Thursday, June 18, 2009

Around The Horn vol.1,122

Leaked: screenshots of Morro, Microsoft's free antivirus

By emil.protalinski@arstechnica.com (Emil Protalinski) on Morro

Morro is the codename for a free, real-time antimalware solution for consumers to be released in the second half of 2009. It will offer basic features for fighting viruses, spyware, rootkits, and trojans. Microsoft is getting ready to put Morro into testing over the next few weeks, but it appears that certain testers (including Microsoft employees) already have it and are taking it for a spin. Neowin managed to obtain three screenshots (one of which is shown above) of Morro, which has yet to get a final name.

Click here to read the rest of this article

Safari Charlie to reveal unsigned iPhone code exploit

By chris.foresman@arstechnica.com (Chris Foresman) on unsigned code

Security researcher Charlie Miller and Vincenzo Iozzo, a student at the University of Milan, recently discovered a repeatable method to trick the iPhone's processor to run unsigned code. The pair now plan reveal their work at the Black Hat Security Conference in Las Vegas next month.

There have been very few exploits for the iPhone thus far, since the iPhone's security system generally prevents running arbitrary code. However, Miller and Iozzo discovered a method to enable a working shell, which could let a hacker do virtually anything within the system, including copying private data. Their method, combined with an iPhone OS exploit, has the potential to allow hackers to run virtually any code they want on the device. We talked to Miller to get some more details about how this is possible.

Hacker cracks TinyURL rival, redirects millions of Twitter users

By Robert A. on IndustryNews

"A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today. After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than...

Google considers request to boost privacy

By Elinor Mills

Updated at 4:45 p.m. PST to clarify that Gmail data has always been encrypted by default when a user types in https:// and that last year they offered the ability to set https:// as the default.

More than three dozen security and privacy advocates and researchers are asking ...

Morro screenshots reportedly leaked; Will it be cloud-based?

By Elinor Mills

A Windows enthusiast blog on Tuesday posted what it says are leaked screenshots of Microsoft's upcoming free security software, code-named "Morro," which is due for public beta release soon.

The Neowin.net blog has three screenshots that it says it obtained from an anonymous source. The software is reportedly ...

Dasient helps Web sites avoid blacklists, malware

By Elinor Mills

Last week, PBWorks founder David Weekly found out from some customers that his hosted collaboration site had been blacklisted by Symantec for hosting malware and, thus, visitors to any of the 10 million pages on PBWorks were ...

Apple iPhone OS 3 has been leaked. Not.

By Rik Ferguson on countermeasures

In an interesting show of cross web platform strategy, scammers are using Twitter, file sharing websites and associate marketing schemes to generate an income, and their bait is a supposedly “leaked” or “stolen” version of the v3 OS for Apple’s iPhone, which is due for official release today.   The first thing I noticed was a few people [...]

To Morro, To Morro - You’re More Than a Day Behind.

By Rik Ferguson on microsoft

On the heels of the imminent demise of its commercial consumer security offering Windows Live OneCare, Microsoft opted to develop a free of charge package, to compete with the other free of charge basic anti-malware scanners already available.   A fair amount of publicity has recently been whipped up around this project,”codenamed” Morro (apparently after a beach in Brazil). Recently [...]

fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool

By Darknet on software-security

fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service. Quick Info FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data. It supports some [...]

Massive Malware Outbreak Infects 30,000 Websites

By Darknet on web-application-security

This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware. The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place. An obfuscated JavaScript meant [...]

Researchers To Unleash New SMS Hacking Tool At Black Hat

iPhone-based auditing tool tests mobile phones for vulnerabilities to SMS-borne attacks

Despite High Value Of Information, Many Companies Lag On Database Security

Despite high value of database information, many companies fail to follow basic database security practices

Two New OS X Attacks Bite Apple

In Vulnerability Research

Researchers have unearthed two new Apple OS X Trojan attacks as malware schemers continue to rachet up their focus on the company's increasingly popular products.

Blank Messages Drive Spam Spike

In Virus and Spyware

Spammers are enlisting an interesting new technique in forwarding their unwanted e-mails, blank messages.

DHS spending bill would fund SBInet, E-Verify

The DHS spending bill approved by the House Appropriations Committee would fund several technology programs.

DISA seeks identity management technology

DISA wants to learn more about emerging access control technologies that can simplify management and interoperability.

