Ksplice: Update computers without rebooting
By segphault@arstechnica.com (Ryan Paul) on update
Every enterprise wants to harden its servers and increase uptime, but security updates often require reboots. Companies that want to please their customers need a better way to apply software updates. One potential solution for Linux servers is Ksplice, which can seamlessly apply live updates while the system is running.
The underlying technology behind Ksplice is highly sophisticated. To generate a live update, it compares compiled object code from before and after a source patch is applied, a technique that the developers refer to as "pre-post differencing." They take advantage of the -ffunction-sections and -fdata-sections options of the C compiler to eliminate some variance between the pre- and post-object code.
Researchers: Attacks on U.S., Korea sites came from U.K.
By Elinor Mills
The denial-of-service attacks launched on Web sites in South Korea and the United States earlier this month appear to have come from a master server in the United Kingdom, according to security researchers in Vietnam.
The master server controls all of the eight command and control servers involved in the ...
Microsoft warns of attacks on new ActiveX hole
By Elinor Mills
Attackers are exploiting a new critical ActiveX hole in Microsoft Office to take control of PCs by luring Internet Explorer users to malicious Web sites, Microsoft said on Monday.
The zero-day hole, the third one announced by Microsoft in less than two months, is ...
Smart Grid Security Risks – Not So Smart Electricity Meters
By Darknet on smart meter
You might recall we’ve discussed the security of Industrial Control Systems before, the latest ‘evolution’ is the so called Smart Grid. Which in all honestly, doesn’t seem to be very smart at all. In basic terms they are trying to turn the power-grid into a two way communication medium so consumers homes can report back to [...]
Sinowal Distribution on the Rise
In Web 2.0
The Sinowal Trojan is back in not-so-heavy rotation backed by an angle on Twitter data saved in users' browsers.
Bill seeks more cybersecurity cooperation
A new Senate bill would ask the secretary of state to work for international collaboration to improve cybersecurity.
DOD seeks defense against denial-of-service attacks
The Defense Information Systems Agency wants information on commercial products that could detect and react to distributed-denial-of-service attacks on Defense Department networks.
Defense Dept. Seeks Cyberattack Protection
The main Web site of the Department of Defense was a target of a recent distributed denial of service attack.
Google Chrome Browser Exhibits Risky Behavior
Even Google Chrome, touted for its security architecture, has security issues. According to one security expert, there are no secure browsers.
Google Chrome Browser Exhibits Risky Behavior
Even Google Chrome, touted for its security architecture, has security issues. According to one security expert, there are no secure browsers.
Microsoft Warns Of Third 'Browse-And-Get-Owned' Flaw
A third zero-day vulnerability in Microsoft's software has been identified, Microsoft said on Monday, a day before the company plans to release its July software patch.
Microsoft's Gazelle Project Tackles Browser Security
Gazelle would function as a layer between the operating system and the browser, offering protection from unstable code delivered by Web content.
Microsoft's Gazelle Project Tackles Browser Security
Gazelle would function as a layer between the operating system and the browser, offering protection from unstable code delivered by Web content.
Cyber Attack Code Starts Killing Infected PCs
Infected computers participating in the distributed denial of service attack on U.S. government and South Korean Web sites are set to destroy their own data.
New Wave Of Web Attacks Exploits Office
By Haowei Ren on Zero-Day
Today, Microsoft released a security advisory on active attacks in the wild using a vulnerability in Microsoft Office Web Components. Computers installed with Microsoft Office features that uses vulnerable versions of the Microsoft Office Web Components could be infected with malware when browsing upon malicious websites in Internet Explorer. From our investigation, Exploit-CVE2009-1136, a new 0-day exploit was [...]
Koobface Worm Turns Toward Twitter
By Arun Pradeep on Web and Internet Safety
McAfee Avert Labs has received a new variant of the Koobface worm. Unlike the previous variants, this one spreads using Twitter by sending fake tweets. These fake tweets contain links to a video; some of these videos are named “My home video.” When users click these links they are prompted to install a video codec. However, [...]
HTC smartphones left vulnerable to Bluetooth attack
If you have an HTC smartphone running Windows Mobile 6 or Windows Mobile 6.1, you may want to think twice before connecting to an untrusted device using Bluetooth. A vulnerability in an HTC driver installed on these phones can allow an attacker to access any file on the phone or upload malicious code using Bluetooth, a Spanish security researcher warned Tuesday.
Turkish government site hacked amid spat with China
An attacker who defaced the Web site of Turkey's embassy in China on Monday left behind a pro-China note as the two countries worked through a diplomatic spat.
