Zero Day
Tracking the hackers
FBI: Scareware distributors stole $150M
By Dancho Danchev on Web 2.0
According to an intelligence note posted by the Internet Crime Complaint Center (IC3), the FBI is aware of an estimated scareware loss to victims in excess of $150 million.
Mozilla patches critical, high-risk Firefox vulnerabilities
By Ryan Naraine on Vulnerability research
The most serious issue could lead to remote code execution attacks. In other scenarios, the bugs could cause denial-of-service or URL spoofing attacks.
Report: Google's reCAPTCHA flawed
By Dancho Danchev on Web 2.0
New report claims 17.5 percent recognition rate of Google's reCAPTCHA, arguing that a small botnet can register 864,000 new accounts per day. Is machine-learning the real threat?
Adobe confirms PDF zero-day attacks. Disable JavaScript now
By Ryan Naraine on Zero-day attacks
According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.
Yahoo! News: Security News
Security News
Google's Nexus One Specs Leaked (PC World)
In technology
PC World - Even if Google employees have kept mum about Nexus One specifics, ROM hackers have been able to dig deep into the phone's system files to reveal the list of hardware we can expect from the Nexus One.
Rogue Antivirus Lurks Behind Google Doodle Searches (PC World)
In technology
PC World - In Esperanto the word is "malica." It means malicious and it's the best way of describing many of the search results Google visitors got Tuesday when the clicked on Google's front-page Doodle sketch, dedicated to Esperanto's creator.
Adobe Warns of Reader, Acrobat Attack in the Wild (PC World)
In technology
PC World - Adobe is investigating new reports that hackers are attacking a previously unknown bug in the latest version of the company's Reader and Acrobat software.
U.S. Reported Ready To Join U.N. Cyberattack Talks (NewsFactor)
In business
NewsFactor - The Obama administration has decided to join United Nations talks on cyberwar and Internet crime. After several years of staying out of talks between the U.N. and other countries, the U.S. will participate in discussions with Russia and the U.N.'s Arms Control Committee, sources told The New York Times.
US, Russia talks on cyberspace security: report (AFP)
In technology
AFP - The United States has begun talks with Russia and a UN arms control committee about strengthening Internet security and limiting military use of cyberspace, The New York Times reported.
Facebook and Google: Contrasts in Privacy (PC World)
In technology
PC World - The headlines recently have been dominated with news of online privacy. Facebook has implemented changes that affect the privacy of status updates, and Google made headlines for its apparent disregard for privacy.
FBI: Rogue Antivirus Scammers Have Made $150M (PC World)
In technology
PC World - They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than US$150 million for scammers. Security experts call them rogue antivirus programs.
Google's Schmidt Roasted for Privacy Comments (PC World)
In technology
PC World - An Internet privacy watchdog has blasted Google chief executive Eric Schmidt for his comments on Internet privacy, saying his remarks suggest Google misunderstands basic lessons about why privacy is important.
Peregrine cuts 2Q loss nearly in half on revenue (AP)
In business
AP - Peregrine Pharmaceuticals Inc. said Thursday it cut its 2010 fiscal second-quarter loss nearly in half as revenue from manufacturing services and government payments for the antivirus drug candidate bavituximab increased sharply.
Facebook rolls out new privacy tool (AFP)
In technology
AFP - Facebook began calling on users to get a better grip on their online privacy by dictating who sees what in profiles at the world's leading social networking service.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
The Anatomy of a Nul Attack
By (Chris Sanders)
Taking a look at the anatomy of a null session attack, how it works and how to prevent it from happening to you.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Keeping FreeBSD Up-to-Date in BSD Magazine
By Richard Bejtlich
Keep your eyes open for the latest printed BSD Magazine, with my article Keeping FreeBSD Up-To-Date: OS Essentials. This article is something like 18 pages long, because at the last minute the publishers had several authors withdraw articles. The publishers decided to print the extended version of my article, so it's far longer than I expected! We're currently edited the companion piece on keeping FreeBSD applications up-to-date. I expect to also submit an article on running Sguil on FreeBSD 8.0 when I get a chance to test the latest version in my lab.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Thanks for a Great Incident Detection Summit
By Richard Bejtlich
We had a great SANS WhatWorks in Incident Detection Summit 2009 this week! About 100 people attended. I'd like to thank those who joined the event as attendees; those who participated as keynotes (great work Ron Gula and Tony Sager), guest moderators (Rocky DeStefano, Mike Cloppert, and Stephen Windsor), speakers, and panelists; Debbie Grewe and Carol Calhoun from SANS for their excellent logistics and planning, along with our facilitators, sound crew, and staff; our sponsors, Allen Corp., McAfee, NetWitness, and Splunk; and also Alan Paller for creating the two-day "WhatWorks" format.
I appreciate the feedback from everyone who spoke to me. It sounds like the mix of speakers and panels was a hit. I borrowed this format from Rob Lee and his Incident Repsonse and Computer Forensics summits, so I am glad people liked it. I think the sweet spot for the number of panelists might be 4 or 5, depending on the topic. If it's more theoretical, with a greater chance of audience questions, a smaller number is better. If it's more of a "share what you know," like the tools and techniques panel, then a bigger number is ok. 
Probably the best news from the Summit was the fact that SANS already scheduled the second edition -- the SANS WhatWorks in Incident Detection Summit 2010, 8-9 December 2010 in DC. I still need to talk to SANS about how it will work. They've asked me to combine log management with incident detection. I think that is interesting, since I included content on logs in this year's incident detection event. I'd like to preserve the single-track nature of the Summit, but it might be useful to have a few break-outs for people who want to concentrate on a single technology or technique.
I appreciate the blog coverage from Tyler Hudak and Matt Olney so far. Please let me know what you thought of the last event, and if you have any requests for the next one.
Before December 2010, however, I'm looking forward to the SANS What Works in Forensics and Incident Response Summit 2010, 8-9 July 2010, also in DC.
The very next training event for me is my TCP/IP Weapons School 2.0 at Black Hat in DC, 31 Jan - 1 Feb. Regular registration ends 15 January, so sign up while there are still seats left! This class tends to sell out due to the number of defense industry participants in the National Capitol Region.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
News: Conficker data highlights infected networks
Conficker data highlights infected networks
Brief: Limited attacks target Adobe Acrobat
Limited attacks target Adobe Acrobat
Brief: SQL attacks take off in last year
SQL attacks take off in last year
Brief: Zeus botnet finds hold in Amazon cloud
Zeus botnet finds hold in Amazon cloud
Brief: VirusZoo aims for safe infections
VirusZoo aims for safe infections
Brief: Microsoft, Adobe patch major flaws
Microsoft, Adobe patch major flaws
News: Scammers scrape RAM for bank card data
Scammers scrape RAM for bank card data
Security Fix
Brian Krebs on computer and Internet security
Group IDs hotbeds of Conficker worm outbreaks
In From the Bunker
Internet service providers in Russia and Ukraine are home to some of the highest concentrations of customers whose machines are infected with the Conficker worm, new data suggests. The report comes from the Shadowserver Foundation, a nonprofit that tracks global botnet infections. Shadowserver tracks networks and nations most impacted by Conficker, a computer worm that has infected more than 7 million Microsoft Windows PCs since it first surfaced last November. "Conficker has managed to infect, and maintain infections on more systems than any other malicious vector that has been seen before now," Shadowserver stated on its Web site. Shadowserver's numbers indicate that the largest numbers of Conficker-infested PCs are in the East, more specifically China, India and Vietnam. For example, Chinanet, among the nation's largest ISPs, has about 92 million routable Internet addresses, and roughly 950,000 -- or about 1 percent of those addresses -- appear to be sickened with
Hackers target unpatched Adobe Reader, Acrobat flaw
In Latest Warnings
Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers. The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said the flaw is present in the most recent versions of Adobe Acrobat and Reader. Adair warned that security experts have observed cyber crooks using the vulnerability in targeted attacks since at least Dec. 11, but that more widespread attacks are likely to emerge over the next few weeks. In addition, few anti-virus vendors currently detect malicious PDF files harboring this exploit. At the moment, there is no patch available for this flaw, and Adobe's brief advisory offers little in the way of mitigation advice. However, Internet
Check your Facebook 'privacy' settings now
In Safety Tips
If you use Facebook and care about your privacy, take a moment to read this blog entry. Facebook has made some major changes that may allow a great deal more people to see your personal photos and videos, date of birth, family relationships, and other sensitive information. While logged in to Facebook, click the "Settings" link and you should see a box that looks like the one pictured below. You may see that Facebook has reset your privacy settings, so that the everyone can now see the information on your "About Me" page, as well as your "Family and Relationships" data; "Work and Education"; and most importantly "Posts I Create," which includes status updates, links, photos, videos and notes. Below is a screen shot of what my privacy settings looked like when I recently logged in. By default, the new privacy settings instituted across the Facebook network also expose your
Paper-based data breaches on the rise
In Latest Warnings
More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents. Experts say those incidents came to light in large part due to a proliferation of state data breach notification laws, yet current federal proposals to preempt those state measures would allow paper-based breaches to go unreported. According to the Identity Theft Resource Center, a San Diego based nonprofit, at least 27 percent of the data breaches disclosed publicly in 2009 stemmed from collections of sensitive consumer information printed on paper that were lost, stolen, inadvertently distributed or improperly disposed of. Some 45 states and the District of Columbia have enacted laws requiring companies that lose control over sensitive consumer data such as Social Security or bank account numbers to alert affected consumers, and in some cases state authorities. Concerned about the mounting costs of complying
Security - RSS Feeds
Security - RSS Feeds
China Domain Name Registration Changes Could Reduce Malicious Sites, Researchers Say
China has changed its domain name registration process as part of what its government says is a crackdown on Internet porn. Security researchers believe the changes could help limit the number of malicious sites using the .cn top-level domain.
