Alerts
Feb 23, 2009 (19 hours ago)
from US-CERT Cyber Security Bulletins
Vulnerability Summary for the Week of February 16, 2009
from SANS Internet Storm Center, InfoCON: green
ISC reader Gary wrote in to let us know that searching for oscar presenters and os ...(more)...
Security News
Feb 23, 2009 (13 hours ago)
from CGISecurity - Website and Application Security News by Robert A.
Bryan Sullivan over at Microsoft has published a lengthy article on the advantages of URL writing to prevent certain types of attacks. "Tim Berners-Lee once famously wrote that "cool URIs don't change." His opinion was that broken hyperlinks erode user confidence in an application and that URIs should be designed in...
Feb 23, 2009 (19 hours ago)
from CGISecurity - Website and Application Security News by Robert A.
For the past year in my spare time I've been researching a flaw involving transparent proxies and today CERT has published an advisory for this issue. If you have a vulnerable proxy on your intranet NOW is the time to patch (details of affected vendors in the cert advisory). QBIK New...
Feb 23, 2009 (yesterday)
from CGISecurity - Website and Application Security News by Robert A.
I was reading slashdot and saw that Microsoft has released a paper outlining a new secure browser architecture. From the abstract"Web browsers originated as applications that people used to view static web sites sequentially. Asweb sites evolved into dynamic web applications composing content from various web sites, browsershave become multi-principal operating...
Feb 23, 2009 (13 hours ago)
from McAfee Avert Labs by Lokesh Kumar
For the unaware, Wine is an application that enables users to run Windows applications on Unix like computers. Like many users, I use Wine on my Linux machine to run a couple of Windows applications I cannot do without. I could run these applications either on a virtual machine, or even dual boot with Windows and Linux, but running them in wine is just easier.
6:21 AM (23 minutes ago)
from The Register - Security
Euro search for tech solution
A European Union agency is investigating how to snoop on crooks using Skype and other Voice over Internet Phone services to avoid traditional police wiretaps.…
9:18 PM (9 hours ago)
from The Register - Security
Corvair of computer languages strikes again
Two of the programs submitted in the first round of a competition to find the next cryptographic hash standard contain buffer overflow errors that could make them prone to crashes and security problems.…
Feb 23, 2009 (15 hours ago)
from The Register - Security
Scruples? They've heard of them
More than half - 59 per cent - of US workers made redundant or who left their job last year admitted swiping confidential corporate data, such as customer list, before they left, a new study claims.…
Feb 23, 2009 (15 hours ago)
from The Register - Security
Modest revolution
A consortium of US federal agencies have drawn up a list of critical security controls they hope will serve as a gold standard for cybersecurity.…
Feb 23, 2009 (15 hours ago)
from The Register - Security
By the dozen
Updated Computer networks that use proxy servers to automatically redirect browser connections should be on the lookout for a serious architectural flaw that could allow attackers to remotely access intranets and other website resources that are normally off limits, security experts are warning.…
Feb 23, 2009 (21 hours ago)
from The Register - Security
Stealth variant Sidesteps MS-led takedown effort
Virus authors have released a new variant of the infamous Conficker (Downadup) worm with enhanced auto-update features.…
Feb 23, 2009 (22 hours ago)
from The Register - Security
Not just an end in itself
Tech Panel Last year, Freeform Dynamics surveyed the attitudes of tech professionals into IT security.…
4:48 AM (1 hour ago)
from Network World on Security by M. E. Kabay
Computer scientists Wayne Jansen and Karen Scarfone of the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST) have written a new (October 2008) Special Publication entitled "Guidelines on Cell Phone and PDA Security," which summarizes the security issues and provides recommendations for protecting sensitive information carried on these devices.
4:48 AM (1 hour ago)
from Network World on Security by Tim Greene
There have been two acquisitions over the past weeks that involved NAC vendors.
4:48 AM (1 hour ago)
from Network World on Security by Robert McMillan
A dangerous and unpatched vulnerability in Adobe's PDF-reading software has been around a lot longer than previously realized.
Feb 23, 2009 (yesterday)
from Network World on Security by David Newman and Joel Snyder
Our woes with Network and Security Manager began when we tried to use it to manage the SRX 5800. With eight years of experience using NSM in Opus One’s labs, we were looking forward to the unification of JunOS and ScreenOS management. We started out needing to change IP addresses, a common enough task. For a ScreenOS system, this takes three clicks: two clicks to see a summary interfaces and IP addresses, and third to begin editing.
Feb 23, 2009 (yesterday)
from Network World on Security by Ellen Messmer
Several federal agencies today expressed backing for the "Consensus Audit Guidelines," a set of proposed 20 cybersecurity controls, that could end up as network and application security requirements for federal agencies and their contractors.
Feb 23, 2009 (yesterday)
from Network World on Security by Dave Kearns
When last we spoke I left you thinking about deprovisioning both your people from apps you don't control or your apps from people you don't control. It's a big issue with software-as-a-service (SaaS) and federated provisioning. It was the Burton Group's Ian Glazer who said: "...there should be no reason why deprovsioning from an application like Salesforce.com is any harder than deprovisioning from LDAP." And, in truth, maybe it isn't.
4:48 AM (1 hour ago)
from Network World on Security by Gary Anthes
Jeannette M. Wing is a pioneer in a new discipline called "computational thinking," a term she coined. Computational thinking applies the problem-solving methods of computer science to other disciplines. She's also an authority on "formal methods," mathematically-based techniques for specifying and verifying the correctness of computer hardware and software.
