News
- Apple's Ping dinged by spam3 September 2010, 10:01 am
The new iTunes-based social network is getting hit by comment spam since Apple apparently left it vulnerable through a lack spam or URL filtering, according to Sophos.... - U.N. exec: Cyberwar could be 'worse than tsunami'3 September 2010, 9:28 am
Proposal for a global "cyberpeace" treaty has met "a lot of resistance" from industrialized nations, says head of U.N.'s International Telecommunication Union.... - Facebook adds new remote log-out security feature2 September 2010, 4:30 pm
Facebook users who log in from multiple devices will soon have a way to make sure they are only logged in on the computer they are currently using.... - Nigerian scam tops list of decade's online cons2 September 2010, 1:16 pm
Notices of winning the lottery and requests from Russian women who want to know you better are also up there on Panda Security's ranking of decade's top Net swindles.... - India wants local servers from RIM, Google, Skype2 September 2010, 12:45 pm
India plans to ask the three companies to set up local servers in the country so that security agencies can monitor customer communications.... - Twitter plans to record all links clicked2 September 2010, 2:33 am
In a move that could raise privacy concerns, the microblogging site said Wednesday evening that it will record and analyze every link users click on when using its Web site or any of the thousands of third-party apps.... - China requires cell phone subscriber IDs1 September 2010, 7:40 pm
New subscribers are asked for identification and existing subscribers are being encouraged to register their IDs with their numbers in what the Chinese government calls a crackdown on spam and fraud.... - Quantum crypto cracked, researchers say1 September 2010, 1:48 pm
Researchers claim to have cracked the quantum cryptography equipment used to cloak highly sensitive communications by banks and defense agencies.... - Sweden reopens rape probe of Wikileaks founder1 September 2010, 12:35 pm
After dropping a rape case against Wikileaks founder Julian Assange last month, Sweden is reopening it for further investigation, according to reports.... - Cars: The next hacking frontier?31 August 2010, 2:07 pm
Efforts to make autos safer and more energy efficient with embedded computers and wireless technologies are also increasing security risks, experts say....
- Facebook glitch let spammer post to walls3 September 2010, 3:21 pm
A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week.... - HP buys 3Par, Apple rolls out new gear3 September 2010, 2:55 pm
Hewlett-Packard swooped in with the better bid to overtake Dell and win 3Par, so now we can all sit back and wait for the next acquisition battle to roll around. Meanwhile, Apple debuted updated iPods and Apple TV to entertain us, among other IT news stories of the week.... - Nigerian advance-fee scammer gets 12 years3 September 2010, 2:12 pm
A Nigerian advance-fee scammer, Okpako Diamreyan, has been sentenced to 12 years in prison by a federal judge.... - Investigators find famous DJ's credit card details for sale3 September 2010, 12:28 pm
Armin Van Buuren is one of the world's most well-known trance music DJs. He also apparently has had his credit card details stolen.... - Apple had two months to fix critical QuickTime bug, says researcher3 September 2010, 11:08 am
A critical bug in QuickTime was reported to Apple two months before a second researcher independently revealed the vulnerability this week, the director of a bug bounty program said Friday.... - Consumer group lampoons Google CEO over privacy issues3 September 2010, 9:01 am
Consumer Watchdog, a group that has been a sharp critic of Google's privacy practices in the past, is at it again.... - More Security News
View more Security news and analysis from Computerworld.com...
- Drive to get more women into IT5 September 2010, 10:19 pm
LENA Wilson, the chief executive of Scottish Enterprise, will tomorrow preside over the launch of a new group aimed at growing the number of women taking leading roles in the technology sector. The Scotland Women in Technology (SWiT) group, backed by Cisco, Dell, IBM, HP, Scottish Enterprise and Oracle, aims to redress the declining number of women making a career in IT. It is estimated that this may be one reason why Scotland currently lags the UK by 30 per cent on productivity gains derived f...
