China not backing off despite filter code post on Wikileaks
By jacqui@arstechnica.com (Jacqui Cheng) on security
China is filtering out criticism and diving in headfirst with its plan to roll out controversial filtering software on all PCs sold in China. The Chinese media quoted an unnamed source inside the Ministry of Industry and Information Technology, saying that the software will still come with all computers as of July 1 despite the discovery of massive security holes and vulnerabilities by security researchers.
News came out about China's plan to implement Internet access control software, called the "Green Dam Youth Escort" earlier this month. The Windows-only software provides a mix of features, including whitelists, blacklists, and on-the-fly content-based filtering. The blacklists can be updated remotely, however, making Green Dam quite an attractive option for a government that likes to keep tight control over what kind of content its citizens are exposed to.
Microsoft Security Essentials beta available (Updated)
By emil.protalinski@arstechnica.com (Emil Protalinski) on Microsoft Security Essentials
Microsoft today released the Microsoft Security Essentials (MSE) beta on microsoft.com/security_essentials (redirects to Microsoft Connect which requires a Windows Live ID). The signing up process for the beta includes a seven-question survey. MSE is the company's free, real-time consumer antimalware solution for fighting viruses, spyware, rootkits, and trojans. The beta is available in English and Brazilian Portuguese for the first 75,000 users, although Microsoft says this is a target number, and it is willing to increase it if necessary. The build number is 1.0.1407.00 (lower than the 1.0.2140.0 leaked build) and it comes in three flavors: for Windows XP 32-bit (7.51MB), for Windows Vista/7 32-bit (4.73MB), and for Windows Vista/7 64-bit (3.73MB). Before downloading, make sure your system satisfies the system requirements:
Microsoft Security Essentials not quite a must-have
By Seth Rosenblatt
Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials, known in development as Morro, is limited to 75,000 downloads in four countries: the United States, Israel, Brazil, and China.
Security Essentials contains all the basic features that users have come to ...
Q&A: Mark Abene, from 'Phiber Optik' to security guru
By Elinor Mills
Mark Abene first started using computers when he was about 9 years old, and by 12 he was exploring the electronic frontier from his home in Queens, New York. On bulletin board systems he swapped information with other phone phreakers and hackers, who formed the "Masters of Deception" group and ...
Expedited airport-security service shuts down
By Matt Asay
Despite pulling in 260,000 travelers at $199 each, Clear's expedited security-clearance program in 18 airports has shut down.
Verified Identity Pass, which operates the Clear service, said via e-mail and on its Web site that it was "unable to negotiate an agreement with its senior creditor to continue ...
Originally posted at The Open Road
Twitter Trends Lead to Rogue AV
By Rik Ferguson on web
The misuse of Twitter trending topics (the most talked about subjects on Twitter) continues to gather pace. Following a post yesterday on social media guide Mashable, explaining how criminals were selectively posting to popular discussion topics to include links to malicious software, I saw criminals taking advantage of people talking about malware in order to push yet [...]
Twitter Hack Spreads Porn Trojan
By Darknet on web-application-security
I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from. Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps). It wouldn’t be the first time Twitter was having security [...]
Slowloris – HTTP DoS Tool in PERL
By Darknet on web-security
This tool has been hitting the news, including some mentions in the SANS ISC Diary. It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack. Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at [...]
Security Poised To Grab Bigger Piece Of IT Pie, Gartner Says
Analyst firm Gartner predicts security spending will comprise a larger percentage of overall IT budgets
CISO's Fear Internal Data Threat
In Virus and Spyware
Most CISOs are most worried about insder threats to their data, not external attacks or those backed by foreign governments, according to a new report.
Microsoft and the Power of Free
In Virus and Spyware
Microsoft's move to launch its' new Morro endpoint AV beta as freeware could have a significant impact on the overall state of PC security, especially among consumers.
Tom Davis says he doesn't want cyber-coordinator job
Tom Davis, the former congressman from Virginia who has been reported to be a top contender to be Obama's cybersecurity coordinator, says he isn't currently seeking the job. But, he also said "you never say never."
Pentagon needs to take closer look at social networking, Gates says
The Defense Department wants to be linked in to the world, but must be wary of compromising operational security.
