August 30, 2006
Hackers have obtained the credit card details of almost 19,000 online shoppers from telecoms giant AT&T.
"We recognise that there is an
active market for illegally obtained personal information," said Priscilla Hill-Ardoin, the company's chief privacy officer.
Source:
http://news.bbc.co.uk/
Researchers from the University of Pennsylvania School of Engineering and Applied Science are warning against an entirely new threat to computer security, peripheral devices such as keyboards, mice or microphones which could be physically bugged in an attempt to steal data.
Source:
http://50connect.co.uk/
John Reinan, Star Tribune
Many of us are using the same password for everything, and that's causing headaches for computer security experts.
Source:
http://www.startribune.com/
freenigma adds privacy technology (with strong e-mail encryption) to your favourite webmail service.
Get your privacy back! Encrypt your private and business e-mails to protect your freedom, privacy and your business secrets.
Source:
http://www.freenigma.com/
By ELIZABETH A. KATZ
Journal Register News Service
More than 28,000 Beaumont Hospital Home Care patients could have personal information at risk.
Source:
http://www.theoaklandpress.com/
Bruce Schneier, author of Beyond Fear and CTO of Counterpane.
Network Security Podcast, Episode 39, August 15, 2006this podcast of Bruce Schneier adress areas like
. Scurity is about attitude not training ...
. The relasionship between security vs. politics ...
. reliance on technology ...
. security vs. economics ...
. ...
Source:
http://www.mckeay.net/
The first generation of computer security people are nearing retirement age, and some 40 percent of the senior people are expected to leave government service in the next few years.
Source:
http://www.strategypage.com/
Grant Gross
(IDG News Service) -- The World Privacy Forum has filed a Federal Trade Commission complaint against AOL LLC, saying the company violated its own privacy policy by releasing the search records of hundreds of thousands of its members.
Source:
http://www.computerworld.com/
Associated Press
Jacobsen was able to read some sensitive information that Special Agent Peter Cavicchia had access to through his wireless T-Mobile
Sidekick device.
Source:
http://www.mercurynews.com/
Computer hacking and network security news and reports, from the trenches. Stay on top of recent events pertaining to hacking, wireless security, digital forensics, and more.
Source:
http://www.podcastdirectory.com/
Robert McMillan
Hilton is accused of hacking into voice-mail accounts on a mobile phone network
The New York Post reported last month that someone had stolen the password to Lohan's BlackBerry and sent her friends "disgusting and very mean messages that everyone thought were coming from Lindsay." Lohan's representatives hinted that Hilton may have been behind the hack, the Post said.
Source:
http://www.computerworld.com/
August 27, 2006
Technology protects pictures of products from being stolen
John Blau
Technology from one of Germany's renowned Fraunhofer Institutes could help companies protect pictures of their products from being stolen by groups trying to promote cheap imitations.
Source:
http://www.computerworld.com/
"Why would anyone ... want to add to the glut?"
John E. Dunn
A consumer magazine has been condemned for possibly adding to the virus problem by creating a series of "test" viruses just to review antivirus scanners.
In an act that has long been considered technical taboo, U.S. consumer affairs organization, ConsumerReports.org, decided to generate 5,500 "test" viruses to run, under lab conditions, against 12 leading antivirus software products.
Source:
http://www.computerworld.com/
Companies are struggling to protect hardware, data
Linda Rosencrance
Loss of confidential data -- including intellectual property, business documents, customer data and employee records -- is a pervasive problem among U.S. companies, according to a survey released yesterday by Ponemon Institute LLC and Vontu Inc., a San Francisco-based provider of data loss prevention products.
Source:
http://www.computerworld.com/
GERRI PEEV
POLITICAL CORRESPONDENT
Key quote
"As we face the threat of mass murder we have to accept that the rights of the individual that we enjoy must, and will be, balanced with the collective right of security and the protection of life and limb that our citizens demand." - JOHN REID, THE HOME SECRETARY
Source:
http://news.scotsman.com/
August 16, 2006
By KEVIN CULLEN
Passwords are vital to computer security, but creating secure ones -- and remembering them -- isn't easy.
