October 29, 2007
Technology News: Security: Russian Firm Files Patent for Password Cracker: "'The resulting hardware/software powerhouse,' it asserts, 'will allow cryptology professionals to build affordable PCs that will work like supercomputers when recovering lost passwords.'"
Source:
technewsworld
Bruce Schneier on why Internet security is failing : Security Topics: "'Old attacks don't go away, and new attacks appear every week. Complexity is what's going on; it's the worst enemy of security. Complexity makes things worse faster, so we lose ground even as we improve.'"
Source:
searchsecurity
Scoop: Facebook employees know what profiles you look at ""My friend got a call from her friend at Facebook, asking why she kept looking at his profile," says a privacy-conscious source at a major tech company. Turns out Facebook employees can (and do) check out anyone's profile."
Source :
valleywag
October 25, 2007
"“Believe it or not, a year-and-a-half ago iris [scanning] was viewed as a dicey experiment by many in the policy sector of the defense technology community,” Gravel said. “We all know how very much progress has been made in this regard.” Indeed, Gravel noted that the standard for DOD biometrics is now the “13 biometric template” — which consists of scanning 10 fingers, two eyes and one face. "
Source:
gcn
Privacy and geotagging | Tech news blog - CNET News.com: "associating photos with a map location, is a current hot topic."
Source:
news
When it comes to banking, fees matter more than security, study says: "A bank that can show that it is paying attention to IT security issues may get positive publicity from the effort. But the fees charged by banks for transactions have a much greater affect on consumer behavior than security moves, according to a new report from analyst firm Gartner Inc."
Source:
computerworld
Encrypt data stored off site, warns Louisiana agency: "However, she conceded, “If you trust your data to a courier, then obviously something like this can happen.”"
Source:
computerworld
Privacy Lost: These Phones Can Find You - New York Times: "“We seem to be getting into a period where people are closely watching each other,” he said. “There are privacy risks we haven’t begun to grapple with.” But the practical applications outweigh the worries for some converts."
Source:
nytimes
Kyle Jorgensen's Blog: Our Future Privacy Risks: "There are arguments that anonymous file sharing applications only exist for the reason of sharing illegal files. I am a believer in privacy, and don't believe this to be true. I think people have a right to protect their identity online (as the internet wasn't built for privacy)."
Source:
kylejorgensen
The Local - Warning to Swedish Facebook users: "Den Nya Välfärden, says the 13-page contract users agree to when joining Facebook gives the US company rights over their personal information and photographs. "People think it is free to join, but you pay with your personal integrity and your future. When you apply for a job in 30 years, the recruiter will be sitting there with what you have written," he told ..."
Source:
Thelocal
October 22, 2007
No Breach, No Foul - Application and Perimeter Security News Analysis - Dark Reading: "As long as the vulnerability isn't detected in a compliance audit scan, or doesn't get exploited by an attacker, a business could theoretically just sit on a Website bug -- either for cost reasons, a lack of resources, or ignorance of its implications, security experts said this week."
Source:
darkreading
October 17, 2007
Submit Free Articles | Article Submission | Linux Articles | Interview Questions | Jobs and Careers - Fear and Loathing in Information Security: "If I were to tell you that I'm proud to be a hacker, would you wish I was dead? Last week I attended a speech by someone who just may, and while that speech was offensive on more levels than I can address in one editorial, I would like to talk about the demonization of hackers within the information security ("infosec") profession. In my opinion, the time has come for infosec professionals to stop fearing technology's boundary-pushers and for hackers to stop pretending there's any glory in the crimes most of them are too smart to want to commit in the first place. "
Source:
linuxera
Secret manual shows Comcast (gasp!) protects customers' privacy | The Iconoclast - politics, law, and technology - CNET News.com: "Comcast's confidential 'Law Enforcement Handbook' was publicly disclosed on Monday. It turns out to be a 35-page manual dated September 2007 for police and intelligence agencies to use when they're trying to extract information out of Comcast about subscribers. The company's Internet service, VoIP telephone service and cable TV service are all covered."
