Zero Day
Tracking the hackers
Exploit published for critical IE 7 zero-day flaw
By Ryan Naraine on Responsible disclosure
The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7.
Inside the Google Chrome OS security model
By Ryan Naraine on iPhone
Google will use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption that thwart malicious hackers from attacking its new Google Chrome OS.
Microsoft finds security hole in Google Chrome Frame
By Ryan Naraine on Patch Watch
A security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a "high risk" Google Chrome Frame security vulnerability that could allow an attacker to bypass cross-origin protections.
Mozilla locks out rogue Firefox add-ons
By Ryan Naraine on Vulnerability research
Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser's application components directory.
Yahoo! News: Security News
Security News
Key scientist says politics behind stolen e-mails (AP)
In science
AP - A leading climate change scientist said hackers breaking into a university's computer server and then posting documents online show the nasty politics of global warming.
Mich. spammer gets 4 years in stock fraud scheme (AP)
In business
AP - A federal judge has sentenced a suburban Detroit man described as one of the world's most prolific senders of spam e-mail to more than four years in prison for his role in a 2005 stock fraud scheme that netted him $2.7 million.
Hong Kong man, three others jailed for spam scheme (AFP)
In technology
AFP - A Hong Kong resident and three other men, including the self-proclaimed "Godfather of Spam," were sentenced to prison on Monday for their roles in an email stock fraud scheme, the Justice Department said.
"Jail broken" iPhones hacked by new virus (Reuters)
In technology
Reuters - Hackers have built a virus that attacks Apple Inc's iPhone by secretly taking control of the devices via their Internet connections, security experts said.
New Worm Steals Data From Jailbroken iPhones (NewsFactor)
In business
NewsFactor - Just two weeks after Apple iPhone users in Australia reported jailbroken iPhones came under siege by attackers, a new version of the iPhone worm is posing a threat. Symantec reports the new worm targets jailbroken iPhones running SSH that are still using the default password. The worm can reportedly steal data stored on the iPhone as well as connect back to the attacker, giving them control of the phone.
Third iPhone worm targets jailbroken iPhones in Europe, Australia (Macworld.com)
In technology
Macworld.com - Another week, another worm hitting jailbroken iPhones. As with the previous exploits, which Rickrolled your phone's wallpaper and stole your data, this nasty piece of work burrows its way into your jailbroken device if you haven't changed the password for the iPhone's root account-you have changed your root password, right? Right?
Facebook Worm Sells Itself with a Booty Call (PC Magazine)
In technology
PC Magazine - A new Facebook worm appeared over the weekend, pairing malware with a sexy come-on. NSFW warning: racy image inside.
New Attack Fells Internet Explorer (PC World)
In technology
PC World - A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser.
Security Pro Says New SSL Attack Can Hit Many Sites (PC World)
In technology
PC World - A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.
Trends & Innovations - Thursday (Investor's Business Daily)
In business
Investor's Business Daily - Hackers are increasingly targeting law firms and public relations companies with e-mail schemes that break into PC networks to steal data linked to their big corporate clients. For law firms in particular, the FBI has issued an advisory that warns of "noticeable increases" in efforts to hack into such firms' PC systems. The trend began 2 years ago but has grown dramatically, experts say. Hackers often target law firms that are negotiating a major int'l deal, anything from seeking a patent on a sensitive new technology to opening a plant in another country.
UK police make 2 Trojan computer virus arrests (AP)
In technology
AP - A couple suspected of helping spread some of the Internet's most aggressive computer viruses has been arrested in the English city of Manchester, police said Wednesday.
Police make "trojan" virus arrests (Reuters)
In technology
Reuters - Detectives have made the first arrests in Europe to tackle a "trojan" computer virus which is believed to have infected tens of thousands of computers across the world, London police said on Wednesday.
UK Police Reveal Arrests Over Zeus Banking Malware (PC World)
In technology
PC World - British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC.
Fortinet shares price at $12.50 each ahead of IPO (AP)
In business
AP - Shares of Fortinet Inc. priced higher than expected at $12.50 each ahead of the computer security company's planned initial public offering Wednesday.
Computer Security Challenged By Web 2.0 'Endpoint' Growth (Investor's Business Daily)
In business
Investor's Business Daily - It also makes computer security problems. Research out this week shows how companies may be letting tech security slip as they rush to do more tasks online, under greater budget pressures.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
VIDEO: Securing Windows 7 desktops with AppLocker
By (Derek Melber)
This video explains of the process of securing Windows 7 desktops using AppLocker utility.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Control "Monitoring" is Not Threat Monitoring
By Richard Bejtlich
As I write this post I'm reminded of General Hayden's advice:
"Cyber" is difficult to understand, so be charitable with those who don't understand it, as well as those who claim "expertise."
It's important to remember that plenty of people are trying to act in a positive manner to defend important assets, so in that spirit I offer the following commentary.
Thanks to John Bambanek's SANS post I read NIST Drafts Cybersecurity Guidance by InformationWeek's J. Nicholas Hoover.
The article discusses the latest draft of SP 800-37 Rev. 1:
DRAFT Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.
I suspected this to be problematic given NIST's historical bias towards "controls," which I've criticized in Controls Are Not the Solution to Our Problem and Consensus Audit Guidelines Are Still Controls. The subtext for the article was:
The National Institute for Standards and Technology is urging the government to continuously monitor its own cybersecurity efforts.
As soon as I read that, I knew that NIST's definition of "monitor" and the article's definition of "monitor" did not mean the real sort of monitoring, threat monitoring, that would make a difference against modern adversaries.
The article continues:
Special Publication 800-37 fleshes out six steps federal agencies should take to tackle cybersecurity: categorization, selection of controls, implementation, assessment, authorization, and continuous monitoring...
Finally, and perhaps most significantly, the document advises federal agencies to put continuous monitoring in place. Software, firmware, hardware, operations, and threats change constantly. Within that flux, security needs to be managed in a structured way, Ross says.
"We need to recognize that we work in a very dynamic operational environment," Ross says. "That allows us to have an ongoing and continuing acceptance and understanding of risk, and that ongoing determination may change our thinking on whether current controls are sufficient."
The continuous risk management step might include use of automated configuration scanning tools, vulnerability scanning, and intrusion detection systems, as well as putting in place processes to monitor and update security guidance and assessments of system security requirements.
Note that the preceding text mentions "intrusion detection systems," but the rest of the text has nothing to do with real monitoring, i.e., detecting and responding to intrusions. I'm not just talking about network-centric approaches, by the way -- infrastructure, host, log, and other sources are all real monitoring, but this is not what NIST means by "monitoring."
To understand NIST's view of monitoring, try reading the new draft. I'll insert my comments.
APPENDIX G
CONTINUOUS MONITORING
MANAGING AND TRACKING THE SECURITY STATE OF INFORMATION SYSTEMS
A critical aspect of managing risk from information systems involves the continuous monitoring of the security controls employed within or inherited by the system.65
[65 A continuous monitoring program within an organization involves a different set of activities than Security Incident Monitoring or Security Event Monitoring programs.]
So, it sounds like activities that involve actually watching systems are not within scope for "continuous monitoring."
Conducting a thorough point-in-time assessment of the deployed security controls is a necessary but not sufficient condition to demonstrate security due diligence. An effective organizational information security program also includes a rigorous continuous monitoring program integrated into the system development life cycle. The objective of the continuous monitoring program is to determine if the set of deployed security controls continue to be effective over time in light of the inevitable changes that occur.
That sounds ok so far. I like the idea of evaluations to determine if controls are effective over time. In the next section below we get to the heart of the problem, and why I wrote this post.
An effective organization-wide continuous monitoring program includes:
• Configuration management and control processes for organizational information systems;
• Security impact analyses on actual or proposed changes to organizational information systems and environments of operation;67
• Assessment of selected security controls (including system-specific, hybrid, and common controls) based on the organization-defined continuous monitoring strategy;68
• Security status reporting to appropriate organizational officials;69 and
• Active involvement by authorizing officials in the ongoing management of information system-related security risks.
Ok, where is threat monitoring? I see configuration management, "control processes," reporting status to "officials," "active involvement by authorizing officials," and so on.
The next section tells me what NIST really considers to be "monitoring":
Priority for security control monitoring is given to the controls that have the reatest volatility and the controls that have been identified in the organization’s plan of action and milestones...
[S]ecurity policies and procedures in a particular organization may not be likely to change from one year to the next...
Security controls identified in the plan of action and milestones are also a priority in the continuous monitoring process, due to the fact that these controls have been deemed to be ineffective to some degree.
Organizations also consider specific threat information including known attack vectors (i.e., specific vulnerabilities exploited by threat sources) when selecting the set of security controls to monitor and the frequency of such monitoring...