4:48 AM (1 hour ago)
from Network World on Security by Darren Pauli
A 28-year-old police officer will appear in court next month charged with unauthorised access to sensitive police data. The male officer, attached to a Specialist Command, was served with a Court Attendance Notice last week and faces a charge of accessing restricted data held in a police computer. He will appear at Downing Centre Local Court on Thursday March 26.
4:48 AM (1 hour ago)
from Network World on Security by Robert McMillan
A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.
4:48 AM (1 hour ago)
from Network World on Security by Jaikumar Vijayan
Just weeks after Heartland Payment Systems Inc. disclosed what may be one of the largest breaches of payment card data thus far, news is emerging of what could be another major breach involving a payment processing company.
Feb 23, 2009 (17 hours ago)
from Network World on Security by Jeremy Kirk
A Trojan horse lurking on servers belonging to Auctiva.com, a Web site offering eBay auction tools, infected people's PCs last week.
Feb 23, 2009 (17 hours ago)
from Network World on Security by John Edwards
Daniel Flax, CIO at New York-based investment banking and financial services firm Cowen and Co. , relies on cloud computing to automate his company's sales activities. While he's satisfied with cloud technology's potential to lower upfront costs, decrease downtime and support additional services, he admits that he has had to work hard to get a handle on the emerging technology's security weaknesses . "Security is one of the things we've had to come to grips with," he says.
Feb 23, 2009 (17 hours ago)
from Network World on Security by Mike Elgan
Jamming a cell phone is illegal in the U.S. Very illegal. And not just by ordinary citizens. It's illegal for theater and restaurant owners to jam calls, and even state and local police or prison officials. The U.S., in fact, has the strictest laws in the world against jamming cell calls.
Feb 23, 2009 (17 hours ago)
from Network World on Security by Jaikumar Vijayan
Massachusetts officials this month gave companies a second reprieve on complying with new regulations aimed at any entity that stores the personal data of state residents. They also softened a particularly contentious provision requiring businesses to ensure that third parties handling such data are in compliance with the rules.
Feb 23, 2009 (17 hours ago)
from Network World on Security by Jaikumar Vijayan
Los Alamos National Laboratory last week launched a monthlong effort to ensure that computers taken off-site by employees fully comply with the nuclear research facility's information security policies.
Feb 23, 2009 (17 hours ago)
from Network World on Security by Jaikumar Vijayan
For the second time in three months, the University of Florida in Gainesville has acknowledged a major data breach -- and a statement posted on the University's Web site indicates that there was a third, less public, breach discovered by the school during the same period.
Feb 23, 2009 (17 hours ago)
from Network World on Security by John E. Dunn
Tough times could be driving increased competition in enterprise software with the news that BigFix is to undercut its rivals' patch management renewal licensing by up to 50 percent.
Feb 23, 2009 (yesterday)
from Darknet - The Darkside by Darknet
Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues. It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one. This time it’s a zero-day just hit and [...]
Read the full post at darknet.org.uk
Feb 23, 2009 (17 hours ago)
from SANS Internet Storm Center, InfoCON: green
Malware which comes with its own hosts file to install in \system32\drivers\etc\hosts is ...(more)...
Feb 23, 2009 (18 hours ago)
from SecurityFocus News
Another payment firm breached, details few
Feb 23, 2009 (19 hours ago)
from SecurityFocus News
Attackers exploit unpatched Acrobat flaw
Feb 23, 2009 (22 hours ago)
from SANS Press Room
Consensus Audit Guidelines: Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance
Feb 23, 2009 (22 hours ago)
from SANS Press Room
GIAC Honors Paper Computer Forensics Investigation Analyze an Unknown Image
Feb 23, 2009 (22 hours ago)
from SANS Press Room
Press Release: New Standard for GIAC Certification and Upgrades To SANS On-Line Training
11:10 PM (7 hours ago)
from Ars Technica - Front page content by jtimmer@arstechnica.com (John Timmer)
The recent American Association for the Advancement of Science meeting included a session entitled "Science for Public Confidence in Election Fairness and Accuracy" and, as might be expected, computer science made a significant appearance. Ed Felten of Princeton, whose work in the area we've covered extensively, spoke and emphasized the limits of what computer science can do, and how the ultimate goal should be to ensure that electronic voting systems are verifiable and auditable. Of course, that raises the question of what you do with the auditing information, which is where Arlene Ash, a biostatistician at Boston University's School of Medicine, came in. It turns out that we already have excellent statistical tools for detecting problematic patterns of voting—the legal system just chooses to ignore them.
Feb 23, 2009 (15 hours ago)
from Ars Technica - Front page content by jhruska@arstechnica.com (Joel Hruska)
Last week, we covered a so-called Nigerian scam in which a group of thieves eschewed the standard approach of pretending to be your great-grandmother's sister's former roommate, and instead went directly after state coffers. Now there's news that some would-be fraudsters are turning up their collective noses at the thought of robbing a mere state, and are instead going after entire countries. Given the severity of jail sentences and the dim view federal judges take of those who would steal the wealth of nations, the grand-scale carnival shysters are playing an extremely high-stakes game.
Feb 23, 2009 (14 hours ago)
from Wired Top Stories by Kim Zetter
Financial institutions are alerted to yet another successful hack attack on a credit and debit card processor. Not surprisingly, nobody's identifying the company at fault.
Feb 23, 2009 (13 hours ago)
from PC World Latest Technology News
The fake application attempt to steal personal information for ID fraud.
Other News
Feb 23, 2009 (19 hours ago)
from PC World Latest Technology News
Ubuntu will target cloud computing with October release, company CEO says.
Posts
