December 31, 2006
Useless [hacker|cracker|computer-criminal|*] Movie Trivia: "This is a page devoted to passwords, passcodes, keys, secrets, and general computer security related to hacking/cracking/computer-crime/'whatever' in movies and sci-fi flicks. "
source
December 30, 2006
Cryptology ePrint Archive: "
Abstract. Hash Chains are used extensively in various cryptographic systems such as one-time passwords, server supported signatures, secure address resolution, certificate revocation, micropayments etc."
source
Digital Identity: Two fingers to two factor: "[Dave Birch] I know it's rather trite to point this out, but moving to stronger authentication of digital identities does not by itself automatically mean more 'security' unless the human factors are taken care of. "
source
The State | 12/29/2006 | Facial search software raises privacy worries: "A Swedish startup is combining software and humans to help make photos and other images more easily searchable online, raising privacy concerns as the technology eases the tracking of people across Web sites."
source
Hackers get theirs, RFID tags follow them everywhere at CCC - Engadget: "hacker attendees of this year's Chaos Communication Congress in Berlin are paying 10 euros to don RFID tags that track their movements all over the conference."
source
HD DVD reportedly cracked, but difficult to verify: "Reports are circulating that the AACS content protection system shared by both Blu-ray and HD DVD has been cracked. "
source
December 28, 2006
Los Alamos National Laboratory (LANL): Los Alamos scientists announce quantum cryptography advance: "Scientists at Los Alamos National Laboratory and the National Institute of Standards and Technology in Boulder have demonstrated unconditionally secure quantum key distribution (QKD) over a record-setting 107 kilometers of optical fiber."
source
PHP security under scrutiny | The Register: "A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based web applications."
source
December 21, 2006
Russian Terrorists Plan Massive Cyber Attacks | Russian Spy: "A Russian computer security expert predicts that terrorists could seek to target his country’s critical infrastructure through electronic warfare, the PC World web-site reported on Monday."
source
Worm may be spreading via Skype chat: "Websense said the executable appears to be encrypted with NTKrnl Secure Suite Packer, a polymorphic encryption program that makes files look unique to different detection engines. "
source
December 15, 2006
What is Web 2.0? - At The Whiteboard - ZDNet: "It's one of the biggest buzzwords out there, but what exactly does it mean? Andi Gutmans of Zend defines Web 2.0 and explains how it's changing the face of the Internet."
source
December 14, 2006
Russian expert: Terrorists may try cyberattacks: "A Russian computer security expert predicts that terrorists could seek to target the country's critical infrastructure through electronic warfare, a strategy that could raise the stakes in how Russia handles computer crime."
source
Cgisecurity.com: Web security News - 12/14/2006 Application Security Predictions of 2007: "Ok I know I'm a little early but here's my yearly list of application security predictions."
source
Strong Authentication Alternatives Report For Customer X: "Customer X has a requirement for remote users to use strong authentication when accessing Customer X networks and systems. "
source
Communicating Securely in an Insecure Medium > Viruses, Worms, Trojan Horses: "One of the most famous results in computer science is that it is provably impossible to be able to tell what an arbitrary program will do by looking at it1, so certainly it would be impossible to tell, in general, whether the program had any unpleasant side effects besides its intended purpose. But that's not the real problem. The real problem is that nobody looks."
source
Communicating Securely in an Insecure Medium > Tempest: "CIA eavesdroppers could not intercept the radio transmissions used by Somali warlord Mohammed Farah Aidid; his radios, intelligence officials explained, were too 'low tech.'
—Douglas Waller & Evan Thomas, Newsweek, October 10, 1994, page 32"
source
December 13, 2006
the man in the straight attack= spam
Schneier on Security: Major Privacy Breach at UCLA: "Hackers have gained access to a database containing personal information on 800,000 current and former UCLA students.
"An attacker found one small vulnerability and was able to exploit it, and then cover their tracks," Davis said.