Have you broken the code yet? Security control monitoring is a compliance activity. Granted, this is an improvement from the typical certification and accreditation debacle, where "security" is assessed via paperwork exercises every three years. Instead, .gov compliance teams will perform so-called "continuous monitoring," meaning more regular checks to see if systems are in compliance.
Is this really an improvement?
I don't think so. NIST is missing the point. Their approach advocates Control-compliant security, not field-assessed security. Their "scoreboard" is the result of a compliance audit, not the number of systems under adversary control or the amount of data exfiltrated or degraded by the adversary.
I don't care how well your defensive "controls" are informed by offense. If you don't have a Computer Incident Response Team performing continuous threat monitoring for detection and response, you don't know if your controls are working. The NIST document has a few hints about the right approach, at best, but the majority of the so-called "monitoring" guidance is another compliance activity.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Audio of Bejtlich Presentation on Network Security Monitoring
By Richard Bejtlich
One of the presentations I delivered at the Information Security Summit last month discussed Network Security Monitoring. The Security Justice guys recorded audio of the presentation and posted it here as Network Security Monitoring and Incident Response. The audio file is InfoSec2009_RichardBejtlich.mp3.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Traffic Talk 8 Posted
By Richard Bejtlich
I just noticed that my 8th edition of Traffic Talk, titled How to use user-agent strings as a network monitoring tool, was posted this week. It's a simple concept that plenty of NSM practitioners implement, and I highly recommend it.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
News: Major IE8 flaw makes 'safe' sites unsafe
Major IE8 flaw makes 'safe' sites unsafe
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Climatologists hot over e-mail hack
Climatologists hot over e-mail hack
Brief: Firms fail to secure mobile, cloud data
Firms fail to secure mobile, cloud data
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: No cyberwar yet, but soon, says firm
No cyberwar yet, but soon, says firm
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Security Fix
Brian Krebs on computer and Internet security
Spam 'Godfather' gets 51 months in prison
In Cyber Justice
These past few days have seen some notable cyber justice cases: Late Monday, Alan M. Ralsky -- a man dubbed the "Godfather of Spam" -- was sentenced to 51 months in prison. And on Friday, a California man pleaded guilty in a case involving the sale of counterfeit high-tech computer parts to the U.S. military. Ralsky, 64, of West Bloomfield, Mich., joined two co-conspirators in earning stiff prison sentences for long careers of blasting junk e-mail. Following more than four years in prison, Ralsky will be subject to five years of supervised release and will forfeit $250,000 the government seized from him in December 2007, the Justice Department said. According to the government, Ralsky was a top promoter of so-called pump-and-dump scams, schemes in which fraudsters buy up a bunch of low-priced microcap stock, blast out millions of spam e-mails touting it as a hot buy and then dump their
New attack targets weakness in Internet Explorer
In Latest Warnings
Blueprints showing attackers how to exploit a previously unknown security hole in versions of Microsoft's Internet Explorer browser recently were published online. The danger here is if IE users browse to a hacked or booby-trapped Web site that uses the exploit, that site could install malicious software. Microsoft has not yet issued an advisory about this threat. According to initial reports from Symantec and vulnerability management firm VUPEN, the exploit works against IE 6 and IE 7 versions only. The vulnerability apparently resides in the way IE handles so-called cascading style sheet information (CSS), which a great many Web sites use to control the design and formatting of text and other site elements. Symantec reports that the attack code is a bit buggy and unreliable at the moment, but that a fully-functional and more reliable exploit almost certainly will be released soon. Symantec advises IE users is to make sure
Alpha Software disclosure leads to confusion
In From the Bunker
A few days ago, Security Fix heard from a reader who received a breach notification so casual in tone that he asked me to verify whether it was for real. Sure enough, Burlington, Mass.-based database application company Alpha Software Inc. recently told customers that a data breach had exposed their payment information. That fact was confirmed by similarly confused users posting to the company's online forum. The e-mail notice to affected customers reads: November 9, 2009 Dear Customer, We have been informed that there has been a security breach at the Internet Service Provider where our web site is hosted. This may have resulted in your credit card information being compromised. While it is entirely possible that your credit card information has not been stolen, in the interests of caution, we recommend that you contact your credit card provider to discuss what steps, if any, they recommend. Going forward, we
FDA targets rogue Internet pharmacies
In Web Fraud 2.0
The U.S. Food and Drug Administration is pressuring a number of Internet service providers to shut off nearly 12 dozen Web sites alleged to be selling counterfeit or unapproved prescription drugs. The FDA's office of criminal investigations said it sent 22 warning letters to the operators of the sites, and alerted the appropriate ISPs and domain name registrars that the sites were selling phony pharmaceuticals, all without requiring a prescription. The agency said none of the sites represent pharmacies located in the United States or Canada, as most claim. According to the letters sent to owners of the 136 targeted sites, the online stores hawked everything from powerful controlled substances, including Valium and Xanax, to lifestyle drugs like Viagra and Levitra. Some sites even offered prescription drugs that have not yet been approved for distribution or sale in the United States, such as the anti-obesity drug Acomplia. "Many U.S. consumers
Bill would ban P2P use on federal networks, PCs
In U.S. Government
The chairman of the House Oversight and Government Reform Committee introduced legislation on Tuesday to prohibit the use of peer-to-peer (P2P) file-sharing software across all federal government computers and networks. The "Secure Federal File Sharing Act" would direct the White House's Office of Management and Budget to issue guidelines barring the use and/or installation of P2P software on federal systems, unless otherwise approved for a specific purpose. The bill also calls on OMB to develop a policy that would extend to networks and computers operated by agency contractors, as well as to personal computers of federal employees remotely accessing federal networks. "We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," said Rep. Edolphus Towns, the Democrat from New York who chairs the House oversight panel, in a statement. "Voluntary self-regulations have failed so now is the time for Congress to act." The bill
Experts: Smart grid poses privacy risks
In Latest Warnings
Technologists already are worried about the security implications of linking nearly all elements of the U.S. power grid to the public Internet. Now, privacy experts are warning that the so-called "smart grid" efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers' daily power consumption. "The modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information," warns a report (PDF) jointly released Tuesday by the Ontario Information and Privacy Commissioner and the Future of Privacy Forum (FPF), a think tank made up of chief privacy officers, advocates and academics. Smart grid technology -- including new "smart meters" being attached to businesses and homes -- is designed in part to provide consumers with real-time feedback on power consumption patterns and levels. But as these systems begin to
Security - RSS Feeds
Security - RSS Feeds
Microsoft Confirms Internet Explorer Zero-Day Vulnerability
Microsoft confirms the existence of proof-of-concept attack code for a flaw affecting Internet Explorer 6 and 7.
- Microsoft has confirmed the existence of a zero-day bug in Internet Explorer 6 and 7. Proof-of-concept attack code for the flaw was posted Nov. 20 to the Bugtraq mailing list. The flaw is tied to the way IE uses CSS (Cascading Style Sheets) information. According to Microsoft, the company ...
Check Point Acquires FaceTime Database for Application Controls
Check Point Software Technologies acquires FaceTime Communications' application classification and signature database. The technology will appear in a new software blade sometime in 2010.
- Check Point Software Technologies has acquired FaceTime Communications' application classification and signature database to quot;add security controls for over 50,000 Web 2.0 widgets and more than 4,500 Internet applications, quot; Check Point announced Nov. 23. The acquisition, made for an un...
Symantec Spots Worm Targeting Jailbroken Apple iPhones
Updated: Symantec uncovers a new worm targeting jailbroken iPhones. Unlike the Ikee worm that appeared earlier in November, this worm can be used to steal data.
- Researchers at Symantec have uncovered another worm aimed at jailbroken iPhones. Like the well-publicized Ikee worm, the recently discovered malware targets jailbroken iPhones running SSH (Secure Shell) and using the default password of quot;alpine. quot; However, unlike Ikee, which merely cha...
Older Microsoft Internet Explorer Vulnerable to Security Flaw
Researchers at Symantec say exploit code for a zero-day security vulnerability has been uncovered in Internet Explorer 6 and 7.
- Proof-of-concept code for an attack targeting old versions of Microsoft Internet Explorer has made its way online. According to Symantec, someone posted the code Nov. 20 to the Bugtraq mailing list. The code targets a flaw tied to how Internet Explorer (IE) uses cascading style sheet ( CSS) inf...
A Security Wish List for Microsoft Internet Explorer 9
Microsoft unveiled some details about Internet Explorer 9 this week at the Professional Developers Conference in Los Angeles. But what does Microsoft have in store for IE users from a security perspective?