Hathaway: National cyber incident response plan coming by year end

The team that conducted the 60-day review of government cybersecurity policy is following up with a national incident response plan and efforts to untangle legal hindrances to improved security.

China Making Green Dam Internet Filter Optional

The government's edict prompted widespread derision from Chinese bloggers, objections from Chinese academics and lawyers, and criticism from security experts.

Former Google Employees Launch Web Malware Startup

The company will address changing malware distribution patterns and to provide a way to respond to Web security threats using automated techniques.

Apple Fixes Java Security Hole

The flaw could have allowed a Java applet to execute malicious code on affected Macs, potentially leading to information theft or a compromised system.

Working with consultants part 3

When you have chosen your consultant, prepare an action plan that defines what you both plan to do, by when and how you will know when to stop using their services.

Hacker cracks TinyURL rival, redirects millions of Twitter users

Cligs, aURL-shortening service that condenses long Web addresses for use on micro-blogging sites, was hacked over the weekend.

Hacker Hijacks Millions of Cligs URLs

The Cli.gs URL-shortening service yesterday reported that an attacker managed break in via a software security hole and take over 2.2 million URL links.

Apple finally patches six-month-old Java bugs

Apple yesterday patched 32 vulnerabilities in its implementation of Java; Sun fixed the same flaws for Windows and Linux users more than six months ago.

Iran using U.S. chip technology in rocket research

The Web site of an Iranian research institute has posted the specifications of a high performance computer that it built using AMD dual core Opteron chips.

China to propose WLAN security standard for global use again

China will submit its wireless LAN security protocol to the International Organization for Standardization (ISO) for consideration as a global standard, years after its rejection by the standards body incensed Chinese backers.

China Citizens Oppose Green Dam, So Must Computer Makers

There was a time when American capitalists would have strongly protested totalitarian censorship, but that was before they became complicit in it. Moral indignation once again loses out to global profits.

Survey finds lack of concern for cloud security

Half the companies that use or plan to use cloud computing services don't know how they will square that use with the need to insure that data integrity and compliance with standards and policies.

Study: Asia-Pacific network security market remains strong

The Asia-Pacific network security market is expected to grow by 6.5 per cent this year, dropping nearly two-thirds from the robust growth in 2008.

Apple releases Java patches (finally)
Better six months late than never

Apple has released security updates for Mac OS X and Mac OS X Server 10.4.11 and 10.5.7 - more than six months after Sun Microsystems warned the world of flaws in its Java virtual machine that make it easy for attackers to execute malware on users' Macs, PCs, and Linux boxes.…

Google cloud told to encrypt itself
R in RSA wants s in https

Updated A small army of security and privacy researchers has called on Google to automatically encrypt all data transmitted via its Gmail, Google Docs, and Google Calendar services.…

BlockMaster SafeStick hardware-encrypted USB drive
Tough enough?

Review It may make its money shelling shedloads of its security centric USB Flash drives to organisations like the NHS, but Sweden's BlockMaster believes the rest of us likewise need memory sticks with a high level of data protection built in.…

PCI DSS and Incident Handling: What is required before, during and after an incident

Category: Incident Handling

Paper Added: June 16, 2009

Wireshark 1.2.0 released, (Wed, Jun 17th)

Thanks to ISC reader Bob who told us that Wireshark updated one of our favourite tools. This is a ne ...(more)...

Web server survival time research, (Wed, Jun 17th)

Lately, I have been writing new labs for an update version of my DEV 422 Defending web app course. O ...(more)...

Useful browser addon - WOT, (Wed, Jun 17th)

I have been playing around with the WOT browser add-on for couple weeks with good results. WOT stand ...(more)...

URL Shortening Service Cligs Hacked, (Tue, Jun 16th)

A post over at Cligs talks about an intrusion with their URL shortening service. In essence, a ...(more)...

Iran Internet Blackout: Using Twitter for Operational Intelligence, (Tue, Jun 16th)

One of the topics in the halls here at SANSFIRE is how twitter has been the one tool that has breach ...(more)...

Iranian hacktivism, (Tue, Jun 16th)

With the increase of violence in Iran due to the recently held election, it was just a matter of tim ...(more)... 

Smart Meters are Full of Holes (June 12, 2009)

"Smart" electricity meters currently being installed at homes and businesses in the US are full of vulnerabilities that could place the country's power grid in peril.......

