Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News Articles
Your Router Crashing? Could Be XP SP3
2008-06-08 04:49:00 Here’s an interesting article. Apparently people have been noticing that their broadband modems have been crashing. It turns out that the culprit could very well be Windows XP with SP3. From APCMAG: Broadband modem/router maker Billion says XP SP3 has been causing its BiPAC 5200-series routers to go into a constant crash and reboot cycle. The company has ... More About: Hardware , Router
Employees? Vital Data On Stolen Stanford Laptop
2008-06-08 04:45:00 The wall of shame has a new candidate for stolen laptops I’m afraid. This time a laptop with personal information for employees at Stanford University was pinched. From the San Francisco Chronicle: Stanford University has notified tens of thousands of past and current Stanford University employees that their personal information - including their dates of birth, Social ... More About: Crime , Laptop , Employees , Data , Stolen
Securiy Briefing: June 6th
2008-06-06 14:56:00 Working form the home office this morning. The best kind of commute. Now, back to my research. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Google to allow third party code in Gmail? | Builder AU Skype patches security policy bypassing vulnerability | ZDNet Experts warn of security-dodging Trojans | vnunet Microsoft Patch Tuesday promises seven fixes ... More About: News , June
China Denies Hacking US Gov Laptop
2008-06-06 14:15:00 “Wasn’t me. Didn’t see me do it” - Bart Simpson From the Associated Press: China on Friday denied allegations that its operatives secretly copied the contents of a U.S. government laptop computer and used the data to try to hack into Commerce Department computers. U.S. authorities say they are investigating whether surreptitious copying took place when a laptop ... More About: Politics , Laptop , Hacker , Spy Game
Tripwire Releases VMWare Security Tool
2008-06-06 04:59:00 I received an email from the folks over at Tripwire today. They have released a tool that can be used to check the security on VMWare configs. I haven’t got the time to review this one so I’ll leave to you the good readership to arrive at your own conclusions. From Tripwire: Tripwire® ConfigCheckTM is a free ... More About: Security , Tools , Tool , Virtual , Vmware
US-CERT Gets New Boss
2008-06-06 04:51:00 Former DOJ staffer Mischel Kwon to head up the US-CERT. From Network World: The U.S. Department of Homeland Security has chosen a new head of its U.S. Computer Emergency Readiness Team (US-CERT). Mischel Kwon, will start as director of US-CERT on June 24, a DHS spokeswoman said Thursday. She is presently acting deputy director of IT security and ... More About: Politics , Boss , Cert
Last HOPE Radio
2008-06-05 13:32:00 Keeping tabs on the upcoming Last Hope conference this July. From the Last Hope: For Immediate Release THE LAST HOPE TO FEATURE HACKER RADIO At The Last HOPE conference, hackers will broadcast their minds and their iPods. In the center of the summer’s top hacker event will be a small isolation booth. “Radio Statler!” as the station is called, will ... More About: Conventions
Security Briefing: June 5th
2008-06-05 12:48:00 Damn these infernal mornings. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… 1st Source Bank replacing debit cards after security breach | Network World Microsoft Warns Of Bug In Apple’s Safari | CRN Going Back to Basics To Fight Botnets | Top Tech News EU security agency warns over insecure printing | The Register Information at thieves’ ... More About: June
Hacking Case Shuts Out Valedictorian, Other Seniors
2008-06-05 05:28:00 And what did we learn today class? That’s right. Hacking the school computers has consequences associated with it. Now slap yourself and head back into the detention hall. Dumbass . From the Houston Chronicle: George Bush High School’s valedictorian is among a group of Fort Bend Independent School District seniors who will not be allowed to take part ... More About: Hacker , Case , Seniors
Oracle Database 11g Gets Praise From InfoWorld
2008-06-05 05:18:00 From InfoWorld: I expect most Oracle Database shops will find at least five of these life changers in Oracle Database 11g. But there’s one feature, Real Application Testing, that’s so compelling, it’s almost enough reason to upgrade on its own. There’s not a shop out there that doesn’t make code changes, and they all need a ... More About: Data Security , Review , Praise
GAO: FDIC Needs Stronger Security Controls
2008-06-05 05:09:00 Meh, they only handle the insurance for your money. No biggie right? From FCW: A key reason for the latest weaknesses the auditors found is that the FDIC did not always fully implement critical information security program activities, GAO said. For example, multiple FDIC users shared the same login ID and password, had unrestricted access to application source ... More About: Security , Data Security , Stronger
PCI Compliance: Learning from the U.S. Air Force
2008-06-05 02:12:00 SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforce’s response to web breaches. From SC Magazine: In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force , and stole 33,000 records. As data breaches ... More About: Learning , Air Force , Compliance
Security Briefing: June 4th