- When McAfee published its list of the most dangerous Web domains, China s .cn domain was among the lists familiar faces. However, some security researchers say that may change as a side effect of China tightening its control over the Internet. Chinese authorities recently changed t...
Australia Releases Report on Web Filter Test as Plans Proceed
Australian authorities released a report detailing a test of their plans to require Internet service providers to filter out content deemed objectionable. Australia is expected to make amendments to the Broadcasting Services Act next autumn.
- A report testing Australias controversial Web filtering plan is done, paving the way for the country to join the list of nations with mandatory Web filtering. Stephen Conroy, who is Australia's minister for Broadband, Communications and the Digital Economy, released the report (PDF) Dec. 1...
REVIEW: Sophos Endpoint Security and Data Protection 9 Suite Is Full-Featured, Well-Managed
Sophos Endpoint Security and Data Protection 9 is a solid contender in the enterprise endpoint security market. Deployment and management are strong points in this version of the suite, with a streamlined and straightforward management GUI.
- More and more corporate endpoint devices need to be protected against an increasing number of threats. Many of the suites designed to offer protection began life simply as antivirus or firewall applications. New functionality--such as application, data and device control--has been added to addre...
LABS GALLERY: Sophos Endpoint Security and Data Protection 9 Is Easy to Configure, Manage
Security solutions have had to bulk up to meet increasing threats against endpoints. Some have done it efficiently, while others have turned into a hodgepodge of services. Sophos Endpoint Security and Data Protection 9 is squarely in the former category, providing a sleek and easy-to-manage system for protecting enterprise endpoints.
New Adobe Reader, Acrobat Vulnerability Under Attack
Adobe Systems is dealing with a new security vulnerability affecting the latest versions of Adobe Reader and Acrobat as the company continues work on a fix for another zero-day bug exposed earlier this month.
- Attackers are exploiting a new vulnerability affecting Adobe Systems Reader and Acrobat software in what are reportedly targeted attacks. According to Adobes Product Security Incident Response Team blog, the vulnerability impacts Adobe Reader and Acrobat 9.2, and is being exploited in the wi...
2-Factor Authentication Falling Short for Security, Gartner Says
In a new report, Gartner points out where strong two-factor authentication is falling short when it comes to preventing fraud and online attacks. According to the firm, businesses need to makes some changes.
- Strong two-factor authentication is falling short, and businesses need to take notice, according to a report from Gartner. In a new report, quot;Where Strong Authentication Fails and What You Can Do About It, quot; Gartner analyst Avivah Litan contends that Trojan-based, man-in-the-browser att...
Seven Facebook Privacy Facts to Remember
With much fanfare, Facebook recently announced a new series of controls and features aimed at improving privacy. The move garnered its share of criticism as users dealt with what Facebook had - and hadn't - done. Here are seven things to keep in mind about your privacy on Facebook as you navigate the social networking site.
- When Facebook updated its privacy settings a few days ago, the changes drew a mix of acclaim and criticism. One thing, however, was made clear securing social networks means taking a serious approach to privacy. According to Facebook, that starts with an understanding of what privacy settings ...
Facebook Defends Privacy Changes
Though some users have reacted harshly to Facebook's new privacy and security changes, Facebook says the changes will help keep users secure and make them more knowledgeable about how they share information.
- Facebook is defending changes to its privacy and security controls despite criticisms from some users. On Dec. 9, Facebook announced it was implementing a number of privacy-related changes, including the ability to control who sees what piece of content on a user's page, a Transition Tool an...
Five TSA Employees Put on Leave After Security Manual Found Online
Five Transportation Security Administration employees have been placed on leave as the government continues its review of how a document on airport security procedures made its way online.
- The Transportation Security Administration confirmed Dec. 9 that five employees quot;have been placed on administrative leave quot; while an investigation into the posting of a security operations manual continues. More than 90 pages long, the document contained information on airport pass...
Security
Symantec has released its December 2009 State of Spam
In symantec
Symantec has released its December 2009 State of Spam report. Spam volumes averaged at 87.4 percent of all e-mail messages in 2009 and have increased on average by 15 percent since 2007, according to the security company.
Protect yourself from COFEE with some DECAF
By emil.protalinski@arstechnica.com (Emil Protalinski) on decaf
In response to Microsoft's Computer Online Forensic Evidence Extractor (COFEE), which helps law enforcement officials grab data from password-protected or encrypted sources, two developers have created "Detect and Eliminate Computer Assisted Forensics" (DECAF), a counter intelligence tool designed to thwart the Microsoft forensic toolkit. DECAF monitors the computer it's running on for any signs that COFEE is operating on the machine and does everything it can to stop it.
More specifically, the program deletes COFEE's temporary files, kills its processes, erases all COFEE logs, disables USB drives, and even contaminates or spoofs a variety of MAC addresses to muddy forensic tracks. It can be told to disable almost every piece of hardware on a machine and delete pre-defined files in the background. The 181KB DECAF program even has a 'Spill the cofee' mode in which it simulates COFEE's presence to give the user an opportunity to test his or her configuration before actually using it. Source code for DECAF has not been made available, since the authors fear it will be reverse engineered, making it unclear what else the tool might be doing and whether or not it is completely safe to use.
DECAF's developers say future versions of the program will allow computer owners to remotely lock down their machine via text message and e-mail once they detect that it has fallen into law enforcement hands and even send out notifications to other parties in the case of an emergency. The plan is to make DECAF's next release more light-weight, possibly having it run in the form of a Windows service.
COFEE, a suite of 150 bundled off-the-shelf forensic tools that run from a script, was created by Microsoft to help law enforcement officials gather volatile evidence that would otherwise be lost in traditional, offline forensic analysis. Officers can run the script in the field from a USB stick, before the computer is brought back to the lab, letting them grab data from password-protected or encrypted sources. The forensics tool works best with Windows XP, but Microsoft is working on a new version of COFEE for next year that fully supports Windows Vista and Windows 7.
Microsoft first revealed the 15MB tool back in April 2008, and in April 2009, the company announced that it will aid global law enforcement in fighting cybercrime by providing COFEE free of charge to 187 countries, distributing it through Interpol. Microsoft managed to keep the existence of it quiet until November 2009, when pirates decided it was time to leak the tool so that people other than just government crime-fighters could use it. Weeks later, Microsoft started issuing takedown notices to multiple websites that hosted the tool. It's unclear whether Microsoft will react to the fact that there's now software that aims to render COFEE useless.
