53cur!ty 6109

International Security - Emerging Threats - Analysis - UPI.com: "Targeted phishing attacks, known as 'spear phishing' or 'whaling,' aim to compromise the computers used by top executives. Rather than trying to steal passwords for a single account, the e-mail will contain an attachment or Web link that, when activated, will install special software that logs every keystroke typed on the computer, and reports it back, enabling hackers to get password and account information for secure systems."

Source: upi

Cybercrime: Uncovered - Independent Online Edition > Science & Tech: "It sounds like a piece of Raymond Chandler for the noughties, a hybrid of films like Hackers, The Matrix or any cyberpunk thriller from the past 20 years. But it is, in fact, real. The network is the Russian Business Network (RBN) – thought to be led by the nephew of a well-connected Russian politician – and it has been attracting the attention of security experts worldwide. "

Source: independent

ENISA: "ENISA is launching its latest Position Paper: on 'botnets', i.e. silent, 'hijacked' computers."

Source: enisa.europa

SANS Institute - SANS Top 20 Internet Security Risks of 2007 Point to Two Major Transformations in Attacker Targets

Source: sans

'Man in the browser' is new threat to online banking: "Perpetrators act as a 'man in the browser' by intercepting HTML code in the Web browser. As bank security measures curb more traditional threats such as keystroke logging, phishing and pharming, F-Secure warned, the 'man in the browser' attack will increase. Once a user's PC is infected, the malicious code is only triggered when the user visits an online bank. The 'man in the browser' attack then retrieves information, such as logins and passwords, entered on a legitimate bank site. This personal data is sent directly to an FTP site to be stored, where it is sold to the highest bidder. "

Source: computerworld

An inconvenient hack: Al Gore's Web site hit: "Because search engines give priority to pages that are linked to by very popular pages, adding links from the Inconvenient Truth blog would be a bonanza for scammers, ... The film's blog has 'such a high page ranking that they use that as sort of conduit to ... gain a really high Google page rank, and hope that they can find some suckers to buy some medications online,' he said. "

Source: computerworld

Encryption key management worries loom: "'If you share the key, you share the data; if you lost the key, you've lost the data,' says Dennis Hoffman, general manager of the data security unit of RSA Security Inc., "

Source: computerworld

Biometric ID scheme without the need for a centralised national identity database - Security Park news: "The smart card plan would eliminate ATM fraud since users would be required to scan their fingerprint to access their account rather than use vulnerable chip and PIN. A home scanner linked to a PC or laptop by a USB port could prevent internet transaction fraud since the user would be scan their fingerprint to confirm their identity and make a purchase."

Source: securitypark

Biometrics won't fix data loss problems | The Register: "The inclusion of biometric data in one's NIR record would make such a record even more valuable to fraudsters and thieves as it would - if leaked or stolen - provide the 'key' to all uses of that individual's biometrics (e.g. accessing personal or business information on a laptop, biometric access to bank accounts, etc.) for the rest of his or her life. Once lost, it would be impossible to issue a person with new fingerprints. One cannot change one's fingers as one can a bank account."

Source: theregister

Databazaar Blog : Cryptography Threatens Makers of Third Party Inkjet Cartridges: "You've heard about technology designed to prevent CD and DVD piracy. Now printer manufacturers want to use cryptography to protect against third party ink cartridge makers. "

Source: databazaar

ITPro: Security: Features: People and IT Security: "When security specialists talk about IT security and threats, they normally have technology in mind. Sounds great, but unless you include people in your security strategy, you computer and your company is still vulnerable."

Source: itpro

Docuticker » European versus American Liberty: A Comparative Privacy Analysis of Antiterrorism Data Mining: "It is common knowledge that privacy in the market and the media is protected less in the United States than in Europe. Since the terrorist attacks of September 11, 2001, it has become obvious that the right to privacy in the government sphere too is protected less in the United States than in Europe. "

Source: docuticker

Hunt for Russia's web criminals | Technology | The Guardian: "Rise of the botnets

Botnet evolution is intrinsically linked to Internet Relay Chat (IRC). The first bots were developed from a messaging facility within IRC with a view to controlling PCs remotely.

Late 1999 SANS Institute researchers find remotely executable code on thousands of Windows machines. The infected computers are named "robots", shortened to "bot".

February 2000 Bot programs are encrypted, so their purpose only becomes clear when they are used to launch a distributed denial-of-service (DDoS) attack, bringing down sites such as Amazon and eBay.

October 22 2002 Nine of the internet's 13 "root DNS" servers are disabled in a massive attack by a bot herder advertising his services.

2002-04 Bots get more sophisticated and begin to handle tasks such as sending spam, hosting phishing sites, and other illegal activity.

2005 Code-changing techniques are developed to hide bots from security products. Professionals design, program, and support bot "packages" for criminals

2006 Peer-to-peer communication protocols pass command of the botnet between compromised PCs to evade bot hunters. Automated retaliatory attacks start on anything trying to find or interfere with a botnet.

February 6 2007 Second attack on internet's root DNS servers.

May 18 2007 Two-week attack on Estonia's computers takes the country offline following its government's moving of a statue of a Russian second world war soldier."