- UK IT admin jailed for selling spy secrets to the Dutch5 September 2010, 10:17 pm
A software engineer who had worked for the security services has been jailed for a year after he was found guilty of trying to sell classified information. Daniel Houghton, 25, of Hoxton in east London, pleaded guilty to two offences under the Official Secrets Act. While working at MI6 as a £23,000 per year software engineer he copied over 7,000 files onto a USB memory stick containing staffing lists for the security services operating abroad. Houghton tried to sell the data to the Dutch s... - Nasty Data-Stealing Bug Haunts Internet Explorer 85 September 2010, 9:57 pm
There');" href="http://www.hackinthebox.org/index.php?name=News&file=article&sid=37754" >Nasty Data-Stealing Bug Haunts Internet Explorer 85 September 2010, 9:57 pm
There's an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user's authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets. The vulnerability can be exploited through an attack scenario known as cross-domain theft, and researcher Chris Evans originally brought the problem to light in a b... - TSA accidentally reveals airport security secrets5 September 2010, 9:55 pm
The Transportation Security Administration inadvertently revealed closely guarded secrets related to airport passenger screening practices when it posted online this spring a document as part of a contract solicitation, the agency confirmed Tuesday. The 93-page TSA operating manual details procedures for screening passengers and checked baggage, such as technical settings used by X-ray machines and explosives detectors. It also includes pictures of credentials used by members of Congress, CIA e... - Microsoft Claims Silverlight Beats HTML55 September 2010, 9:54 pm
While acknowledging the importance of HTML5, Microsoft stressed this week that its Silverlight rich Internet technology extends the Web beyond what HTML5 allows. Standards-based multimedia features offered by HTML5 have taken the spotlight lately from proprietary technologies, such as Silverlight and Adobe's Flash. But Silverlight still has a purpose in the wake of HTML5's emergence, said Microsoft's Brad Becker, director of product management for Developer Platforms, in a blog entry entitled "... - Malaysian web crackdown5 September 2010, 9:53 pm
Malaysia has formed a taskforce to scour the internet for blog postings deemed harmful to national unity, in the latest action against new media. The Home Ministry's deputy secretary-general for security, Abdul Rahim Mohamad Radzi, said the unit would involve the police, internet regulators, the Information Ministry and the Attorney-General's chambers. ''It is a mechanism that will co-ordinate these various agencies to help monitor what is being said in cyberspace and to take action against th... - Accidental Pirate tightens disclosure rule5 September 2010, 9:52 pm
The pro-copyright lobby group behind the Accidental Pirate website has changed a legal clause that allowed it to disclose the personal information of users to any third party. iTnews reported earlier this week that the clause had raised suspicions that the site - billed as a means to educate users about piracy habits - was a ‘honeypot' or trap to implicate respondents in illicit activity, with the information handed to law enforcement for anti-piracy investigation. Users had been asked to... - Music execs gunning for Android iTunes rival5 September 2010, 9:46 pm
If you don');" href="http://www.hackinthebox.org/index.php?name=News&file=article&sid=37749" >Music execs gunning for Android iTunes rival5 September 2010, 9:46 pm
If you don't like Apple's arrogant presence and its mindset that being its customer is a privilege, you're not alone. Music companies are very eager to get on Google's side as it seems more likely that a new service will launch on Android. In a Los Angeles Times blog post, Warner Music Group senior adviser Jac Holzman was quoted as saying, "Google has smart people, and they recognize record companies need to be more than just suppliers. The attitude that you bring to the table is clearly the fi... - Mark Hurd may take job at Oracle, report says5 September 2010, 9:45 pm
When Mark Hurd resigned unexpectedly from Hewlett-Packard last month he found an outspoken supporter in the form of Oracle CEO Larry Ellison. It appears now that Hurd may end up working for Ellison, according to a report Saturday in the Wall Street Journal. Hurd is in talks with Oracle to take a top executive position at the company, the Journal reported, citing unnamed sources. It wasn't clear what job he might take but it would not be that of the CEO, since Ellison does not plan to leave that... - PS3 jailbreak adapted to Nokia N900, Palm Pre5 September 2010, 9:44 pm
Two weeks ago you'd have to pay an Australian importer for a specialized USB key. Four days ago open-source software let you roll your own. Today, there's no need for any of that -- you can hack your PS3 with a tethered smartphone. Working closely with the PSGroove team, hacker Kakaroto adapted the same jailbreak to the Nokia N900, and the open-source community lost no time porting it to the Palm Pre as well. If the videos after the break are any indication, both versions work just as well as th...