2008-06-04 15:08:00 It’s a hump day miracle. I’ve made it half way through the week and I’m not completely psychotic from a lack of REM sleep. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… UK citizens’ portal exposes edit kit interface | The Register Setting the stage for the latest PCI deadline | SC Magazine Banks are confusing consumers on PC security | ZDNet Australia Watchdog urges firms to lock up customer digital data | The Globe and Mail Secret Bits: How Codes Became Unbreakable | InformIT New security frontier is all about data | The Sydney Morning Herald Worm hits several SA sites | ITWeb South Africa US raises entry bar with online database for visitors | Times Online Tags: News, Daily Links, Security Blog, Information Security, Security News More About: June
Last Hope On Locks
2008-06-03 16:48:00 Here is another update from the folks at “Last Hope ” conference taking place this July in NYC. FOR IMMEDIATE RELEASE Security Experts to Disclose Major Flaws Affecting Over 95% of All Locks New York, NY - June 2, 2008 - This summer, hackers from around the world will be teaming up with lock picking and security experts to show the public exactly how insecure their locks are. Recent studies have proven that locks of all varieties (including so-called “high security” locks) can be compromised, some by persons with a minimal skill. Attendees at The Last HOPE conference in July will learn firsthand about security vulnerabilities inherent in standard lock designs, from the most common ones used on our front doors to the high security models used by industry and in government. Attempts to alert the security industry to these dangers have not met with much success, which is why we believe it is in the public interest to demonstration certain methods of bypass. &ldq...
Myrcurial gets placed in the Leader’s Quadrant - Gartner Days 1&2
2008-06-03 16:23:00 Gartner IT Security Summit - June 1-3, 2008 - Washington, DC. Alright - call this an omnibus posting. I had planned to do a better job of intra-day postings, but the schedule here is hectic and as anyone who knows me can attest, I really do work to get maximum value out of any conference that I go to. Highlights here - much more detail available if anyone comments/emails me to ask. Day 1 Opening Keynote - The next 10 years in IT Security - Rated: Good. Keynote - Google’s Security - Rated: Excellent. Keynote - SciFi Authors’ Future View of IT Security - Rated: Excellent. “F” Track - Gartner Analysts/Researchers speak on the topic of “The CISO” - Rated: Mediocre to Good. Exhibition Floor - Rated: Good. Food - Rated: Hotel Std. Bring Pepto Product Highlight - Alcatel-Lucent OmniAccess 3500 Nonstop Laptop Guardian It’s a way to lojack your laptops - a device that stores your crypto keys, 2nd factor auth token, acts as your 3G WWAN, GPS enabled,... More About: Days , Gartner
Security Briefing: June 3rd
2008-06-03 14:16:00 The joy of the morning commute. Last week was a complete blur but, traffic is far worse. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Walter Reed says patient data may be compromised | Associated Press Hacker Hijacks Website of Hacking Tool Maker (Metasploit) | Wired Fetching Stolen Laptops | EMQ Philly news anchor embroiled in e-mail hacking scandal | Philly.com French police smash global hacker ring | vnunet Google fixes several site security issues | CNET Exploiting Security Holes Automatically | MIT Technology Review Apple releases Mac OS X Leopard Security Guide | ZDNet Tags: News, Daily Links, Security Blog, Information Security, Security News More About: June
Hackers Invade Mars
2008-06-03 13:50:00 Well, the website for the NASA Phoenix Lander at least. From the Register: Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice. Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read “hacked by VITAL.” As if that wasn’t enough, members of the self-declared “sql loverz crew” redirected baffled visitors of the Phoenix mission’s official webpage and a companion site to a third-party destination. That page gave credit to hackers going by the names BLaSTER and Cr@zy_king. Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites. Evidently, they had better things to do than vet their scripts for SQL-injection vulnerabilities. So these hackers were willing to step in and test the sites for them. Pesky SQL Injection attac... More About: Hackers , Invade
Teen Hacks PA School Computer, Gets Tax Info
2008-06-03 12:23:00 A 15 year old student managed to hack into a school computer in Pennsylvania. He got his hands on 2005 tax return information for 41,000 which sent a town meeting for a loop. From DailyLocal dot com: Borough police arrested a 15-year-old Downingtown West High School freshman on May 21 and charged him with theft by unlawful taking or disposition, computer theft, unlawful duplication and computer trespass. District administrators learned about the intrusion on May 9, when a student told Downingtown West’s principal that another student might have personal information, Griffin said. But 71 school employees did not learn their 2005 W-2 forms were copied until May 16, and Griffin said this was because district officials had to first perform “due diligence.” According to police, the data files contained more than 41,000 adult taxpayers’ names and personal information, including Social Security numbers, and more than 15,000 students’ names and personal information. The school di... More About: Hacks , Computer , Info
