January 30, 2007
Moscow company scrutinizes computer code for flaws - International Herald Tribune: "Evgeny Legerov sells bugs — not the creepy-crawly kind, but information about programming flaws in computer programs like Web browsers and operating systems."
source
Credit card fraud could be stopped by 'quantum cryptography' - Discovery Reports Canada: "In the future, identity thieves and Internet hackers may find themselves out of a job - or at least that's what one Calgary scientist is hoping."
source
It's Time to Forge Global Privacy Rules: "Whenever I’ve mentioned to chief privacy officers the idea of having a single set of privacy rules for their companies to abide by worldwide, their response has been unanimous: Bring it on."
source
January 29, 2007
Bankers Association Says Stolen Card Data Was Used in Purchases: "Credit and debit card numbers compromised in the security breach at TJX have been fraudulently used in at least three U.S. states and two foreign countries, according to a group that represents Massachusetts banks."
source
January 28, 2007
Shocking Number of Organizations Without Chief Privacy Officer: "Despite increasing concerns surrounding employee privacy and compliance issues, 70% of recently surveyed companies indicated that their organizations had no privacy department."
source
Stanford Computer Forum - News » Blog Archive » The Logic of Privacy: "PEOPLE do not have secret trolleys at the supermarket, so how can it be a violation of their privacy if a grocer sells their purchasing habits to a marketing firm? If they walk around in public view,"
source
Emergent Chaos: There are three types of authentication: "They are:
1. Something you've lost,
2. Something you've forgotten, and
3. Something you used to be."
source
Microsoft to push new antiphishing technology: "The result of the process is something called an Extended Validation Secure Sockets Layer (EV SSL) certificate, which can be used by Web sites to help reassure Web surfers that they are handing over their private information to a legitimate site."
source
Top malware threats and latest security trends explored in Sophos podcast: "Sophos, a world leader in protecting businesses against computer threats, today announced that it has published a new podcast discussing the Sophos Security Threat Report 2007."
source
January 25, 2007
EETimes.com - Japan seeks to secure mobile-phone nets: "A coalition of government, industry and research organizations in Japan has proposed the adoption of a common platform based on Public Key Infrastructure (PKI) authentication for higher security on mobile-phone networks, bypassing ID- and password-based security."
source
January 23, 2007
Net security from one of the fathers of the biz | The Register: "I am known for my work in internet security, starting with work on early firewalls and honeypots at Bell Labs in the late 80s. I coined the word 'proxy' in its current usage in a paper I published in 1990. "
source
Identity Crisis: How Identification Is Overused and Misunderstood: "Identification is an essential social and economic process, but the advance of identification technologies such as biometrics, identity cards, surveillance, databases, and dossiers threatens privacy, civil liberties, and related human interests. "
source
January 20, 2007
InformationWeek Weblog: If You Like Needles, You're Gonna Love RFID: "Some recent news about electronic tracking of cattle, as well as a look at the new James Bond movie, has revived long-repressed fears about vaccinations at the pediatrician."
source
January 19, 2007
State of Illinois Issues 100,000th Digital Certificate: "The project -- titled the Digital Signature/Public Key Infrastructure Project "
source
A tale of two Internets | InfoWorld | Column | 2007-01-19 | By Roger A. Grimes: "One third of all U.S. adults had their identity and financial information stolen or lost in 2006 alone."
source
Microsoft, Google to work on free speech, privacy rights: "Microsoft Corp., Google Inc. and two other technology companies said today that they will develop a code of conduct with a coalition of nongovernmental organizations to promote freedom of expression and privacy rights."
source
January 16, 2007
Identity Theft Attacks Up 250 Percent: "The threat to home and business computer users rose dramatically between January 2004 and May 2006, with a 250 percent rise in the number of keylogging utilities found on the Internet. "
source
eGov monitor |: "Overzealous data sharing rules may be an obstacle to improving public services, the PM's policy reviews suggests."
source
Jeff Jones Security Blog : (Belated) Security Predictions for 2007: "here are my top Security Predictions for the year, in no particular order:"
source
The Utility Belt: Interview: Must-know security insights for 2007: "Kocher, who helped discover a strange and fascinating type of attack where hackers can discover weaknesses by analyzing the power consumption of a device, talked about today's threats and how consumers and business can defend against them."
source
Cryptography of SSH: "This is an overview of the SSH2 protocol, with a focus on how it uses cryptography to accomplish many of its goals: authentication, integrity, and confidentiality."
source
Concurring Opinions: WSJ, cyber-shaming, and limited privacy: "Cyber-shaming is in the news again, in a recent Wall Street Journal article."
source
Could invisibility beat encryption? | The Register: "PCMesh has unveiled software which it claims can hide any Windows file or directory, not only from other users - or thieves - of the same PC, but even from the operating system or a virus."
source
January 15, 2007
Interview with Vincent Rijmen, co-author of AES | Clipperz: "VR: I guess it requires a leap of mind before we start using a means of communication as a means of storing secrets."
source
January 12, 2007
VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws: "The Reston, Va., security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay-for-flaw VCP (Vulnerability Contributor Program)."