- Facebook Becomes A Favorite Target Of Phishers
Due to widespread concerns about its thoughts on users');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/0nMNc4mDXzU/spn-45-20100513FacebookBecomesAFavoriteTargetOfPhishers.html" >Facebook Becomes A Favorite Target Of Phishers
Due to widespread concerns about its thoughts on users' privacy, Facebook has been under all sorts of fire lately, facing criticism from U.S. senators, European data protection authorities, and many tech experts. Now, yet another problem's cropped up, as Facebook's been called a top target of phishers.Facebook Becomes A Favorite Target Of Phishers The Securelist division of Kaspersky Labs issued a report yesterday, and the identities of the top three organizations that have been targeted by phi... - Google Goes After Impersonator Scammers
As huge corporations go, Google');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/g97fJ7n0joY/spn-45-20091208GoogleGoesAfterImpersonatorScammers.html" >Google Goes After Impersonator Scammers
As huge corporations go, Google's a pretty cuddly one, but according to the search giant itself, everyone should be careful about offers of employment or wealth that involve its name. "Google Money" scammers represent a growing problem that the company is trying to combat.Google Goes After Impersonator Scammers A post on the Official Google Blog announced today, "[D]espite hundreds of consumer complaints and our own efforts to keep these sites from tricking people, some scams continue. To figh... - Senate Uncovers Online Credit Card Tricks
A report issued by a U.S. Senate committee only uses the word');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/pEPbh6qgaL8/spn-45-20091118SenateUncoversOnlineCreditCardTricks.html" >Senate Uncovers Online Credit Card Tricks
A report issued by a U.S. Senate committee only uses the word "scam" when quoting different consumers; the report's title employs the phrase "aggressive sales tactics," instead. Still, it looks like a number of big online companies have been caught profiting off people's confusion.Senate Uncovers Online Credit Card Tricks An investigation ordered by Senate Commerce Committee Chairman John D. Rockefeller IV discovered that Affinion, Vertrue, and Webloyalty "gain access to online consumers by ent... - McAfee: Cyberwarfare A Big Threat
It might not be long before we return to the days of schoolchildren diving under their desks in warfare preparedness drills. Only now, instead of hiding from nukes, the kiddos may be unplugging their computers, since McAfee has indicated that a cyberarms race is taking place.McAfee: Cyberwarfare A Big Threat Dave DeWalt, the president and CEO of McAfee, said in a statement, "[S]everal nations around the world are actively engaged in cyberwar-like preparations and attacks." These include China,... - ICSA Labs Finds Flaws In New Security Products
It');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/Ny0khi5U8eo/spn-45-20091116ICSALabsFindsFlawsInNewSecurityProducts.html" >ICSA Labs Finds Flaws In New Security Products
It's sometimes fun to be an early adopter, as the long lines and waitlists for things like iPhones and the new Camaro have proven. But where security products are concerned, do yourself a favor and let other folks go first, since a fresh report indicates that it can take more than a single try to get things right.ICSA Labs Finds Flaws In New Security Products ICSA Labs, which is based in Pennsylvania and has been around for 20 years, tests and sometimes certifies products. Emphasis on "sometim... - Nigeria Announces Early Results Of Anti-Scammer Initiative
No one');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/VeccsSnoZos/spn-45-20091023NigeriaAnnouncesEarlyResultsOfAntiScammerInitiative.html" >Nigeria Announces Early Results Of Anti-Scammer Initiative
No one's sure how many there are to go, but according to a Nigerian official, there are about 800 scam email addresses and 18 criminals that can be considered "down." Mrs. Farida Waziri, the chairperson of a government agency, announced that some shutdowns and arrests occurred thanks to an initiative called Project Eagle Claw.Nigeria Announces Early Results Of Anti-Scammer Initiative Nigeria's Economic and Financial Crimes Commission is the force behind Project Eagle Claw, and with Microsoft's ... - MessageLabs Names Most- (And Least-) Spammed States
When considering where to live, it');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/myijja8cvVA/spn-45-20090925MessageLabsNamesMostAndLeastSpammedStates.html" >MessageLabs Names Most- (And Least-) Spammed States
When considering where to live, it's wise to look up stats about an area's climate, the cost of living, and its proximity to other important stuff in your life. Symantec's MessageLabs recently supplied some information about your odds of getting spammed, too.MessageLabs Names Most- (And Least-) Spammed States Somewhat surprisingly, the states you might imagine as being the "most wired" - California, New York, Washington - weren't at the top of the list. Instead, the state in which spam represe... - Enormous Malware Archive Creates Stir
A Dutch company known as the Frame4 Group has created what');" href="http://feedproxy.google.com/~r/SecurityProNews/Jbwo/~3/Y38VYBPekP0/spn-45-20090910EnormousMalwareArchiveCreatesStir.html" >Enormous Malware Archive Creates Stir
A Dutch company known as the Frame4 Group has created what's almost the computing equivalent of a Center for Disease Control lab. The Malware Distribution Project is, according to its own site, the "world's biggest private malware archive." Enormous Malware Archive Creates Stir Don't jump to the conclusion that the project's run by a bunch of supervillains; the malware samples are supposed to be "offered for the purposes of analysis, testing and malware research." Also, customers are s... - Avsim Hacker (Maybe) Brought Before Cops
Perhaps people who like to spend their spare time in the cockpits of imaginary F-16s should be left alone. The man in charge of a flight simulator site that was attacked claims to have identified the hacker and forwarded information to the authorities. Avsim Hacker (Maybe) Brought Before Cops Avsim is one of the best-known flight sim communities in existence. It's been around for a long time, too. Unfortunately, a hacker managed to wipe about a decade's worth of modification info and ... - Email Password Hackers Present Real Threat
The next time you have something really important to tell someone, consider whether a drive over to his or her house wouldn't be a nice way of spending a few minutes. One reporter has found that it's quite easy (and perhaps all too common) for people to buy email accounts' passwords from hackers. Email Password Hackers Present Real Threat Tom Jackman wrote in an article for the Washington Post, "[S]ervices as YourHackerz.com are still active and plentiful, with clever names like 'pirate...