Source:
http://www.jconline.com/
Grant Gross
August 14, 2006 (Computerworld) -- The U.S. Department of Veterans Affairs will spend $3.7 million on encryption software following a theft in May of hardware containing the personal information of 26.5 million veterans and active-duty military personnel.
source:
http://www.computerworld.com/
By Jeremy Kirk, IDG News Service
August 14, 2006
Hackers are actively using exploit code to target a flaw in Microsoft's software that generated a special warning from the U.S. government last week.
The problem concerns a networking function called Windows Server services within the Windows OS, used for file sharing and printing.
source:
http://www.infoworld.com/
Jeremy Kirk
August 14, 2006 (IDG News Service) -- Hackers are actively using exploit code to target a flaw in Microsoft Corp.'s software that generated a special warning from the U.S. government last week (see "New Microsoft patch prompts DHS warning").
source:
http://www.computerworld.com/
Robert McMillan
August 13, 2006 (IDG News Service) -- Although Microsoft Corp.'s Office suite is now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses.
"The general security of OpenOffice is insufficient," the researchers wrote in a paper titled "In-Depth Analysis of the Viral Threats With OpenOffice.org Documents."
source:
http://www.computerworld.com/
C.J. Kelly (computer world)
August 14, 2006 (Computerworld) --
What I need and what I do are two different things. I know that what I need is to take a very long vacation in a warm place where I could sit on the beach, sipping something alcoholic and sweet while my toes wriggle in the sand and the warm water of the incoming tide laps about my ankles. No cell phone, no laptop, no schedule. I wouldn't be responsible for anything.
Source:
http://www.computerworld.com/
Mark Trevelyan
(Reuters) -- Can technology create a non-hijackable plane?
Among the non-hijackable plane's features: computer systems designed to spot suspicious passenger behavior, and a collision-avoidance system that would correct a plane's trajectory to prevent it from being steered into a building or mountain.
source:
http://www.computerworld.com/
The police say the powers are needed because criminals are increasingly using encryption to hide evidence.
Source:
http://news.bbc.co.uk/
August 14, 2006
TITLE: Newsmaker podcast: Dan Geer
DATE: 14 Aug 2006
SOURCE: SearchSecurity.com
Podcast linkIn this edition, luminary Dan Geer, vice president and chief scientist for security firm Verdasys, discusses the infamous 2003 research paper that caused him to lose his job, plus how Microsoft threatens IT security, the fatal flaw of client-based computing and the real reason behind so many publicized data breaches.
Source:
http://media.techtarget.com/
HAYLEY MICK
Increasingly savvy pedophiles use Web to lure children, network with each other
Some secretly spy on children's bedrooms by hacking into their webcams. Others set up temporary, untraceable websites full of downloadable child porn that are swapped, as one officer puts it, "like hockey cards."
Source:
http://www.theglobeandmail.com/
By Cheryl Gerber
An industry group is developing open security standards aimed at resolving ongoing, multi-faceted threats to Department of Defense and other computers and networks by providing dedicated hardware-based solutions.
The Trusted Computing Group (TCG) was formed in 2003 to develop open standards for hardware-enabled, platform-neutral, security technologies that work across multiple devices and peripherals.
source:
http://www.military-information-technology.com/
August 13, 2006
By Marjorie Delwarde
Research conducted by BT, the University of Glamorgan and Edith Cowan University in Australia reveals that secondhand computer disks still contain much sensitive information belonging to their previous owners.
source:
http://www.pingwales.co.uk/
Absolute Software suggests the following precautions:
...
3. Use passwords with a combination of numbers and letters, as well as encryption, solutions to prevent unauthorized access to laptops and sensitive data.
4. Back-up valuable data before travel to minimize the risk of data loss or lost productivity in case of theft.
Since the information is often more valuable than the computer itself, it is important to protect the data as much as possible.
5. Invest in asset tracking and recovery software. Absolute Software recommends tools like its CompuTrace, which is embedded in the BIOS of computers.
6. Use remote data protection, so sensitive information can be wiped remotely if the laptop is lost or stolen.
...