European Commission Wants Stiffer Cyber Crime Penalties (June 15, 2009)

Convicted cyber criminals could face harsher penalties in the European Union if the European Commission gets its way.......

Spam King Could Face Jail Time for Violating Facebook Restraining Order (June 12, 2009)

A federal judge has referred Sanford Wallace to the US Attorney General's Office for criminal proceedings for allegedly defying an order that prohibited him from accessing Facebook.......

Virgin and Universal Reach Fee-Based Download Arrangement (June 15, 2009)

Virgin Media UK broadband customers who pay a monthly fee will be able to download or stream unlimited MP3 files, thanks to a deal struck by Virgin and Universal.......

Arrests and Indictments in International Phone Hacking Scheme (June 12 & 15, 2009)

Three people have been indicted and five arrested in connection with an international phone service hacking scheme.......

Ten Arrested in Music Downloading Scam (June 10 & 12, 2009)

UK police have arrested 10 people in connection with a scheme in which they downloaded their own music from iTunes and Amazon thousands of times, paying for the downloads with stolen credit cards.......

Legislators' Proposal Would Revise Real ID Act (June 15, 2009)

US legislators have proposed a revision to the Real ID Act of 2005, a controversial law aimed at tightening security in the wake of the September 11 attacks.......

Israeli Government Sites Attacked in January (June 15, 2009)

The Israeli government says that the country's Internet infrastructure was attacked in January during the Gaza Strip military offensive.......

Illinois State Agency Missing 52 Computers (June 11, 2009)

Reports from Illinois state auditors indicate that the Department of Financial and Professional Regulation cannot account for 52 computers.......

Mozilla Updates Firefox to Version 3.0.11 (June 12, 20090

Mozilla has released Firefox version 3.......

Student Arrested for Accessing School System Without Authorization - Again (June 12 & 14, 2009)

A Shenendehowa (NY) High School student has been arrested for breaking into the school's computer system.......

Survey: Admins Exploit Privileges to Access Sensitive Data (June 10 & 11, 2009)

A survey of 400 IT administrators found that more than one-third abuse their administrative rights to access sensitive information about employees, customers and their companies for personal use.......

Microsoft cracks down on click fraud ring

By Robert Westervelt

Fraudsters used a click farm to simulate hundreds of thousands of clicks for specific advertisements. Experts say click fraud threatens the online advertising industry.

IT pros find corporate firewall rules tough to navigate

By Eric Ogren

Tweaking rules could result in disrupting business communications or opening a hole for unauthorized traffic. Firewall management tools ease the burden.

Apache Tomcat RequestDispatcher Directory Traversal Vulnerability

Rasterbar libtorrent Arbitrary File Overwrite Vulnerability

There is an 'arbitrary file overwrite' vulnerability in libtorrent that allows an attacker to create and modify arbitrary files (and directories) with the effective rights of the user executing the vulnerable libtorrent-based application.

Multiple Vendor WebKit Error Handling Use After Free Vulnerability

Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability

HP-UX Running OpenSSL DoS

Google Considers Tightening Gmail Security

Google announces that it may make use of HTTPS the default configuration for Gmail. The move comes after several security and privacy experts sent an open letter to the company urging enhanced protections for Gmail, Google Docs and Google Calendar.
- Google officials responded June 16 to calls for better security by announcing that the company is considering turning on HTTPS in Gmail by default for all connections. The announcement follows an open letter sent to Google CEO Eric Schmidt by nearly 40 security and privacy experts that urge...

Developing Security Metrics for Enterprise Risk Management

Developing security metrics for your organization can be a daunting process. IT pros, however, say deciding on security metrics can be the difference between effective security and serious vulnerabilities.
- When Bruce Jones decided to serve as global IT security risk and compliance manager at Eastman Kodak Company, he found he had a challenging problem on his hands - how to create a solid set of security metrics that could be used to communicate risk to the rest of the business. Roughly two...

Hacker Hits URL Shortening Service Cligs

Cligs, a URL shortening service popular among users of micro-blogging services like Twitter, was attacked recently. The attack redirected 2.2 million of the miniature URLs to a single URL.
- Cligs, a popular URL shortening service for Twitter users, was hacked recently in an attack that exploited a security hole to redirect 2.2 million URLs. "Late last night/early this morning, a security hole in the Cligs editing functionality was discovered and was exploited by a malicious a...