Instead of patching, Microsoft limits video codec in Windows
By emil.protalinski@arstechnica.com (Emil Protalinski) on windowsxp
On this month's Patch Tuesday, Microsoft issued a Security Advisory in which it detailed the steps it was taking to fix vulnerabilities in the Indeo codec, which compresses and decompresses video data, found in supported editions of Windows 2000, Windows XP, and Windows Server 2003. The newly discovered vulnerability in the 17-year-old video codec (Intel introduced it in 1992) could allow remote code execution when opening specially crafted media content. Thus, Microsoft released a fix which blocks the codec from being launched in Internet Explorer or Windows Media Player, and also removes the ability for it to be loaded when browsing the Internet with any other application. The update is being offered to older operating systems automatically via Windows Update.
This is a very unusual solution, which Microsoft justifies in the name of security. Deprecating vulnerable code is "a rare occurrence, as it is usually challenging to remove functionally from products that customers are currently using without affecting existing applications," a Microsoft spokesperson confirmed with Ars. "In this case, we created defense-in-depth changes that reduce the attack surface and removed the functionality of this codec rather than addressing individual vulnerabilities because it provided more comprehensive protection for an older, less used codec."
The security advisory further explains how the update removes the most common remote attack vectors. The fix only allows applications to use the Indeo codec when the media content is from the local system or from the intranet zone, meaning games or other applications that leverage the codec locally can still function correctly. At the same time, Internet Explorer, Windows Media Player, or any other program that accesses the Internet cannot launch anything that uses the codec. Microsoft had to make sure that the codec would not be missed when visiting legitimate websites, and could still be used in corporate applications.
The advisory also notes that the update was not issued for 32-bit and 64-bit editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 since these operating systems already bar the codec from loading. What's really curious here is that it took Redmond this long to update older operating systems to the same level of security by blocking these known attack vectors to protect users from being duped into visiting a malicious site. To completely remove all attack vectors, Microsoft explains that the codec can be deregistered completely, if the user wishes to do so.
Symantec has confirmed a possibly in-the-wild zero-day
In symantec
Symantec has confirmed a possibly in-the-wild zero-day vulnerability in Adobe Acrobat and Reader. The malicious PDF file is distributed in the form of an e-mail attachment which drops and executes when opened on a fully patched system with either of the Adobe applications installed.
Rating the best anti-malware solutions
By emil.protalinski@arstechnica.com (Emil Protalinski) on malware
Following its November 2009 retrospective/proactive report, AV-Comparatives has released its December 2009 Potentially Unwanted Applications (PUA) comparative. PUA refers to adware, spyware, rogue, and other fraudulent software circulating on the Internet that are not typical malware (classification in the last category is sometimes not an easy task; under some circumstances, PUAs are accepted in some countries, depending on the cultural background or the legal system, and hence the term "potentially unwanted"). AV-Comparatives typically do not include PUAs in their malware test sets, but since users may want to know how well their antivirus program detects potentially unwanted software, a separate test was created.
If you use social network application site RockYou, you
In @etc
If you use social network application site RockYou, you may want to change your passwords. The site's user database was compromised by a hacker. What's worse is that all of the passwords were stored in a plain-text database. Not good.
Kaspersky Lab's Threatpost has a cool Q&A with Gene S
In security
Kaspersky Lab's Threatpost has a cool Q&A with Gene Spafford from Purdue's CERIAS center. In it, Spaf discusses federal funding for security-related projects, Obama's stance on cyber security, and more. We think it's worth a read, as Spafford is such a well-respected name in the field.
Germany pays to clean malware from Windows PCs
By emil.protalinski@arstechnica.com (Emil Protalinski) on windows
The German government is planning to establish a malware cleanup helpline for its citizens. Announced last week at the fourth German IT summit in Stuttgart, the project is due to start in 2010. Internet Service Providers (ISPs) will team up with the German Federal Office for Information Security (BSI) as well as eco (Association of the German Internet Industry) to clean consumer systems from botnet infestation. ISPs will track down infected machines by looking for communication with botnet controllers, and then direct users towards a website offering advice on how to remove it. If suggestions on the website don't get the job done (or the site is blocked by the malware), users will be directed to a call center. No funding details were provided (the exact sum contributed by the German government is not being disclosed), though about 40 employees will be taking phone calls and trying to fix problems.
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
DubSite CMS Cross Site Request Forgery Vulnerability
An attacker is able to change the password of the administrative user thus having complete control over the site. The risk is estimated as HIGH.
SonicWall Global Management System XSS Vulnerability
An attacker can steal visitor and administor cookies or session id using XSS and accomplish successful phishing attacks with the real website address.
Sonicwall NSA E7500 XSS Vulnerability
Using XSS an attacker can steal users and admin cookies or session id.
Juniper Security Threat Response Manager XSS Vulnerability
An attacker can run XSS and Stored XSS attacks on Juniper Security Threat Response Manager users and admin.
HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager.
Piwik Cookie Unserialize Vulnerability
Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.
Microsoft Indeo Codec Memory Corruption Vulnerability
The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code to run on users systems when opening specially crafted content.
HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
HP-UX Running VRTSweb Remote Execution of Arbitrary Code and Privilege Escalation
A potential security vulnerability has been identified with HP-UX running VRTSweb version 5.0. The vulnerability could be exploited remotely to execute arbitrary code or increase privilege.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Mozilla fixes Firefox critical memory corruption errors
By Robert Westervelt
Serious flaws in Firefox could be used by attackers to gain access to critical files and sensitive data.
Firefox, Opera, Safari browsers top list of high risk software
By Robert Westervelt
In addition to the browsers, Adobe Systems' PDF software as well as its Flash and Shockwave players made the annual list.
Active PDF attacks target Reader, Acrobat zero-day vulnerability
By Robert Westervelt
Malicious PDF files discovered in the wild spread via an email attachment and target a yet-to-be patched hole in Adobe Reader and Acrobat.
Security researchers continue hunt for Conficker authors
By Robert Westervelt
The Conficker botnet remains dormant, but several ongoing investigations are turning up mounting evidence against those responsible for the worm.
Database activity monitoring lacks security lift
By Eric Ogren
IBM's acquisition of Guardium does not validate DAM as a viable security market segment. The market has been hyped, says security expert Eric Ogren.
SANS NewsBites
All Stories From Vol: 11 - Issue: 98
Supreme Court to Review Reasonable Expectation of Privacy in Text Messaging Case (December 14, 2009)
The US Supreme court will review a federal appeals ruling that the Ontario, California police department exceeded its reach when it accessed and read officers' personal text messages sent from work accounts.......
US and Russia Discussing Cyber Warfare and Cyber Security (December 13 & 14, 2009)
Officials from the US and Russia are meeting to discuss improving Internet security and establishing cyber warfare policy.......
Gartner Report Says Two-Factor Authentication Isn't Enough (December 14, 2009)
A report from Gartner says that two-factor authentication is not providing adequate security against fraud and online attacks.......
22 Million Bush White House eMails Recovered (December 14, 2009)
Technicians have recovered about 22 million emails that the George W.......
DECAF Aims to Take The Zing Out of COFEE (December 14, 2009)
Someone released a tool designed to foil a Microsoft forensic toolkit that helps law enforcement agents examine hard drives during raids.......
NIST Issues FIPS 140-3 Crypto Standard Draft for Public Comment (December 14, 2009)
The National Institute for Standards and Security (NIST) has released a draft document, Federal Information Processing Standard 140-3 (FIPS 140-3), Security Requirements for Cryptographic Modules, for public comment.......
Google Blocking Facial Recognition Component of Goggles Image Search Service (December 14 & 15, 2009)
Google is blocking the facial recognition component of its Goggles image search service in the wake of privacy concerns.......
Fraud Prevention Security Questions Take a Strange Turn (December 13 & 14, 2009)
When Roger Thompson attempted to check out of a London hotel last week, the clerk informed him his credit card had been declined.......
MOD Laptop and Encryption Key Stolen (December 12 & 14, 2009)
The theft of a laptop computer from the UK Ministry of Defence headquarters in Whitehall has prompted an investigation.......
Stolen Swiss Bank Data Used in French Tax Evasion Investigation (December 11 & 14, 2009)
Some of the data used by French authorities in tax evasion investigations appears to have been leaked by a former employee of HSBC Private Bank in Switzerland.......
Legislators Want to Keep TSA Document From Being Reposted (December 10, 2009)
US legislators have sent a letter to Department of Homeland Security (DHS) secretary Janet Napolitano asking if there are legal remedies to prevent a leaked Transportation Security Administration (TSA) document from being reposted to the Internet.......