Source:
http://www.techweb.com/
Elizabeth Montalbano
The U.S. Transportation Security Administration (TSA) is in talks with Guardian Technologies International Inc. to use the company's PinPoint image analysis software in conjunction with airport X-ray machines to tell the difference between explosives and organic items such as shampoo, clothes and food in carry-on baggage, according to a company executive.
source:
http://www.computerworld.com/
By Bill Brenner, Senior News Writer
The war between Israel and the Lebanon-based Hezbollah militia is spilling into cyberspace, where hackers from around the world are launching Web-based assaults against anyone perceived to be on the wrong side of the fight.
source:
http://searchsecurity.techtarget.com/
If you want to find someone to blame, Gates says, point a finger at the "malicious people" out there looking to "take advantage of whatever things there are."
What did you expect him to say? That it's Microsoft's fault? That would be too hot to handle.
source:
http://news.com.com/
August 11, 2006
By Lee Hamrick
TechWeb
From receiving video-mail to having your iris scanned at airport security, here's what the world of business travel and communications might look like in the not-so-distant future.
Source:
http://www.techweb.com/
Glenn Chapman in Las vegas
ORGANISED crime is winning the internet security war, specialists warned at the world's foremost gathering of computer hackers in Las Vegas.
"We are getting our butts kicked, there is no doubt about it," said Dan Hubbard, vice president of security research at Websense. "There is a lot more of a bond and a sharing of tools in their society than in ours."
Source:
http://www.news.com.au/
The German researcher announced his findings at a hackers conference last week. He said it took him two weeks to figure out how to clone the passport chip. He tested the attack on the German ePassport, but claims the method would work on any country’s ePassport, because all of them adhere to the same ICAO standard.
Source:
http://www.securitydocumentworld.com/
Ryan DeBeasi
'JitterBugs' attached to a keyboard could be a new security threat
Source:
http://www.computerworld.com/
By: Associated Press
WASHINGTON (AP) - An Energy Department official is recommending Sandia National Laboratory halt offsite destruction of classified computer disks.
Source:
http://www.kobtv.com/
SpeechTEK New York 2006
Booth #723
NEW YORK--(BUSINESS WIRE)--Aug. 7, 2006--Porticus Technology, Inc. today introduces its Versona(TM) family of voice authentication solutions for both Interactive Voice Response (IVR) systems and embedded options (wireless or semiconductor), delivering industry-first 'triple-factor' authentication.
Source:
http://home.businesswire.com/
UK’s 415 million euros biometric scheme to load passports with information such as fingerprints, facial scans and iris patterns is in jeopardy now. Reportedly, the biometric solution, used by UK and other countries, have been cloned by a German security consultant.
According to Lukas Grunwald, a consultant with DN-Systems, told a Defcon security conference in Las Vegas that the data, stored on RFID chips, could be copied on to blank chips which could then be used in fake passports.
source:
http://www.sda-india.com/
In Information Warfare, the deal is not the technology but the management: the way you manage your way through the attacks.
...
This is rather like the business environment. Information Warfare has become so important because, whereas five years ago, IT was little more than a filing-cabinet, now it is the fuel of a nation's GDP. The trend is coherence, the integration of information from all sources, and this means connectivity to the home.
...
The sixth rule of System Security is the "insider threat". Our worst danger is ourselves and our own people.
...
John McWilliam MP, Chairman PITCOM : You make out that the NSA and GCHQ do not trust anyone. Surely they only act when there is suspicion of criminal or terrorist intent?
Simon Davies : They are playing two hands in the card game. It is generally accepted that the NSA, and presumably GCHQ as well, have been intercepting commercial communications. It is not just about crime: it is about economic intelligence gathering. Congress will be debating this in March.
...
Adrian Norman, Consultant : It is time to collaborate, not just to get one's own system right. Otherwise, we will be like a safe driver on a road on which most others cannot drive, or drive according to different rules.
...
David Firnberg : Who is going to kick the backside of the ostrich? I ask this because there seems to be a lot of ostriches here today, with their heads in the sand. Who is going to be the prime mover to solve these problems: the NCC, EURIM, or the Government?
