53cur!ty 6109

Marc Songini

Can you talk about that original study you made of Diebold's AccuVote TS machine code? The software in the AccuVote TS machine was really bad. One comment I made at the time was that if a student had turned in a program like that, he'd have gotten an F. It had outdated encryption, which was used in [the] wrong places and in the wrong mode of operation. The list goes on and on. Some [glitches] are comical. Diebold said they have a new system that fixes them, but I have no way to find out.

Source: http://www.computerworld.com/

Sumner Lemon

"I don't think, on the whole, we are winning the security war; I think we are losing it," Schneier said in a speech webcast today at the Hack in the Box Security Conference (HITB) in Kuala Lumpur, Malaysia. As systems get more complex, they get less secure, he said. And as security technology improves, the complexity of modern IT systems increases even faster.

Source: http://www.computerworld.com/

Robert McMillan

When Windows Vista ships next year, customers might have a tougher time getting their security software to work properly, executives from Symantec Corp. said Wednesday.

At issue are two new features being introduced with Vista: an enhanced Windows Security Center as well as a feature in the 64-bit version of Vista called PatchGuard. Microsoft Corp. says it is adding these features to lock down the operating system, but Symantec believes that they will be harmful to customers by making it harder for them to use third-party software.

Source: http://www.computerworld.com/

By BRIAN BERGSTEIN

"People are inherently good," Schneier says. "Otherwise, society would fall apart."

"That is what reason is about. That's the beauty of being human," Schneier responds. Being afraid of something and doing it anyway, he contends, "that's what courage actually is."

source: http://www.forbes.com/

By John C. Havens
Features Editor

http://archive-b01m01.libsyn.com/

Source: http://www.aimglobal.org/

By Mary Branscombe

Breaking your identity up into pieces is good for security as long as we have audit trails and procedures for dealing with the problems. The Bandit project, led by Dale Olds from Novell, will add role-based authentication and auditing to identity systems, drawing on the Novell Directory Services, which Olds also worked on. He doesn't think this is an easy fix; indeed he admits “how difficult, almost unsolvable some of these issues are”.

Source: http://www.theregister.co.uk/

Omar Hussein

Yet it is just that technological might that is needed to keep the nation secure in the face of global terrorism. It does not take much imagination to see why. Whatever method is used to combat terrorism, from infiltration of terrorist cells on our own soil to monitoring cell phone "chatter" in Pakistan, it will benefit from the improved data processing and communications that inevitably result from technical advancement.

Source: http://www.dailytrojan.com/

WASHINGTON Homeland Security says it won a cyber-war game, because the exercise turned up holes in the nation's computer security.

The mock attacks on computer servers were the type that could crash air traffic control systems, halt subways or trigger power outages.

Source: http://www.wkyt.com/

New, First-of-Its Kind, University Study Reveals Malicious Code Can Be Easily Inserted into Voting Machine, Spread from One System to the Next, Resulting in Flipped Votes, and Stolen Elections…All Without a Trace Being Left Behind
Study Also Confirms that Voter Access Cards Can Be Created At Home to Defeat Security Protocols, Allowing Voters to Vote Multiple Times in a Single Election!

Source: http://www.bradblog.com/

Linda Rosencrance
Companies don't have the resources they need to manage the problem

Most insider-related security breaches go unreported, according to a new survey by Ponemon Institute LLC in Elks Rapids, Mich.

Source: http://www.computerworld.com/

So-called 'spear phishers' launch sophisticated attacks on carefully chosen employees in their attempts to reel in confidential data, GRANT BUCKLER reports

GRANT BUCKLER

Special to The Globe and Mail

Source: http://www.theglobeandmail.com/

By Ted Bridis

Don’t tell your cell phone any secrets. It might not keep them.
Secondhand phones purchased over the Internet surrendered credit card numbers, banking passwords, business secrets and even evidence of adultery.

Source: http://www.gwinnettdailypost.com/

By Robert Lemos, SecurityFocus

Based on an analysis of the damage numbers included in 107 cybercrime cases prosecuted by the US Department of Justice, the author of the eight-page report - market research firm Trusted Strategies - concluded that the most damaging attacks are those where the offender used stolen usernames and passwords and that such attacks caused on average $1.5m in damages per occurrence.