Judge Dismisses Shareholder Suit Against Heartland (December 9 & 10, 2009)
A US District Court Judge has granted a motion by Heartland Payment Systems to dismiss a class-action lawsuit filed by company shareholders.......
UK ICO Launches Online Privacy Code of Practice Consultation (November 10, 2009)
The UK Information Commissioner's Office (ICO) has launched a consultation for a code of practice for online privacy.......
House Passes Electronic Data Breach Notification Bill (December 9 & 10, 2009)
The US House of Representatives has passed HR 2221, the Data Accountability and Trust Act, which would establish national standards and rules for notification following breaches of electronically stored personally identifiable data.......
Germany to Tackle Botnet Infestations (December 8 & 9, 2009)
The German government plans to help computer users rid their machines of botnet malware.......
New SQL Injection Attack Loads Invisible iFrame (December 10, 2009)
A newly-detected SQL injection attack has infected nearly 300,000 web pages with an invisible iframe that gathers malicious code from a series of web sites.......
Verizon Report Details Top Cyber Attack Vectors of 2009 (December 9 & 10, 2009)
Verizon Business's "An Anatomy of a Data Breach" report lists the top 15 most common cyber attack vectors in 2009.......
Microsoft Issues Six Security Bulletins, Fixes Critical IE Vulnerability (December 8 & 9, 2009)
Microsoft released its last batch of patches for 2009 on Tuesday, December 8.......
TSA Employees on Administrative Leave Following Information Leak (December 9, 2009)
The US Department of Homeland security (DHS) has put five Transportation Security Administration (TSA) employees on administrative leave following the leak of confidential information on the Internet.......
Gonzalez to Enter Guilty Plea in Connection with 7-Eleven, Heartland and Hannaford Breaches (December 8 & 9, 2009)
Albert Gonzalez has agreed to plead guilty to charges of breaking into computer systems at 7-Eleven, Heartland Payment Systems, and Hannaford Bros.......
Adobe Patches Seven Vulnerabilities in Flash Player (December 9 & 10, 2009)
On Tuesday, December 8, Adobe released fixes for seven security flaws in Flash Player, six of which are rated critical.......
SANS Internet Storm Center, InfoCON: green
Firefox 3.5.6 is available, time to update! find the update here ==> http://en-us.www.mozilla.com/en-US/firefox/3.5.6/releasenotes/, (Wed, Dec 16th)
...(more)...
Cisco WebEx WRF Player Vulnerabilities, (Wed, Dec 16th)
Cisco today released details of a set of buffer overflow vulnerabilities and fixes for their WebEx W ...(more)...
Seamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1, (Wed, Dec 16th)
...(more)...
Beware the Attack of the Christmas Greeting Cards !, (Wed, Dec 16th)
With the holiday season upon us, lots of folks (me included) have elected to send online greeting ca ...(more)...
Adobe 0-day in the wild - again, (Tue, Dec 15th)
Update2: : It looks like Adobe will not be releasing an update to resolve this issue until Jan ...(more)...
Important BIND name server updates - DNSSEC, (Tue, Dec 15th)
Over the first half of 2010, ICANN/IANA plan to sign the root zone [1]. The DNSSEC signature will us ...(more)...
PostgreSQL 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23 and 7.4.27 have security fixes http://www.postgresql.org/docs/current/static/release.html, (Mon, Dec 14th)
...(more)...
Anti-forensics, COFEE vs. DECAF, (Mon, Dec 14th)
Recently was told by a reader about anti-forensics efforts to stimy a Microsoft produced digital for ...(more)...
Metrics and SPAM, (Sun, Dec 13th)
Like a ...(more)...
Microsoft Update providing 403 error code?, (Fri, Dec 11th)
We've had two separate reports this morning from readers telling us, when they try to visit the Micr ...(more)...
Another good reason to update to Thunderbird 3.0, (Fri, Dec 11th)
One of our readers sent this in to us (Thanks Juha-Matti), a security advisory against versions of T ...(more)...
Facebook Password Reset Confirmation. Customer Support. (Malware), (Thu, Dec 10th)
I received an email today purporting to be from Facebook, which of course had an attachment. The fil ...(more)...
Facebook announces privacy improvements, (Wed, Dec 9th)
Facebook, one of the largest social networking sites and somewhat notorious on the privacy front, ha ...(more)...
SANS Information Security Reading Room
Last 25 Computer Security Papers added to the Reading Room
Preventing Incidents with a Hardened Web Browser
Categories: Best Practices,Incident Handling,System Administration,Windows Issues
The Register - Security
Biting the hand that feeds IT
TJX hacker mulls Asperger's defense
Move over, McKinnon
The international hacker who has admitted to stealing more than 130 million payment card numbers has mounted a new defense claim that he might suffer from Asperger's syndrome, a court filing indicates.…
Google Doodle poisoned by scareware slingers
How do you say ne'er do wells in Esperanto?
Scareware slingers have begun hiding links to rogue anti-virus sites behind Google Doodle.…
RockYou password snafu exposes webmail accounts
Clueless developer airs 32m user login IDs
Millions of user passwords to social networking sites have been exposed, after a serious SQL injection flaw on the Rockyou.com website left login details - stored in plain text - up for grabs.…
Attacks spread malware with help from AppleInsider
And lawyers.com. And many more
Malware purveyors are exploiting web vulnerabilities in appleinsider.com, lawyer.com, news.com.au and a dozen other sites to foist rogue anti-virus on unsuspecting netizens.
Data collector threatens scribe who reported breach
Shoot the messenger, Texas-style
A Texas company is threatening to press criminal and civil charges against a Minnesota Public Radio reporter after she uncovered a security lapse that exposed sensitive data for at least 500 people.…
Honeynet research lifts the lid on spam trends
Busy bees reveal a hive of junk mail activity
Stats from the one billion spam messages blocked by Project Honey Pot over the last five years provide an insight into junk mail trends and spamming practices.…
Unpatched PDF flaw harnessed to launch targeted attacks
Adobe software pwned by crackers, again
Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages.…
Chinese domain crackdown targets smut sites
Individual website ownership swept away by clean up
Chinese regulators have started to request business licences and paperwork before allowing future .cn domain registrations.…
Google Chrome bug outs users seeking anonymity
Loose-lipped proxy spills local IPs
A bug in the latest version of the Google Chrome browser could leak the identity of users trying to surf anonymously, developers warn.…
Google's reCAPTCHA busted by new attack
Significant success rate
A security researcher has devised a successful attack on a Google-owned system for blocking malicious scripts on web-based email services and other types of sites.…
Facebook chief explains bear photo bareness
Intended to make now shielded pictures public, apparently
Facebook chief exec Mark Zuckerberg has responded to the derision that arose when previously private photos became public property after last week's privacy roll-back by the social networking site.…
US and Russia begin cyberwar limitation talks
It's like SALT for hackers
The US and Russia have begun talks on limiting the the military use of cyberspace.…
Hackers declare war on international forensics tool
Microsoft's COFEE decaffeinated
Hackers have released software they say sabotages a suite of forensics utilities Microsoft provides for free to hundreds of law enforcement agencies across the globe.…
Remote execution flaw mars older Thunderbird versions
Mozilla's email add-on blues
Developers of the Thunderbird email client are in the process of patching a vulnerability that could allow attackers to remotely execute malicious code on end users' machines, security researchers said.…
Stolen bank data mixed into list of French tax dodgers
Swiss bank IT worker turned gov informant under protection
The legality of a French crackdown on suspected tax evaders earlier this year has been thrown into doubt after it emerged that stolen data was among the mix of information used by financial investigators.…
Zuckerberg pictures exposed by Facebook privacy roll-back
CEO shown 'plastered', possibly while devising new policy
Illuminating pictures of Facebook chief exec Mark Zuckerberg have been exposed by Facebook's privacy roll back.…
Privacy furore forces partial climb-down from Facebook
Social network faces up to criticism
Facebook's revised privacy settings have been almost universally panned by users and security watchers, but at least one group is happy - internet marketers.…
Steel-woven wallet pledges to keep RFID credit cards safe
Blocks wireless snoopers
Worried someone may try to wirelessly nab your personal details from those RFID cards in your wallet? Get some peace of mind with the “identity theft preventing privacy wallet”, its seller claims.…
Linux devs exterminate security bugs from kernel
Ping of death killed again
Developers have exterminated two bugs from the Linux kernel that threatened the security of people using the open-source operating system.…
Potent malware link infects almost 300,000 webpages
Johnny Come Lately
A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.…
McKinnon lawyers file last gasp extradition appeal
Gimme shelter
Lawyers for Pentagon hacker Gary McKinnon have filed a judicial review contesting the Home Secretary's recent decision to allow US extradition proceedings to proceed against the Asperger's sufferer. The widely anticipated move is perhaps McKinnon's last best hope of avoiding US trial and likely imprisonment on hacking charges.…
Felony fugitive found working for DHS for 2 years
Who knew?