- Infocon: green
US Department of Defense and National Policy... - US Department of Defense and National Policy, (Sun, Sep 5th)5 September 2010, 2:10 pm
A recent article released by the US Department of Defense (DoD) spoke of the worst compromise in DoD ...(more)...... - What's not to Like about "Like?", (Sat, Sep 4th)4 September 2010, 2:46 pm
Get off of my lawn! I admidt that I have a suspicous, curmedgeonly strea ...(more)...... - Investigating Malicious Website Reports, (Sat, Sep 4th)4 September 2010, 1:18 pm
This morning we received a report from Holger about a website that was triggering ale ...(more)...... - Apple Releases Two Security Updates (One for OSX, One for iTunes) : http://support.apple.com/kb/HT4312 and http://support.apple.com/kb/HT4328, (Fri, Sep 3rd)3 September 2010, 3:56 pm
...(more)...... - Microsoft EMETv2 released, (Thu, Sep 2nd)2 September 2010, 3:00 pm
Today, Microsoft released a new version of their Enhanced Mitigation Experience Toolkit. ...(more)...... - SDF, please!, (Thu, Sep 2nd)1 September 2010, 8:50 pm
We're under a targeted malware attack!, a friend of mine yelled into the phone. We ...(more)...... - Month of Undisclosed 0-day Bugs, (Wed, Sep 1st)1 September 2010, 4:05 pm
As a heads up, the Exploit Database (exploit-db.com) is publish a month of undisclosed 0day bugs fro ...(more)...... - Microsoft issues updates to sysinternals ProcDump and Process Monitor: http://blogs.technet.com/b/sysinternals/archive/2010/08/30/updates-procdump-process-monitor-and-a-new-mark-s-blog-post.aspx, (Wed, Sep 1st)1 September 2010, 12:29 pm
...(more)...... - VMWARE releases 2 security advisories for ESX Service Console: http://lists.vmware.com/pipermail/security-announce/2010/000103.html and http://lists.vmware.com/pipermail/security-announce/2010/000104.html, (Wed, Sep 1st)1 September 2010, 12:26 pm
...(more)......
- Friday Squid Blogging: Squid Car3 September 2010, 5:58 pm
Squid car.... ... - UAE Man-in-the-Middle Attack Against SSL3 September 2010, 7:27 am
Interesting: Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more... ... - Successful Attack Against a Quantum Cryptography System2 September 2010, 2:46 pm
Clever: Quantum cryptography is often touted as being perfectly secure. It is based on the principle that you cannot make measurements of a quantum system without disturbing it. So, in theory, it is impossible for an eavesdropper to intercept a quantum encryption key without disrupting it in a noticeable way, triggering alarm bells. Vadim Makarov at the Norwegian University of... ... - Cyber-Offence is the New Cyber-Defense2 September 2010, 8:33 am
This is beyond stupid: The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary');" href="http://www.schneier.com/blog/archives/2010/09/cyber-offence_i.html" >Cyber-Offence is the New Cyber-Defense2 September 2010, 8:33 am
This is beyond stupid: The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas—but it is still wrestling with how to pursue the strategy legally. The department is developing a range of weapons capabilities, including tools that would allow "attack and exploitation of... ... - Wanted: Skein Hardware Help1 September 2010, 2:17 pm
As part of NIST');" href="http://www.schneier.com/blog/archives/2010/09/wanted_skein_ha.html" >Wanted: Skein Hardware Help1 September 2010, 2:17 pm
As part of NIST's SHA-3 selection process, people have been implementing the candidate hash functions on a variety of hardware and software platforms. Our team has implemented Skein in Intel's 32 nm ASIC process, and got some impressive performance results (presentation and paper). Several other groups have implemented Skein in FPGA and ASIC, and have seen significantly poorer performance. We... ... - More Skein News1 September 2010, 7:01 am
Skein is my new hash function. Well,');" href="http://www.schneier.com/blog/archives/2010/09/more_skein_news.html" >More Skein News1 September 2010, 7:01 am
Skein is my new hash function. Well, "my" is an overstatement; I'm one of the eight designers. It was submitted to NIST for their SHA-3 competition, and one of the 14 algorithms selected to advance to the second round. Here's the Skein paper; source code is here. The Skein website is here. Last week was the Second SHA-3 Candidate Conference.... ... - Eavesdropping on Smart Homes with Distributed Wireless Sensors31 August 2010, 1:39 pm
');" href="http://www.schneier.com/blog/archives/2010/08/eavesdropping_o_4.html" >Eavesdropping on Smart Homes with Distributed Wireless Sensors31 August 2010, 1:39 pm
"Protecting your daily in-home activity information from a wireless snooping attack," by Vijay Srinivasan, John Stankovic, and Kamin Whitehouse: Abstract: In this paper, we first present a new privacy leak in residential wireless ubiquitous computing systems, and then we propose guidelines for designing future systems to prevent this problem. We show that we can observe private activities in the home... ... - High School Teacher Assigns Movie-Plot Threat Contest Problem31 August 2010, 7:42 am
In Australia: A high school teacher who assigned her class to plan a terrorist attack that would kill as many innocent people as possible had no intent to promote terrorism, the school principal said yesterday. The Year-10 students at Kalgoorlie-Boulder Community High School were asked to pretend they were terrorists making a political statement by releasing a chemical or biological... ... - Misidentification and the Court System30 August 2010, 1:05 pm
Chilling: How do most wrongful convictions come about? The primary cause is mistaken identification. Actually, I wouldn');" href="http://www.schneier.com/blog/archives/2010/08/misidentificati.html" >Misidentification and the Court System30 August 2010, 1:05 pm