Open government Initiative may increase security woes
The Obama administration's Open Government Initiative to make government information more accessible could lead to the inadvertent exposure of sensitive data.
Green Dam Deadline Remains Unchanged Despite U.S. Objections
Chinese authorities claim that its Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."
Green Dam Deadline Remains Unchanged Despite U.S. Objections
Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."
Cloudmark Goes After SMS Exploits
The carrier-grade mobile messaging security system provides content filtering, reputation data, and monitoring of text and multimedia messages.
Microsoft Security Essentials Beta Now Available
Known as "Morro," Microsoft Security Essentials is the anti-malware component of Microsoft's subscription security service, Windows Live OneCare.
ConSentry Impresses In Second Go-Round
Smart switch line enforces policy at the port.
ConSentry Impresses In Second Go-Round
Smart switch line enforces policy at the port.
Inside China's Spam Crisis
Approximately 70% of all domains used in spam since the beginning of 2009 have a Chinese top-level domain.
Rollout: Egress Offers Rights Management As A Service
Switch encrypts data, restricts access, but only in Windows environments.
U.S. State Dept. Condemns China's Green Dam Filter As Boycott Brews
China is insisting that computer makers install Web-filtering software known as Green Dam on all PCs sold in the country after July 1.
The Biggest Threat? It May Be You
When it comes to virtual server security, you might just be the weak link. Or, more precisely, your lack of planning, maintenance, and governance of that VM server farm.
Database Servers: Candy For Hackers
Sensitive information and poor security administration make tempting targets.
Practical Analysis: Follow The Feds' Lead In Identity Management
Harnessing the power of a solid identity management system can substantially improve your company's risk management posture.
Google Tries Blocking Pornography In China
The engineering effort may require disentangling Google.cn from search indexes associated with other Google search sites, like Google.com.
Google's Anti-Malvertising.com Fights Off Bad Ads
The site was created because Google has a significant interest in making sure that ad blocking doesn't become a standard security practice.
Microsoft Security Essentials Beta Coming Tuesday
Previously code-named "Morro," the free software will replace Windows Live OneCare, which included both security and utility services for $49.95 per year.
Apple iPhone, iPod Security Flaws Get 45 Patches
Software patches were bundled with Apple's iPhone 3.0 operating system released Wednesday.
iPhone Gets Enterprise IT Boost From Startup Apperian
Apple's lack of interest in being a major player in enterprise IT has opened the door for Apperian to work with large corporations to develop applications for the iPhone.
China Making Green Dam Internet Filter Optional
The government's edict prompted widespread derision from Chinese bloggers, objections from Chinese academics and lawyers, and criticism from security experts.
Former Google Employees Launch Web Malware Startup
The company will address changing malware distribution patterns and to provide a way to respond to Web security threats using automated techniques.
Apple Fixes Java Security Hole
The flaw could have allowed a Java applet to execute malicious code on affected Macs, potentially leading to information theft or a compromised system.
Twitter Security Heating Up In July
In an effort to raise awareness of browser security flaws, one researcher wants to post a vulnerability every day that shows the soft underside of the Fail Whale.
China's Green Dam Software May Pose Legal Risk To U.S. Computer Makers
A research report indicates that the Web-filtering software mandated by the Chinese government contains unauthorized, proprietary code from a Green Dam competitor.
Lawmaker: Power Grid Vulnerable To Cyberattack
Hackers could bring down electrical grids serving entire regions of the U.S., leaving homes and businesses dark for months, Congressman says.
China 'Green Dam' Censorware Called Security Risk
Chinese authorities claim the software is necessary to protect people from pornography, but the software has been found to block politically sensitive terms.
U.S. Court Weighs E-mail Privacy, Again
At issue: whether e-mail messages deserve the same privacy protection as telephone calls.
Army Unblocks Some Social Media Sites
U.S. troops within the contiguous United States can now access Facebook, Delicious, Flickr, Twitter, Vimeo, and Web-based e-mail. YouTube and some other sites are still blocked.
Mac Users Warned Of Porn Malware Threat
Trojan software presents visitors to certain porn sites with a pop-up message to download a Video ActiveX Object; the download carries Mac malware.