It worries me that the associate vice chancellor for information technology doesn't understand that all attacks work like that."source
Security Watch from PC Magazine - What's Up, .DOC?: Top Threat: Another .DOC Zero-Day: "Microsoft revealed last week that a vulnerability exists in Word, the Word Viewer, and Works that could allow for a compromise of the system through a malicious .DOC file. The following products are affected:"
source
Dark Reading - Application and Perimeter Security - ChosenSecurity Simplifies PKI - Security News Wire: "Based on the Microsoft Windows AutoEnrollment protocol, Enterprise ID AutoEnrollment lets security administrators create and distribute digital certificates centrally, without the need for additional client software. "
source
December 12, 2006
The CISSP and SSCP open study guides web site place The one place for Certified Information Systems Security Professional - No physical security equal No logical security either: "We were recently hired by a regional bank to assess its security. When negotiating the services agreement with the bank president we agreed to perform the standard network security penetration testing, but he insisted we also test the security awareness of the bank staff."
source
December 11, 2006
Attack Of The Hack Robots » Hack Report: "Some people call it “a hacker in a box”, “DOS attack in a box”, or “vulnerability torture chamber”, the official name is Mu-4000. An appliance produced by one of Silicon Valley’s hottest startups."
source
SECURITY - White Papers, Webcasts and Case Studies - ZDNet: "
Authentication - Encryption Biometrics, Digital Signatures, E-commerce Security, PKI, Smart Cards, SSL - TLS
Intrusion - Tampering Spyware, Anti-Hacking, Anti-Virus, Denial of Service, Firewalls, Intrusion Detection Systems, Network Security, Spam - E-mail Fraud - Phishing, Telecom Security
Security Administration Best Practices, Security Applications, Security Management, Security Standards, Security Tools"
source
The Lumbergh Memos: Beauty of Biometrics: "I have a new gadget that is all too cool - an integrated fingerprint reader on my new work laptop (Lenovo T60p). This makes signing in and out an absolute breeze. And it feels so very James Bond, which has an inordinate appeal to me.
"
source
Security Bites Podcast: MySpace, Apple in patch snafu | CNET News.com: "Where do you go to get security updates for QuickTime? Apple Computer, you say? Wrong! This week, the answer would be MySpace.com. "
source
December 10, 2006
It's all about RFID: RFID virus created: "In a paper entitled 'Is your cat infected with a computer virus?' presented before the IEEE International Conference on Pervasive Computing, three Netherlands-based researchers show
how RFID tags can carry malware and propagate via databases along the supply chain."
source
December 09, 2006
Florida man pleads guilty in DDoS attack: "Bombard compromised those computer systems using a variant of the Gaobot worm and then allegedly directed communication from the university computer systems to the bot network from a computer located on his domain, 'f0r.org,' Sullivan said previously."
source
Winkler: Nike + iPod 'vulnerability' blown out of proportion: "I should first acknowledge that there is a vulnerability involved with this technology.
However, all vulnerabilities have to be put into perspective with the risk that they create. In this case, any 'additional' risk created by the Nike+ devices is minimal."
source
HP settles pretexting case for $14.5M: "The state will use HP's money to fund investigations and prosecutions of privacy violators through a special 'Privacy and Piracy Fund.' All but $1 million of the settlement amount will go into the fund; the balance will be used to pay the state's investigation costs and statutory damages."
source
Fact Sheet: Digital Rights Management and Technical Protection Measures (November 2006): "The term digital rights management is also confused with the term technical protection measures (TPM). This term refers to technologies that control and/or restrict the use of and access to digital media content on electronic devices with such technologies installed. Increasingly, DRM relies on TPMs to implement these controls and restrictions."
source
Windows Vista Security: "The performance, reliability, and security of the entire computer depend on the integrity of the kernel. ... Since the kernel has the power to control all of the other applications on the PC, the rootkit can actually hide itself from the file system or even anti-malware tools, and ultimately from view of the user.
...You're probably also familiar with the term, "Blue Screen of Death" (BSoD). This is the result of an error in the kernel or in a driver running in the kernel that is so severe that the system can't recover from it. "
source
December 08, 2006
The Edge of I-Hacked » Pirates crack Vista Activation Server: "Pirates have released another ingenious workaround to Vista’s copy protection: a hacked copy of Microsoft’s yet-to-be-released volume licencing activation server, running in VMware."
source
How Microsoft fights off 100,000 attacks per month: "What do I mean by a constant target? Last year, Microsoft IT said it was the target of more than 100,000 intrusion attempts per month. Currently, Microsoft filters out about 9 million spam and virus e-mails a day out of a total 10 million received. Yes, that means that roughly 90% of incoming e-mails are spam."
source
The million dollar kid | The Guardian | Guardian Unlimited: "It read, verbatim: 'hello u website is under us atack. to stop the ddos send us 50000$ (it is just 5% :) ) if u pay we do not ddos u site ever again! and u hava a nice life :) if u do not pay - u site NEVER came online - again this ddos is not potect - u have BIG problem with u sponsors. u must answer TODAY. if u pay u site came online immediately.'"
source
Techworld.nl: "Following are five of the top computer security stories in 2006.