An Odyssey of Fraud

In Web Fraud 2.0

Andy Kordopatis is the proprietor of Odyssey Bar, a modest watering hole in Pocatello, Idaho, a few blocks away from Idaho State University. Most of his customers pay for their drinks with cash, but about three times a day he receives a phone call from someone he's never served -- in most cases someone who's never even been to Idaho -- asking why their credit or debit card has been charged a small amount by his establishment. Kordopatis says he can usually tell what's coming next when the caller immediately asks to speak with the manager or owner. "That's when I start telling them that I know why they're calling, and about the Russian hackers who are using my business," Kordopatis said. The Odyssey Bar is but one of dozens of small establishments throughout the United States seemingly picked at random by organized cyber criminals to serve as unwitting pawns

Top Security Minds Urge Google to Encrypt All Services

In From the Bunker

A who's-who of more than three dozen high-tech and security experts from industry and academia is urging Google to beef up the privacy and security settings of its Gmail, Google Docs and Calendar online services. At issue is whether Google is doing enough to block hackers from hijacking a user's Webmail account or intercepting information from online documents. An increasing number of free, publicly available tools may make it simple for even novice hackers to launch such attacks. "Google's default settings put customers at risk unnecessarily. Google's services protect customers' usernames and passwords from interception and theft," said the experts, including luminaries from AT&T, PGP Corp. and top researchers from Berkeley, Harvard, MIT, Oxford and Purdue. "However, when a user composes email, documents, spreadsheets, presentations and calendar plans, this potentially sensitive content is transferred to Google's servers in the clear, allowing anyone with the right tools to steal that information."

Hacker Hijacks Millions of Cligs URLs (PC World)

In technology

PC World - The Cli.gs URL-shortening service yesterday reported that an attacker managed break in via a software security hole and take over 2.2 million URL links.

Web Attacks Expand in Iran's Cyber Battle

More and more of Iran's pro-government websites are under assault, as opposition forces launch web attacks on the regime's online propaganda arms. But the tactic remains controversial. Even some activists are calling for the denial-of-service strikes to end.

Encrypt the Cloud, Security Luminaries Tell Google

By Ryan Singel

Security researchers urge Google to enable encryption by default on its most popular web apps, including Gmail and Google Docs, saying the search giant is putting millions of users at risk of fraud from hackers.

TinyURL Rival Hacked, Millions of Twitterers Hijacked

URL-shortening service Cligs was hacked over the weekend, redirecting more than 2.2 million Web addresses.

Apple Updates Finally Arrive to Fix Java Bugs

The patch fixes 32 vulnerabilities in Apple's implementation of Java; Sun fixed the flaws for Windows and Linux users more than six months ago.

Hacker Hijacks Millions of Cligs URLs

Most links using the Cli.gs link-shortening service were changed to point to a blog site instead of their original destination.

Leaked: Microsoft Security Essentials (codename Morro)

By emil.protalinski@arstechnica.com (Emil Protalinski) on Morro

Despite Microsoft's best efforts, the company's new antivirus product (codename Morro) has leaked. A leaked pre-beta indicates that the final name is Microsoft Security Essentials (MSE), and it will come with a brand new UI. Currently being tested by Microsoft employees and a select few testers, the free, real-time antimalware consumer solution (for fighting viruses, spyware, rootkits, and trojans) will be released in the second half of 2009.

When the first screenshots were showed off yesterday, it looked like an old build to us—and almost identical to Windows Defender.

Click here to read the rest of this article

'Golden Cash' botnet-leasing network uncovered

By Elinor Mills

Researchers at security firm Finjan said on Wednesday that they have uncovered an underground botnet-leasing network where cyber criminals can pay $5 to $100 to install malware on 1,000 PCs for things like stealing data and sending spam.

The Golden ...

Date set for NASA hacker hearing in U.K.

By Tom Espiner

A date has been set for the Britain's high court to consider whether self-confessed NASA hacker Gary McKinnon should be tried in the U.K.

Lord Justice Stanley Burnton and Justice Alan Wilkie will hear on July 14 the London resident's application for a judicial review, McKinnon's ...

Australians Qualify for Free Money!

