May 30, 2007
Local File-Reading Vulnerability Found in Firefox - News and Analysis by PC Magazine: "Thanks to Thor Larholm for pointing out that a vulnerability in the current versions of Firefox and Mozilla allows malicious Web sites to read and act on the contents of local files to which they are supposed to have no access."
Source: pcmag
Techworld.com - Engineer discovers new security technology: "Data messages can be sent intermittently and camouflaged by this 'thermal noise.' It appears to be better than quantum key distribution (QKD) technology.Data messages can be sent intermittently and camouflaged by this 'thermal noise.' It appears to be better than quantum key distribution (QKD) technology."
Source: techworld
Techworld.com - IT admins read private email, says report: "One IT administrator laughingly said: 'Why does it surprise you that so many of us snoop around your files, wouldn’t you, if you had secret access to anything you can get your hands on?'One IT administrator laughingly said: 'Why does it surprise you that so many of us snoop around your files, wouldn’t you, if you had secret access to anything you can get your hands on?'"
Source: techworld
Techworld.com - China accused of information warfare: "'The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks,' the annual DoD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years. 'The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks,' the annual DoD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years. "
Source: techworld
ONTOGENY: Digital Fears Emerge After Data Siege in Estonia: "They also knew from experience that “if there are fights on the street, there are going to be fights on the Internet,” said Hillar Aarelaid, the director of Estonia’s Computer Emergency Response Team."
Source: mattdowling
Is desktop security broken beyond repair?: News - Security - ZDNet Australia: "We need to understand that users are not people who have degrees in computer science and a deep understanding of computer security -- they are people who are trying to get their job done."
Source: zdnet
Threat Level - Wired Blogs: "Third party extensions including the widely used toolbars from Google, Yahoo, Ask, Facebook, LinkedIn, as well as social bookmark extension from Del.icio.us and two anti-hacking add-ons, the Netcraft Anti-Phishing Toolbar and the PhishTank SiteChecker all put users at risk of having their browser infected with malicious code."
Source: wired
Riskbloggers - Security Wisdom ahead of the curve: "
1. Whitelisting
2. Metrics based on Derivatives
3. Self Classifying Data
4. Security Software as a Service, Outsourcing
5. Standards inside Regulations
6. Certification
7. XACML
8. Monitoring of Users & Activities
9. Federal Rules of Civil Procedure (FRCP)
10.Enterprise Risk Management "
Source: riskbloggers
May 26, 2007
IT Crime - Company checklist: "This Information Technology (IT) crime prevention checklist focuses on a range of IT security topics to be considered in the field of threats, with criminal intent, to Information Technology."
Source: interpol
Wired Science - Wired Blogs: "Ignacio Cirac: Quantum Teleportation It's possible to send information from point A to point B without it touching anything in between."
Source: wired
May 23, 2007
Techworld.com - Chinese hacking threat set to grow: "'China’s hacking scene is clearly an active one,' the Symantec report said. "
Source: techworld
RFID backlash gains momentum, from states up - May. 21, 2007: "NEW YORK (CNNMoney.com) -- Civil rights and privacy rights groups have opposed radio frequency identification, or RFID, for years. But now, researchers in the field and some lawmakers are beginning to voice concerns about the security of the technology."
Source: cnn
Japan military data leak wider than previously thought: "Investigators in Japan looking into the leak of data relating to the Aegis missile defense system have discovered other sensitive U.S. military information has been leaked, Japan's Kyodo News reported on Tuesday. "
Source: computerworld
New and improved version of Gozi Trojan horse on the loose: "A new, stealthier version of a previously known Russian Trojan horse program called Gozi has been circulating on the Internet since April 17 and has already stolen personal data from more than 2,000 home users worldwide."
Source: computerworld
XML format for antiphishing info to go live in July: "'For example, a Korean CERT (Computer Emergency Response Team) reporting an incident can send it to a French bank,' he said."
Source: computerworld
Russia's opening shot in the cyber Cold War - Computerworld Blogs: "The once-warm relations between the U.S. and Russia have turned decidedly cool -- so much that a new Cold War may be on the way. This time around, though, the war may be fought with bytes rather than bullets. "
Source: computerworld
May 22, 2007
Uribe100.com"Lists of the Best 100 websites in Computer and Infromation Security"
Source: Uribe100
May 20, 2007
IBM loses retirees' personal information - Security - MSNBC.com: "IBM Corp., one of the world's leading providers of encryption and other data-management technologies, is in the uncomfortable position of trying to solve its own mystery involving missing computer tapes with sensitive information about employees and records of customer transactions."