Source:
http://www.mi2g.com/
August 09, 2006
By John E. Dunn, Techworld.com
Noted security researcher David Litchfield has again panned the state of database security, revealing another clutch of vulnerabilities in the software of a major vendor.
Source:
http://www.infoworld.com/
August 08, 2006
Ellen Messmer
At the Black Hat conference, Rutkowska, security researcher at Singapore-based firm COSEINC, showed that she found a way to bypass the Vista integrity-checking process for loading unsigned code into the Vista kernel. Then she presented Blue Pill, a rootkit she created based on Advanced Micro Devices' Secure Virtual Machine, Pacifica.
Source:
http://www.computerworld.com/
Juan Carlos Perez
When users attempt to click over to a Web site considered to be potentially dangerous, Google shows users an alert page that informs them of the possible risk and gives them the option to click back to the results page or continue on to the questionable Web sit.
Source:
http://www.computerworld.com/
August 07, 2006
By DAN GOODIN
The Associated Press
"There are more castle walls to defend, and each one is vulnerable to a different cannon ball," says Jason Spence...
Source:
http://www.washingtonpost.com/
BY Aliya Sternstein
The supercomputer, which Cray nicknamed Baker, will use optimized Advanced Micro Devices dual-core Opteron processors to reach a peak speed of a petaflop, or 1,000 trillion floating-point operations/sec (teraflops). In comparison, the average PC reaches speeds of about 0.0001 teraflops.
source:
http://www.fcw.com/
By DAN GOODIN AP Technology Writer
LAS VEGAS Aug 6, 2006 (AP)— Electronic passports being introduced in the U.S. and other countries have a major vulnerability that could allow criminals to clone embedded secret code and enter countries illegally, an expert warned.
Source:
http://abcnews.go.com/
August 04, 2006
By Erika Morphy
At the Black Hat USA conference, two security researchers demonstrated how easily they could hack into a Mac computer -- in this case Apple's (Nasdaq: AAPL) MacBook -- over a wireless network.
Operating from a nearby laptop, David Maynor, a senior researcher with SecureWorks, and graduate student Jon Ellch took aim at the MacBook's wireless card and wireless device, compromising the computer in about 60 seconds.
Source:
http://www.technewsworld.com/
Hidden JavaScript could install spyware, sniff passwords or search for network gaps, expert saysEric Lai
Internet users who employ Web-based services such as Bloglines or Web browsers such as Firefox to read Web site feeds and blogs are vulnerable to embedded malicious code that can install spyware, log users' passwords, scan PCs and corporate networks for open ports and more, said Caleb Sima, chief technology officer at SPI Dynamics Inc., an Atlanta-based Web application security company.
Source:
http://www.computerworld.com/
Humphrey Cheung
Las Vegas (NV) - Thousands of computer security gurus and hackers are returning to Las Vegas this week for the Blackhat and Defcon conventions. Defcon's new home hotel, the Riviera, is bracing for computer problems and appears to have taken some pre-emptive action.
Next to the Riviera convention center is a small Internet kiosk area called "Internet Corner". It consists of about half a dozen small kiosks equipped with screens and ATM/Credit Card swipers. Usually, hotel guests would pay a few dollars an hour to surf the ne"This Computer is Broken"t, but the Riviera has disabled all the machines - supposedly as a protective measure against hackers.
Several of the computers had missing screens and ATM/credit card readers. Signs, some printed and some hastily written, were placed on the kiosks saying
"Credit Card Reader Not Working" and .
Source:
http://www.tgdaily.com/
Robert McMillan
Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, on Wednesday at the Black Hat USA security conference in Las Vegas. The software can tell if computers are treating some types of TCP/IP traffic better than others -- dropping data that is being used in VoIP (Voice over Internet Protocol) calls, for example, or treating encrypted data as second class.
Source:
http://www.computerworld.com/
Tom Espiner
ZDNet UK
Q: Why has the inquiry into personal Internet security been launched, and why now?
A: We see the situation as becoming more pertinent. More people are using the Internet for all sorts of things, and there is more online abuse. The House of Lords Science and Technology Committee has a reputation of investigating issues in depth. We have launched the inquiry to find out what the situation is [regarding personal Internet safety], and find things that will help government help its citizens.