Red-faced bosses from the Department of Homeland Security are trying to explain how they failed to know that one of their employees had been a wanted fugitive for more than two years.…
Top security firm: Default Windows 7 less secure than Vista
Reviled UAC nagware finds a defender
Windows 7 is less secure out-of-the box than Vista, despite Redmond's protestations to the contrary, a top security firm has claimed.…
Scareware slingers flaunt fake MS endorsement
Black-hat scripting malfeasance
Scareware wronguns have developed a neat but evil piece of coding trickery designed to dupe prospective marks into believing that Microsoft is endorsing their worthless scamware.…
Facebook urges public exposure in 'privacy' revision
Share everything, please
Facebook is urging its 350 million users to open their kimonos to the entire internet as part of its revamped security settings.…
Attackers hone Twitterific exploit-site concealer
Conquer hacktile dysfunction
Malware writers have revamped code that uses a popular Twitter command to generate hard-to-predict domain names, a technique that brings stealth to their drive-by exploits.…
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
Mass. Supreme Court throws out lawsuit against BJs over '04 data breach
The Massachusetts Supreme Judicial Court affirmed a lower court ruling dismissing a lawsuit brought against by BJs dozens of credit unions over a 2004 data breach.
PrivacyChoice Opt-Out
Ad networks and Web sites constantly track your behavior as you surf the Web, recording what sites you visit, what pages you visit on sites, and what kind of content you like to view. If you'd like to keep your personal Web preferences to yourself, get the free Firefox addon PrivacyChoice Opt-Out, which lets you stop more than 100 companies from tracking your behavior.
Child groups slam Conroy’s ISP filtering plans
Children’s rights groups have spoken out against the Federal Government’s plans to introduce mandatory ISP-level filtering, saying it will not effectively protect children.
Hot security predictions for 2010
Looking forward to 2010 while trying to erase the memory of 2009 -- here are my security predictions for the new year.
Five Things You Need to Know About Social Engineering
SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of tricking people into giving up sensitive information, is nothing new. Convicted hacker Kevin Mitnick made a name for himself by cold-calling staffers at major U.S. companies and talking them into giving him information. But today's criminals are having a heyday using e-mail and social networks. A well-written phishing message or virus-laden spam campaign is a cheap, effective way for criminals to get the data they need.
Supply Chain Security Threats: 5 Game-Changing Forces
As any CSO knows, it's not enough to mind your own business. You have to look after your business partners as well, across all links that connect to your supply chain--whether that chain is physical or virtual. And that goes double in times of rapid change and high stress.
ISP-level filter trial vendor happy with results
The vendor that provided filtering products to six of the nine ISPs participating in the Federal Government's controversial ISP-level content filtering trial says the results show the technology works.
Adobe offers advice on avoiding new Reader attack
One day after warning of a new attack on its Reader and Acrobat software, Adobe issued a security advisory Tuesday offering users some advice on how to mitigate the problem.
Rogue antivirus lurks behind Google Doodle searches
In Esperanto the word is "malica." It means malicious and it's the best way of describing many of the search results Google visitors got Tuesday when the clicked on Google's front-page Doodle sketch, dedicated to Esperanto's creator.
McAfee aims to localize in China sales push
McAfee will form a new Chinese subsidiary and expand its staff in the country as it looks for new inroads to the local security market, the company said Wednesday.
Data Sharing That Benefits Customers
You rarely get a full-circle view of your health records because doctors, hospitals, specialists, pharmacists and insurers track transactions with a combination of software plus paper, and few of those systems talk to each other. It's like having your bank provide separate statements for deposits, withdrawals, transfers and fees, leaving it to you to integrate the data each month. Worse, actually, because most healthcare organizations don't regularly supply customers with much data at all.
Adobe Reader Under Zero-Day Attack
Symantec yesterday confirmed that a new zero-day vulnerability, which means there is not yet any patch available to fix the flaw, in both Adobe Acrobat and Readerunder is under active assault.
Adobe Reader Zero-Day Exploit: Protecting Your PC
Reports that a zero-day vulnerability in Adobe Acrobat and Adobe Reader is being exploited in the wild have been confirmed by Adobe in a blog post. Adobe is exploring the issue to determine how to patch it, but you're on your own in the meantime.
Kill JavaScript in Adobe Reader to ward off zero-day exploit, experts urge
Security experts today urged Adobe Reader and Acrobat users to disable the JavaScript option until a patch is issued for a just-disclosed vulnerability.
10 Predictions for 2010: Kaminsky and Weatherford
Curious about what's going to happen to our critical IT infrastructure in 2010? Here, IT security luminaries Mark Weatherford, CISO for California State, and Dan Kaminsky, finder of last year's DNS flaw, offer five predictions each. (The first of 2 parts).
Spam-linked Chinese domain registrar caught in porn cleanup
A Chinese domain registrar long criticized for serving malicious domains promised stricter oversight on Tuesday after being censured in a government crackdown on Internet porn.
In 2009 87% of emails are spam
Spam accounted for 87 percent of all email messages in 2009, says Symantec.
Adobe warns of Reader, Acrobat attack in the wild
Adobe is investigating new reports that hackers are attacking a previously unknown bug in the latest version of the company's Reader and Acrobat software.
Adobe probes new in-the-wild PDF bug
Adobe confirmed late on Monday that hackers are exploiting a vulnerability in the most up-to-date version of its PDF viewing and editing applications.
The 12 Cons of Christmas
While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off.
Akamai service to stop data center attacks
Akamai Technologies is introducing a cloud-based managed service called Web Application Firewall it claims will head off the bulk of Web applications attacks before they get inside corporate data centers.
Microsoft patches Office 2003 lockout bug
Microsoft on Saturday fixed a bug that locked out Office 2003 users from accessing documents safeguarded with the company's rights management security technology.
Traveling to dictatorships
In 1994, I was asked to lead a delegation of information security experts from the United States and the People's Republic of China. When not on the West Coast, and in our preparatory briefing, I warned the members of our delegation to be on their guard at all times once they entered the PRC.
Facebook and Google: Contrasts in Privacy
The headlines recently have been dominated with news of online privacy. Facebook has implemented changes that affect the privacy of status updates, and Google made headlines for its apparent disregard for privacy.
Adobe Flash's security woes: How to protect yourself
Experts disagree whether Adobe's security is 'immature' or Flash's popularity makes it a hackers' target
Microsoft fixes Office 2003 document lockout bug
Microsoft has fixed a problem in Office 2003 that prevented the software from opening documents saved using its access control technology.
IdM concerns from across the ocean
It's the nature of global communications that a) I hear about IdM projects worldwide almost daily, but b) talking to the people behind the projects usually requires either I travel to them or they travel to the United States. The nine-hour time difference between here and Europe, for example, means that I would be on the phone at 7 a.m. (not a pretty sight at all) or my European contact would be on the phone at 10 p.m. (usually from a noisy "watering hole"). Neither is conducive to good conversation.
Google's Schmidt Roasted for Privacy Comments
An Internet privacy watchdog has blasted Google chief executive Eric Schmidt for his comments on Internet privacy, saying his remarks suggest Google misunderstands basic lessons about why privacy is important.
FBI: Rogue antivirus scammers have made $150M
They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than US$150 million for scammers. Security experts call them rogue antivirus programs.
Symantec and Amazon team on enterprise security
Global security, storage and systems management solutions provider Symantec is offering its next-generation security and enterprise-class storage management solutions through the Amazon elastic compute cloud (Amazon EC2).
HSBC confirms data theft by former employee
HSBC confirmed Friday that a former employee stole client data but said the number of records taken was less than 10.
Rather than patch, Microsoft blocks buggy code
Microsoft this week disclosed that it disable buggy code in older versions of Windows rather than issue a fix, an unusual move for the firm.