Source MSNBC
Virginia Tech Lesson: Rare Risks Breed Irrational Responses "In the United States, dogs, snakes, bees and pigs each kill more people per year (.pdf) than sharks. In fact, dogs kill more humans than any animal except for other humans. Sharks are more dangerous than dogs, yes, but we're far more likely to encounter dogs than sharks."
Source
May 15, 2007
Irony alert: Pirate file-sharing site hacked: "Pirate Bay apologized to members for the inconvenience. 'Sorry for the mess, but we are all human and we miss something sometimes.'"
Source
Hackers hijack Windows Update's downloader | InfoWorld | News | 2007-05-10 | By Gregg Keizer, Computerworld: "'It is novel,' said Oliver Friedrichs, director of Symantec's security response group. 'Attackers are leveraging a component of the operating system itself to update their content. But the idea of bypassing firewalls isn't new.' "
Source
IBM criticizes TippingPoint over hacking contest | InfoWorld | News | 2007-05-11 | By John E. Dunn, Techworld.com: "This contest is an excellent example of what can happen when security companies do not have a strict separation of 'church and state' between marketing and vulnerability research. "
Source
The Peninsula On-line: Qatar's leading English Daily: "Interestingly, it was an automated teller machine (ATM) which helped bust the first gang. One of the accused used a fake credit card to withdraw cash, the ATM confiscated the card.
He then inserted another forged card and this was also withheld by the machine. The ATM at the same time took the picture of the accused, which the concerned bank later passed on to the economic offences wing at the Criminal Investigation Department at the Ministry of Interior. "
Source
CANOE -- CNEWS - Canada: Global fight for human rights enters the digital domain: "Cyberspace is an emerging frontier in the fight for human rights, and firewalls and identity maskers are the new tools for dodging oppressive regimes."
Source
May 12, 2007
Game Giveaway of the Day » Hacker Evolution: "When a chain of events sets off worldwide, leaving critical service disabled, you assume the role a computer hacker to find out what happened and attempt to stop it. When a stock market, a central bank, satellite uplink and transoceanic fiber optics links crash, you know this is more then a simple event."
Source
Police seize laptop for sale with children's data: "The council disposes of its used computers through not-for-profit organization Revitalise, which employs disabled people who work with IT technicians to recondition used computer equipment for cheap resale to schools and voluntary groups."
Source
Britain's biggest credit card fraudsters jailed for over five years each | the Daily Mail: "The 'highly organised' scam was discovered
purely by chance when a routine anti-terrorist police patrol stopped one of the conspirators carrying 40 mobile phone top-up cards."
Source
Dancho Danchev - Mind Streams of Information Security Knowledge: Big Brother Awards 2007: " They are all interconnected to a certain extend, united under the umbrella of the common good which as a matter of fact won a golden boot in this year's Big Brother International Awards :"
Source
Insider
"Threat Example: Engineer Leaks U.S. Military Secrets - Realtime IT ComplianceAs a synopsis, an engineer, Chi Mak, born in China but a naturalized U.S. citizen working for a defence contractor, Power Paragon of Anaheim, was found guilty of conspiring to export U.S. defense technology to China, including data on an electronic propulsion system that could make submarines virtually undetectable, guilty of being an unregistered foreign agent, guilty of attempting to violate export control laws and guilty of making false statements to the FBI."
Source
May 05, 2007
Tyme Tech: The Top 25 Web Hoaxes and Pranks: "These online spoofs and shams have made the rounds on Web sites and through e-mail. Perhaps you even believed one or two of them yourself."
Source
Wireless Network -- it's Time to Shore up Security - May 2007: "The FBI has recently learned that the basic protection against intruders -- Wireless Encryption Protocol, or WEP -- is increasingly vulnerable to accomplished hackers."
Source
Privacy groups renew push against Real ID bill - Network World: "Privacy advocates are making a last-ditch effort to muster public opposition to the controversial Real ID bill, which proposes to create a national standard for issuing state drivers' licenses and other forms of state-issued identification."