- Microsoft unveiled an embryonic version of Internet Explorer 9 at its Professional Developers Conference ( PDC ) this week, touching off a round of speculation of what the browser would entail feature-wise. From a security perspective, Microsoft has sought to make strides with each version of Int...
Three Charged in Comcast Cyber-Attack
Three men were charged by federal indictment Nov. 19 in connection with attacking Comcast.net and redirecting traffic to sites under their control. The group altered Comcast's DNS records and is estimated to have cost the company more than $128,000.
- Three men have been charged by federal authorities for redirecting traffic for Comcast.net last year to sites under the trios control. According to the FBI, Christopher Allen Lewis, 19, of Newark, Del., Michael Paul Nebel, 27, of Kalamazoo, Mich., and 20-year-old James Robert Black Jr. o...
Microsoft Uncovers Vulnerability in Google Chrome Plug-in for IE
Microsoft uncovers a vulnerability in a controversial Google plug-in for Internet Explorer that could be exploited to bypass cross-origin protections. Google patched the issue this week in an update.
- Microsoft researchers uncovered a flaw in the Google Chrome Frame plug-in for users of Internet Explorer. According to Google, which patched the problem Nov. 18 with an update, the vulnerability could be exploited to bypass cross-origin protections. The plug-in which injects Google Chromes ren...
Google Chrome OS Security Model Breaks the Traditional Mold
With Chrome OS, Google says it has abandoned the traditional operating system security model and put its focus on using process isolation, verified boot, encryption and system hardening to protect users.
- Google previewed Chrome OS Nov. 19 and opened up about how its security strategy deviates from the traditional model for securing today's operating systems. In a presentation, Google painted a picture of a slim operating system that uses a combination of sandboxing, encryption of user data...
Up Close and Technical look at SocialPet
SocialPet, a new product from Jetmetric, lets administrators send fake phishing e-mails to selected employees to determine which ones know enough to ignore the messages and which dont - posing a threat to company security.
- Video Content....
10 Lessons Google Must Learn About OS Security
News Analysis: Google is new to the operating system market, so it has to demonstrate that it understands how to build and maintain a secure Web OS. The history of Windows security has shown there are many avenues of attack against a desktop operating system. There are even more potential attack strategies for an online OS. But whether Google has learned the many hard lessons of Web security is very much in doubt at this point.
- Much has been made of Google's intentions in the operating system space. The company has made it clear that it wants its products to be used on netbooks. It wants to be the first major company to deliver an online operating system that can compete with the likes of Windows 7 Starter Edition and ...
T-Mobile Confirms U.K. Data Breach
T-Mobile confirmed that an employee at its U.K. subsidiary passed customer data to third-party brokers, potentially leading to a criminal prosecution. Despite the potential damage to customers lives, such a data breach is most likely punishable with a fine as opposed to jail time in the U.K. T-Mobile has been dealing with public-relations issues on both ends of the Atlantic, including an incident in which a massive server failure led to Sidekick smartphone users in the U.S. temporarily losing their personal data.
- T-Mobile confirmed that an employee had passed along customer data to third-party brokers in the U.K., an incident that could lead to criminal prosecution. Given that the defendants likely face a potential fine but no jail time, a number of British commentators have been suggesting that penalties...
Firefox 3.6 Beta Blocks Third-Party Add-ons from Components Directory
Mozilla updates its Firefox 3.6 beta to block add-ons from adding code to Firefox's components directory. The move is meant to reduce crashes and will keep vendors from silently installing Firefox add-ons without permission from the user, Mozilla says.
- Mozilla has added an extra wall in Firefox 3.6 to block third-party add-ons from loading in the browser's application components directory. The change prevents third-party applications from adding code to Firefox's components directory which houses much of Firefox's own code and will thereby k...
U.K. Police Arrest Two Tied to Zeus Trojan
Police in the U.K. arrested two people tied to the Zeus Trojan, a notorious piece of malware used to steal banking information and another personal data such as passwords for sites like Facebook.
- Authorities in the U.K.have reportedly arrested two people in connection with using a notorious Trojan in a scheme to steal online banking information. The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchesterfor violating the 1990 Computer Misuse Act a...
Cyber-war Could Threaten Security of Critical Infrastructure
In a new report released by McAfee, several noted security experts discuss the improving cyber-warfare capabilities of the world's superpowers and the risks facing critical infrastructures.
- The ability of several countries to launch politically motivated cyber-attacks has increased and put critical infrastructure in the crosshairs, according to a sweeping report from McAfee. In its fifth annual Virtual Criminology Report (PDF), McAfee noted that not only have politically motiva...
Security
Latest jailbroken iPhone worm tries filching bank passwords
By jacqui@arstechnica.com (Jacqui Cheng) on worm
The second malicious worm to attack jailbroken iPhones has been spotted in the wild, and is the first to directly target users' bank accounts. Called iBotnet.A by security research firm Intego, the worm tries to steal account logins from customers of popular online banking service ING Direct. Though it only affects iPhones that have been jailbroken by the user with SSH installed, this is clearly a trend that is growing quickly—and one that Apple isn't likely to care about until it affects "legit" users.
According to Intego, the malware scans for phones on a local network and a range of IPs with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. This is the same method used by the first malicious iPhone worm that came out earlier this month. The IPs scanned by this particular worm include those in the Netherlands, Portugal, Hungary, and Australia.
Google Chrome Frame patches Microsoft-reported security bug
By emil.protalinski@arstechnica.com (Emil Protalinski) on internetexplorer
This week, Google released an update to Google Chrome Frame. Version 4.0.245.1 is available and all users should be updated automatically, according to Google Chrome Releases. The release fixes issues where the plugin would not follow redirects properly, where network requests would fail randomly, and where it would freeze IE8 intermittently. What really caught our eye though, was the security fix that's included in the release, and especially who gets the credit for finding it:
Smart grids drag utilities into the swamp of online privacy
By jtimmer@arstechnica.com (John Timmer) on smartgrid
The smart grid is rapidly becoming a reality in the US, as utilities have been installing networked monitoring and control equipment, both in their own facilities and in their customers' homes. The pace of these installations should accelerate due to recent initiatives from the Department of Energy and the state of California; across the border, the Province of Ontario will see smart meters installed in every home by the end of next year. Ontario's Information and Privacy Commissioner has now worked with members of the Future of Privacy Forum to analyze the privacy implications of these initiatives. The resulting report indicates that there are a variety of potential privacy concerns, some of which are best addressed before the deployments begin in earnest.
Nearly half of the report simply reviews what the smart grid entails, specifically from the consumer perspective. In general terms, a smart meter, combined with smart appliances and other hardware, will allow consumers to obtain fine-grained information about their energy use patterns, and exercise a greater degree of control over them. As the report notes, this can have a wide variety of positive consequences, from more efficient use of energy resources to lowered electric bills. So the general message is that concerns about privacy shouldn't derail plans to deploy smart grids.
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied inputv.
Gimp BMP Image Parsing Integer Overflow Vulnerability
Gimp has a BMP Image Parsing Integer Overflow vulnerability which can be exploited by malicious people to potentially compromise a user's system.
Cisco Catalyst Blade Switch 3020/3120 DoS Vulnerability
A potential vulnerability has been identified with the Cisco Catalyst Blade Switch 3020/3021. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
RhinoSoft Serv-U TEA Decoding Buffer Overflow
Serv-U can be exploited by malicious people to potentially compromise a vulnerable system.
Norton Alteon OS Browser-Based Interface XSS and XSRF Vulnerabilities
Browser-Based Interface (BBI) software is included in the Nortel Networks version 25.0.0.0 and prior and the Radware family of switches. The BBI software lets you use your Web browser to access switch information and statistics and perform switch configuration via the Internet. These vulnerabilities could allow attackers to change the switch configuration.
Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation
Avast's aswRdr.sys Driver does not sanitize user supplied input IOCTL) and this lead to Kernel Heap Overflow that propagates on the system with a BSOD and potential risk of Privilege Escalation.
HP-UX Running BIND DoS
A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
Gimp PSD Image Parsing Integer Overflow Vulnerability
Gimp can be exploited by malicious people to potentially compromise a user's system.
HP Power Manager Execution of Arbitrary Code
A potential security vulnerability has been identified with HP Power Manager. The vulnerability could be exploited remotely to execute arbitrary codev.
HP DDMI Execution of Arbitrary Code
A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely by an authorized user to execute arbitrary code.
WordPress Unrestricted File Upload Arbitrary PHP Code Execution
Wordpress allows authorised users to add an attachment to a blog post. It does not sanitize provided file properly before moving it to an uploads directory.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Exploit code targets Internet Explorer zero-day display flaw
By Robert Westervelt
Exploit code is publically available targeting an Internet Explorer cascading style sheet (CSS) handling error, according to Symantec.