By Rik Ferguson on government

The Australian Tax Office (ATO) have issued a warning about a new phishing scam doing the rounds.   Unsuspecting marks receive an email informing them that they are eligible for a refund on their paid up taxes.   The bogus mail contains a link to a very convincing looking phishing web site (see screen shot below) designed to harvest personal and [...]

Apple iPhone OS 3.0 Released – 46 Security Patches

By Darknet on iphone update

With the latest version of the Apple iPhone OS being released last night or this morning (depending where in the World you are) I guess most of the iPhone users amongst you would have already installed the software. Everyone I know using an iPhone has already done it without a hitch, it’s been long awaited and [...]

Bill would fund DHS data center consolidation

A Senate Appropriations Committee subcommittee today approved a bill that would give DHS "significant" money to continue its data center consolidation program.

DHS funds IT-related projects

Some of the $1.8 billion in DHS grants will go to state and local governments' technology projects.

iPhone Gets Enterprise IT Boost From Startup Apperian

Apple's lack of interest in being a major player in enterprise IT has opened the door for Apperian to work with large corporations to develop applications for the iPhone.

China Making Green Dam Internet Filter Optional

The government's edict prompted widespread derision from Chinese bloggers, objections from Chinese academics and lawyers, and criticism from security experts.

In Iran, cyber-activism without the middle-man

Anthony Papillion says he just wants to give Iranians a voice, but the word on Twitter these days is that he's not to be trusted.

Too few fighting the good fight on privacy

I'm constantly amazed by the brazenness of certain large companies and governments when it comes to abuse of privacy. The most egregious recent example: The Chinese government announced that starting July 1, it will require the installation of rootkit software on all PCs sold in China — ostensibly to prevent its citizens from visiting "objectionable" sites on the Web. (If you believe that, I have a Great Wall to sell you.)

Heartland CEO says data breach was 'devastating'

Heartland Payment Systems chief executive Robert Carr remembers what it felt like when he first heard about the massive data breach at his company earlier this year.

Coordinated Malware Resists Eradication

How do you make a terrible thing even worse? If you're a crook who operates a botnet--an often-expansive network of malware-infected PCs--you link botnets together to form a gargantuan "botnetweb." And you do it in a way that's hard for an antivirus suite to fight.

HK launches measures against counterfeit products

GS1 Hong Kong has launched a product authentication solution to help consumers identify whether the products they bought are genuine, including bird's nest, health supplements, Chinese medicine and consumables at the Hong Kong airport.

Reflex Systems’ virtual triple threat

Reflex Systems evolves its security products into tools for the virtual realm, and the vendor again updates the technology to incorporate policy-based management and compliance-related capabilities.

Iran's leaders fight Internet; Internet wins (so far)

Iran's government in recent days has tried to cut off Internet access by shutting down routers, ripping satellite dishes off roofs, cutting cables and turning off telephone switching networks. And still information about the protests seeps out.

What is a router?

Is a router still a router even if forwarding packets is just one of its many jobs?

Intel, Oracle, PayPal back ID technology interop group

The Kantara Initiative, formed to promote interoperability among identity verification applications and services, launched on Wednesday with big-name backers like Oracle, Intel, eBay's PayPal, AOL, CA, Novell, Fidelity Investments, Liberty Alliance, Boeing, Internet Society and British Telecom.

Government plans national cyber security centre

A national cyber security centre to combat the growing threat of foreign states and criminal gangs hacking into the public sector and enterprise IT infrastructure will be announced later this month by Gordon Brown.

Fibre, wireless and satellite to offer 2Mb broadband

The government plans to use a combination of next-generation fibre networks, wireless and satellite technology to ensure everyone in the UK has access to 2Mbps broadband by 2012, it revealed in its Digital Britain report.

Industry, military experts discuss murky cyberwar issues

Nations increasingly touched by cyberattacks are still in the very early stages of figuring out how to deal with incidents that could escalate into critical national security threats.

Report: Shoplifting Surges in Down Economy

An annual study that measures shoplifting rates finds that stealing has increased amid a troubled U.S. economy.

Corporate America's Tepid Response to Green Dam

Now that it's safe to do so, a technology industry group has oh-so-nicely asked the Chinese government to reconsider its requirement to include censorware known as Green Dam with all new PCs sold in that country. It's always heartening to see big, rich tech companies standing up to an authoritarian regime on behalf of free speech.