Source: guardian

UN Body Joins the Fight Against Bots - Security Watch

Did NSA Put a Secret Backdoor in New Encryption Standard?: "Break the random-number generator, and most of the time you break the entire security system. "

Source: wired

Top five worst IT security mishaps of 2007 - ZDNet UK

Security Market Trends for 2007: "Pre-boot authentication is typically what organizations are looking to implement between now and next year as to better protect their environments from physical attacks. Typically, a pre-boot authentication screen is loaded that will prompt a user for credentials before booting the operating system. "

Source: windowsecurity

ThinkGeek :: Ironkey: "Their thumb drives hold up to 4 Gigabytes of data, but includes a hardware encryption chip that scrambles the data so as to be completely unreadable without a password. Passwords can be hacked, but not the IronKey. It's built to withstand attacks both virtual and physical. 10 incorrect password attempts, and the encryption chip self-destructs, making the contents of the flash drive totally unreadable."

Source: thinkgeek

Public's privacy is on the line - Los Angeles Times: "Anonymity is dead."

Source: latimes

NIST addresses security for industrial controls systems: "The National Institute of Standards and Technology has released an initial draft of new security guidelines for government information technology systems used for industrial control processes."

Source: gcn

Cryptographer Warns that Math Errors in Computer Chips Could Be a Global Security Risk | Threat Level from Wired.com: "Noted Israeli cryptographer Adi Shamir (the 'S' in RSA Security and the middle one in the picture at right) has made an obvious, but nonetheless important, observation about the security problems that would ensue should a math error be found in any widely used computer chip."

Source: wired

Security related podcast links i sometimes listen.

http://www.2600.com/rss.xml
http://adventuresinsecurity.com/Podcasts/AISSeries/AdventuresinSecurity.xml
http://www.backslashtech.com/podcasts/podcasts.xml
http://www.binrev.com/radio/podcast/
http://feeds.feedburner.com/BlueBox
http://www.cert.org/podcast/exec_podcast.rss
http://feeds.feedburner.com/Computersecurity
http://www.computerworld.com.au/podcast.mp3.xml
http://geekmuse.net/podcast/
http://www.gridsummit.com/Channels/VideoAudioPrograms.xml
http://www.hackermedia.org/rss/hmvideo.php
http://www.hackermedia.org/rss/hmaudio.php
http://www.hackermedia.org/rss/hackermedia.php
http://www.hackermedia.org/rss/hmnoncom.php
http://www.hackermedia.org/rss/hmsingles.php
http://feeds.feedburner.com/net-security/oYGU
http://feeds.sophos.com/en/rss2_0-sophos-podcasts.xml
http://weblog.infoworld.com/daily/podcast.xml
http://weblog.infoworld.com/zeroday/podcast.xml
http://feeds.feedburner.com/LiveAmmoRadio
http://feeds.feedburner.com/LocalAreaSecurityPodcast
http://mocana.podomatic.com/rss2.xml
http://www.networkcomputing.com/blog/movabletype/rss_cat_sec.xml
http://www.mckeay.net/secure/index.xml
http://www.oopsla.org/oopsla2007/podcasts/rss.xml
http://pauldotcom.com/podcast/psw.xml
http://feeds.feedburner.com/WebSecurityPodcast
http://feeds.feedburner.com/RealtimeCommunityVistaPodcast
http://news.com.com/2325-12640_3-0.xml
http://leoville.tv/podcasts/sn.xml
http://feeds.feedburner.com/blogspot/ZhKn
http://sploitcast.libsyn.com/rss
http://feeds.feedburner.com/StillsecureAfterAllTheseYears
http://www.symantec.com/content/en/us/about/rss/sr/sr.xml
http://feeds.feedburner.com/SecurityCatalyst
http://www.twatech.org/wp-feed.php http://www.webservicessummit.com/Channels/TechTalk.xml

What Not to Do After a Security Breach - Desktop Security News Analysis - Dark Reading

Source: darkreading

Industry Hears First 'Singing Spam' - Desktop Security News Analysis - Dark Reading: "Security firm MessageLabs today reports that it has spotted a massive run of spam sent out in the form of MP3 files and masquerading as music clips from popular artists. This is the first instance of a large distribution of spam hiding inside sound files, the researchers say. "

Source: darkreading

How to Interview an Insider Threat Suspect - Desktop Security News Analysis - Dark Reading

Source: darkreading

Website Security Seals Get a Boost - McAfee News Analysis - Dark Reading: "Some security experts have dismissed Website seals such as Hacker Safe and ControlScan as more marketing ploy than security, and hackers have fueled the debate by exposing cross-site scripting vulnerabilities on sites proudly emblazoned with seals from Hacker Safe and other security seal providers. (See Hackers Reveal Vulnerable Websites and Are 'Sealed' Websites Any Safer?.) "

Source: darkreading

Hitachi Replacing Car Keys With Finger-Vein Scanner: "The Tokyo-based company is developing a biometric device that would identify a driver by reading the veins in his fingers. Each finger could authorize something different, according to Hitachi. For instance, one finger could authorize the driver to start the car, another finger could be scanned to adjust the seat or mirror, and yet another finger could authorize the payment for a hamburger at a drive-through."

Source: computerworld

Spammers employ stripper to crack CAPTCHAs: "The hackers, frustrated at their inability to come up with a way to automate account registration, are getting users to do their dirty work."

Source: computerworld

NATO ministers get to grips with cyber defence | The Register: "The 'informal Defence Ministers meeting' took place in Noordwijk, the Netherlands, on Wednesday and Thursday last week. The planned agenda had issues of cyber warfare to be discussed on Thursday morning, along with missile defence, force transformation, and various other matters. In civilised style, the conflab was scheduled to wrap up in time for lunch and a nice long weekend."

Source: theregister