Increase in Gumblar backdoors poses FTP credential problems
By Robert Westervelt
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.
Hackers to sharpen malware, malicious software in 2010
By Robert Westervelt
Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services.
Health Net healthcare data breach affects1.5 million
By Robert Westervelt
A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net customers.
Massive T-Mobile UK security breach involves insiders
By Robert Westervelt
A UK agency suspects insiders are behind a massive data breach at T-Mobile UK where customer data was pilfered and sold to competitors.
InZero Systems launches hardware-based security gateway
By Robert Westervelt
New InZero gateway uses hardware to halt malware by separating the endpoint from the network and isolating desktop software.
SANS NewsBites
All Stories From Vol: 11 - Issue: 92
House Science & Technology Committee Passes Cybersecurity Enhancement Act (November 19, 2009)
The US House Committee on Science and Technology has passed the Cybersecurity Enhancement Act of 2009, which "is based on the concept that in order to improve the security of our networked systems .......
NSA Helping to Harden Operating Systems (November 7, 18 & 19, 2009)
In testimony before the Senate Subcommittee on Terrorism and Homeland Security, National Security Agency (NSA) information assurance director Richard Schaeffer said that his agency helped Microsoft harden Windows 7 and that it is also helping Apple, Sun Microsystems, and Red Hat with similar endeavors.......
Proposed Legislation Prohibits P2P Use in Government and Contractor Computers (November 17 & 18, 2009)
A bill introduced in the US House of Representatives would prohibit the use of peer-to-peer (P2P) filesharing technology in government computers and those used by government contractors except in cases where its use has been officially approved.......
Lost Hard Drive Holds Seven Years of Health Net Patient Data (November 19, 2009)
A hard drive containing personal and medical information of 1.......
Three Charged in Comcast Redirect Attack (November 19, 2009)
Three men have been charged in connection with a redirection attack on Comcast's website.......
One Year Prison Sentence for Scientology DDoS (November 18 & 19, 2009)
A 19-year old man from New Jersey has been sentenced to one year in federal prison for his role in a distributed denial-of-service DDoS attack against the Church of Scientology website that took place in January 2008.......
Banks Reissuing Credit Cards Following Report of Breach at Spanish Payment Company (November 18 & 19, 2009)
A German bank has recalled 60,000 credit cards after learning that the card numbers may have been compromised in a security breach at a Spanish payment company.......
Secondhand ATMs Pose Security Risk (November 18, 2009)
A security consultant who purchased an ATM secondhand through Craigslist found that it still held a log of hundreds of transaction details.......
UK Police Charge Two in Connection With Zeus Trojan (November 18, 2009)
Police in the UK have charged two people in connection with using the Zeus Trojan horse program.......
T-Mobile Customer Records Stolen and Sold (November 17 & 18, 2009)
T-Mobile has acknowledged that an employee stole customer records and sold them to data brokers who in turn sold the information to T-Mobile competitors.......
Microsoft Suit Involving Former Employee Settled, All Matters Resolved (November 17, 2009)
A settlement has been reached in a case brought by Microsoft against former employee Miki Mullor.......
Man Pleads Guilty in ATM Skimming Case (November 16 & 17, 2009)
Victor Vasile Constantin has pleaded guilty to charges of bank fraud and identity theft for his role in an ATM skimming scheme.......
SANS Internet Storm Center, InfoCON: green
Microsoft Security Advisory 977981 - IE 6 and IE 7 , (Tue, Nov 24th)
Related to Marc's Diary from 11/23, Microsoft has released Security Advisory 977981. It detail ...(more)...
New Nmap Beta Released, (Mon, Nov 23rd)
Earlier today, Fyodor announced the release of a new beta of Nmap. Nmap 5 ...(more)...
Government Approaches to Cybersecurity - What are your tips?, (Mon, Nov 23rd)
On the heels of a recent Govenment Accounting Office (GAO) finding that many USfederal agencie ...(more)...
IE6 and IE7 0-Day Reported, (Sun, Nov 22nd)
According to VUPEN security: A vulnerability has been identified in Microsoft Internet Explorer, w ...(more)...
What is making you vulnerable?, (Sat, Nov 21st)
The VMware patch mentioned in the oneliner raises an interesting question. What is making you ...(more)...
VMware vCenter and ESX updates available http://lists.vmware.com/pipermail/security-announce/2009/000070.html , (Sat, Nov 21st)
...(more)...
PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related., (Fri, Nov 20th)
...(more)...
Fedora to allow the installation of packages, without root privileges? , (Thu, Nov 19th)
A bug created back in November against the latest Fedora release (12) indicates that, th ...(more)...
Using a Cisco Router as a "Remote Collector" for tcpdump or Wireshark, (Wed, Nov 18th)
Have you ever thought about your routers. I mean - *really* thought about them? They thi ...(more)...
The Register - Security
Biting the hand that feeds IT
Facebookers hit with steamy clickjacking exploit
'Click da button, baby!'
Facebook administrators have blocked a clickjacking exploit that displayed images of a scantily clad woman on profile pages without first prompting the user for permission.…
IE bug leaks private details from 50 million PDF files
Black hat recon courtesy of Microsoft
A bug in Microsoft's Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said.…
Google hoodwinked into pushing Chrome OS scareware
Tamper tantrum
Rogue anti-virus scammers have tainted search results for Chromium OS - the open source version of Google's Chrome OS - in a bid to expose surfers hunting the web operating system to a fake anti-virus scan scam instead.…
Cisco pumps out iPhone security app
World of IT threats in your pants
Cisco has pushed out a new iPhone app that helps IT managers respond to newly-detected security threats by the seat (pocket) of their pants.…
Symantec Japan website bamboozled by hacker
Plaintext passwords revealed
A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information.…
iPhone worm hjacks ING customers
No messing this time
Updated The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct.…
First malicious iPhone worm slithers into wild
Jailbreakers under assault
A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet.…
FDA takes aim at illegal net pharmacies
Please don't feed the spammers
The US Food and Drug Administration said it has completed a sweep of illegal online pharmacies that targeted 136 websites that appeared to be illegally selling drugs to American consumers.…
Hackers free Snow Leopard from Jobsian cage
Apple Atomness restored
Snow Leopard users are once again free to run the Apple operating system on hardware with Atom processors, courtesy of hackers in Russia.…
Potty-mouths charged for Comcast hijack
Destination '69 dick tard lane'
The potty-mouthed hackers who hijacked Comcast's domain name for several hours last year were charged with intentionally damaging a protected computer system.…
Wrecking CRU: hackers cause massive climate data breach
Secretive scientists' source code goes walkabout
The University of East Anglia has confirmed that a data breach has put a large quantity of emails and other documents from staff at its Climate Research Unit online. CRU is one of the three leading climate research centres in the UK, and a globally acknowledged authority on temperature reconstructions.…
QinetiQ mail virus patent attracts barbs
Looks a bit familiar
An anti-virus expert has poured cold water on a patent from British technology firm QinetiQ that supposedly offers a new technique for tackling malicious email attachments.…
MS discovers flaw in Google plug-in for IE
Google whacked
Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users.…
Major IE8 flaw makes 'safe' sites unsafe
Microsoft's XSS buster busted
Exclusive The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe.…
Users howl as Fedora 12 gives root to unwashed masses
Breaks Unix 'zero-assumption' trust model
UpdatedThis story was updated about 11 hours after it was published to reflect that Fedora developers have reversed course. Operating system users once again will be required to enter a root password before installing software packages.…
Scareware tool dumps smut on Windows PCs
Rogue clean-up tool poses child abuse frame risk
Rogue anti-virus slingers are getting even sneakier. Instead of offering to clean up non-existent malware threats as per the traditional approach, one rogue scanner offers to clean up images of porn it claims to have found on a prospective mark's PC.…
Spanish payment breach prompts huge German card recall
Holidaymakers at risk of fraud
German authorities have recalled more than 100,000 credit cards over fears that crooks may have obtained details of the cards via an unnamed Spanish payment processing firm.…
ISA report reveals email security lapse
Safeguarders slightly slipshod on safeguards
The Independent Safeguarding Authority's first annual report reveals that it sent an email with confidential data to the wrong address.…
Palin claims webmail hack disrupted GOP campaign
Yes, that was the problem, Sarah
Sarah Palin has described the hack of her webmail account as the "most disruptive" event in her campaign to become US vice president last year.…
The Register's threat predictions for 2010
What lurks in the New Year?
Webcast Find out what threats lie in wait for your business throughout 2010 and how to avoid them, with this free to view audio slideshow from The Register, in association with MessageLabs.…
Crypto pioneer and security chief exits Sun
One in the PKI?