Month of Twitter Bugs project to document Twitter flaws

By Robert Westervelt

Security researcher Aviv Raff will document a number of cross-site scripting (XSS) flaws and other errors threatening Twitter users. 

Apple iPhone OS 3.0 Brings 46 Security Patches

Apple releases iPhone OS 3.0 to much fanfare. In addition to new features, the updated iPhone operating system brings several patches that address serious security issues in the mobile device.
- Apple quietly plugged nearly four dozen security holes when it pushed out an upgrade to iPhone OS 3.0 on June 17. With iPhone OS 3.0, users are getting fixes for several critical flaws, a number of which could be exploited by an attacker to execute arbitrary code. The WebKit and CoreGraphics...

How to Protect Privileged Access to Critical Government Systems

As reports of major security breaches and thwarted attacks on government agencies continue to pile up, cyber-security has become a top-level priority. Federal agencies must ensure that the right people have the right amount of control over vital information. By establishing and implementing consistent security initiatives, Knowledge Center contributor Robert Grapes explains how federal agencies can employ a proactive approach to help prevent security breaches.
- Despite being saddled with significant economic concerns, President Obama recognizing the significant importance of cyber-security to the nation ordered a 60-day review of United States information security and the systems that support Critical Infrastructure Protection (CIP) or in this case, cyber ...

40,000 Websites Compromised in Mass Attack

Researchers at Websense uncover a mass compromise of legitimate sites in an attack called Nine-Ball that is redirecting users to a malicious site hosting malware. The security compromise is the third to make the news in the past several weeks.
- More than 40,000 legitimate Websites have been hit by an attack that is redirecting users to a site laced with malware. The quot;Nine-Ball quot; compromise, which officials at Websense said they have been monitoring since June 3, has been dubbed Nine-Ball after the malicious site it directs us...

Finjan Researchers Uncover Marketplace for Botnets

Researchers at Finjan outlined a sophisticated one-stop shop for cyber-criminals buying and trading in infected computers. Called Golden Cash, the network has been linked to the compromises of around 100,000 PCs and FTP credentials.
- Researchers at Finjan have put the spotlight on a one-stop shop in the marketplace for malware-infected machines. In Finjans latest Cybercrime Intelligence Report for 2009, the company outlines the operations of the Golden Cash network, a one-stop shop trading platform for cyber-criminals tr... 

Coordinated Malware Resists Eradication (PC World)

In technology

PC World - How do you make a terrible thing even worse? If you're a crook who operates a botnet--an often-expansive network of malware-infected PCs--you link botnets together to form a gargantuan "botnetweb." And you do it in a way that's hard for an antivirus suite to fight.

iPhone Dev Team Updates Software Jailbreak for iPhone OS 3.0 (PC World)

In technology

PC World - The game of cat-and-mouse continues between hackers at the iPhone Dev Team and Apple. As we near the launch of iPhone OS 3.0, the Dev Team's pineapple-faced spokesperson, MuscleNerd, broadcast on Tuesday night a qik livestream showing off ultrasn0w, the updated version of the Dev Team's iPhone software jailbreak. MuscleNerd said in the video the new jailbreak applies to any iPhone 3G running 3.0.

US cybersecurity chief warns of 'market' in malware (AFP)

In technology

AFP - More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Industry, Military Experts Discuss Murky Cyberwar Issues (PC World)

In technology

PC World - Nations increasingly touched by cyberattacks are still in the very early stages of figuring out how to deal with incidents that could escalate into critical national security threats.

New Keylogger Bypasses PC, Snoops Keyboards (PC Magazine)

In technology

PC Magazine - Keyloggers, which monitor what you type into your computer, are a common and pernicious form of malware. But now attackers may be able to steal your keystrokes without even installing software on your PC.

What's new in the Windows 7 Firewall?

By deb@shinder.net (Deb Shinder)

Taking a look at the Windows Firewall in Windows 7, showing you how to configure it with multiple active firewall policies.

DoD told to add more cyberwarfare training

Posted by InfoSec News on Jun 18

http://www.navytimes.com/news/2009/06/military_cyber_warfare_061609w/

By Rick Maze
Staff writer
June 16, 2009

The House Armed Services Committee moved Tuesday to escalate U.S.
cyberwarfare efforts with a five-part defensive plan for protecting
critical military information systems.

