai: official
AFP - 15 hours ago
The US official, when asked to elaborate on the statement, said State Department's diplomatic security has given India training courses in the past and ...
Typing In an E-Mail Address, and Giving Up Your Friends' as Well
New York Times - Alina Tugend - 14 hours ago
This wasn't along the lines of someone stealing my bank account information or Social Security number, but I was annoyed and embarrassed. ...
Google BlogSearch: "cyber security" | cyber security | information security | computer security
Internet Security Alliance Updates 6-19-09 : Information Security ...
20 hours ago by anthonymfreed@gmail.com (Information Security...
The Department of Homeland Security (DHS) Office of Cybersecurity and Communications (CS&C) National Cyber Security Division (NCSD), the Department of Defense (DoD) and National Institute for Standards and Technology (NIST) Information ...
Information Security Resources - http://information-security-resources.com/ - References
Offensive Security – Information Security Blog » BackTrack 4 Pre ...
18 hours ago by muts
Offensive Security – Information Security Blog. News about Backtrack, Updated Tutorials and VIdeos. BackTrack 4 Pre Final – Public Release and Download. The Remote Exploit Team is ecstatic to announce the public release of BackTrack 4 ...
Offensive Security - Information Security Blog - http://www.offensive-security.com/blog/
[ More results from Offensive Security - Information Security Blog ]
IT PRO | Who should be Britain's cyber security czar?
19 Jun 2009 by IT PRO
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role. ... worked as CISO and chief security strategist at eBay, chief security officer for Microsoft, and spent some 31 years in US local and federal government with a stint as special advisor for cybersecurity in the White House. According to the ISF, he can draw on experiences across business, government, academic and information security management roles. ...
IT PRO - Security - http://www.itpro.co.uk/
Bangalore Information Security Awareness Movement - Blogger News ...
18 Jun 2009 by naavi
With a vision to make Bangalore as the “Information Security Capital”, a series of initiatives have been launched in Bangalore one of which is to conduct various programmes on Information Security that would sensitize the society on the ...
Blogger News Network - http://www.bloggernews.net/ - References
[ More results from Blogger News Network ]
Information Security in Times of Recession
19 Jun 2009 by iViZ
Recession is a word that sends shivers down the spines of many an industry bigwig. To achieve some serious profits or at the worst to survive the slump, the companies are adopting desperate cost-cutting measures.
3stepADS - Free Advertising Blog - http://www.3stepads.com/
Interview With Chris Potter, PricewaterhouseCoopers Information ...
4 hours ago by admin
This entry was posted on Saturday, June 20th, 2009 at 4:04 am and is filed under Computer Security Threat. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. ...
Jackson Security - http://jacksonsecurity.com/
Shameless Plug #2: 2009 Information Security Summit Pitch Summary ...
18 Jun 2009 by Adam Hils
On June 28, 2009, I'll be delivering my second pitch (along with intrepid colleague, fellow blogger and security raconteur Greg Young for the 2009 Gartner Information Security Summit (session description here). ...
Adam Hils - http://blogs.gartner.com/adam-hils/
[ More results from Adam Hils ]
Open Question: I'm a Masters In Information Technology, Student ...
14 hours ago by admin
COIS20008 Information Systems Project Planning and Mgment COIS20077 Knowledge Management COIS20078 Data Mining COIS23001 Network Security COIT23002 Computer Graphics COIT23003 Games Development COIT23004 Software Engineering ...
Computer Security - http://www.bettercareservices.com/
[ More results from Computer Security ]
Information Security in Times of Recession
19 Jun 2009 by Content Keyword RSS
Information Security in Times of RecessionThe article discusses the move of some companies who are planning a cut in their Information Security spending. It quotes relevant sources to show that in fact, in recession, companies need an ...
Learning Forex Trading - http://learning-forex-trading.com/
Despite High Value Of Information, Many Companies Lag On Database ...
16 Jun 2009
Despite high value of database information, many companies fail to follow basic database security practices.
DarkReading - All Stories - http://darkreading.com/
Posts
No comments:
Post a Comment