Source
Wanted: an ID scheme we can trust - 03 May 2007 - IT Week: "Recent reports of yet another credit card cloning scandal, this time involving compromised equipment in some petrol stations, has further undermined consumer confidence in the safety and integrity of electronic payment systems.
"
Source
Panda Software :: Security Labs Cannot Cope With Volume of Internet Threats: "1. In the absence of major news on email-worms infecting millions of computers for some time, is the Internet safer?
'No way. There is a false sense of security among users,' explained Corrons. 'And that is precisely what malware creators are after. Their goal is no longer the notoriety of having caused the most destruction, but simply to quietly make money."
Source
net.wars: Cryptanalysis: "It supports the powerful and suppresses the weak.'"
Source
Lloyds TSB certificate glitch sparks concerns | The Register: "Consumers were greeted with a 'website certified by an unknown authority' pop-up message for *.clickshift.com after accessing online.lloydstsb.co.uk."
Source
Attackers improve on JavaScript trickery | The Register: "splitting up the code into many components and the use of custom encoders, to obfuscate JavaScript"
Source
The internet sucks, lets delete it - Get Vorkt!: "ALTHOUGH it has taken nearly four decades to build today's internet, some researchers, with the US government's blessing, want to scrap all that and start again."
Source
Top 10 Internet Crimes - News and Analysis by PC Magazine: "Category % of complaints
Auction Fraud 44.9%
Non-Delivery 19%
Check Fraud 4.9%
Credit/Debit Card Fraud 4.8%
Computer Fraud 2.8%
Confidence Fraud 2.2%
Financial Instiitutions Fraud 1.6%
Identity Theft 1.6%
Investment Fraud 1.3%
Child Pornography 1.0%"
Source
Techworld.com - Virus and access protection slip down security concerns: "A new poll places theft of information and regulatory compliance at the top of chief security officers’ (CSOs’) agenda. The executives say that computer viruses and unauthorised access are less of a worry."
Source
Techworld.com - Single-victim spam attacks skyrocket: "Micro spam attacks hitting one person are up more than 10 times over last year, according to MessageLabs."
Source
Hackers debut malware loaded USB ruse | The Register: "Malware purveyors deliberately left USB sticks loaded with a Trojan in a London car park in a bid to trick users into getting infected."
Source
Phishers add call forwarding to their arsenal | The Register: "The folks at SecureWorks have observed a new phishing technique that uses call forwarding to route a victim's incoming phone calls to a number controlled by the attacker."
Source
Hackers debut spam and virus sandwich | The Register: "Hackers have combined spam and malware together in a single email threat."
Source
Pentagon 'hacker' questions US cost claims | The Register: "Accused Pentagon hacker Gary McKinnon appeared on a hackers' panel at the Infosec show on Thursday."
Source
UK takes lead in e-crime portal - ComputerworldUK - The Voice of IT Management: "UK computer security experts are designing a web portal to gather more precise statistics on Europeans victimised by internet crime, an area that remains difficult for collecting accurate data."
Source
Security slowly comes to the party - Security - Technology - smh.com.au: "In 2002, the internet could best be described as the 'wild west meets farce'."
Source
Technology News: Security: Microsoft Invites Collaboration With Grid Computing Research: "Microsoft (Nasdaq: MSFT) Free 30-Day Trial. Seamlessly Integrate UNIX & Linux systems with Active Directory. Latest News about Microsoft has released details about its SecPAL project to encourage collaboration from the grid computing community on methods for greater security Barracuda Spam Firewall Free Eval Unit - Click Here and access controls."
Source
The White House isn’t the only government office whose employees use outside e-mail messaging: "The headaches associated with the use of third-party e-mail and messaging services by government workers will continue to bedevil computer systems administrators ... "
Source
NSA gives military students lesson in cyberdefense: "“They are hungry to win,” said Maj. Damon Becknell, who teaches information assurance at the U.S. Military Academy at West Point, N.Y."
Source
Eight Privacy Firms to Watch: "Just seven years ago, there wasn't even a privacy market to speak of. The ink on most privacy laws wasn't dry yet, fewer than 50 people worldwide bore the title 'chief privacy officer,' and the International Association of Privacy Professionals didn't exist."
Source