Real Viagra sales power global spam flood
The truism that spam mostly consists of inducements to buy products such as Viagra turns out to spot on, a security company has found.
Survey finds one in six consumers act on spam
About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.
UK, not North Korea, source of DDOS attacks, researcher says
The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst.
Gov't revamps child online safety resources
The Rudd Government's Cybersmart education program for school children was boosted today with the launch of the Australian Communications and Media Authority's (ACMA) new Cybersmart Web site.
Microsoft confirms another zero-day vulnerability
Microsoft confirmed another zero-day vulnerability on Monday in a set of software components that ship in a wide variety of the company's products.
LexisNexis warns of breach after alleged mafia bust
Information broker LexisNexis has warned more than 13,000 consumers, saying that a Florida man who is facing charges in an alleged mafia racketeering conspiracy may have accessed some of the same sensitive consumer databases that were once used to track terrorists.
NHS affected by more than 8,000 viruses
The NHS has been plagued by more than 8,000 computer viruses over the past year, says More4 News.
Symantec site offers advice on staying safe online
Symantec has unveiled a website designed to offer the public advice on how to stay safe when surfing the web.
Illegal file-sharing between teens falls
The number of teens illegally file-sharing has fallen since 2007, says Music Ally.
Unpatched Firefox flaw lets fox into henhouse
Same sh*t, different zero-day
An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems.…
Second unpatched ActiveX bug hits IE
Swiss cheese browser gains extra hole
Scallywags are using an unpatched vulnerability in an ActiveX component to distribute malware, Microsoft warned on Monday. The development adds to already pressing unresolved Internet Explorer security bug woes.…
Congressman calls for 'cyber-reprisals' against North Korea
Modern day General Ripper frets over phantom threat
A Republican congressman has urged the US to unleash a retaliatory cyber-attack against North Korea over DDoS attacks supposedly launched against US and South Korean websites.…
Dubya surveillance exceeded warrantless wiretaps
Secret snooping still secret
As yet unrevealed domestic intelligence activities by the Bush administration sent shock waves through Washington on Friday, as a report critical of post-9/11 US surveillance programs capped a week of increasingly acrimonious debate in the American capital about Bush-era policies.…
Recent attacks and a false sense of security , (Tue, Jul 14th)
With the most recent ActiveX vulnerability (CVE-1136-2009) still very fresh and the attacks still ev ...(more)...
Security Update available for Wyse Device Manager, (Mon, Jul 13th)
From their advisory: Buffer overflow vulnerabilities have been reported in Wyse Device Manager ...(more)...
* Infocon raised to yellow for Excel Web Components ActiveX vulnerability, (Mon, Jul 13th)
The SANS Internet Storm Center has raised the Infocon to yellow for 24 hours to raise awareness of a ...(more)...
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution, (Mon, Jul 13th)
Update1: The vulnerability is being actively exploited on web sites. More to follow ...(more)...
Maturing cybercriminal economy buoyed by business savvy hackers
By Robert Westervelt
A report from Cisco Systems warns of increasingly sophisticated business models used by cybercriminals to compromise websites and steal credentials in increasing numbers.
SSL certificates used by phishers in hacking toolkits
By Robert Westervelt
Symantec is tracking the use of phishing toolkits that hack a Web server and use stored SSL certificates to masquerade as a legitimate site.
Cloud-based security services should start private
By Eric Ogren
When it comes to cloud-based services, security vendors often put the cart before the horse, says columnist Eric Ogren.
Microsoft warns of new Office Web Components vulnerability
By SearchSecurity.com Staff
A Spreadsheet ActiveX Control vulnerability in Microsoft Office Web Components is being actively exploited by attackers.
Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability (MS09-010)
…
Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability
…
VMware ESX Privilege Escalation and Code Execution Vulnerabilities
…
Sun Java Web Start (JWS) GIF Decoding Heap Corruption Vulnerability
…
Adobe Flash Player Invalid Object Reference Vulnerability
…
Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability
Exploitation of an integer signedness vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user
Microsoft PowerPoint Notes Container Heap Corruption Vulnerability (MS09-017)
…
Awingsoft Awakening Winds3D Viewer Command Execution Vulnerability
…
WordPress Unchecked Privileges in admin.php and Multiple Information Disclosures
…
Microsoft PowerPoint Conversion Filter Heap Corruption Vulnerability (MS09-017)
…
Citrix XenCenterWeb Multiple Vulnerabilities
…
Trend Micro Pushes Virtualization Security
Trend Micro has plans for a new virtualization security product designed to protect virtual machines whether they are active or offline. The product, called Trend Micro Core Protection for Virtual Machines, is aimed at providing new levels of malware protection for virtual machines.