Analysis: TSA document release show pitfalls of electronic redaction
The inadvertent posting of sensitive TSA documents this week should serve as a reminder to corporate IT operations not to overlook the security challenges of electronic document redaction.
After Criticism, Facebook Tweaks Friends List Options
Facebook's new privacy controls remain a work in progress a full 24 hours after release and months after they were announced. Responding to criticism over making its users' Friends Lists public, Facebook is rolling out a new option that allows users to protect their Friends List from viewing or searching.
Bugs & Fixes: Safe Boot fixes iWork and iWeb crashes
A new Apple Knowledge Base article confirms that iWork software (Pages, Keynote, and Numbers)--as well as iLife's iWeb '09--may crash when running under Mac OS X 10.6.2. Or, as Apple puts it, the applications may "unexpectedly quit." The fix is easy: Just do a Safe Boot (or again, as Apple also phrases it, "Startup your Mac in Safe Mode"). To do this, start up your Mac while holding down the Shift key. When done, restart again as normal. That's it.
Lawmakers seek to stop reposting of TSA security document
Several lawmakers are asking DHS Secretary Janet Napolitano to examine if any legal remedies are available to stop Web sites from reposting a recently leaked TSA security manual.
Microsoft talks cloud computing security, plans to offer private cloud software
Microsoft is looking to unveil a new security structure for multi-tenant cloud environments as well as private cloud software based on the same technology used to build the Azure cloud computing platform.
Protect Your Privacy With the New Facebook Settings
Facebook is great for maintaining relationships of all kinds, but letting them overlap can be a recipe for disaster. Fortunately, it has started to roll out its much-anticipated update to its privacy settings to let users determine on a post-by-post basis exactly who they're sharing with. Here's how you can use the new functions to avoid a Facebook meltdown without spending all day micromanaging your privacy preferences.
Facebook privacy changes draw mixed reviews
Facebook's revamped privacy settings will push more user data onto the Internet and, in some cases, make privacy protection harder for Facebook users, digital civil liberties experts said.
Hackers find a home in Amazon's EC2 cloud
Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure.
McAfee Avert Labs
Cutting edge security research as it happens.......
Conficker Again in the News
By David Marcus on Web and Internet Safety
Our good friends at Shadowserver have recently added some excellent graphs and stats that highlight the continued infections and propagation by the Conficker worm. Conficker, although it actually does very little, continues to be a major annoyance worldwide, so let’s use these excellent charts and graphs as a reason to revisit two important points: Update your systems [...]
Another Adobe Reader Zero-Day Attack
By Micha Pekrul on Malware Research
Adobe just posted a new Security Advisory (APSA09-07, CVE-2009-4324) for the latest critical vulnerability in Adobe Reader and Acrobat 9.2 (and earlier). The flaw lies within a JavaScript function specific to the PDF Reader. Adobe plans to release a patch by January 12, 2010, to resolve the issue. The zero day is already being exploited [...]
DKOM Opens Door to Malware Rootkits
By Romain Levy on Vulnerability Research
Much malware comes with a kernel rootkit component. Subverting the Windows kernel is indeed the best way to conceal malicious activities on infected systems. To achieve this, many types of malware load malicious device drivers that enjoy full access to all kernel objects. However, this technique is somewhat noisy, and loading a new driver is [...]
Good News from China
By Toralv Dirro on Web and Internet Safety
As outlined in our recent report Mapping the Mal Web, the People’s Republic of China’s top-level domain (.cn) is currently one of the riskiest domain names to surf due to numerous malware downloads and other risky sites. However, this state of affairs may now change for the better: On December 11 the China Internet Network Information [...]
McAfee Labs Releases December Spam Report
By David Marcus on Web and Internet Safety
The United States is still a safe haven for spammers. With U.S. anti-spam legislation doing very little to thwart spammers and the McColo takedown having only a short-term effect, we have found that due to low-cost and reliable hosting and anonymous domain registration, our country remains the world’s top source for spam. The December report [...]
‘Ho, Ho, Ho’: Santa Delivers FakeAV Presents
By Mohinder Gill on Web and Internet Safety
Following the latest Captcha techniques used by the W32/Koobface worm, it seems that malware authors have turned to Santa for help to deliver the nasty surprise which awaits Facebook users. The infection drops other Trojans, such as FakeAlert, and leaves the user in trouble. It all begins with a post on a user’s Facebook wall. If [...]
Should Facebook’s New Privacy Features Concern You?
By Sam Masiello on Web and Internet Safety
Facebook has changed the rules again. Should you be concerned? On December 9 Facebook rolled out a new feature that was previously announced via an open letter from Facebook founder Mark Zuckerberg. This feature asked users to review their privacy settings to give them more control over who can view the content they publish on [...]
InSecurity Complex
Keeping tabs on flaws, fixes, and the people behind them.
Adobe to patch zero-day Reader, Acrobat hole
By Elinor Mills
Company will release the patch on January 12, allowing it to stick to its quarterly security update schedule. In the meantime, users can disable JavaScript.
Keeping Uncle Sam from spying on citizens
By Elinor Mills
As Center for Democracy and Technology lawyer, Greg Nojeim works to keep government from using national security as excuse to violate citizens' online privacy.
Facebook sues men for allegedly phishing, spamming
By Elinor Mills
Facebook's latest lawsuit accuses three men of getting access to Facebook user accounts by phishing and then sending spam from their accounts.
Scammers exploit Google Doodle to spread malware
By Elinor Mills
Latest twist on search engine scam exploits interest in the Google Doodle to send Web surfers to malware-laden Web sites, Barracuda Networks says.
Symantec confirms zero-day Acrobat, Reader attack
By Elinor Mills
Malicious Acrobat PDF is distributed via e-mail attachment that drops Trojan affecting Windows systems when the file is opened.
Adobe investigating Reader, Acrobat exploit reports
By Elinor Mills
Adobe partners warn the company of an exploit in the wild targeting a vulnerability in Reader and Acrobat 9.2.
Heartland data breach lawsuit dismissed
By Elinor Mills
Court says plaintiffs failed to prove their allegations against payment processor Heartland Payment Systems over massive data breach, according to a report.
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
Bank's antifraud tactics stun security expert: How much do they know?
Posted by InfoSec News on Dec 15
http://www.networkworld.com/news/2009/121409-bank-antifraud-measures.html
By Ellen Messmer
Network World
12/14/2009
Checking out of a Hilton hotel in London, security expert Roger Thompson
was told his Visa card had been declined due to suspicions it was
stolen, a situation that only got more disconcerting when he learned the
bank that issued the card had more personal information on him and his
family members than he ever imagined.
In...
MoD inquiry after laptop stolen from headquarters
Posted by InfoSec News on Dec 15
http://news.bbc.co.uk/2/hi/uk_news/8409363.stm
BBC News
12 December 2009
An investigation is under way after a laptop containing secret data was
stolen from the Ministry of Defence.
It was taken from the ministry's headquarters in Whitehall, central
London in late November, along with a key used to decode encrypted
files.
A spokesman said an investigation by MoD police was ongoing.
Shadow defence cecretary Liam Fox said the theft was...
ROTC teens win in war against cyberterrorism
Posted by InfoSec News on Dec 15
http://www.deseretnews.com/article/705351387/ROTC-teens-win-in-war-against-cyberterrorism.html
By Elizabeth Stuart
Deseret News
Dec. 13, 2009
CLEARFIELD -- Stern-faced and imposing in an Air Force Junior ROTC
uniform, 17-year-old Jorge Lerma stares down his adversary.
The laptop in front of him, flashing a menacing "error" message, he
doesn't even flinch.
"I've seen a lot of errors, but I've never seen anything like...
One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.
Posted by InfoSec News on Dec 15
http://www.techcrunch.com/2009/12/14/rockyou-hacked/
By MG Siegler
TechCrunch.com
December 14, 2009
It's no secret that most people use the same password over and over
again for most of the services they sign up for. While it's obviously
convenient, this becomes a major problem if one of those services is
compromised. And that looks to be the case with RockYou, the social
network app maker.
Over the weekend, the security firm Imperva...