Chilling: How do most wrongful convictions come about? The primary cause is mistaken identification. Actually, I wouldn't call it mistaken identification; I'd call it misidentification, because you often find that there was some sort of misconduct by the police. In a lot of cases, the victim initially wasn't so sure. And then the police say, "Oh, no, you got the... ... - Security Theater on the Boston T30 August 2010, 6:31 am
Since a fatal crash a few years ago, Boston T (their subway) operators have been forbidden from using -- or even having -- cell phones while on the job. Passengers are encouraged to report violators. But sometimes T operators need to use their official radios on the job, and passengers can');" href="http://www.schneier.com/blog/archives/2010/08/security_theate_4.html" >Security Theater on the Boston T30 August 2010, 6:31 am
Since a fatal crash a few years ago, Boston T (their subway) operators have been forbidden from using -- or even having -- cell phones while on the job. Passengers are encouraged to report violators. But sometimes T operators need to use their official radios on the job, and passengers can't tell the difference. The solution: orange tape: The solution?... ...
- Microsoft upgrades free app security tool3 September 2010, 4:29 pm
Microsoft released this week an upgrade to a tool that helps secure applications for the Internet without having to recode them.... - Women perform well on Defcon social engineering test3 September 2010, 8:30 am
Of the 135 people Fortune 500 employees targeted by social engineering hackers in a recent contest only five of them refused to give up any corporate information whatsoever. And guess what? All five were women.... - Secunia security program automatically tracks down, applies patches3 September 2010, 7:48 am
Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test,... - Skyrocketing viruses, less danger?2 September 2010, 12:32 pm
In 2008, antivirus firm Sophos processed about 20,000 "new" pieces of malware every day.... - Global spam hits all-time high1 September 2010, 2:07 pm
Spam hit an all-time high this year, with more unwanted messages pouring in from a smorgasbord of countries, thanks in part to globalization. Such are the findings of a recent and comprehensive report on all things security-related from IBM X-Force.... - Microsoft still mum on programs prone to DLL hijacking attacks1 September 2010, 8:13 am
Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread "DLL load hijacking" attacks. Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications.... - Eight great virtual appliances for VMware, free for the downloading1 September 2010, 6:00 am
Virtual appliances are great for the same reasons physical appliances took the IT world by storm: They make deployment a snap -- even instantaneous -- while at the same time reducing costs. It's a formula that made hardware-based appliances immensely popular for network security, backup, storage networking, file services, email, and many other single-focus solutions.... - What it takes to shut down a botnet31 August 2010, 12:08 pm
A botnet shutdown makes for a great story.... - Google disputes bug patching report31 August 2010, 9:20 am
Google on Monday said that a recent report claiming it failed to patch a third of the serious bugs in its software had the facts wrong. IBM's X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated "critical" or "high" in its online services.... - Scammers prey on required Twitter update31 August 2010, 8:31 am
Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software. On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe....
- Experimental Review of IPSec Features to Enhance IP Security26 July 2010, 12:00 am
Shilpa Nandamuri writes this paper that discusses IPSEC, how it works and touches on IKE, AHs and ESP for those not familair with it.... - Cloud Computing – Storm Clouds or is it Smooth Flying?20 April 2010, 12:00 am
Cary Whitaker writes about the concerns of Cloud Computing and gives some great reasons to take it seriously.... - The Evolving World of Computer Security and Laws19 April 2010, 12:00 am
Jashua Garris writes about Information Security and laws, citing specific cases to demonstrate the importance of a solid security program.... - Web Access Management and Single Sign-On16 April 2010, 12:00 am
Dale Huggins takes a look at Single Sign On solutions for web aaplications.... - Reverse Honey Trap6 April 2010, 12:00 am
Aditya Sood and Rohit Bansal contribute with this great paper that looks into striking inside antivirus engines and analyzers.... - The Phishing Guide1 February 2010, 12:00 am
A comprehensive paper on a newer information security threat known as Phishing.... - Shedding Light on Quantum Cryptography14 August 2009, 12:00 am
Curby Simerson submits this paper on the introduction to Quantum Cryptography.... - Securing a Virtual Environment22 April 2009, 12:00 am
In this paper, written by Brian Fowler, we will take a look at exactly what virtualization is, as it is applies to servers and desktops. Through this we will learn of the various problem and vulnerabilities that virtualization will cause.... - Investigating the SANS/CWE Top 25 Most Dangerous Programming Errors List21 April 2009, 12:00 am
Fred Williams submits this paper on 25 of the most dangerous programming erros and will provide education to software developers, testers and project management that will lead to more secure software for the most sensitive customer facing web applications.... - Hacking Tools & Techniques and How to Protect Your Network from Them20 April 2009, 12:00 am
Aaron Sigmon submits his research paper on Hacking Tools & Techniques and How to Protect Your Network from Them....