China's Internet Filtering Plan Widely Criticized
Critics claim "Green Dam Youth Escort" Internet filtering software for PCs violates licensing agreements and anti-monopoly laws.
Microsoft To Launch Morro Antivirus 'Soon'
The free offering will replace subscription Windows Live OneCare service.
Rollout: How Much Is Bot Detection Worth To You?
Damballa's appliance shows promise, but it still has a lot of ground to cover.
Insider Snooping Becoming More Common
In a survey, most respondents acknowledged being able to circumvent security access controls at their workplace.
Symantec, McAfee In Settlement Over Subscriptions
Both companies will pay $375,000 in penalties and costs and will now make detailed disclosures to consumers.
Microsoft Fixes Record Number Of Vulnerabilities
The company's June Patch Day included 10 security bulletins to fix 31 threats in Microsoft products.
Is Apple's iPhone 3GS Enterprise Ready?
The 3.0 software and iPhone 3GS offer incremental improvements for corporate deployments, but experts note some key elements are still missing.
Black Hat Founder Tapped To Advise Homeland Security
The fact that a former hacker will be palling around with other HSAC members shows that the government is casting a wide net for perspectives on cybersecurity.
Alleged T-Mobile Data Offered To Highest Bidder
A note offering the data for sale says that the company's databases, confidential documents, and financial documents were stolen.
China To Require Filtering Software On PCs
Starting July 1, PC makers will have to install pornography-blocking app Green Dam Youth Escort on all computers sold in China.
Air Force Names Cyberwarfare Commander
The 24th Air Force, which will likely be based at Lackland Air Force Base in Texas, will focus exclusively on cyberwarfare as part of the larger Air Force Space Command.
FTC Shuts Down 'Worst ISP In U.S.'
Pricewert LLC is accused of hosting and actively distributing child pornography, malware, and spam.
Federal CIO Kundra Looks Forward To Data.Gov 2.0
The upgrades to the site, which will be available in a few months, will feature new ways to find and use data, including the ability to tag data sets.
Google Widens Its Gaze In Street View
Google's continuous corridor of 3-D space with building facades and roadway geometry is generated virtually using laser landscape measurements and picture difference comparisons.
Verizon Business Unveils 'Computing As A Service'
The company's CaaS users will be able to access a real-time self-service portal to manage physical and virtual servers, network devices, storage, and backup services.
RIM Issues Patch For BlackBerry Vulnerability
Enterprise BlackBerry smartphone users could be at risk if they open a maliciously crafted PDF, Research In Motion says.
Homeland Security Keeping Central Cybersecurity Role
The department's operational responsibility won't be undercut by the cybersecurity coordinator, a DHS undersecretary nominee says.
Government Accidently Posts Sensitive Nuclear Documents Online
The 267-page document contains addresses and descriptions of civilian nuclear sites around the country.
Homeland Security Names New Cybersecurity Officials
Philip Reitinger, who worked in cybersecurity for Microsoft and fought cybercrime for the Department of Justice, will help to coordinate cybersecurity efforts across the government.
Mobile Phones Face Hacking Threat, Experts Say
A flaw -- which enables criminals to access a cellphone data connection, steal data or install or remove programs -- gained wider attention at the BlackHat Europe security conference.
Rolling Review Wrap-Up: Smartphone Security
Each product we looked at showed different core strengths. Know your environment to find the best tool for your mobile device fleet.
Google Executive To Become Federal Deputy CTO
Andrew McLaughlin will find that he isn't the only ex-Google employee serving the Obama administration.
Cybersecurity Review Finds U.S. Networks 'Not Secure'
The report dovetails with President Obama's call for the creation of a cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas.
Obama Announces White House Cybersecurity Position
Names that have been bandied about include acting White House cybersecurity chief Melissa Hathaway and Microsoft VP Scott Charney.
Microsoft Warns Of 'Browse-And-Get-Owned' DirectX Flaw
The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.
Government Wrestles With Social Media Records Retention Policies
The National Archives is trying to navigate complex regulations that require capturing and storing all sorts of content in the age of social media, cloud computing, and seemingly endless storage.
White House Launching Transparency Blog
In a nod to openness and citizen participation in government, the Obama administration also will open White House blogs to public comments.