Crypto pioneer and Sun Microsystems' veteran chief security officer Whitfield Diffie has left the company, with database-giant Oracle's acquisition still in the air.…
National Security Agency beefed Win 7 defenses
Now for Apple, Sun, and Red Hat
The National Security Agency helped Microsoft harden Windows 7 against attacks and is providing similar assistance to Apple, Sun Microsystems and Red Hat too, an agency official said.…
Stalker video peepholed ESPN bombshell
'Erin Andrews Naked Butt'
A Chicago man who stalked ESPN reporter Erin Andrews across the United States managed to secretly videotape America's sexiest sportscaster in the nude twice, federal prosecutors said Wednesday.…
Second-hand ATM trade opens up fraud risk
Craigslist cash machine contains 1,000 card numbers
Second-hand ATM machines containing sensitive transaction data are easily available for purchase on eBay or even Craiglist, according to an investigation by a US-based security consultant.…
UK cybercops cuff ZeuS Trojan suspect pair
Alleged Bonnie and Clyde of malware
A Manchester couple have been arrested on suspicion of using the notorious ZeuS Trojan horse to commit banking fraud.…
Facebook revises privacy policy
Plain English update
Facebook has published a simpler, easier to understand privacy policy which removes complicated technical and legal terms in the previous document without changing much of substance.…
Fortinet launches rare net security IPO
Roll-up, roll-up
Fortinet has set a price of $12.50 a share for its initial public offering on Wednesday. If all goes to plan, the security appliance firm and its investors stand to rake in a more than $156m through the offer.…
Man charged in $111k domain name theft
eBayed to basketball pro
A New Jersey man has been charged with stealing the p2p.com domain name and selling it to a professional basketball player for more than $111,000 in the first US indictment for domain name theft.…
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
Spyware Doctor With Antivirus: First Look
Shortly after we completed our current antivirus roundup, PC Tools released Spyware Doctor with AntiVirus 2010 ($40 for a one-year, three-PC license), the latest version of its paid antivirus tool. Though it came out too late for us to include in our malware detection testing, we were able to take the program for a quick spin.
Microsoft issues security advisory on IE vulnerability
Microsoft Monday night issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer.
Hacks of Chinese temple were online kung fu, abbot says
A hacker who posted a fake message on the Web site of China's famous Shaolin Temple repenting for its commercial activities was just making a mean joke, the temple's abbot was cited as saying by Chinese state media Monday.
11 Security Tips for Black Friday, Cyber Monday
This holiday shopping season, IT and physical security practitioners have the tough task of protecting customer data and preventing shoplifting. Here are 11 tips to bring sanity to the process.
New iPhone worm steals online banking codes, builds botnet
Hackers have borrowed a tactic from the world's first iPhone worm to build a botnet that steals data, including online banking credentials, from jailbroken Apple smartphones.
Five ways to lose your identity (and wallet) this holiday season
Computerworld offers tips to holiday shoppers looking to expose their personal data to online thieves.
Google Chrome OS: Big Brother Google Gets Bigger
Google's mantra is "Don't be evil." Let's hope it the tech giant means it, because if Chrome OS succeeds in replacing Windows at the world's dominant operating system, Google's sway over the computing world could be exponentially higher than it is today.
Third iPhone worm targets jailbroken iPhones
Another week, another worm hitting jailbroken iPhones. As with the previous exploits, which Rickrolled your phone's wallpaper and stole your data, this nasty piece of work burrows its way into your jailbroken device if you haven't changed the password for the iPhone's root account--you have changed your root password, right? Right?
Information security and business strategy Part 1
I've known David Greer for over 25 years and have always enjoyed his intelligence, good humor and creativity. And Stephen Northcutt is so widely published, cited and respected in our field that I had trouble deciding which of his many Web sites to cite. It is a great pleasure to publish Greer's interview of Nortcutt in two parts.
New attack fells Internet Explorer
A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser.
Global warming research exposed after hack
An anonymous hacker has posted private e-mails, files and other documents belonging to a noted climate researcher, sparking an international debate between skeptics of global warming and those who see it as an urgent problem.
Gartner lays out Top 10 strategic technologies
At this week's Gartner Symposium in Sydney, the analyst firm presented its top 10 strategic technologies for 2010.
Google Chrome OS: Everything You Need to Know
Google finally unveiled its Chrome operating system, promising a cloud-based OS that will be fast, simple and secure on netbooks. CIO.com's Shane O'Neill rounds up the latest Chrome OS reviews and news analysis stories.
Two approaches to NFC battle for French hearts and mobiles
Two competing approaches to equipping mobile phones with contactless communications capabilities vied for supporters at the Cartes exhibition in Paris this week. Either approach could turn phones into self-service electronic tour guides, travel tickets or secure payment terminals.
Banks on watch after suspected card breach
An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions.
EU security agency highlights cloud computing risks
Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from one legal jurisdiction to another, according to a assessement of cloud computing risks from the European Network and Information Security Agency (ENISA).
Cisco's free iPhone app grabs security feeds
Cisco has made available a free iPhone app that can be used to receive over a dozen security-related information feeds in customizable form related both to Cisco products and to general security topics, such as newly detected threats.
Three indicted for Comcast hack last year
Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.
Security pro says new SSL attack can hit many sites
A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.
Businesses slow to adapt to changing security environment
Businesses are slow to adapt to the changing security environment, according to a major report.
Track your stolen laptop for free with Prey
If you're not worried about this when you're out in public with your laptop, you should be: What if someone steals your computer -- and its precious data that comprises your digital personal and work life?
Fake Payment Request Attack Ramps Up
A currently underway attack is attempting to trick victims with an e-mail that purports to request a verification for payment to a major company, but instead carries a Trojan.
Most security products flunk test on basic use: ICSA Labs
Almost 80 per cent of security products failed to pass the first test required before certification, according to the latest report released by ICSA Labs.
More vigilance needed as social networking rises: F-Secure
Security solutions firm F-Secure Malaysia says greater vigilance is needed as the use of social networking is gathering pace compared to e-mail.
Microsoft denies it built 'backdoor' in Windows 7
Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced on Wednesday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.
Cyberattacks on U.S. military jump sharply in 2009
Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.
Hackers exploit release of Twilight New Moon film
Hackers are exploiting the web users searching for information about the Twilight New Moon film, due to be released this week, in a bid to spread malware, says PC Tools.
3 Basic Steps to Avoid Joining a Botnet
It's getting more difficult to keep employees stay safe and free from malicious activity online. But Team Cymru's Steve Santorelli presents a combination of techniques that can make their chances of infection much lower.
FAA fixes computer glitch, delays remain
The Federal Aviation Administration says that it has fixed a computer glitch responsible for flight delays across the United States, although it says that possible flight delays may still be in the cards.
Security vendor Fortinet sparkles in IPO
Shares of security vendor Fortinet surged 33 percent Wednesday as the company made its debut on the public markets.
Pentagon expands exclusive deal with McAfee
The U.S. Defense Department is expanding its exclusive arrangement with McAfee, whose security software is at the heart of the military's cybersecurity efforts.
T-Mobile Customers Suffer Data Breach
T-Mobile is again giving its customers -- and prospective customers -- reason to be nervous.
BlackBerry Security Exec Warns of Smartphone DDoS Attacks
BlackBerry and smartphone security in general hasn't garnered much attention or concern over the past few years--at least from a consumer, or user, perspective; enterprises have been invested in mobile device security since the advent of the PDA.
China defense ministry site fends off hackers
The Web site of China's defense ministry was attacked 2.3 million times in its first month online, Chinese state media said Wednesday.
Fake Facebook page steals login details
A fake Facebook page which is designed to steal social networkers login details has been uncovered by PandaLabs.
The Mass. 201 CMR 17 Survival Guide
As companies scramble to meet the requirements of the Bay State's data security law, CSOonline.com offers this collection of articles and podcasts to help IT security practitioners and compliance officers find the best approach.
Two thirds of Brits to shop online for Christmas
Nearly two thirds of Brits (68 percent) are planning on buying at least half of their gifts online this Christmas, says Webroot.
UK police reveal arrests over Zeus banking malware
British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC.
Risk Assessment Framework Helps Bank Secure Apps
With about a million customers, ICICI Bank manages close to Rs 50,000 crore (US$10.8 billion) in assets. A lot of that money is processed by about 550 bank applications that both its customers and about 10,000 of the bank's employees use. However, it was not always clear how open to vulnerabilities these applications were. It was not a state of affairs, the bank wanted to continue. "The bank wanted a high level of assurance for all its applications," says Pravir Vohra, Group CTO, ICICI Bank, "Within 18 months."