- Trend Micro is pushing ahead with plans to bolster its virtualization security portfolio with a new offering designed to protect VMware ESX/ESXi environments. Dubbed Trend Micro Core Protection for Virtual Machines, the product is slated to be available next month. Designed to protect both active...
Amateurs to Blame for DDoS Attacks
In an interview with Ziff-Davis Enterprise Contributing Editor Steve Kovsky, Sourcefire Director of Vulnerability Research Matt Watchinski cites evidence of poorly written code, low bandwidth, and a general lack of sophistication as indications that the distributed denial-of-service (DDoS) attacks that disrupted U.S. government and private sector Websites over the Fourth of July holiday weekend were perpetrated by amateurs and not the North Korean government. Watchinski, who heads up the Vulnerability Research Team at Sourcefire, purveyor of the open-source intrusion detection engine Snort, says that if the attacks had been a state-sponsored act of cyberwarfare, I would expect far more sophistication in the tools and the amount of data they could actually generate.
Microsoft Warns of New Attack as Patch Tuesday Nears
Microsoft is warning of limited attacks targeting a vulnerability in Microsoft Office Components. The warning comes the day before Patch Tuesday, which this month is slated to include fixes to a number of critical vulnerabilities.
- On the eve of Patch Tuesday, Microsoft is warning users about a flaw in Microsoft Office Web Components that is under attack. Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing and viewing charts, spreadsheets and databases on the Web. In this...
How to Plan for Smartphone Security in the Enterprise
One of the major challenges CIOs face is the deployment and security of smartphones in the enterprise. It's important for CIOs to assess how their organization should secure the smartphones employees use to access corporate resources. Here, Knowledge Center contributor Chris De Herrera explains how CIOs can deal with some common security concerns regarding smartphones deployed in the enterprise, including Apple iPhone, RIM BlackBerry, Windows Mobile, Google Android and Palm Pre devices.
- If you are a CIO, you face several challenges when it comes to deploying smartphones in your enterprise. Among the most important, you must determine the security requirements of your organization. Just like laptops and notebooks used in the enterprise, smartphones often contain corporate data ...
Security Researchers Exploit Vulnerability in Handling of EV SSL Certificates
Two researchers will demonstrate a man-in-the-middle attack at the Black Hat security conference this month that allows them to silently sniff traffic on EV SSL protected Websites. The vulnerability in the way browsers treat EV SSL certificates makes them no more valuable than the cheapest SSL certificate, the researchers say.
- Two researchers have discovered a design flaw in Web browsers that can be exploited to launch man-in-the-middle attacks on extended validation SSL certificates. Mike Zusman, principal consultant at Intrepidus Group, and independent security researcher Alex Sotirov plan to reveal the details of...
Stopgap Fix for Critical Firefox 3.5 Security Hole
In Safety Tips
Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, Security Fix is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a flaw in the way Firefox 3.5 handles Javascript, a powerful programming language heavily used on popular Web sites. Specifically, the vulnerability was introduced with the addition of the Tracemonkey, a new feature in 3.5 that is designed to dramatically speed up the rendering of Javascript. Vulnerability watcher Secunia rates this flaw "highly critical," noting that it is the type of flaw that criminals could use to remotely install rogue software, merely by convincing users to visit a hacked or booby-trapped Web site. Fortunately, there is a relatively easy fix for this that can be reversed once
Microsoft: Newly Discovered MS Office/IE Flaw
In Latest Warnings
For the second time in a week, Microsoft is warning that criminals are exploiting a previously unknown security hole in its software to break into Windows computers. The company has released a stopgap fix to help protect users until an official software update is available. The problem stems from yet another insecure ActiveX component, this time one made to manage Excel spreadsheets between Internet Explorer and various Microsoft Office products. In an advisory released today, Microsoft said it is aware of attacks exploiting this vulnerability, which is the sort that could give criminals complete control over a vulnerable Windows PC merely by tricking users into visiting a booby-trapped Web site with IE (yes, this means if you use Windows but consistently use a non-IE browser to surf the Web and open e-mail links, then you have little to worry about from this flaw). According to Microsoft, your system is vulnerable
Brief: Vandals deface ImageShack, oppose disclosure
Vandals deface ImageShack, oppose disclosure
FreeBSD Pf and Tftp-proxy
By Richard Bejtlich
Several IP-enabled devices in the lab use TFTP to retrieve configuration files from various locations on the Internet. This pains me. You can probably imagine what these devices are. Unfortunately I don't control how these devices work.