Obama Should Scrap Cybersecurity Czar, Analyst Says
Gartner expert says president's plan to protect nation's computing infrastructure won't work.
Sex the Bait in Mass Orkut Compromise
By Rahul Mohandas on Web and Internet Safety
With the advent of Web 2.0, social networking websites have become an easy target for online fraud and other identity scams. Lately, we have seen Twitter being used to phish out personal information, as well as MySpace scams and Facebook spams. With more than 15 percent of the traffic from India, Orkut is perhaps the most [...]
More Password Theft Shenanigans
By Karthik Raman on Malware Research
Recently, Pedro Bueno wrote about “dumb” malware authors hardcoding their login credentials into their password stealing trojan. The malware he referenced, PWS-Banker.gen.i, ostensibly came from Brazil. Today, we found the same negligence in a similar piece of Chinese malware detected as PWS-Banker.gen.de. When run, the password stealer trojan queries for the infected host’s IP address using three web-based IP address lookup [...]
Symantec unveils endpoint protection services
Symantec now offers managed endpoint protection services for round-the-clock monitoring and management of computers that use Symantec security products.
Spammer Ralsky pleads guilty to stock fraud
Alan Ralsky, a spam kingpin who was convicted of felony bank fraud in 1995, could face more than seven years in prison after pleading guilty in a stock fraud case involving spam messages that pumped up Chinese "penny" stocks.
China stands by Web filter program despite protests
China's deadline for the installation of Web filtering software on new PCs hasn't changed, it said Tuesday, despite growing protests from the U.S. government and Chinese Internet users.
Can you manage an iPhone like a BlackBerry?
Users love the iPhone, but IT does not. The biggest complaints: The iPhone can't be managed for security and access policies like a BlackBerry can. Businesses can buy a BlackBerry Enterprise Server or Motorola Good for Enterprise server to manage user profiles over the air, ensuring that users conform to password policies, encryption policies, app-installation restrictions, and so on, as well as have their e-mail, VPN, and other settings preconfigured to reduce hands-on deployment effort.
Microsoft caps free security software downloads
Microsoft will limit the number of downloads for the beta of Windows Security Essentials, its new free antivirus software, when it posts the program later today.
Free security product vets Twitter links
As Twitter becomes increasingly abused by hackers, Finjan Software released on Tuesday a free browser add-on with a new feature that scans links and warns if they point to a page containing malware.
McAfee expands in China for expected security boom
McAfee is expanding its staff in China amid a boom in the country's security market fueled by the launch of next-generation mobile networks.
IBM to manage Qwest services
Qwest and IBM announced last week that the two companies had signed a five-year agreement for IBM to manage Qwest services targeted to Qwest's midsize business customers including unified communications, managed security and network management.
Trustive Wi-Fi hotspots get VPN shield
Wireless aggregator Trustive claims has come up with a way for its customers to secure their Internet access even while using public Wi-Fi hotspots lacking such security.
Google fixes 'critical' security hole in Chrome
Google has plugged a security vulnerability in its Chrome browser that the company considers critical.
Titsup TSA partner closes airport express lanes
You are not in the Clear
America's airport security checkpoints just lost some express lanes.…
Shutters brought down on mortgage foreclosure racket
Sub-prime scam
A bogus mortgage foreclosure prevention operation that traded in misery has been shut down by a US court.…
Microsoft begins Security Essentials downloads
To Morro comes today
Microsoft has begun offering limited trial downloads of its no-added-cost anti-malware tool, targeted at consumer desktops.…
DHS killing satellite self-spying program
Space cops 'not an urgent issue'
America is reportedly abandoning its plans to use satellites to spy on itself.…
Nine-ball attack splits security researchers
Ruck over whether figures stack up
Security researchers are split over the seriousness of a web attack dubbed "Nine-ball" which broke onto the internet last week.…
Social networking big boys must bow to EU data laws
The Fat Data Controllers
Social networking sites are legally responsible for their users' privacy, Europe's privacy watchdogs have confirmed. A committee of data protection regulators has said that the sites are 'data controllers', with all the legal obligations that brings.…
Notorious spammer Ralsky pleads guilty to stock scam
Father and son-in-law spammers face slammer
Notorious spammer Alan Ralsky faces up to 87 months' imprisonment after pleading guilty to participation in a pump-and-dump stock spam scam.…
Manchester council caned over school data breach
Must do better
Manchester City Council has been rapped over the knuckles for the loss of two laptops containing sensitive personal information on teachers and workers at local schools.…
US city ends FaceSpaceGooHoo log-in grab
Bozeman bows
After a virtual avalanche of news coverage, the City of Bozeman, Montana has decided it will no longer ask job applicants for their FaceSpaceGooHoo log-ins.…
New Thunderbird out, patches couple of vulnerabilities, (Tue, Jun 23rd)
Couple of readers wrote in to say that a new version of Thunderbird has been released. Version 2 ...(more)...