- The Winlock numbers, the Winlock laws3 September 2010, 8:48 am
While Eugene’s busy taking bets (wonder how much he’s going to make?), I’ve been having a think about the Winlock case.Russian law enforcement is estimating that the bad guys could have raked in as much as $1 billion. While it’s difficult to be certain about the exact amounts involved (obviously they spread their money across a lot of different accounts to avoid attracting attention), a little bit of simple math makes me think this figure isn’t as crazy as it might ... - Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem2 September 2010, 5:35 pm
The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.Some groups have been arrested. Some have had their operations and entire call support centers shut down. Some groups attracted too much attention, picked off the low hanging fruit and eventually walked away from their botnets. In some cases, the groups just weren't very skilled at developing anti-anti-ma... - The Winlock case - I'm taking bets!31 August 2010, 10:25 pm
Interesting news on Trojan SMS Blockers (Winlock etc). These programs block Windows and demand a ransom in the form of a text message which is sent to short number for a fee. It's a very popular type of racket at the moment, both in Russia and a few other countries. The whole affair has now reached the General Prosecutor’s office of Russia – the criminals have been identified and detained (or so it seems) and will be prosecuted in Moscow soon.Altogether the criminals have earned an e... - Twitter goes OAuth-only (Yay for security!)31 August 2010, 12:42 pm
In a long overdue move, Twitter turned off basic authentication for third-party applications, while enforcing OAuth for all apps. This is a move that should be applauded by anyone concerned about the security of their Twitter account.This latest move covers a potential vulnerability in the process of giving read/write access to third-party applications, which could lead to a Twitter account being compromised. Well, not anymore. You don't need to give your username and password to third-party de... - Gumblagra and a piano31 August 2010, 12:01 am
Since the beginning of August, our Japan office has seen 900+ mails of a certain kind in their spam traps.We noticed two common patterns in all of the mail. First, the links in these spammed messages all point to compromised servers. Also, the file names of the redirectors are all dictionary words followed by two digits. The files redirect the users to online pharmacy sites and fake watch stores. Here is a screen capture of a directory hosted on one of these online sites:You might wonder why thi... - Who needs my SQL server?25 August 2010, 9:40 am
We all know that cybercriminals will target anything and everything they can reach. And at Kaspersky, we also know that a lot of IT admins don’t look after their Internet resources. Sad but true – ask an admin if their servers are protected, and you’ll often get the answer, "Oh, come on, who needs my SQL server?"A few months ago we set up a new honeypot (http://www.mwcollect.org) in our Japanese research centre in Tokyo. The honeypot is mainly used to collect malicious Windows... - New IM Worm Squirming in Latin America23 August 2010, 5:26 pm
Whenever we discuss the most activemalware-producing countries, Russia, China and Brazil are always atopthe list. But there’s a new countrythat’s starting to appear in the top five: MexicoIn our monthly Latin America malware analysis published on Viruslistand Threatpost(both in Spanish), we already mentioned that Mexico is knownfor producing local botnets.On Aug 21, we (Kaspersky Lab) detected a new instant messenger wormthat spreads through almost all well-known IM progra... - Whitelisting - how it protects us13 August 2010, 11:21 am
Malware writers are inventing new attacks regularly - but the anti-virus industry invents new protection techniques just as regularly. Whitelisting is on of the newer protection technology which are now standard in Internet Security products. It sounds positive, but how does it actually work? Does it overload your computer? How can developers whitelist their programs? Will whitelisting replace other protection technologies?Join Andrey Nikishin, Director of Cloud and Content Technology Research, ... - Oops they did it again!10 August 2010, 11:56 am
It seems the BBC has been dabbling in the world of malware ... again. They have reported that they have created a smartphone application that is also able to spy on the activities of the person using a compromised handset.Readers of the blog may remember that the Beeb has something of a history in this area. They raised eyebrows in March 2009 when they 'acquired' a botnet. Shortly after this they also bought personal information, including credit card numbers, from a 'broker' of such data in ... - First SMS Trojan for Android10 August 2010, 11:29 am
I think the title of this post speaks for itself. Trojan-SMS.AndroidOS.FakePlayer.a passes itself off as a media player application. If the user chooses to install it, this icon with the name "Movie Player" will appear in the list of applications:The malware sends SMS messages to two premium rate numbers 3353 and 3354, with each message costing approximately $5. It does this stealthily, without requiring any confirmation from the device owner....