I run Sguil at my lab gateway to the Internet. I watch traffic right before the gateway, before it is NAT'd. I really don't care what's on the other side. I mostly care what is leaving the network, so I concentrate my NSM activities there.
I noticed one of these TFTP-enabled devices trying to retrieve a file repeatedly. I looked closer at the traffic (thanks to Sguil I keep a record of traffic leaving for the Internet) and noticed I never saw any replies. Simultaneously I received an email from tech support for this device. They told me to unplug all Internet devices from my cable modem and plug the troublesome device into the cable modem overnight (!) My answer to that: "heck no."
I decided to run an experiment with a TFTP client inside the lab and a TFTP server on the Internet. By watching traffic on the internal and external sides of the gateway, I could see TFTP requests making it to the TFTP server on the Internet, and TFTP replies coming from the server back to the gateway. However, the TFTP replies never appeared on the internal side of the gateway.
I did some research and determined that FreeBSD's Pf firewall can't handle TFTP traffic by default. Here is why:
18:13:31.205435 IP my.public.ip.addr.64212 > tftp.server.public.ip.69: 17 RRQ "test.txt" octet
18:13:31.282363 IP tftp.server.public.ip.51186 > my.public.ip.addr.64212: UDP, length 29
18:13:31.284161 IP my.public.ip.addr.57880 > tftp.server.public.ip.51186: UDP, length 4
You see the TFTP request to port 69 UDP. The reply, however, comes from port 51186 UDP to port 64212 UDP. Pf doesn't automatically know that packet 2 is associated with the TFTP request in packet 1.
Fortunately, FreeBSD and other operating systems ship with tftp-proxy(8). I tried following the example in the man page, but I ended up adding the following to the configuration file /etc/pf.conf. $local192 is the LAN from which I expect to see TFTP requests.
no nat on $ext_if to port tftp
rdr-anchor "tftp-proxy/*"
rdr on $int_if proto udp from $local192 to port tftp -> \
$int_if port 6969
anchor "tftp-proxy/*"
I added the following to /etc/inetd.conf.
acmsoda dgram udp wait root /usr/libexec/tftp-proxy tftp-proxy -v
acmsoda is the name in /etc/services for port 6969.
I had to enable /etc/inetd in /etc/rc.conf.
inetd_enable="YES"
inetd_flags="-wW -C 60 -a 172.16.2.1"
Without the -a flag, tftp-proxy would be listening on all interfaces, and I don't want that.
Now I was ready to reload Pf and restart /etc/inetd.conf.
r200a:/root# pfctl -Fa -f /etc/pf.conf
r200a:/root# /etc/rc.d/inetd restart
I checked to ensure port 6969 UDP was listening.
r200a:/root# sockstat -4 | grep 6969
root inetd 161 5 udp4 172.16.2.1:6969 *:*
Now I was able to retrieve my test file via TFTP.
tftp> get test.txt
getting from tftp.server.public.ip:test.txt to test.txt [octet]
sent RRQ
I wanted to note that the man page recommended this addition to inetd.conf:
inetd(8) must be configured to spawn the proxy on the port that packets
are being forwarded to by pf(4). An example inetd.conf(5) entry follows:
127.0.0.1:6969 dgram udp wait root \
/usr/libexec/tftp-proxy tftp-proxy
That didn't work for me; I saw this error in /var/log/messages.
Jul 13 17:11:56 r200a inetd[99738]: 127.0.0.1:6969/udp: unknown service
By specifying the port only and using -a to bind inetd where I needed it, I avoided this error. There's probably another way around this though.
The final step will be seeing this TFTP-enabled device updating itself during the next 24 hours.
Richard Bejtlich is teaching new classes in Las Vegas in 2009. Late Las Vegas registration ends 22 July.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Poor IT job market may fuel online crime: Cisco (Reuters)
In technology
Reuters - The ever-weakening job market could well lead to an increase in online crime as laid-off workers, especially those with computer skills, turn to scams to support themselves, Cisco Systems Inc said in a mid-year security report to be released on Tuesday.
Cyber crime lords using big business tactics: Cisco (AFP)
In technology
AFP - Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.
S.Korean police: Hackers extracted data in attacks (AP)
In technology
AP - Hackers extracted lists of files from computers that they contaminated with the virus that triggered cyberattacks last week in the United States and South Korea, police in Seoul said Tuesday.
UK, Not North Korea, Source of DDOS Attacks, Researcher Says (PC World)
In technology
PC World - The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst.