Google Alert Wednesday June 17, 2009

Google News Alert for: "cyber security" | cybersecurity | information security | computer security

 

How to Write an Information Security Policy
Computerworld - Framingham,MA,USA
By Jennifer Bayuk CSO - An Information Security Policy is the cornerstone of an Information Security Program. It should reflect the organization's ...
See all stories on this topic

 

Top Security Minds Urge Google to Encrypt All Services
Washington Post - United States
A who's-who of more than three dozen high-tech and security experts from industry and academia is urging Google to beef up the privacy and security settings ...
See all stories on this topic

 

NIST Releases Information Security Handbook for Managers
ADVANCE - King of Prussia,PA,USA
9 the release of Special Publication 800-100, Information Security Handbook: A Guide for Managers. The handbook provides a broad overview of information ...
See all stories on this topic

 

China Urged to Review Anti-Porn Software Directive
Bloomberg - USA
The software raises “questions of security, privacy, system reliability, the free flow of information and user choice,” according to the letter, ...
See all stories on this topic

 

Online Security: A Simple Approach to Stopping Scammers, Spammers ...
PR Web (press release) - Ferndale,WA,USA
Seese has written two books about computer security. He holds a Master of Science in information security, and a Master of Arts in psychology. ...
See all stories on this topic

 

David Walker Explains Social Security's Future
U.S. News & World Report - Washington,DC,USA
Now, as head of the Peter G. Peterson Foundation, Walker continues to urge politicians to make programs such as Social Security and Medicare sustainable. ...
See all stories on this topic

 

Plant security prompts Rockefeller legislation
Daily Mail - Charleston - Charleston,WV,USA
The West Virginia Democrat has introduced legislation stating that the federal Sensitive Security Information classification can't be used to withhold ...
See all stories on this topic

 

NitroSecurity Delivers Real-Time Monitoring and Analysis for ...
Business Wire (press release) - San Francisco,CA,USA
NitroView ESM is the first and only content-aware Security Information and Event Management platform. Using patented data storage and management technology, ...
See all stories on this topic

 

UPI NewsTrack TopNews
United Press International - USA
Jameel Jaffer, head of the ACLU National Security Project, said the document shows torture produces unreliable information. ...
See all stories on this topic

Google Blogs Alert for: "cyber security" | cybersecurity | information security | computer security

 

IT@Intel Blog: Fortune Cookie Security Advice – Strategic ...
By matthew.rosenquist@intel.com
Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible ...
IT@Intel Blog - http://communities.intel.com/community/openportit/it/blog

 

New York OEM Brings Preparedness To Facebook : Homeland Security News
By national
“From that you'll get lots of information about what's happening in New York and you'll get good tips on how to be safe in New York for yourself, your family and your community,” said Bruno. Users can also get information on upcoming ...
Homeland Security News - http://www.nationalterroralert.com/

 

Security Id - Become.com
By security id
Compare prices for Security Id. Become.com searches billions of web pages to find the most relevant information on security id, and allows you to compare prices...
ruttt.com - http://ruttt.com/

 

Shopfloor » Blog Archive » In the World of Chemical Security, the ...
By Carter Wood
TCC is strongly opposed to legislation that would disrupt this security program by adding provisions that would mandate goverment-favored substitutions, weaken protection of sensitive information, impose onerous penalties for ...
Shopfloor - http://www.shopfloor.org/

 

Google Online Security Blog: HTTPS security for web applications
By Jay
A group of privacy and security experts sent a letter today urging Google to strengthen its leadership role in web application security, and we wanted to offer some of our thoughts on the subject. ... Are there particular regions, or networks, or computer setups that do particularly poorly on HTTPS? Unless there are negative effects on the user experience or it's otherwise impractical, we intend to turn on HTTPS by default more broadly, hopefully for all Gmail users. ...
Google Online Security Blog - http://googleonlinesecurity.blogspot.com/

Google Web Alert for: "cyber security" | cybersecurity | information security | computer security

 

Stiennon Interviews Radware's Avi Chesla Information Security ...
From The Internet Security Alliance The Department of Homeland SecurityDHS Office of Cybersecurity and CommunicationsCS&C National Cyber Security ...