Help us: How to make ISC/DShield more useful, (Tue, Jun 23rd)
I am looking for feedback for the next iteration of the ISC/DShield web site. What kind of informati ...(more)...
Slowloris and Iranian DDoS attacks, (Tue, Jun 23rd)
In last couple of days we posted two diaries (http://isc.sans ...(more)...
Nevada Law Requires PCI DSS Compliance (June 20, 2009)
As of January 1, 2010, companies doing business in the state of Nevada that accept payment cards must be compliant with the Payment Card Industry Data Security Standard (PCI DSS).......
Proposed Law Would Give Canadian Law Enforcement and National Security Agencies Easy Access to ISP Subscriber Information (June 18, 2009)
Proposed legislation in Canada would allow police and national security agents "timely access" to information including names, street addresses and IP addresses of Canadian Internet service provider (ISP) subscribers.......
Criminalization of Hacking Software in Germany Withstands Test of Constitutionality (June 20, 2009)
The German Federal Constitutional Court has ruled as inadmissible an appeal that challenged the constitutionality of legislation criminalizing the use of hacking software.......
Heartland CEO Moving Forward With an Eye to Improving Industry Security (June 17 & 22, 2009)
Analysts have been favorably impressed by Heartland Payment Systems Inc.......
Bozeman Backs Down on Demand for Job Applicants' Social Networking Site Logins (June 18 & 19, 2009)
Facing criticism from citizens and unwanted media coverage, the city of Bozeman, Montana has called off its practice of asking job applicants to provide usernames and login information for any social networking sites they use regularly.......
Spam Spreading ZBot Masquerades as Outlook Update (June 22, 2009)
Spam masquerading as a Microsoft Outlook security and stability update actually infects computers with ZBot, a Trojan horse program that steals sensitive information.......
RSPlug Trojan Variant Targets Macs (June 22, 2009)
A Trojan horse program that infects Mac users has been detected on legitimate game download sites.......
Just Half of Small Businesses Backup Daily (June 21, 2009)
According to a survey of 945 IT managers at companies in Hong Kong, Singapore and Australia, 36 percent of respondents said they believed data loss had a significant effect on their business, but just seven percent of the respondents rated the impact of data loss as "high.......
ICANN Committee Calls for End to DNS Redirections (June 10 & 22, 2009)
A report from the Security and Stability Advisory Committee (SSAC) of the Internet Corporation for Assigned Names and Numbers (ICANN) says that DNS redirections present risk of "erosion of trust relationships (and) the creation of new opportunities for malicious attack.......
US Formally Opposes China's Demand For Pre-Installed Filtering Software on PCs (June 22 & 29, 2009)
The US government has officially opposed China's mandate that filtering software be installed on all PCs sold in or shipped to that country.......
Cybersecurity czar candidate questions clout of new position
By Robert Westervelt
Former U.S. Congressman Tom Davis, a leading candidate for the White House cybersecurity czar, says the job has a number of major challenges to overcome.
Symantec offers endpoint protection management, monitoring services
By Neil Roiter
Symantec responds to pain points of managing endpoint protection with two managed services to help deploy and maintain antivirus, NAC products and endpoint security suites.
Symantec Puts Endpoint Security on Managed Services Menu
Symantec adds a new batch of managed security services for protecting enterprise endpoints. According to Symantec, the goal of Symantec Managed Endpoint Protection Services is to help companies dealing with staff shortages to better meet their security needs.
- Symantec unveiled a new set of managed services June 23 as part of a push around enterprise security. Symantec Managed Endpoint Protection Services features around-the-clock performance monitoring for Symantec's enterprise security software SEP (Symantec Endpoint Protection), SNAC (Symantec Ne...