Source:
news
The Local - Swedish hackers target Turkish forum: "Swedish hackers have retaliated against their Turkish counterparts following an attack earlier this month on some 5,000 Swedish websites."
Source:
thelocal
October 15, 2007
A system to detect possible terrorists: "Computer and behavioural scientists at the University of Buffalo are developing automated systems that track faces, voices, bodies and other biometrics against scientifically tested behavioural indicators to provide a numerical score of the likelihood that an individual may be about to commit a terrorist act."
Source:
rediff
October 14, 2007
ISN Security Watch - US grapples with cybersecurity: "The first priority concerns the expansion of Einstein, a situational awareness program. Law enforcement personnel, Garcia explained, 'deter crime and catch criminals by understanding their environment, watching for trends and patterns and knowing the rhythms of the community.'"
Source:
isn.ethz
Demand for Knowledge of Dangerous I.T. Security Threats Drives More Than 76,000 Downloads of WatchGuard Technologies LiveSecurity Videos From Google and YouTube: "With the growing frequency and danger of active threats to I.T. infrastructures and networks, I.T. managers and network administrators in many small-to-medium-sized organizations are hungry for education on how to protect their installations."
Source:
watchguard
Zone-H.org - 10 reasons websites get hacked: "1. Cross site scripting (XSS) 2. Injection flaws 3. Malicious file execution 4. Insecure direct object reference 5. Cross site request forgery 6. Information leakage and improper error handling 7. Broken authentication and session management 8. Insecure cryptographic storage 9. Insecure communications 10. Failure to restrict URL access"
Source:
zone-h
October 09, 2007
NSA writes more potent malware than hacker | The Register: "'We hired someone to create worms from scratch. A freelancer, who did the same sort of work for NASA, and was imprisoned for seven years for hacking offences,'"
Source:
theregister
Say it once, say it forever, privacy experts warn: "'The notion that we could have conversations that disappear is, in fact, disappearing,' said Bruce Schneier"
Source:
canada
October 08, 2007
Is That Big Brother In Your Pocket? - Security Watch: "Where did you go last Tuesday? You may not remember yourself, but if you had your cell phone on you then the government can find out relatively easily,"
Source:
pcmag
IBM software aids in vast surveillance of Chicago streets: "The City of Chicago is developing a futuristic video surveillance system designed to scan city streets looking for everything from bombs to traffic jams."
Source:
computerworld
TrafficMaster sells clients' location info to UK.gov | The Register: "It emerged that the Mail scribes were talking about UK traffic-data company TrafficMaster selling its database to the government. The deal isn't terribly secret, actually - TrafficMaster is quite open about it."
Source:
theregister
October 07, 2007
Video security networks: IT's newest frontier: "People still think of physical and information security as two separate entities. But to completely manage risk and identity you have to bring all the pieces of security together."
Source:
computerworld
Malware becoming more sophisticated, warns IBM: "According to IBM, the 'exploits as a service' industry continues to thrive, with the new practice of 'exploit leasing' added to the repertoire of criminals. By leasing an exploit, attackers can now test exploitation techniques with a smaller initial investment, making this underground market an even more attractive option for malicious perpetrators."
Source:
computerworld
Keyloggers proposed to fight terrorist use of cybercafés: "An organization in Mumbai, India has proposed that police use keylogging software at cybercafés to keep track of communications between terrorists."
Source:
computerworld
Symantec: Bank account details fetch $400 online: "Bank account details command prices of up to $400, while credit card details sell for between 50 cents and $5, e-mail passwords from $1 to $350 each, and e-mail addresses from $2 to $4 per megabyte, according to Symantec's 'Internet Security Threat Report,' which covers the first half of the year."