Q&A: Eugene Spafford on Cybercrime, Security Research
Posted by InfoSec News on Dec 15
http://threatpost.com/en_us/blogs/qa-eugene-spafford-121409
By Dennis Fisher
Threat Post
December 14, 2009
Threatpost editor Dennis Fisher talks with Eugene Spafford of Purdue's
CERIAS center about cybercrime, funding for long-term security research
projects and whether the federal cybersecurity coordinator position
matters.
Fisher: Do you see any indications that there will be more funding
coming from the federal government for longer...
Hackers declare war on international forensics tool
Posted by InfoSec News on Dec 15
http://www.theregister.co.uk/2009/12/14/microsoft_cofee_vs_decaf/
By Dan Goodin in San Francisco
The Register
14th December 2009
Hackers have released software they say sabotages a suite of forensics
utilities Microsoft provides for free to hundreds of law enforcement
agencies across the globe.
Decaf is a light-weight application that monitors Windows systems for
the presence of COFEE, a bundle of some 150 point-and-click tools used
by...
Cyber Thief Seeks Hit Man to Kill Informant
Posted by InfoSec News on Dec 15
http://www.wired.com/threatlevel/2009/12/hit-man/
By Kim Zetter
Threat Level
Wired.com
December 14, 2009
A convicted credit card thief and bank fraudster has pleaded guilty to
solicitation of murder for attempting to put out a contract on a federal
informant.
Pavel Igorevich Valkovich, 28, admitted last week that he discussed
hiring a hitman to kill the unidentified informant in a drive-by
shooting. He submitted his guilty plea the first...
Stolen bank data mixed into list of French tax dodgers
Posted by InfoSec News on Dec 13
http://www.theregister.co.uk/2009/12/11/french_tax_evasion_data_intrigue/
By John Leyden
The Register
11th December 2009
The legality of a French crackdown on suspected tax evaders earlier this
year has been thrown into doubt after it emerged that stolen data was
among the mix of information used by financial investigators.
A list of 3,000 French nationals suspected of using Swiss banking
secrecy to evade paying taxes included data handed...
Digital dangers in a wired world
Posted by InfoSec News on Dec 13
http://joongangdaily.joins.com/article/view.asp?aid=2913933
By Lim Mi-jin, Kim Jeen-kyung
JoongAng Daily
December 14, 2009
It's the stuff of action flicks. In "Live Free or Die Hard," terrorists
paralyze the United States by taking over all transportation systems,
broadcasting, communications and the power grid. It’s a total shutdown
and only Bruce Willis can save the world from the evil hackers.
But the plot’s not a total...
New version of 20 top security controls is available
Posted by InfoSec News on Dec 13
http://www.gcn.com/Articles/2009/12/14/Cybereye-news-CAG-version-released.aspx
By William Jackson
GCN.com
Dec 10, 2009
Version 2.3 of the Consensus Audit Guidelines, the top 20 critical
security controls agreed on by a consortium of private and government
security experts, has been released and is available on the Web site of
the SANS Institute.
The consortium includes the National Security Agency, the U.S. Computer
Emergency Readiness...
Call for Papers: i-Society 2010
Posted by InfoSec News on Dec 13
Forwarded from: David Brown <d.brown (at) i-society.eu>
CALL FOR PAPERS
*******************************************************************
International Conference on Information Society (i-Society 2010),
Technically Co-Sponsored by IEEE UK/RI Computer Chapter
28-30 June, 2010, London, UK
www.i-society.eu
*******************************************************************
The International Conference on Information Society (i-Society...
Heartland Executives Told the Truth, Judge Says
Posted by InfoSec News on Dec 13
http://www.pcworld.com/article/184235/heartland_executives_told_the_truth_judge_says.html
By Robert McMillan
IDG News Service
Dec 10, 2009
Top executives at Heartland Payment Systems spoke truthfully about the
state of security at the company, a federal judge said earlier this week
before dismissing a class-action lawsuit against the payment processor.
The shareholder lawsuit, filed in March, was dismissed Monday by Judge
Anne Thompson of...
In wake of TSA breach, a refresher on redacting PDFs
Posted by InfoSec News on Dec 11
http://gcn.com/articles/2009/12/09/tsa-breach-pdf-redaction-refresher.aspx
By Kevin McCaney
GCN.com
Dec 09, 2009
News that the Transportation Security Administration (TSA) accidentally
posted secret information detailing its airline screening practices may
have had a familiar ring to feds. The information was exposed because of
inadequate redaction procedures.
TSA's operating manual had been posted on a procurement Web site in the
spring...
[Infowarrior] - Senate sets up Cyber Security Task Force
Posted by InfoSec News on Dec 11
Forwarded from: Richard Forno <rforno (at) infowarrior.org>
To: Undisclosed-recipients: <>;
Cc: Dave Farber <dave (at) farber.net>
Subject: [Infowarrior] - Senate sets up Cyber Security Task Force
Oh, zippidy-doo-dah! Just what will fix the problem -- another task
force to spend our tax dollars and waste time leading to town halls,
hearings, and a nicely-formatted report telling us what we already
know and have known for the...
Court Rejects Request to Consolidate TJX Hacker Cases
Posted by InfoSec News on Dec 11
http://www.wired.com/threatlevel/2009/12/heartland-hacker/
By Kim Zetter
Threat Level
Wired.com
December 10, 2009
A federal judge in Massachusetts has rejected a request from U.S.
attorneys to consolidate a New Jersey case against Albert Gonzalez, who
has admitted hacking more than 120 million credit card numbers from
Heartland Payment Systems, with two other cases against him in
Massachusetts.
Gonzalez, a former Secret Service informant...
Hackers find a home in Amazon's EC2 cloud
Posted by InfoSec News on Dec 11
http://www.computerworld.com/s/article/9142058/Hackers_find_a_home_in_Amazon_s_EC2_cloud?taxonomyId=17
By Robert McMillan
IDG News Service
December 9, 2009
Security researchers have spotted the Zeus botnet running an
unauthorized command and control center on Amazon's EC2 cloud computing
infrastructure.
This marks the first time Amazon Web Services' cloud infrastructure has
been used for this type of illegal activity, according to Don...
U.S.-China Internet forum highlights need to step up online security
Posted by InfoSec News on Dec 11
http://news.xinhuanet.com/english/2009-12/11/content_12631544.htm
By Lin Zhi
www.chinaview.cn
2009-12-11
SAN FRANCISCO, Dec. 10 (Xinhua) -- The third annual U.S.-China Internet
Industry Forum concluded here Thursday with delegates calling for more
efforts to step up online security.
An important part of network security was to ensure the security of
online information, said Cai Mingzhao, former deputy director of China's
State...
Secunia Weekly Summary - Issue: 2009-50
Posted by InfoSec News on Dec 11
========================================================================
The Secunia Weekly Advisory Summary
2009-12-03 - 2009-12-10
This week: 72 advisories
========================================================================
Table of Contents:
1.....................................................Word From...
Rogue anti-virus takes off
Posted by InfoSec News on Dec 11
Forwarded from: Simon Taplin <simon.taplin (at) gmail.com>
http://www.itweb.co.za/index.php?option=com_content&view=article&id=28736
By Kirsten Doyle
ITWeb portals editor
8 Dec 2009
Scareware, fake anti-virus (AV) programs alarming users into thinking
their machines are infected, is on the rise.
So says Sergey Golovanov, senior malware analyst, non-Intel research
group manager at Kaspersky Lab, during an interview at the...
Nicky Hilton -- Nothin' Trashy on Stolen Comp
Posted by InfoSec News on Dec 11
http://www.tmz.com/2009/12/10/nicky-hilton-paris-stolen-computer-crystal-laptop-burglars/
By TMZ Staff
Dec 10th 2009
Nicky Hilton's stolen laptop will not result in another "leaked" Hilton
sex tape -- sources close to the heiress tell us the missing computer
was 100% scandal free.
As we first reported, burglars hit Nicky's Hollywood Hills home Tuesday
and made off with a computer and an expensive Lalique crystal.
But we're told...
With lawsuit settled, timetable for release of Bush e-mails is tricky
E-mails that are presidential records from the administration George W. Bush discovered during ongoing litigation could be publicly available in five years under the Presidential Records Act.
The 10 critical characteristics of a national cyber coordinator
Cybersecurity leaders have developed a list of critical characteristics that will be required of the new cybersecurity czar. They suggest that whoever fills the position could learn leadership skills from FDR, Churchill and Einstein.
iPhone overcoming IT security skepticism
Apple's iPhone is winning over enterprise security skeptics and is now becoming a viable option to Research in Motion's BlackBerrys and Microsoft Windows Mobile handsets.