SB09-194: Vulnerability Summary for the Week of July 6, 2009
Vulnerability Summary for the Week of July 6, 2009
Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
Revision Note: Advisory published.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-032 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-032. The vulnerability addressed is the Microsoft Video ActiveX Control Vulnerability - CVE-2008-0015.
Microsoft Security Advisory (971888): Update for DNS Devolution
Revision Note: Advisory published.Summary: Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels , such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.
Microsoft Security Advisory (971492): Vulnerability in Internet Information Services Could Allow Elevation of Privilege
Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-020. The vulnerability addressed is the IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability - CVE-2009-1535.
Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
Revision Note: Advisory published.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-028. The vulnerability addressed is the DirectX NULL Byte Overwrite Vulnerability - CVE-2009-1537.
Microsoft Security Advisory 973472 Released
By MSRCTEAM
Hi Everyone,
This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.
Products affected are Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, Microsoft Office XP Web Components Service Pack 3, Microsoft Office Web Components 2003 Service Pack 3, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1, Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2006, Internet Security and Acceleration Server 2006 Supportability Update, Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, Microsoft Office Small Business Accounting 2006.
We’re currently investigating the issue as part of our Software Security Incident Response Process (SSIRP) and working to develop a security update. This update will be released once it reaches an appropriate level of quality for broad distribution.
Additionally, we are actively working with partners in our Microsoft Active Protections Program (MAPP) as well as the Microsoft Security Response Alliance (MSRA) to share information that they can use to provide broader protections to customers.
Although the Microsoft Office Web Components ActiveX control has been deprecated for some time now, we still recommend customers implement the workarounds as provided in the Advisory. This can be done either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.
For more technical details on the Advisory, please see what our colleagues have written over on the Security Research & Defense blog.
As always, be sure to check back here on the MSRC blog or in the Advisory for any additional information or updates that develop.
Thanks,
Dave
*This posting is provided "AS IS" with no warranties, and confers no rights*
Cisco Security Center: IntelliShield Cyber Risk Report
July 6-12, 2009
Report Highlight: Predictability of U.S. Social Security Numbers
Turkish Government Site Hacked Amid Spat With China
An attacker who defaced the Web site of Turkey's embassy in China on Monday left behind a pro-China note as the two countries worked through a diplomatic spat.
HTC Smartphones Left Vulnerable to Bluetooth Attack
A vulnerability in some HTC phones running Windows Mobile leaves users vulnerable to attack over Bluetooth.
LexisNexis Warns of Breach After Alleged Mafia Bust
LexisNexis is warning consumers after a man charged in a Mafia conspiracy may have illegally used its databases.
Microsoft Confirms Another Zero-day Vulnerability
Microsoft confirmed another zero-day vulnerability on Monday in a set of software components that ship in a wide variety of the company's products.
Mecca for North Korean Hackers
Posted by InfoSec News on Jul 14
http://www.dailynk.com/english/read.php?cataId=nk01500&num=5161
By Jung Kwon Ho
The Daily NK
2009-07-13
Shenyang, China -- Moranbong University, which is directly managed by the
Operations Department of the Workers’ Party, is said to be leading technical
developments in cyber war...
NSAs cyber overkill
Posted by InfoSec News on Jul 14
http://www.latimes.com/news/printedition/opinion/la-oe-radack14-2009jul14,0,6845797.story
By Jesselyn Radack
The Los Angeles Times
July 14, 2009
Cyber security is a real issue, as evidenced by the virus behind July 4
cyber attacks that hobbled government and business websites in the
...
US State Dept. workers beg Clinton for Firefox
Posted by InfoSec News on Jul 14
http://www.theregister.co.uk/2009/07/13/firefox_and_us_state_department/
By Cade Metz
The Register
13th July 2009
US State Department workers have begged Secretary of State Hillary
Clinton to let them use Firefox.
"Can you please let the staff use an alternative web browser called
...
Encryption guru signs exclusive with gateway vendor
Posted by InfoSec News on Jul 14
http://www.techworld.com/security/news/index.cfm?newsID=119075
By John E. Dunn
Techworld
13 July 2009
The innovative ZRTP Voice-over-IP encryption scheme invented by privacy
guru Phil Zimmermann is to be used exclusively in the gateway products
of only one company, UM Labs, the latter has...
LexisNexis warns of breach after alleged mafia bust
Posted by InfoSec News on Jul 14
http://www.computerworld.com/s/article/9135479/LexisNexis_warns_of_breach_after_alleged_mafia_bust
By Robert McMillan
IDG News Service
July 13, 2009
Information broker LexisNexis has warned more than 13,000 consumers,
saying that a Florida man who is facing charges in an alleged mafia
...
Posts
No comments:
Post a Comment