#1. Cybercrime dividends
#2. It's a brand new 0day
#3. Spam avalanche
#4. Web 2.0 gets Hacked 1.0
#5. Vista lockout irks vendors"
source
heise Security - News - Sophos claims McAfee and Symantec poorly prepared for Vista: "Although to date no malware for MAC OS X has achieved a large presence, this is due to programming errors by the authors of the viruses and Apple's still small market share.
It is easy to find exploit code for Macs on the internet and it is therefore likely that Mac OS X will soon be plagued by the same problems as Windows - botnets, spyware, spam and DDoS attacks."
source
December 07, 2006
CIO India - Converged Security Threats Mean Business: "'There isn't really any single threat anymore,' Gutmann said, adding as an example that spam is being used for identity theft. "
source
Privacy & Security in an On-Demand World - Google Video: "Copyright 2004 University of Washington
54 min 47 sec - Jun 19, 2004
www.researchchannel.org"
source
December 06, 2006
Browser Smackdown: Firefox vs. IE vs. Opera vs. Safari: "There's the 'if it ain't broke, don't fix it' crowd who tend to stick with the browser that's included with their OS -- Microsoft's Internet Explorer on Windows and Apple's Safari on the Mac. There are the 'I've just gotta be me' folks who prefer lesser-known browsers, such as Opera from Opera Software. And there are the 'live free or die' open-source true believers who champion Mozilla's Firefox above its commercial counterparts."
source
Bogus anti-spyware firm fined $1m | The Register: "Washington State's investigation showed that users running so-called free scans using the software were always informed their PCs were infected even if their computers were clean."
source
December 04, 2006
What It Takes: "It takes more than certification or a college degree to be a successful information security professional. Here are some other typical requirements, according to those in the field: "
source
Online Privacy, Part 1: "Anyone familiar with the state of the web at the time of this writing knows that privacy and identity are the topics du jour."
---
source
The Six Dumbest Ideas in Computer Security: "
#1) Default Permit
#2) Enumerating Badness
#3) Penetrate and Patch
#4) Hacking is Cool
#5) Educating Users
#6) Action is Better Than Inaction"
source
VoIP Lowdown: VoIP Security Challenges: 25 Ways to Secure your VoIP Network: "A VoIP network is susceptible to the usual attacks that plague all data networks:
…viruses, spam, phishing, hacking attempts, intrusions, mismanaged identities, Denial of Service (DoS) attacks, lost and stolen data, voice injections, data sniffing, hijacked calls, toll fraud, eavesdropping, and on and on and on."
source
Privacy commissioner cautions employers adding GPS to cars: "Employers must consider the privacy of their workers before installing global positioning systems into their vehicle fleets, according to Canada's federal privacy commissioner."
source
Slashdot | Another NASA Hacker Indicted: "'Earlier this year, UK citizen & hacker of NASA Gary KcKinnon was extradited to the United States (also interviewed twice). Now, another hacker has been indicted for hacking more than 150 U.S. government computers. Victor Faur, 26, of Arad, Romania claims to have led a 'white hat team' to expose flaws in U.S. government computers. It seems everyone else has been busy hacking into government systems while I've been wasting my time playing Warcraft.'"
source
December 02, 2006
How to secure remote desktop connections using TLS/SSL based authentication: "This article shows how to enable computer based authentication using TLS/SSL, when establishing a remote desktop connection to a server running Windows Server 2003."
source
December 01, 2006
Computer Security Day"Computer Security Day was started in 1988 to help raise awareness of computer related security issues. Our goal is to remind people to protect their computers and information.
This annual event is held around the world on November 30th although some organizations choose to have functions on the next business day if it falls on a weekend."
sourc
Computer Security Research - McAfee Avert Labs Blog: "Today, Avert Labs announced the availability of its
podcast on the “Top Ten Security Trends in 2007”."
source
SophosLabs global director in security podcast: "Sophos, a world leader in IT security, today announced that Mark Harris, global director of SophosLabs, appeared in an eWeek
'Onsecurity' podcast with senior writer, Matt Hines. "
source
Talking Security with Mr. Cryptography: "IC: What are the factors driving the adoption of ECC?
DIFFIE: Smaller keys, faster computations, lower power consumption, less memory — what's not to like? Even when memory is cheap, the difference between hundreds of bits and thousands of bits is noticeable when there are billions and billions of keys in the world."
source
Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography): "San Francisco - The government must have a search warrant before it can search and seize emails stored by email service providers, according to a friend-of-the-court brief filed last week by the Electronic Frontier Foundation (EFF) and a coalition of civil liberty groups."
source