How Jindal Poly Films Fought Internet Threats
A part of the Rs 3,000-crore (US$650 million) B.C. Jindal Group, the 25-year-old Jindal Polyfilm is the largest manufacturer of PET film and BOPP films in the country with revenues of Rs 2,000 crore.
Heartland CEO: Encryption on track despite dispute
In a conversation with Computerworld today, Heartland CEO and Chairman Robert Carr blasted VeriFone's lawsuit and its suggestion that Heartland is incapable of supporting VeriFone customers.
How to hack China for just $1,800
Fraudsters may have a hot deal waiting for them in the form of an obscure Chinese domain name that's for sale on the Internet.
Firefox 3.6 locks out rogue add-ons
Mozilla is adding a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said.
Smartphones on Wi-Fi vulnerable to security attack
A new report from a mobile security vendor details how the most popular smartphones, including the iPhone, are very vulnerable to man-in-the-middle attacks, carried out via public Wi-Fi connections.
The six greatest threats to US cybersecurity
It’s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking.
InSecurity Complex
Keeping tabs on flaws, fixes, and the people behind them.
Microsoft warns of IE exploit code in the wild
By Elinor Mills
Company says it is investigating a publicly published exploit code that allegedly could lead to computers running versions 6 or 7 of the browser getting compromised.
Chrome OS security: 'Sandboxing' and auto updates
By Elinor Mills
Google operating system will feature many of the same security features as the Chrome browser, including "sandboxing" of applications, auto updating, and antiphishing.
Fortified rice, fuel cells among Tech Award winners
By Elinor Mills
Al Gore receives humanitarian honor at Tech Museum event that provides prizes to projects in the areas of environment, health, biosciences economic development, equality, and education.
Cisco launches iPhone security app
By Elinor Mills
Cisco Systems' new App Store entry, featuring customized alerts and threat information delivered to the handheld device, targets security professionals.
T-Mobile UK says workers sold customer data
By Elinor Mills
British consumer privacy commissioner says he will prosecute over sale of customer data by T-Mobile UK employees.
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
Recent Air Force Law Review discusses Cyberlaw
Posted by InfoSec News on Nov 22
http://www.maxwell.af.mil/news/story.asp?id=123178704
By Carl Bergquist
Air University Public Affairs
11/20/2009
MAXWELL AIR FORCE BASE, Ala. -- Volume 64 of the Air Force Law Review is
now available in hardcopy and online. Published this year, it is
sub-titled the "Cyberlaw Edition."
Largely the result of a symposium held at the Judge Advocate General
School at Maxwell Air Force Base, the edition addresses many of the
issues...
Three Indicted For Comcast Site Hack
Posted by InfoSec News on Nov 22
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=221900520
By Tim Wilson
DarkReading
Nov 20, 2009
Three alleged hackers this week were indicted for a 2008 attack that
redirected traffic from the Comcast Website to a prank page.
Christopher Allen Lewis, 19, and James Robert Black Jr., 20, are accused
of being the hackers "EBK" and "Defiant," who hijacked the Comcast
domain in May of last year,...
Hackers steal electronic data from top climate research center
Posted by InfoSec News on Nov 22
http://www.washingtonpost.com/wp-dyn/content/article/2009/11/20/AR2009112004093.html
By Juliet Eilperin
Washington Post Staff Writer
November 21, 2009
Hackers broke into the electronic files of one of the world's foremost
climate research centers this week and posted an array of e-mails in
which prominent scientists engaged in a blunt discussion of global
warming research and disparaged climate-change skeptics.
The skeptics have seized upon...
Secunia Weekly Summary - Issue: 2009-47
Posted by InfoSec News on Nov 22
========================================================================
The Secunia Weekly Advisory Summary
2009-11-13 - 2009-11-20
This week: 72 advisories
========================================================================
Table of Contents:
1.....................................................Word From...
China Cyber Espionage Threatens U.S., Report Says
Posted by InfoSec News on Nov 22
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221900505
By Thomas Claburn
InformationWeek
November 20, 2009
China has increased its cyber espionage efforts to acquire U.S. secrets
and technology, a Congressional advisory group warned in a report issued
on Thursday.
Echoing its 2008 and 2007 reports, which labeled China's espionage
efforts "the single greatest risk to the security of American...
FBI looking at UMC records leak
Posted by InfoSec News on Nov 22
http://www.lasvegassun.com/news/2009/nov/21/fbi-looking-umc-records-leak/
By Marshall Allen
The Las Vegas Sun
Nov. 21, 2009
The FBI said Friday it may investigate a breach of patient privacy laws
at University Medical Center, where hospital officials are reeling with
the realization that at least one of their employees has leaked
confidential names, birth dates and Social Security numbers.
UMC officials spent Friday determining how they...
Microsoft denies it built 'backdoor' in Windows 7
Posted by InfoSec News on Nov 20
http://www.computerworld.com/s/article/9141182/Microsoft_denies_it_built_backdoor_in_Windows_7
By Gregg Keizer
Computerworld
November 19, 2009
Microsoft today denied that it has built a backdoor into Windows 7, a
concern that surfaced yesterday after a senior National Security Agency
(NSA) official testified before Congress that the agency had worked on
the operating system.
"Microsoft has not and will not put 'backdoors' into...
Re: FBI Suspects Terrorists Are Exploring Cyber Attacks
Posted by InfoSec News on Nov 20
Forwarded from: Richard Forno <rforno (at) infowarrior.org>
The second paragraph undermines the whole article, as such statements
tend to do in all articles warning of cyber or terrorist attacks, just
as any number of 'stories' citing some new DHS or FBI terror threat that
suddenly hits the airwaves periodically during the year.
This entire article simply says -er, repeats- that "terrorists may
consider cyber attacks."...
Bill Would Ban P2P Use By Federal Employees
Posted by InfoSec News on Nov 20
http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=221900107
By J. Nicholas Hoover
InformationWeek
November 18, 2009
Following a leaked document that disclosed ethics investigations of
members of Congress on a file sharing network, the chairman of the House
Oversight and Government Affairs Committee has introduced a bill that
would ban the use of public peer-to-peer networks by federal employees.
The Secure...
Crypto pioneer and security chief exits Sun
Posted by InfoSec News on Nov 20
http://www.theregister.co.uk/2009/11/19/diffie_leaves_sun/
By Gavin Clarke in San Francisco
The Register
19th November 2009
Crypto pioneer and Sun Microsystems' veteran chief security officer
Whitfield Diffie has left the company, with database-giant Oracle's
acquisition still in the air.
According to Technology Review, Diffie is slated to be a visiting
professor at Royal Holloway, University of London, after 18 years at
Sun, latterly in...
Palin Calls E-Mail Hack 'Most Disruptive' Campaign Event
Posted by InfoSec News on Nov 20
http://www.wired.com/threatlevel/2009/11/palin-hack-2
By Kim Zetter
Threat Level
Wired.com
November 18, 2009
Never mind the disastrous interview with Katie Couric or the blank
stares in response to Charlie Gibson's question about the Bush Doctrine.
Former vice presidential candidate Sarah Palin calls the hacking of her
Yahoo e-mail account "the most disruptive and discouraging" incident in
last year's presidential campaign....
The Perfect Holiday Gift For Any Security Pro: A Bruce Schneier Action Figure
Posted by InfoSec News on Nov 20
http://www.darkreading.com/security/management/showArticle.jhtml?articleID=221900184
By Tim Wilson
DarkReading
Nov 18, 2009
Move over, James Kirk and Luke Skywalker -- there's a new action figure
popping up on top of security professionals' computers -- and this one
is a real guy.
A miniature version of BT Counterpane security guru Bruce Schneier --
complete with beard and ponytail -- is now available from the That's My
Face site.
The...
FC 2010: Call for Posters. Accepted Papers.
Posted by InfoSec News on Nov 20
Forwarded from: Conference Mailer <noreply (at) moon.crypto.cs.stonybrook.edu>
Financial Cryptography and Data Security
Tenerife, Canary Islands, Spain
25-28 January 2010
http://fc10.ifca.ai
Dear Colleagues,
We would like to invite you to submit a poster (deadline extended to
December 3rd) and participate in the 2010 Financial Cryptography and
Data Security Conference, January 25-28, 2010 in Tenerife, Canary
Islands, Spain, a...
NSA helped with Windows 7 development
Posted by InfoSec News on Nov 19
http://www.computerworld.com/s/article/9141105/NSA_helped_with_Windows_7_development?taxonomyId=17
By Gregg Keizer
Computerworld
November 18, 2009
The National Security Agency (NSA) worked with Microsoft on the
development of Windows 7, an agency official acknowledged yesterday
during testimony before Congress.
"Working in partnership with Microsoft and elements of the Department of
Defense, NSA leveraged our unique expertise and...