Google Alert Thursday June 18, 2009

Google News Alert for: "cyber security" | cybersecurity | information security | computer security

 

Social Security unveils calculator
Atlanta Journal Constitution - GA, USA
The new version uses the Social Security database to provide accurate earnings information, though the calculator requests the most recent year of earnings ...
See all stories on this topic

 

Security Improvements Punctuate IPhone 3.0
PC World - USA
Apple indicates that information will be posted to its security updates Web page, but as this article was posted those changes had not yet been pushed live.
See all stories on this topic

 

City CISO Creates Own IT Security Guidance
GovInfoSecurity.com - Princeton,New Jersey,USA
As the President is getting this whole cyber security thing going, my expectation is that whatever comes out of that will roll downhill and that's what we ...
See all stories on this topic

 

China Holds Firm on Software Filter, US Firms Say
New York Times - United States
By EDWARD WONG & ASHLEE VANCE BEIJING — American computer makers say the Chinese government has not backed down from a requirement that Internet filtering ...
See all stories on this topic

 

Somali security minister killed in explosion
The Associated Press
MOGADISHU, Somalia (AP) — Somalia's information minister says the country's national security minister has been killed in an explosion in a western town. ...
See all stories on this topic

 

Heartland Gets Religion on Security
Wall Street Journal - USA
By Ben Worthen Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech security. But that's what he's emerging as. ...
See all stories on this topic

Defense Industry Daily

USAF Awards ITT $49.9M Contract to Upgrade Cyber Security System
Defense Industry Daily - Chesapeake City,MD,USA
The ISSE is a bi-directional cyber security system supporting the high-to-low and low-to-high security transfer of email and image files and the high-to-low ...
See all stories on this topic

AFP

US cybersecurity chief warns of 'market' in malware
AFP
"Everyone recognizes that we are in a national security moment," said Reitinger, who joined the government after a stint as Microsoft's "Chief Trustworthy ...
See all stories on this topic

 

Proposed Bill Limits Security Restrictions for Industrial Reporting
WBOY-TV - Clarksburg,WV,USA
Senator has introduced a bill to make clear that Sensitive Security Information classification cannot be used to withhold information that is not explicitly ...
See all stories on this topic

Google Blogs Alert for: "cyber security" | cybersecurity | information security | computer security

 

How Your Network Security Provider Maintains PCI Compliance | TAP ...
By admin
Payment Card Industry (PCI) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard, which is currently comprised of 12 guidelines, was created to help organizations ... Unapproved Software: Ensure that all software applications installed on your computer networks are approved by your company's security policy. - Suspicious Traffic: Detect abnormal traffic on your network that could indicate an ...
TAP | Tech A Peep - http://www.techapeep.com/

 

Internet Security Alliance Updates 6-17-09 | CIO - Blogs and ...
Apple patches Java flaws, at last. Locating VoIP callers in emergencies. ISAlliance/NIST/DHS VOIP SECURITY PROGRAM - CALL TO PARTICIPATE. http://information-security-resources.com/2009/06/17/internet-security-alliance-updates-6-17-09/ ...
CIO - Blogs and Discussion - - http://advice.cio.com/

 

p2pnet news » Blog Archive » Shape up on privacy, researchers tell ...
By Jon
So say 38 international privacy and security vresearchers, among them Ian Kerr, Canada research chair in ethics, law & technology, University of Ottawa, and Jeff Moss, founder and director, Black Hat and DEFCON, and a member of the US Department ... SRI International Computer Science Lab and moderator of the ACM Risks Forum; and, Chris Hoofnagle, director, information privacy programs, Berkeley Center for Law & Technology, University of California, Berkeley School of Law . ...
p2pnet news - http://www.p2pnet.net/

 

AMA Adopts New Security Guidelines
3. support responses to security breaches that place the interests of patients above those of physician, medical practice or institution 4. to the extent possible, provide information to patients to enable them to diminish potential ...
Internet Security News - http://securitypronews.com/

 

Opera Unite: A Great idea or horrible security risk? - Security
By Steve Ragan
Each of these are potential security issues, comprised of privacy-based attack surfaces (think information gathering), and infection vectors for Malware. Opera has created some interesting things over the years, including the famous and ...
The Tech Herald Security News - http://thetechherald.com/security/

Google Web Alert for: "cyber security" | cybersecurity | information security | computer security

 

Sun Tzu and the Art of Information Security Information Security ...
Steven is an independent information security consultant He holds a Masters in .... Office of Cybersecurity and CommunicationsCS&C National Cyber Security ...

No comments:

Post a Comment

My Blog List