- Defacements Statistics 2008 - 2009 - 2010*26 May 2010, 9:25 pm
When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period. What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the pas... - Twitter and Baidu hijacked by "Iranian Cyber Army"13 January 2010, 10:27 am
You probably read that story somewhere last month, on December 17 2009 Twitter');" href="http://www.zone-h.org/news/id/4733" >Twitter and Baidu hijacked by "Iranian Cyber Army"13 January 2010, 10:27 am
You probably read that story somewhere last month, on December 17 2009 Twitter's homepage has been replaced by this message: "Iranian Cyber Army THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY iRANiAN.CYBER.ARMY@GMAIL.COM U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To…. NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA? WE PUSH THEM IN EMB... - E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)22 November 2009, 5:11 am
In case you didn');" href="http://www.zone-h.org/news/id/4731" >E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)22 November 2009, 5:11 am
In case you didn't understand, this is the solution of our *crypto* jeopardy game posted in the last news. We received a notice that on WikiLeaks somebody uploaded an interesting document. It's a PDF file, called Project Ethan (after Tom Cruise's Mission Impossible caracther?) and it refers to E2-labs very recent plans to open in India an educational and IT security franchise network.... - Crypto message for E2-Labs22 November 2009, 5:11 am
This is a crypto-message for E2-Labs Mr. Zaki Qureshey. Are your *skills* good enough to decrypt it? If not, stay tuned and the solution will be revealed to you (and to the Indian community as well...... - AIRPORT MADNESS: SECURITY OR INSANITY?15 November 2009, 5:11 am
Today, I was flying from London Gatwick to Milan Malpensa with my girlfriend and our two kids and I witnessed the maddest airport security procedures ever. You certainly remember, a few years ago the incident at the Heathrow airport, those presumed terrorists carrying liquid bombs and threatening sacred Queen's airspace. The trial of the three suspected ended with several shadows. Nevertheless since then we cannot carry anymore liquids, creams, deodorants in volume larger than 100ml. As if... - EXCLUSIVE VIDEO: Zaki Qureshey boasting having helped Kuwait US Embassy to hack Iraqi networks8 November 2009, 5:11 am
E2-labs founder and manager, Mr. Zaki Qureshey confesses his dark hacker past in front of Ivory Coast government representatives and key multinational officials, setting the new bar and the highest standard for "colorful marketing" During this meeting, the India's renowned hacker and futurologist sets new standards also in history, geography and mathematics. After each of the two videos, some of our comments and highligts Mr.... - Skeletons in Hyderabad's cyber-closet - PART TWO7 November 2009, 5:11 am
INTERVIEW WITH DARREN WARREN, THE HACKER LURED BY E2-LABS TO HACK INDIAN GOVERMENT COMPUTER SYSTEMS. WARNING: this is not a satirical article. Everything what you are about to read happened for real. The name of the real hacker has been changed, but he is willing to reveal himself and will testify under oath in an India court of law, that the following is a true statement of fact. Zone-H: Hello Mr. Darren Warren, we are going to call you by that in this interview, as this w... - BREAKING NEWS: India's mourning its Cyber Crime Squad members6 November 2009, 5:11 am
BREAKING NEWS SEVERAL E2-LABS CYBERCRIME SQUAD MEMBERS REPORTED MISSING IN ACTIONS, SEVERAL OTHERS CRITICALLY INJURED - NATIONAL CALL FOR BLOOD DONORS Several of the brave E2-labs' Cyber Crime Squad members are reported missing in action. The accident happened today at road n.2 of Banjara Hills, Hyderabad.... - Case study: are traditional financial fraud schemes applicable to the Indian IT educational market?5 November 2009, 5:11 am
Today we indulge ourself in a pure hypothethical activity by analyzing whether it would be possible to apply traditional financial fraud schemes to India's educational market. We agree, it might look a mere academic work but later on we might find out that it makes much more sense that what we originally thought.... - Skeletons in Hyderabad's cyber-closet - PART ONE?4 November 2009, 5:11 am
Once upon a time, back in year 2003 the Indian newspaper The Times of India published a strange article titled "Hackers strike sites at will, govt helpless" The story was about an American hacker (named Derren Warren, the name in the article was changed by his request) hired by an undisclosed security company located in Hyderabad. The manager of this company asked Derren to perform hacking activites against India's critical government servers, being this job covered by a regular penetra...