Source:
http://news.zdnet.co.uk/
Although its rare that the company would release a major software enhancement in this fashion, Microsoft justifies its actions by stating that there are many “advanced security” features on its upcoming release, making a security fix rather than a browser upgrade.
The IE browser has steadily been losing market share since Firefox was released, and the Internet Explorer 7 (which hasn’t seen a major upgrade in the past 6 years) mimics the Firefox browser, adding tabbed browsing and RSS integration.
Source:
http://blogcritics.org/
Contributed by: Tommy
NIST’s new Multimodal Biometric Application Resource Kit (MBARK) provides a solution. Originally envisioned as a tool to develop a large database of face, fingerprint and iris images for performance testing of biometric systems,
MBARK has evolved into a standardized, flexible middleware package that will enable organizations to plug in sensors from different manufacturers, saving dollars and time.
Source:
http://www.linuxelectrons.com/
By: Kevin Smith
Over the past five years, the promise of enterprise information sharing has made great strides with the evolution of Web Services and the promise of Service Oriented Architectures (SOA). An architectural shift that moves us away from point-to-point client/server systems,
Source
: http://be.sys-con.com/
By Michael Y. Park
When students living in Berkeley, Calif., crave a chicken burrito with an extra heaping of guacamole at High Tech Burrito, a Bay Area-based fast-food chain, they need to remember to bring only two things — an empty stomach and a forefinger.
Source:
http://www.foxnews.com/
Sharon Fisher
Fires at two Iron Mountain Inc. facilities this month could speed corporate efforts to use electronic archiving systems that would obviate the need to store corporate records in off-site warehouses
source:
http://www.computerworld.com/
August 03, 2006
Biometric security systems have one particularly critical vulnerability: How do you replace your finger if a hacker figures out how to duplicate it? An IBM Corp. research team working on that problem says it's recently cracked a major problem in the area of "cancelable biometrics."
Source:
http://www.pcwelt.de/
Get the latest news in security
LATEST PODCASTSource:
http://www.infoworld.com/
Is your computer riddled with spyware, adware and other malware? ShortCuts security expert Rocky Oliver shares his tips for beating the spyware menace. Rocky recommends two freeware programs: Ad-Aware and Spybot Search and Destroy.
Source:
http://whale01.haw.ibm.com/
By Gregg Keizer, TechWeb Technology News
Attacks where criminals hold kidnapped data for ransom are becoming more sophisticated, a security company said ...
Source:
http://www.techweb.com/
Crime, paranoia and the future of security
By silicon.com
So what happens when your password is your fingerprint?
Increasingly governments and business are looking at biometrics - from fingerprints to irises to gait - as ways of being certain who it is they are doing business with.
Source:
http://www.silicon.com/
Robert Jaques
Hackers could make ransomware so complex that it will be beyond the decryption capabilities of the antivirus industry, new research has claimed.
Source:
http://www.vnunet.com/
By Roger A. Grimes
At 31 characters long, my password is all but unhackable. Attackers will need to find another way to compromise my account rather than trying to guess it or crack it with brute force.
Source:
http://www.infoworld.com/
By Susan Schaibly, Network World
Ransomware involves the use of malicious code to hijack user files, encrypt them and then demand payment in exchange for the decryption key. The good news is that documented attacks have been rare. The bad news is that cases are on the rise, says FBI spokesman Paul Bresson.
Source:
http://www.networkworld.com/
Be careful where you leave your fingerprintsBy Steve Ranger
Biometric spoofing is a "growing concern", she said.
Toth told silicon.com: "We are leaving our prints everywhere so the chance of someone lifting them and copying them is real.
Source:
http://www.silicon.com/
By Steve Ranger
Fingerprint, iris, palm, gait and keystroke - we've got the lot...
A is for Accuracy
B is for Behavioural biometric
C is for Cash machine
D is for Database
E is for Ear
F is for Facial recognition
G is for Gummi bears
H is for Hand geometry
I is for Iris
J is for Juan Vucetich
K is for Keystroke dynamics
L is for Liveness testing
...