Notorious Spammer Faces Federal Prison
A Michigan man in charge of a large spam operation has pleaded guilty to fraud and money laundering charges. According to federal prosecutors, spammer Alan Ralsky was in charge of an international spam operation that tried to manipulate stock prices.
- A Michiganman called quot;the world's most notorious illegal spammer quot; by a federal prosecutor has pleaded guilty to fraud and money laundering charges. As part of his plea, Alan M. Ralsky, 64, of West Bloomfield, Mich., admitted to overseeing a spam operation that sought to manipulate ...
Accused Spam King Alan Ralsky Pleads Guilty
In Cyber Justice
Alan Ralsky, a 64-year-old Michigan man that federal investigators say was among the world's top spam kingpins, pleaded guilty on Monday to running a multi-million dollar international stock fraud scam powered by junk e-mail. Ralsky (pictured at right, courtesy of Spamhaus) and his son-in-law and chief financial officer Scott K. Bradley, 38, also of Michigan, pleaded guilty to conspiracy to commit wire fraud, money laundering and to violate the CAN-SPAM Act. Under the terms of his plea agreement, Ralsky faces as much as 87 months in prison and a $1 million fine, while Bradley could get as much as 78 months in prison and a $1 million fine under the federal sentencing guidelines. The Ralsky plea caps a long effort by the government to nab one of the most prolific spammers. In September 2005, the FBI raided Ralsky's home, but it wasn't until early 2008 that the government indicted Ralsky
Brief: Firms atwitter over social-net threats
Firms atwitter over social-net threats
Brief: Microsoft's launches free AV offering
Microsoft's launches free AV offering
Free .pdf Issue of BSD Magazine Available
By Richard Bejtlich
Karolina at BSD Magazine wanted me to let you know that she has posted a free .pdf issue online. I mentioned this issue last year and its focus is OpenBSD. Check it out, along with Hakin9!
Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
The Problem with Automated Defenses
By Richard Bejtlich
Automation is often cited as a way to "do more with less." The theory is that if you can automate aspects of security, then you can free resources. This is true up to a point. The problem with automation is this:
Automated defenses are the easiest for an intruder to penetrate, because the intruder can repeatedly and reliably test attacks until he determines they will be successfully and potentially undetectable.
I hope no one is shocked by this. In a previous life I worked in a lab that tested intrusion detection products. Our tests were successful when an attack passed by the detection system with as little fuss as possible.
That's not just an indictment of "IDS"; that approach works for any defensive technology you can buy or deploy off-the-shelf, from anti-malware to host IPS to anything that impedes an intruder's progress. Customization and localization helps make automation more effective, but that tends to cost resources. So, automation by itself isn't bad, but mass-produced automation can provide a false sense of security to a certain point.
In tight economic conditions there is a strong managerial preference for the so-called self-defending network, which ends up being a self-defeating network for the reason in bold.
A truly mature incident detection and response operation exists because the enterprise is operating a defensible network architecture, and someone has to detect and respond to the failures that happen because prevention eventually fails. CIRTs are ultimately exception handlers that deal with everything that falls through the cracks. The problem happens when the cracks are the size of the Grand Canyon, so the CIRT deals with intrusions that should have been stopped by good IT and security practices.
Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
You Know You're Important When...
By Richard Bejtlich
You know you're an important when someone announces a "Month of Bugs" project for you. July will be the Month of Twitter Bugs, brought to my attention in this story by Robert Westervelt. The current project is led by a participant in the Month of Browser Bugs from three years ago named Avi Raff.
I don't see projects like that as being irresponsible. What would be more irresponsible is selling the vulnerabilities to the underground. Would the critics prefer that? In many cases, "Month of" projects are the result of running into resistance from developers or managers are not taking vulnerabilities seriously. In many cases the vulnerabilities are already being exploited. Sure, packaging all of the vulnerabilities into a "Month of" project gains attention, but isn't that the point?
Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
US creates military command for cyber battlefield (AFP)
In us
AFP - The US military announced a new "cyber command" designed to wage digital warfare and to bolster defenses against mounting threats to its computer networks.