source
Two charged with hacking LA traffic lights: "Two men have been charged with illegal computer access after they allegedly hacked into the Los Angeles city traffic center to turn off traffic lights at four intersections last August."
source
January 11, 2007
Bloomberg.com: Opinion: "When a bank sends jobs offshore to India, it isn't just the jobs that go,"
source
p2pnet.net - the original daily p2p and digital media news site: "Of an estimated 49 million Americans notified of unauthorized access to their personal information during the past three years"
source
January 10, 2007
eBay's PayPal to Thwart Phishing Scams with New Device: "PayPal is beta testing a new tool to help keep user accounts secure. The PayPal Security Key is a small electronic device that account-holders may order from PayPal."
source
January 08, 2007
Attack of the Zombie Computers Is Growing Threat - New York Times: "Adam Waters is chief operating officer. “We are losing this war badly,” Mr. Wesson said of the growing threat from botnets."
source
Cambridge University researchers hack chip-and-PIN payment terminals: "how a chip-and-PIN terminal used to authenticate credit and debit card transactions in that country can be compromised to steal sensitive data."
source
January 07, 2007
TCPalm: Local News: "A tap of the finger is how some customers pay for groceries at Piggly Wiggly stores in Indiana."
source
Biometrics and Government: "Any human physiological or behavioural characteristic can qualify as a biometric characteristic as long as it satisfies the following requirements:"
source
January 06, 2007
Webwereld | A new SSL certificate is on the way: "Web-based businesses face a crisis in consumer confidence because of phishing scams. But because of a new kind of SSL certificate, Web sites will be able to definitively demonstrate their identity, and customers will be able to confirm the identity of trusted sites."
source
PKC anniversary event provided insights into the past, present, and future of cryptography: "Here�s a look at what he learned, from issues surrounding quantum cryptography and computing to the fallacy of a U.S. government back door in the AES encryption algorithm."
source
How to protect yourself at wireless hot spots: "Connecting to a hot spot can be an open invitation to danger."
source
Adobe scripting flaw unearthed | The Register: "The vulnerability, which involves Adobe Reader 6.x and Adobe Reader 7.x, means it is possible to execute potential hostile JavaScript code simply by appending it to a PDF's URL."
source
» Is Islamist cryptography evil? | Rational rants | ZDNet.com: "So, does this suggest we should have locked down crypto technology years ago, jailed Jim Bidzos and Phil Zimmerman, among others, and prevented this disastrous breach of national security?"
source
What Scares Me About Security in 2007: "Opinion: 2007 is the year that attackers get more creative. The low-hanging fruit is gone. "
source
Five Hackers Who Left a Mark on 2006: "In no particular order, here's my list of five hackers who left a significant mark on 2006 and set the stage for more important discoveries in 2007:"
source
Privacy News: PogoWasRight.org - We have met the enemy, and he is us!: "PEOPLE do not have secret trolleys at the supermarket, so how can it be a violation of their privacy if a grocer sells their purchasing habits to a marketing firm? If they walk around in public view, what harm can cameras recording their movements cause? A company is paying them to do a job, so why should it not read their e-mails when they are at work?"
sourcemain source
The Seattle Times: Business & Technology: Adobe Reader flaw seen as major PC security problem: "Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links."
source
Match your company policies with your solutions - IT Security News - SC Magazine US: "New security threats arise everyday. CERT, a federally funded research and development center operated by Carnegie Mellon University, reported almost as many security vulnerabilities (5,340) in the first six months of 2006, as occurred in all of 2005 (5,990)."
source
Jeremiah Grossman: Top 10 Web Hacks of 2006: "Attacks always get better, never worse. That’s what probably what I’ll remember most about 2006."
source
MercuryNews.com | 01/02/2007 | Security threats on Web more serious this year: "``The first viruses were nothing but mischief,'' said David Moll, chief executive of Webroot Software. ``Now that there is money to be made, it has changed the game entirely.''"
source
Wired 15.01: CSI: TCP/IP: "Fifteen years ago, Christy founded the Pentagon's first digital forensics lab."
source
DailyTech - U.S. Government Taking No Chances With Full-Disk Encryption: "After story after story of government laptops being stolen and compromised, the U.S. government is making progress in encrypting all information stored on its data devices."
source
Wired 14.05: The RFID Hacking Underground: "They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground.
By Annalee Newitz"
source
Droids Corporation -- Rasta Ring 0 Debugguer: "RR0D is a ring 0 debugger. It offers the possibility to debug any kind of code (kernel/user/rasta land)."
source
Next Generation Security Technologies | ngGames: "NGSEC's games are a set of security quizes useful for anyone interested in security or hacking."
source
January 01, 2007
Tyme Tech: How to Keep Your Business E-Mail Private: "What are the consequences if you e-mail sensitive business information, such as financial statements or a report with evidence of employee wrongdoing, and it falls into the wrong hands?"
source
The Legal Guide To Employee Monitoring | Reg Research: "This whitepaper provides guidelines on how and where data or employee monitoring in the workplace is legal and where it is not. Can you read employee emails? Can you check who they are being sent to?"
source