- Acquisitions, Social Networking and Other Security News From the Week5 September 2010, 11:25 am
A recap of a week of IT security news that included talk of acquisitions by CA Technologies and 3M as well as security moves by Facebook and Twitter. - Acquisitions, social network security and Google privacy were among the top items on the menu in IT security news this past week. CA Technologies started the week off by announcing plans to purchase Arcot systems for its fraud prevention technology. Arcot develops software-based digital signature ... ... - Google Pays .5M to Settle Buzz Privacy Lawsuit5 September 2010, 7:05 am
Google will pay .5 million to settle a class-action lawsuit that argued its Google Buzz social Web service violated users');" href="http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/NhBKAySsHuQ/" >Google Pays $8.5M to Settle Buzz Privacy Lawsuit5 September 2010, 7:05 am
Google will pay $8.5 million to settle a class-action lawsuit that argued its Google Buzz social Web service violated users' privacy when it launched in February. - Google will shell out $8.5 million to settle a class-action lawsuit with seven people who argued the Google Buzz social service violated users' privacy. Google appeared to launch Buzz Feb. 9 with good intentions, allowing users to opt in to a service that lets users share and discuss links, pho... ... - Google Privacy Policy Update Targets Simplicity4 September 2010, 8:22 pm
Google is updating its privacy policy to make it "more transparent and understandable." The changes will go into effect next month. - Google is reworking its privacy policy in the name of simplicity. Google Associate General Counsel Mike Yang announced Friday that the search engine giant is making revisions to its policy to make it more comprehensible to regular users. “Long, complicated and lawyerly that's what most people th... ... - Internet Scammer Gets Nearly 13 Years for $1.3M Fraud3 September 2010, 4:10 pm
A Nigerian man gets sentenced to 151 months in prison for a scam that stole $1.3 million from victims. - Okpako Diamreyan, a Nigerian citizen, was sentenced Sept. 1 to nearly 13 years in prison for masterminding an quot;advanced fee quot; scam that cost his victims $1.3 million. According to the U.S. Department of Justice, Diamreyan was also ordered to pay more than $1 million in restitution to ... ... - College Data Breaches Underscore Security Challenges3 September 2010, 1:08 pm
Security pros are talking about the challenges educational institutions face when it comes to protecting user data. - The University of Virginia reportedly fell victim to a cyber-attack the week of Aug. 23 that resulted in the theft of nearly $1 million. Unfortunately for administrators at colleges and universities, their institutions are just as vulnerable to data breaches as enterprises. According to KrebsOnS... ... - Apple Ping Hit by Spammers3 September 2010, 11:58 am
Researchers at Sophos say Apple Ping has been hit by scams familiar to users of other social networks such as Facebook and Twitter. - Spammers jumped out the gate quickly with survey scams aimed at users of Ping, Apple');" href="http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/-0QlmyYdmzs/" >Apple Ping Hit by Spammers3 September 2010, 11:58 am
Researchers at Sophos say Apple Ping has been hit by scams familiar to users of other social networks such as Facebook and Twitter. - Spammers jumped out the gate quickly with survey scams aimed at users of Ping, Apple's new iTunes social network. Ping launched Sept. 1 with the goal of creating a social network for the more than 160 million users of iTunes. However according to Sophos, the service has been hit with a barrage of... ... - Microsoft Releases Application Security Tool Kit for Developers2 September 2010, 7:33 pm
Microsoft updates its EMET tool kit, designed to help developers thwart attacks against their applications. - Microsoft released an updated version of a tool kit Sept. 2 to help developers make their applications more secure. With the Enhanced Mitigation Experience Toolkit 2, Microsoft said, developers can bring technologies such as dynamic data execution prevention to bear to improve security, parti... ... - Facebook Adds Remote Logout Security Feature2 September 2010, 5:01 pm
Facebook is rolling out a security control that enables users to remotely log out of an active session from a different machine. The feature extends controls added in May to prevent unauthorized activity. - Facebook is updating security on its site to bolster protections added in May relating to user log-ins. This time, Facebook is giving users the ability to log out of any Facebook session they may have left active on another computer or device. For example, if a user logs into Facebook on a... - Check Point Pushes Virtual Security for VMware Environments2 September 2010, 12:30 pm
Check Point Software Technologies added to its virtual security lineup with new integration with VMware technology. - Check Point Software Technologies is expanding its virtual security offerings with an eye toward protecting VMware environments. With Security Gateway Virtual Edition (VE), Check Point has added integration with VMwares VMsafe technology in a bid to bring the same level of firewall and intrusi... ... - Spammers Stay Busy Despite Pushdo Botnet Hit1 September 2010, 6:05 pm
The disruption of the Pushdo botnet has not stopped spammers, despite nearly two-thirds of the botnet');" href="http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/pe9XlZEmkDQ/" >Spammers Stay Busy Despite Pushdo Botnet Hit1 September 2010, 6:05 pm
The disruption of the Pushdo botnet has not stopped spammers, despite nearly two-thirds of the botnet's command and control servers being taken out of commission. - From the shutdown of McColo to last week's disruption of the Pushdo botnet, spammers have continually found ways to stay in business. Nearly 20 of the 30 command and control (CnC) servers associated with Pushdo were taken offline last week due to efforts by security vendor LastLine. The servers... ...
newsPage brought to you by newsPage Plugin
Comments Off