OMB proposes new FISMA performance metrics
The Office of Management and Budget is considering new computer security reporting metrics that would include real-time security awareness and management.
DHS, Michigan team on cybersecurity
The DHS Computer Emergency Readiness Team will identify possible abnormal activities on Michigan’s networks under a new agreement between the department and the state.
DHS hosts virtual cybersecurity job fair
The Homeland Security Department has announced a Cybersecurity Virtual Job Fair to greatly expand its computer security workforce.
TWIC card reader tests need best practices, GAO says
GAO gave TSA a mixed review in its latest evaluation of the transportation worker ID card program.
Pulling an about-Facebook on privacy
By requiring that each of its 350 million users to set their own privacy settings -- and making the process easy to understand -- Facebook is trying to part of the solution.
House passes bill to require data breach notifications
The House has passed a bill that would standardize how businesses must notify people put at risk after they improperly discloses personal data electronically.
eWeek Security Watch
Playing God: Zeus DIY Botnet Kit Evolves
In Windows 7
The evolution of the Zeus botnet toolkit highlights the continued development and maturation of the underground market for such attack authoring capabilities.
RockYou Hack a Reminder to Consider Data Stored in the Clear
In Social networking
A SQL injection vulnerability was exploited to expose 32 million passwords belonging to users of RockYou.com. The passwords were stored in clear text in the RockYou database.
Survey Lists Top Enterprise Endpoint Security and Compliance Holes
In Enterprise security strategy
A survey by Promisec paints a bleak picture of enterprise endpoint security management.
Amazon EC2 Used as Botnet Command and Control
In Web 2.0
CA uncovered evidence of the notorious Zeus Trojan using a server inside the Amazon EC2 network as a command and control for its bots.
DarkReading - Security News
DarkReading
BIDaWIZ Connects Online Customers With Licensed Accounting & Finance Pros, Saving Them an Average of 70% on Fees Compared to Typical Billable Rates
Cox Business Enhances Data Portfolio with Online Backup
U.S. Internal Revenue Service Issues Contract
DarkReading - All Stories
DarkReading
FTC Report Says SAFE WEB Act Is Working, Urges Congress To Keep It In Force
FTC publishes progress report on U.S. SAFE WEB Act; urges Congress not to let legislation expire
Adobe Reader, Acrobat Under Zero-Day Attack
New exploit in the wild capitalizes on flaw in JavaScript function
Does The Fourth Amendment Protect E-Communications?
Issue heads to Supreme Court following a case in California
Hackers Take Aim At COFEE With DECAF
New anti-forensics tool promises to inhibit popular COFEE law enforcement software
Full Disk Encryption: What It Can And Can't Do For Your Data
Protection depends on how implementation -- and user know-how
OMB, NIST Propose Cybersecurity Performance Metrics
Aimed at federal agencies, proposal calls for real-time monitoring
Product Watch: Core Adds Wireless To Penetration Test Tool
Impact Version 10 adds support for wireless support, more Web vulnerabilities
Tech Insight: Learn To Love Log Analysis
Log analysis and log management can help breach detection and investigations
Apple: 'Nokia Chose To Copy The iPhone'
Mac maker accuses Nokia of infringing on 13 patents
Choosing Email Security Services? Watch Your Step
New Dark Reading Tech Center report offers advice on what to look for -- and what to avoid -- in third-party email security services
Droid Smartphone Hacked
Exploit lets phone users gain administrative root access to Google Android-based phones
Microsoft Acquires Sentillion
Sentillion offers identity and access management systems for healthcare environments
IPSes Require Custom-Tuning For Best Results, Lab Tests Find
Intrusion prevention system products often don't operate at their promised throughput, NSS Labs report finds
Product Watch: Fortify Teams With WhiteHat Security In SaaS Launch
Fortify Software to offer a combination static and dynamic application security testing service
New Verizon Business Report Outlines 15 Most Common Attacks
Keylogging and spyware are among the most commonly-found exploits in breached companies, new Verizon Business report says
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
Is Google Public DNS Safe?
By Darknet on public dns
Google recently launched a public DNS service similar to the popular service over at OpenDNS, you can find it on Googlecode here – http://code.google.com/speed/public-dns/. The first obvious reaction for the infosec crowd (with all the recent DNS flaws), is to question the security of the Google DNS service. HD Moore has done some good...
Read the full post at darknet.org.uk
Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET
By Darknet on XSS
CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual...
Read the full post at darknet.org.uk
Facebook Pushes Out New Privacy Settings
By Darknet on personal data
There have been plenty of stories about Facebook in the past and the latest is about their new privacy system. From what I understand they have abandoned the previous concept of “Networks” and now everyone is open to everyone else. The network system was initially relevant when the site was targeted at only US college students, [...]
Read the full post at darknet.org.uk
CounterMeasures - A Security Blog
Rik Ferguson blogs about current security issues.
2010 – Year of the Zombie Cloud?
By Rik Ferguson on web
2009 has been a notable year for malware and malicious online activity for a number of reasons and several of them relate to what is known as botnets. A zombie, or a bot, is a PC infected by malware that brings it under the remote control of a criminal. Criminals run networks that can range [...]
CNET News - Security
Adobe to patch zero-day Reader, Acrobat hole
By Elinor Mills
That date lets Adobe stick to its quarterly security update schedule. In the meantime, users can disable JavaScript.
Originally posted at InSecurity Complex
Firefox 3.5.6 patches critical security holes
By Stephen Shankland
A memory corruption bug and two issues with Ogg media technology are among the 62 fixes in the latest version of Mozilla's browser.
Originally posted at Deep Tech
Facebook sues men for allegedly phishing, spamming
By Elinor Mills
Facebook's latest lawsuit accuses three men of getting access to Facebook user accounts by phishing and then sending spam from their accounts.
Originally posted at InSecurity Complex
Scammers exploit Google Doodle to spread malware
By Elinor Mills
Latest twist on search engine scam exploits interest in the Google Doodle to send Web surfers to malware-laden Web sites, Barracuda Networks says.
Originally posted at InSecurity Complex
Symantec confirms zero-day Acrobat, Reader attack
By Elinor Mills
Malicious Acrobat PDF is distributed via e-mail attachment that drops Trojan affecting Windows systems when the file is opened.
Originally posted at InSecurity Complex
Adobe investigating Reader, Acrobat exploit reports
By Elinor Mills
Adobe partners warn the company of an exploit in the wild targeting a vulnerability in Reader and Acrobat 9.2.
Originally posted at InSecurity Complex
Amazon EC2 cloud service hit by botnet, outage
By Lance Whitney
Amazon's EC2 cloud service has had to deal with a botnet released through its service and a data center power failure in the same week.
Note to Silicon Valley: How not to manage privacy
By Larry Downes
Stanford Law Fellow Larry Downes says the real problem behind recent privacy gaffes and missteps--including Facebook's--is not of policy but rather of public relations.
Mozilla worker touts Bing over Google, citing privacy
By Ina Fried
In a post on his personal blog, a Mozilla veteran responds to comments by Eric Schmidt on privacy by suggesting that people consider moving to Microsoft's Bing.
Originally posted at Beyond Binary
Trend Micro forecasts future threats
By Lance Whitney
Cloud computing and virtualization are two technologies that cybercriminals may target more heavily next year, predicts security firm Trend Micro in a new report.
Heartland data breach lawsuit dismissed
By Elinor Mills
Court says plaintiffs failed to prove their allegations against payment processor Heartland Payment Systems over massive data breach, according to a report.
Originally posted at InSecurity Complex
CGISecurity - Website and Application Security News
All things related to website, database, SDL, and application security since 2000.
Experimenting With WASC Threat Classification Views: Vulnerability Root Cause Mapping
By Robert A. on XSS
I currently lead the WASC Threat Classification Project and we're expecting to publish our latest version next month. One of the biggest changes between the TCv2 and TCv1 is that we're doing away with single ways to represent the data. In the TCv1 we had a single tree structure to convey appsec...
132,000+ sites Compromised Via SQL Injection
By Robert A. on IndustryNews
Net-Security has posted an article on the discovery of 132k+ sites that have been SQL Injected. From the article "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to...
Posts
No comments:
Post a Comment