Source: http://www.theregister.co.uk/

Since Microsoft Corp. launched its Trustworthy Computing (TWC) initiative in January 2002, the company has substantially improved the overall security of its products, a company executive said yesterday at The Security Standard conference being held here.
...
Ben Fathi, corporate vice president of Microsoft's security technology unit, gave the company's products a B+ for security during a panel discussion at the conference. Five years ago, he said, that grade would have been a C- or even a D.

Source: http://www.computerworld.com/

The program could be used to spy on U.S. residents

Grant Gross

A civil liberties group and other advocacy organizations are urging supporters to contact the U.S. Congress as it moves ahead to approve an electronic surveillance program run through the U.S. National Security Agency (NSA).

Source: http://www.computerworld.com/

Robert McMillan

Mozilla Corp. has hired a former Microsoft Corp. security strategist to help lock down its open-source products against online attacks.

Window Snyder, whose hiring was announced today, worked on Microsoft's security-driven Windows XP Service Pack 2 update. She also had a role in the development of Windows Server 2003.

Source: http://www.computerworld.com/

In the 1970s, the world of information security was transformed by public-key cryptography, the radical revision of cryptographic thinking that allowed people with no prior contact to communicate securely. Public key solved security problems born of the revolution in information technology that characterized the 20th century and made Internet commerce possible. Security problems rarely stay solved, however. Continuing growth in computing, networking, and wireless--including applications made possible by improvements in securityhave given rise to new security problems. Where is this going? Diffie, a key figure in the discovery public-key cryptography, will trace the growth of information security through the 20th Century and into the 21st.

Source: http://video.google.com/

Source: http://www.securescience.net/

Our security webcasts are designed to provide you with a thorough understanding of the latest security recommendations from Microsoft.

Source: http://207.46.19.30/

Anna Mikhailova and Jon Ungoed-Thomas

Even though the number of trojans being created outnumber new viruses by four to one, many computer users are unaware of the threat. Computer security experts say the authors of trojans are ruthlessly exploiting this ignorance.

Source: http://www.timesonline.co.uk/

Getting to Know Your Phish

Source: http://www.sonicwall.com/

By KAREN HARMEL AND LAURA SPADANUTA

Walt Disney World, which bills itself as one of the happiest and most magical places anywhere, also may be one of the most closely watched and secure. The country's most popular tourist attraction is beginning to scan your fingerprint information.

Source: http://money.canoe.ca/

Australian professor says charity begins at home
Sandra Rossi

Instead of spying on staff who snoop into private records while at work, organizations should adopt security measures that prevent staff breaching privacy laws, a Queensland University of Technology (QUT) privacy expert said today.

Source: http://www.computerworld.com/

David Utter

Software in the PC can't replace using the software inside one's skull, and the smart computer user will be the more secure one any time.

Source: http://www.securitypronews.com/

From The Economist print edition

a number of computer scientists, led by Fernando Esponda of Yale University, are taking Hempel's notion as the germ of an eminently practical scheme. They are applying such negative representations to the problem of protecting sensitive data. The idea is to create a negative database. Instead of containing the information of interest, such a database would contain everything except that information.

Source: http://www.economist.com/

Contact: Megan Fellman
fellman@northwestern.edu
847-491-3115
Northwestern University

A joint collaboration between Northwestern University and BBN Technologies of Cambridge, Mass., has led to the first demonstration of a truly quantum cryptographic data network. By integrating quantum noise protected data encryption (quantum data encryption or QDE for short) with Quantum Key Distribution (QKD), the researchers have developed a complete data communication system with extraordinary resilience to eavesdropping.

Source: http://www.eurekalert.org/

By Luther Martin, Voltage Security

The origin of the term is somewhat unclear, but one story is that it can be traced back to one of the traditional remedies for joint pain and inflammation that was brought to the US in the nineteenth century by Chinese immigrants.

The fat from Chinese water snakes is high in eicosapentaenic acid (EPA), which has been shown to have some medicinal properties, so there may be some basis for believing that the traditional remedy actually had useful effects.

Like the effects of many medications, however, the benefits from the traditional snake oil were subtle and varied significantly from person to person, making it difficult to rigorously prove the effectiveness of the remedy.

Source: http://www.it-observer.com/

Source: http://www.intelligententerprise.com/

By Roger A. Grimes

1. Log-on credential or password guessing/cracking
2. Buffer overflow
3. Application or OS vulnerability
4. Application or OS misconfiguration
5. Data malformation -- SQL injection, XSS, and so on
6. Sniffing/eavesdropping
7. Client-side attack
8. Social engineering

Source: http://www.infoworld.com/