Z is for Zurich Airport
Source:
http://www.silicon.com/
John E. Dunn
Bot-herders have set up an exact copy of the download page for Google’s Toolbar plug-in in an attempt to lure users to download a Trojan back door.
Source:
http://www.computerworld.com/
By CNET News.com Staff
The Vista beta code survey comes as Symantec faces competition from Microsoft's ever-expanding interest in security software, both integrated into products and standalone titles.
Source:
http://news.com.com/
Jeremy Kirk
Hackers are striking databases in record numbers, trying to pilfer a rich trove of personal and financial data, a security vendor said today.
Source:
http://www.computerworld.com/
Threat Management Report: Update
Graham Cluley, Senior Technology Consultant, reviews this report about the most
widespread security threats during the first six months of 2006, and reveals what lies ahead.
Source:
http://www.sophos.com/
1. Choose a good company to work for.
2. Get executive backing.
3. Partner with HR and Legal.
4. Develop a rapport with users.
5. Know what you have.
6. Get the right tools.
7. Review and update corporate security policies.
8. Use strong authentication.
Source:
http://www.computerworld.com/
BRUSSELS (Reuters) -- European Union regulators fined Microsoft €280.5 million ($357.3 million) Wednesday for defying a 2004 antitrust ruling, while Microsoft responded that it was on track to be in compliance with the demands.
The tough new penalty is the first of its kind and comes on top of a record €497 million fine the Commission imposed in its landmark antitrust decision against Microsoft in March 2004.
Source:
http://money.cnn.com/
By John Leyden
Phishers are seeking to circumvent two-factor authentication schemes using man-in-the-middle attacks. Last October, US federal regulators urged banks to adopt two-factor authentication as a means to combat the growing problem of online account fraud.
Source:
http://www.theregister.com/
Brian Krebs on Computer Security
Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called "two-factor authentication" -- the second factor being something the user has in their physical possession like an access card ...
Source:
http://blog.washingtonpost.com/
Robert McMillan
A well-known security researcher has released code that can be used to mine Google Inc.'s database for malicious software.
The tool ... was not released to the general public. WebSense said that making this software public could lead to its being misused by attackers.
Source:
http://www.computerworld.com/
It says the companies sold illegal software
Sumner Lemon
The suits were filed in federal courts against companies in Colorado, Georgia, Illinois, New Jersey, New York, Ohio and South Carolina. They are intended to protect Microsoft's software revenue and its reseller partners, who stand to lose business when users buy pirated software, the company said.
source:
http://www.computerworld.com/
LONDON: Pupils at a secondary school in Berkshire, west of London, will be fingerprinted and their details kept on a database in a controversial scheme to be introduced this year.
Source:
http://www.smh.com.au/
Month of Browser Bugs isn't enough for Metasploit developer
Robert McMillan
Microsoft fixed Moore's bug Tuesday in the MS06-035 update to its Windows Server services, which is used for file-sharing between PCs. Security researchers worry that if hackers find a way to reliably use this flaw to run their malicious code on PCs, it could lead to a widespread outbreak, similar to the Blaster outbreak in 2003.
Source:
http://www.computerworld.com/
The web-based Sex Offender Registry & Identification System (SORIS) registers and positively identifies convicted sex offenders using the most mathematically unique biometric - the iris.
Source:
http://www.techjournalsouth.com/
Bert Latamore
Both e-mail messages and attachments containing sensitive information must be encrypted during transmission and on e-mail servers, particularly when they are sent outside the corporate firewalls, Dunbar says. Doing that isn't easy, however, and the traditional approach of public-key encryption (PKI) can prove cumbersome and expensive to manage.
1. Administration
2. Ease of use
3. Protection on the server
4. Searchability
5. Encryption schema strength
6. Attachments
7. Visibility
Source:
http://www.computerworld.com/
August 01, 2006
Security by obscurity fails againBy John Leyden
Published Wednesday 12th July 2006 14:56 GMT
The secret codes used by Europe's Galileo navigation satellite have been broken by researchers at Cornell University.
A team from Cornell's Global Positioning System Laboratory succeeded in cracking so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite attempts to keep the data under wraps.
Source:
http://www.theregister.co.uk