Canadian Group Says Facebook Violates Privacy Laws
2008-06-03 04:21:00 You know, I would have to agree with them in principle. From what I have seen Facebook seems to take a dim view of anything/anyone that questions their “rule”. Privacy , schmivacy. From Computer World AU: A Canadian public policy group Friday filed a complaint charging Facebook with 22 separate violations of a Canadian personal information protection law. The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, asks the Privacy Commissioner of Canada to investigate what it describes as Facebook’s failure to inform members how their personal information is disclosed to third parties for advertising and other commercial activities. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information. Facebook did not respond to a request for comment. They didn’t comment? How out of character. In an unrelated story most of the University of Ottawa’s ... More About: Laws , Group
Security Briefing: June 2nd
2008-06-02 12:49:00 I’m baaaaaack! As many of you noticed, Myrcurial was a trooper last week manning the battlements here at Liquidmatrix as I handled a personal project. And now, I can share the good news. My wife and I had our first child last week! Both mother and baby are doing great! Thanks to all of our new ... More About: News , Security , June
Gartner IT Security Summit - Pre-Show
2008-06-02 12:26:00 I’ve arrived at the Gartner IT Security Summit in lovely Washington, DC. The flight was uneventful (after the intensive security screening and additional measures taken at the gate when departing for Washington National). This year, we’re being hosted at the Gaylord National Resort - it’s like a casino-less piece of Vegas right here on ... More About: Show , Conventions
Satellite Hacker Tells All
2008-05-31 19:45:00 From Wired… SAN DIEGO — Christopher Tarnovsky feels vindicated. The software engineer and former satellite-TV pirate has been on the hot seat for five years, accused of helping his former employer, a Rupert Murdoch company, sabotage a rival to gain the top spot in the global pay-TV wars. But two weeks ago a jury in the civil ... More About: News , Satellite , Hacker , Tells
Event Planner: Gartner IT Security Summit
2008-05-30 16:53:00 In case there are any readers who might recognize me, you’ll be able to find me at the Gartner IT Security Summit next week (June 2 -3). I’m hoping to learn something quadranty. The Next Ten Years in Information Security Despite rapidly advancing threats and new technology solutions, it’s relatively easy planning for the next year or ... More About: Event , Conventions
Security Briefing: May 30th
2008-05-30 16:29:00 What a week - it’s like I’m swimming uphill both ways and it’s snowing. An extra large helping of news to make up for being late this morning. And hey - thanks to all of our new subscribers that joined us yesterday. Welcome! Click here to subscribe to Liquidmatrix Security Digest! And now, the news… The Attack ... More About: News
Keynote Speakers for The Last Hope Announced
2008-05-30 03:46:00 Just a heads up — Liquidmatrix Security Digest will be at The Last Hope . There may even be some shwag available. For Immediate Release The very first of the speaker slots for The Last HOPE have been announced with many more to come next week. We have had more submissions than ever and will need ... More About: News , Keynote , Speakers
Security Brieflet (the late edition): May 29th
2008-05-30 01:57:00 A couple of interesting stories over the course of the day… Comcast Defaced (for a short while) I can’t say that I’m all that saddened… it is Comcast after all. Banks don’t disclose all breaches I’d love to argue this one, but I’ve known too many bankers. Back with more Liquidmatrix Love in the morning folks, the night is young ... More About: News , Security , Late , Edition , Late Edition
Security Briefing: May 29th
2008-05-29 16:19:00 Wheeeeee… I’d like to take this moment to again bitch and moan about how much work this is — I don’t know how Dave finds the time and I’m not a morning person and I feel really bad and I’ve been busy and I don’t have enough coffee and… yeah. I got nothin. Have a ... More About: News , Security
Advisory: CiscoWorks Arbitrary Code Execution Vulnerability
2008-05-29 03:56:00 Summary Name: CiscoWorks Arbitrary Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN Management Solution (LMS), Cisco Security Manager (CSM), Cisco TelePresence Readiness Assessment Manager (CTRAM) Risk: High Status: ... More About: Disclosure
Magic Security Bunnies
2008-05-29 01:53:00 Primarily because Brooks asked, but also because there are a whole lot of days where I face the “Magic Bunny” problem. Simply put, in any complex system - say, an application stack which has a backend database, some application servers, some presentation servers and the connecting security stuff and network stuff - there are a number ... More About: Security , Education , Humour
Security Briefing: May 28th
More articles from this author:2008-05-28 14:49:00 Insert pithy note about how much fun I’m having and how I enjoy the struggle of reading/collating/loving the links at 0-early-thirty in the frakkin morning. Thanks to all of our new subscribers that joined us yesterday. Welcome! And bunnies. Magic Bunnies! Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Man Allegedly takes a penny ... More About: News 1, 2, 3, 4, 5, 6, 7 |
 |
|
 |