Source:
computerworld
Attacking multicore CPUs | The Register: "The world of multi-core cpus we have just entered is facing a serious threat."
Source:
theregister
Computer Security Expert Bruce O'Dell: Testimony to NH Legislature: "Yet, ensuring the integrity of systems is the hardest of all challenges in computing. Once again I believe my profession has failed to adequately inform our clients and the general public."
Source:
opednews
France blames China for hack attacks | The Register: "Germany, the USA and the UK have all become the subject of targeted attacks originating from China, with many observers pointing the finger of blame towards China's Peoples Liberation Army (PLA). France, Australia and New Zealand joined the growing list this week."
Source:
theregister
Debate rages over German government spyware plan: "After passing anti-hacking legislation earlier this year to crack down on the sharp rise in computer attacks in the public and private sectors, the government is now floating a plan to develop and smuggle its own spyware on to the hard drives of suspected terrorists through e-mail messages."
Source:
computerworld
Pentagon: Chinese military hacked us | The Register: "But China doesn't want to fight the US - who would pay for all the iPods? And America doesn't really want to fight China - where would they get all the damn iPods made?"
Source:
theregister
Information Security and Data Breach Notification Safeguards: Open CRS Network - CRS Reports for the People: "Information security and breach notification requirements are imposed on some entities that own, possess, or license sensitive personal information."
Source:
opencrs.cdt
Oh, don't tell me: 10 claims that scare security pros: "'Our managers have copies of all passwords.' Though the idea makes freshman CISSPs faint, there are indeed managers who demand that their direct reports disclose their individual passwords. The explanation for this aggressively dumb demand is always 'What if someone quits or is sick? How would we get their documents?'"
Source:
computerworld
The Ten Privacy Tenets » MoneyHowTo.com Global Investors Community. Making Money Instructions: "Do not let anyone know where you actually live and sleep. Preferably, you should actively mislead people about where you live."
Sound:
moneyhowto
Hacking for hijinks | The Register: "I mean, there's nothing actually illegal about reprogramming your car's engine control unit to tell the garage's computerised emissions testing system that your car is well within the limits, is there?"
Source:
theregister
VeriSign worker exits after laptop security breach | The Register: "VeriSign has warned workers of the theft of a laptop that contained their personal information."
Source:
theregister
File encryption dos and don'ts | InfoWorld | Column | 2007-08-03 | By Roger A. Grimes: "Is file encryption right for you?
Key archiving, key archiving, key archiving
Where is your data?
What about data in transit?
Are your apps compatible?
What can you encrypt?
Double-checking the encryption
Performance hit?
Do you have the available disk space?
Create a data protection policy
Ongoing auditing and verification"
Source:
infoworld
Kittens -- the solution to spam? | InfoWorld | News | 2007-08-03 | By Nancy Gohring, IDG News Service: "When Hotmail first started using HIPs, the number of e-mail accounts generated on the first day dropped by 20 percent without an increase in support queries, Larson said."
Source:
infoworld
Joint effort key to IT security future - vnunet.com: "“It’s a government and industry problem,” Lipner said. “The government can’t solve it all because private entities [run] the critical infrastructure. But government has the resources the private sector is not likely to have.”"
Source:
vnunet
October 01, 2007
Threat Level - Wired Blogs: "DefCon security on Friday warned attendees at the annual hacker conference that Dateline NBC may have sent a mole with a hidden camera to the event to capture hackers admitting to crimes. DefCon says it was tipped off by their own mole at Dateline who sent them a pic of the undercover journalist who DefCon employees identified as producer Michelle Madigan."
Source:
wired
Scan This Guy's E-Passport and Watch Your System Crash: "'If you're able to crash something you are most likely able to exploit it,'"
Source:
wired
A Defcon survival guide | The Register: "It only takes a single weakness to be penetrated, so the only way to be sure you won't get hacked is to leave your computer at home, or short of that, not to plug in to the wireless network there."
Source:
theregister