PS3s used to capture child pornographers
Posted by InfoSec News on Nov 19
http://www.gamespot.com/news/6240562.html
By Tom Magrino
GameSpot
Nov 17, 2009
The PlayStation 3 has been used for a variety of altruistic tasks
following its launch in 2006. Perhaps the most high-profile of these
ventures is the Folding () home project, which uses spare processing power
from idling, networked PS3s to undertake the arduous task of simulating
protein folding in order to study the causes of various diseases.
The latest...
FBI Suspects Terrorists Are Exploring Cyber Attacks
Posted by InfoSec News on Nov 19
http://online.wsj.com/article/SB125850773065753011.html
By Siobhan Gorman
Wall Street Journal
November 19, 2009
The Federal Bureau of Investigation is looking at people with suspected
links to al Qaeda who have shown an interest in mounting an attack on
computer systems that control critical U.S. infrastructure, a senior
official told Congress Tuesday.
While there is no evidence that terrorist groups have developed
sophisticated...
Hackers descend upon defense website
Posted by InfoSec News on Nov 19
http://english.people.com.cn/90001/90782/90872/6817348.html
People's Daily Online
November 19, 2009
Hackers are trying to penetrate the website of China's Ministry of
National Defense and have made more than 2 million attacks on it within
one month since the site's launch three months ago, People's Daily
reported Wednesday.
The efforts are seen as a sign of the increasing vulnerability facing
China's official websites.
"Since the...
In-Q-Tel Invests In Cybersecurity Company
Posted by InfoSec News on Nov 19
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221900133
By J. Nicholas Hoover
InformationWeek
November 18, 2009
The independent venture arm of the U.S. intelligence community,
In-Q-Tel, has invested in cybersecurity company FireEye, the company
announced Wednesday.
In-Q-Tel and FireEye didn't disclose terms of the agreement, or which
intelligence agencies are particularly interested in the technology....
Hospitals tighten security on patient data
Posted by InfoSec News on Nov 19
http://fcw.com/articles/2009/11/18/hospitals-beefing-up-cybersecurity-to-comply-with-hitech-survey-says.aspx
By Alice Lipowicz
FCW.com
Nov 18, 2009
More than half of the nation's hospitals and health care providers
surveyed intend to buy more cybersecurity tools to safeguard against
breaches of electronic medical records as a result of requirements in
the economic stimulus law, according to a new survey of 186 health care
providers and...
Pentagon expands exclusive deal with McAfee
Posted by InfoSec News on Nov 19
http://www.networkworld.com/news/2009/111809-pentagon-mcafee.html
By Carolyn Duffy Marsan
Network World
11/18/2009
The U.S. Defense Department is expanding its exclusive arrangement with
McAfee, whose security software is at the heart of the military's
cybersecurity efforts.
McAfee was selected three years ago for the Department of Defense's Host
Based Security System (HBSS), which provides standard intrusion
prevention and firewall...
Penetration Testing Grows Up
Posted by InfoSec News on Nov 19
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221900215
By Kelly Jackson Higgins
DarkReading
Nov 18, 2009
Penetration testing, once considered a risky practice for the enterprise
and even a tool for evil hacking purposes, is becoming more of an
accepted mainstream process in the enterprise mainly due to compliance
requirements and more automated, user-friendly tools -- and most
recently, the imminent...
Microsoft Settles Employee Spying Case
Posted by InfoSec News on Nov 17
http://www.pcworld.com/article/182372/microsoft_settles_employee_spying_case.html
[See also: http://www.infosecnews.org/hypermail/0902/15870.html - WK]
By Nancy Gohring
IDG News Service
Nov 17, 2009
Microsoft has settled a lawsuit with a former employee that it once
charged with fraud, misappropriation of trade secrets and breach of
contract.
Neither party has admitted to any wrongdoing and they will not reveal
the details of the...
3 basic steps can thwart most cyberattacks, NSA security official says
Posted by InfoSec News on Nov 17
http://gcn.com/articles/2009/11/17/nsa-3-steps--better-cybersecurity.aspx
By Ben Bain
GCN.com
Nov 17, 2009
Computer systems with proper security and network controls should be
able to withstand about 80 percent of known cyberattacks, according to a
senior National Security Agency official.
There are common steps that people could take to bolster computer
security and make it more difficult for would-be-hackers to gain access,
Richard...
How to hack China for just $1,800
Posted by InfoSec News on Nov 17
http://www.computerworld.com/s/article/9141060/How_to_hack_China_for_just_1_800?taxonomyId=17
By Robert McMillan and Owen Fletcher
IDG News Service
November 17, 2009
Fraudsters may have a hot deal waiting for them in the form of an
obscure Chinese domain name that's for sale on the Internet.
The wpad.cn domain is for sale, according to a note posted on the Web
site. That fact probably doesn't mean much to most people, but to Duane
Wessels...
T-Mobile says workers sold customer data
Posted by InfoSec News on Nov 17
http://news.cnet.com/8301-27080_3-10400213-245.html
By Elinor Mills
InSecurity Complex
CNet News
November 17, 2009
T-Mobile workers sold personal data on thousands of customers to third
parties who then called the individuals as their wireless contracts were
due to expire, a T-Mobile spokesman has confirmed.
T-Mobile notified England's Information Commission, the watchdog agency
responsible for safeguarding consumer privacy, and said the...
Firms spend only up to 20% of their budget on IT security
Posted by InfoSec News on Nov 17
http://www.business24-7.ae/Articles/2009/11/Pages/17112009/11172009_7960702f439e404c872525721c2a4383.aspx
By Nancy Sudheer
Business 24-7
November 17, 2009
Security accounts for only 10 to 20 per cent of overall IT budgets
within UAE enterprises - well below global standards.
There is awareness, say experts, but security is still often viewed with
a closed mind.
IT security is not just about protecting the perimeter but has evolved
as Web...
Personal info jeopardized after Workers' Comp Court computer hacked
Posted by InfoSec News on Nov 17
---------- Forwarded message ----------
Date: Wed, 18 Nov 2009 00:02:12 -0600 (CST)
From: InfoSec News <alerts () infosecnews org>
To: submissions () infosecnews org
Subject: Personal info jeopardized after Workers' Comp Court computer hacked
http://journalstar.com/news/local/crime-and-courts/article_b9a02f46-d3a9-11de-85e5-001cc4c002e0.html
By Catharine Huddle
Lincoln Journal Star
November 17, 2009
The Nebraska State Patrol and FBI are...
Hackers broke into the site, says ONS
Posted by InfoSec News on Nov 17
http://g1.globo.com/Noticias/Tecnologia/0,,MUL1380926-6174,00-HACKERS+INVADIRAM+SITE+DIZ+ONS.html
[Google Translation - WK]
By Juliana and Carpanez Altieres Rohr
Do G1, in Sao Paulo
16/11/09
The National System Operator (ONS) has confirmed on the afternoon of
Monday (16) that its corporate network has hacked late on Thursday - the
gap was corrected the same day. It said there is no evidence of invasion
to the network's operational site....
Federal Computer Week: Security News
IT security for medical devices a problem, officials say
Medical devices on the VA's networks make it difficult to ensure data security, two senior officials told a federal health IT panel.
DHS proposes permanent status for biometrics-based traveler program
The Homeland Security Department wants to expand a program that uses biometrics to verify identity and speed processing times for airline passengers.
SSA should keep a close eye on computer access, IG says
The Social Security Administration is generally following FISMA guidelines, but needs to do more close monitoring of computer access controls, SSA's inspector general finds.
Industry would get hit in cyber war, report says
Privately owned critical infrastructure likely to be targeted in a cyber war between nations, a report says.
Army chief of staff outlines global security challenges
Army Chief of Staff Gen. George Casey outlines four key areas must be addressed for global security.
Feds falling behind in the race against cyber threats, GAO says
Despite increased cooperation among agencies that protect the government's information infrastructure, persistent vulnerabilities and lack of comprehensive security programs leave government IT systems vulnerable to attack.
eWeek Security Watch
New Facebook Worm Spreads
In Web 2.0
Researchers at AVG Technologies reported a new worm making the rounds on Facebook.
Fallen Beauty: Attackers Feast on Prejean Scandal
In multimedia
You likely could have predicted that when a sex tape of a former beauty queen surfaced, related cyber-attacks would not be far behind.
RSA Reveals Inner Workings of Reshipping Scheme
In Social engineering
RSA took a look inside the other end of a cyber-crime operation - the mules shipping merchandise overseas after attackers have purchased it with stolen credit card information.
Researchers: Online Threats Demand New Security Model
In Trojan attacks
Traditional defenses aren't adding up when it comes to stopping Web-based threats, but cloud-based services may help, researchers contend.