First Look: Microsoft Security Essentials (PC World)
In technology
PC World - The beta version of Microsoft Security Essentials, a free program that fights viruses and spyware, is now available for download. The app, previously code-named Morro, replaces Windows Live OneCare and fights the usual rogues' gallery of PC threats, including worms, Trojans, and other troublemakers.
Spotting the Antivirus Rogue (PC World)
In technology
PC World - Fake antivirus programs have become a favorite bad-guy scam for worming into your wallet, with a plethora of false reports of malware infections meant to to scare the unsuspecting into shelling out $50 for worthless software.
Is Microsoft's 'Morro' Malware in Disguise? (PC World)
In technology
PC World - Goodbye Windows Defender, hello Windows Security Essentials.
Free Security Product Vets Twitter Links (PC World)
In technology
PC World - As Twitter becomes increasingly abused by hackers, Finjan Software released on Tuesday a free browser add-on with a new feature that scans links and warns if they point to a page containing malware.
Cisco Security Center: IntelliShield Cyber Risk Report
June 15-21, 2009
Report Highlight: Tougher EU Privacy Regulation for Social Networking Sites
AP Issues Strict Facebook, Twitter Guidelines to Staff
By David Kravets
The Associated Press tells its 4,000 employees and journalists to delete impartial comments, even those by others, from their personal Facebook accounts. The union representing AP reporters calls it the most stringent policy it has ever seen.
Cyber Security Czar Front-Runner No Friend of Privacy
By Ryan Singel
An examination of former Congressman Tom Davis' record shows that he's been on the wrong side of key privacy issues, including warrantless internet surveillance, and the controversial REAL ID Act, which aims to turn state driver's licenses into a national identification card.
Nokia, Siemens Help Iran Spy on Internet Users
By Kim Zetter
Western tech companies sold Iran the "deep packet inspection" systems the government is now using to monitor dissent, The Wall Street Journal reports.
A Violent Virus Cure?
If you're hard drive is infected by a virus, you don't have to resort to truly drastic means to make sure it's really clean. Learn more in this tip.
High Profile Twitter Hack Spreads Porn Trojan
A criminal is using entrepreneur Guy Kawasaki's Twitter account to spread malware.
First Look: Microsoft Security Essentials
Here is what you need to know about Microsoft's free security app, Microsoft Security Essentials.
Can Facebook Be Private?
Worried about privacy on Facebook? Here’s how to keep your personal information safe.
'Enterprise Facebook' Enjoys Major Adoption
Government consultancy Booz Allen Hamilton's homegrown enterprise 2.0 portal is a roaring success.
Spotting the Antivirus Rogue
Check out a short guide from Sunbelt Software to help identity a favorite bad guy scam job.
Regulators: EU Data Protection Laws Apply to Social Networks
Social-networking sites, and in some instances their users, must keep the privacy of the people whose information they exchange on line.
Cloudmark Security Suite Addresses Growing SMS Spam
As mobile users are more frequently pestered by SMS spam, one security vendor is applying its experience with stopping e-mail spam for mobile networks.
Google Fixes 'Critical' Security Hole in Chrome
Google has identified a critical security hole in Chrome and fixed it in the latest release of the browser.
Is Microsoft's "Morro" Malware in Disguise?
Windows Security Essentials, previously dubbed "Morro," enters its public beta today. And contrary to earlier reports, the program doesn't proxy all of your Web traffic through Microsoft's servers: Go figure?
Proxy Servers Keeping Web Access in Iran
An unknown number of proxy servers set up in recent days are being used to help Iranians to maintain access to unfiltered Web content amid a crackdown.
Symantec Unveils Endpoint Protection Services
Symantec now offers managed endpoint protection services for round-the-clock monitoring and management of computers that use Symantec security products.
Microsoft Limits Free Security Software Downloads
Microsoft will limit the number of downloads for the beta of Windows Security Essentials, its new free antivirus software.
McAfee Expands in China for Expected Security Boom
McAfee is expanding its staff in China amid a boom in the country's security market it expects to continue with the launch of next-generation mobile networks.
Free Security Product Vets Twitter Links
Finjan Software released on Tuesday a free add-on with a new feature that scans links, even if those links have been shortened.
No comments:
Post a Comment