Sizing Botnets No Exact Science
In Virus and Spyware
After cutting off the notorious Mega-D botnet, researcher with FireEye are attempting to find out just how massive the zombie network might have been.
Unified Creeps: Cyber-crime to Rage on in '10
In Virus and Spyware
Year-ahead security landscape predictions are not immune to the theory of unified cultural creep. But, on the flip side, they're already here.
Attackers Abuse Google to Push Rogueware
In SEO
Security researchers at Cyveillance uncovered a massive attack abusing Google search results to direct users to sites hosting rogue antivirus software.
DarkReading - Security News
DarkReading
Affiliate Marketing Sales Contests for the Holidays from Experience Advertising
Cloud AntiVirus Company Immunet Secures $2 Million in Funding Led by Altos Ventures
Magellans.com Signs Three Year Agreement With Warp 9
Universal Music Group (UMG) Partners With Guvera Limited for 2010 Launch of Guvera.com
New Software Innovation From New Momentum Makes It Easy to Identify the Top Counterfeit and Gray Market Violators
SingleHop Named 'Most Reliable Web Hosting Company' for October 2009 by Leading Web Hosting Analyst Netcraft
Picis ED PulseCheck Increases Security and Privacy Protection in Nearly 150 Hospitals Through the Use of DigitalPersona Biometrics
DarkReading - All Stories
DarkReading
Employees Willing To Steal Data; Companies On The Alert
Two separate studies indicate a loss of trust, loyalty between employees, management, potentially leading to data theft
Encryption Making Little Headway Among IT Pros: Survey
Only 14% of respondents to InformationWeek Analytics' State of Encryption Survey say encryption is pervasive in their organizations
Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
Software giant reveals November stats from Malicious Software Removal Tool
Former Database Administrator Convicted Of Hacking His Old Firm
Ex-employee of GEXA Energy attacked his old database months after being terminated, court says
Tech Insight: 3 Factors To Assess Before Doing Your Own Penetration Testing
What you need to know about bringing penetration testing in-house
Product Watch: BitArmor Launches Cloud-Based Encryption Managed Service For USBs, Email, Disks
DataControl 4.0 service offers military-grade encryption for midsize companies
Proposed Law Seeks To Ban P2P Networks By Federal Workers
The Secure Federal File Sharing Act calls for an agency head or CIO would have to make a special request to use P2P software
Cryptographic Voting System Runs First Election
Scantegrity II is an open-source election verification technology that uses privacy-preserving confirmation numbers to ensure each vote is counted
ENISA Offers Security Recommendations For Cloud Services
New ENISA report outlines security benefits and risks of cloud services, offers guidelines for choosing providers
Product Watch: Ksplice Wins Global Cybersecurity Challenge
Startup wins award for software that delivers security updates without a reboot
In-Q-Tel Joins Forces With FireEye To Fight Cyberthreats
FireEye sells an out-of-band security appliance that monitors all inbound network traffic
New IBM Database Flaw Could Affect Several Other Vendors' Products
Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView
Firefox 3.6 Beta 3 Debuts
Mozilla made structural change that aims to improve the browser's stability
Penetration Testing Grows Up
Metasploit's expected entry into the commercial penetration testing market is the latest step toward making pen-testing more mainstream
T-Mobile: Employee Data Theft Leads To U.K.'s Largest Data Breach
T-Mobile employee sold millions of customer records to data brokers, reports say
Product Watch: Fortinet Issues An IPO
Security appliance, UTM vendor goes public
McAfee Releases Cybercrime Report
Fifth Annual Virtual Criminology report covers a variety of longstanding cybersecurity problems
Survey: Patient Data At Risk From Healthcare Partners
About a third of healthcare business associates are not aware they needed to comply with HIPAA's security and privacy provisions
VeriSign Chosen To Protect The Windows Azure Platform
Microsoft will use VeriSign Secure Sockets Layer Certificates, VeriSign Code Signing Certificates to safeguard cloud-based services and applications
Startup Promises 'Disruptive,' Hardware-Based Endpoint Security Solution
New endpoint security hardware promises to insulate computers from Internet threats
Product Watch: Microsoft Unveils Windows Identity Foundation
New .NET tool, Azure cloud computing platform announced today
Senate Hears Testimony From Federal Cybersecurity Pros
National Cyber Incident Response plan should be ready by December or January
New Metasploit Version Released
Version 3.3 is faster, and includes support for Windows 7
Big-Name Vendors Team On Disaster Preparedness, Recovery
IT can play a major role in boosting the effectiveness of response efforts, say alliance sponsors that include Microsoft, Google, Yahoo
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
First Malicious iPhone Worm In The Wild
By Darknet on malicious iphone worm
It’s a little less than 2 weeks since the Jailbroken iPhone Users Got Rickrolled and as I thought a similar worm has been seen in the wild – but this time with malicious intent. As the rickrolling incident showed, even the more savvy users that jailbreak their phones neglect to change the default SSH password meaning [...]
Read the full post at darknet.org.uk
Microsoft Confirms First Windows 7 0-Day Vulnerability
By Darknet on windows-security
So a pretty serious remote vulnerability has been discovered in Windows 7, as usual Microsoft is downplaying the problem asking you to block the ports on your firewall rather than fixing the issue. I’d imagine the problem would only really be a big issue inside networks as who exposes SMB ports to the outside world anyway [...]
Read the full post at darknet.org.uk
CounterMeasures - A Security Blog
Rik Ferguson blogs about current security issues.
Symantec hacked? Full disk and database access?
By Rik Ferguson on web
Back in February of this year, the Romanian hacker Unu found a SQL injection vulnerability in a Kaspersky tech support portal server based in the USA. That vulnerability when exploited allowed full access to all the database tables, exposing things such as usernames and activation codes. Well, Unu strikes again and this time Symantec is the [...]
Europe’s heartland in large-scale credit card theft
By Rik Ferguson on data loss
Initial reports of a possible large scale breach of credit card data from a payment processing company in Spain are sketchy at best and the lack of information is not helping to allay the concerns of credit card customers across Europe. In a statement released today, the Zentraler Kreditausschuss (Central Credit Committee) explained that German banks [...]
CNET News - Security
Microsoft warns of IE exploit code in the wild
By Elinor Mills
Company says it is investigating a publicly published exploit code that allegedly could lead to computers running versions 6 or 7 of the browser getting compromised.
Originally posted at InSecurity Complex
Chrome OS security: 'Sandboxing' and auto updates
By Elinor Mills
Google operating system will feature many of the same security features as the Chrome browser, including "sandboxing" of applications, auto updating, and antiphishing.
Originally posted at InSecurity Complex
E-tailers snagged in marketing 'scam' blame customers
By Greg Sandoval
Priceline, Classmates.com, and Orbitz say customers should read the fine print before complaining about being charged recurring monthly fees to join loyalty programs they didn't want.
McAfee warns about '12 Scams of Christmas'
By Larry Magid
Shoppers and retailers aren't the only ones gearing up for the holidays. Criminals are out in full force with plenty of scams to separate you and your money.
Originally posted at Safe and Secure
Cisco launches iPhone security app
By Elinor Mills
Cisco Systems' new App Store entry, featuring customized alerts and threat information delivered to the handheld device, targets security professionals.
Originally posted at InSecurity Complex
Town to photograph every car that enters and leaves
By Chris Matyszczyk
The California town of Tiburon votes to set up permanent cameras to record the license plate of every car on its roads. Is this one more step toward a surveillance state?
Originally posted at Technically Incorrect
New Firefox 3.6 beta aims to cut crashes
By Stephen Shankland
The third beta imposes a new restriction on how third-party software can interact with it. And a feature called Resource Package could speed up Firefox 3.7.
Originally posted at Deep Tech
Facebook adopts new privacy policy
By Steven Musil
The social-networking site hopes that policy revision will make the policy more accessible and easier to understand.
Originally posted at News - Digital Media
CGISecurity - Website and Application Security News
All things related to website, database, SDL, and application security since 2000.
Symantec SQL Injected, Seeks Counseling
By Robert A. on IndustryNews
"The Romanian hacker who successfully broke into a web site owned by security vendor Kaspersky Lab has struck again, this time exposing shortcomings in a Symantec web server. The hacker, known only as Unu, said in a blog post today that he was able to access a server belonging to the security...
Firefox 3.6 locks out rogue add-ons
By Robert A. on IndustryNews
From computerworld "Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking add-ons into the program, the company said. The new feature, which Mozilla dubbed "component directory lockdown," will bar access to Firefox's "components" directory, where most of the browser's own code is stored. The company...
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
Metasploit 3.3 Released! Exploitation Framework
By Darknet on vulnerabilities
What is Metasploit? The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework...
Read the full post at darknet.org.uk
No comments:
Post a Comment