Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News 
Articles
GAO: FDIC Needs Stronger Security Controls
2008-06-05 05:09:00 Meh, they only handle the insurance for your money. No biggie right? From FCW: A key reason for the latest weaknesses the auditors found is that the FDIC did not always fully implement critical information security program activities, GAO said. For example, multiple FDIC users shared the same login ID and password, had unrestricted access to application source ... More About: Security , Data Security , Stronger
PCI Compliance: Learning from the U.S. Air Force
2008-06-05 02:12:00 SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforce’s response to web breaches. From SC Magazine: In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force , and stole 33,000 records. As data breaches ... More About: Learning , Air Force , Compliance
Security Briefing: June 4th
2008-06-04 15:08:00 It’s a hump day miracle. I’ve made it half way through the week and I’m not completely psychotic from a lack of REM sleep. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… UK citizens’ portal exposes edit kit interface | The Register Setting the stage for the latest PCI deadline | SC Magazine Banks are confusing consumers on PC security | ZDNet Australia Watchdog urges firms to lock up customer digital data | The Globe and Mail Secret Bits: How Codes Became Unbreakable | InformIT New security frontier is all about data | The Sydney Morning Herald Worm hits several SA sites | ITWeb South Africa US raises entry bar with online database for visitors | Times Online Tags: News, Daily Links, Security Blog, Information Security, Security News More About: June
Last Hope On Locks
2008-06-03 16:48:00 Here is another update from the folks at “Last Hope ” conference taking place this July in NYC. FOR IMMEDIATE RELEASE Security Experts to Disclose Major Flaws Affecting Over 95% of All Locks New York, NY - June 2, 2008 - This summer, hackers from around the world will be teaming up with lock picking and security experts to show the public exactly how insecure their locks are. Recent studies have proven that locks of all varieties (including so-called “high security” locks) can be compromised, some by persons with a minimal skill. Attendees at The Last HOPE conference in July will learn firsthand about security vulnerabilities inherent in standard lock designs, from the most common ones used on our front doors to the high security models used by industry and in government. Attempts to alert the security industry to these dangers have not met with much success, which is why we believe it is in the public interest to demonstration certain methods of bypass. &ldq...
Myrcurial gets placed in the Leader’s Quadrant - Gartner Days 1&2
2008-06-03 16:23:00 Gartner IT Security Summit - June 1-3, 2008 - Washington, DC. Alright - call this an omnibus posting. I had planned to do a better job of intra-day postings, but the schedule here is hectic and as anyone who knows me can attest, I really do work to get maximum value out of any conference that I go to. Highlights here - much more detail available if anyone comments/emails me to ask. Day 1 Opening Keynote - The next 10 years in IT Security - Rated: Good. Keynote - Google’s Security - Rated: Excellent. Keynote - SciFi Authors’ Future View of IT Security - Rated: Excellent. “F” Track - Gartner Analysts/Researchers speak on the topic of “The CISO” - Rated: Mediocre to Good. Exhibition Floor - Rated: Good. Food - Rated: Hotel Std. Bring Pepto Product Highlight - Alcatel-Lucent OmniAccess 3500 Nonstop Laptop Guardian It’s a way to lojack your laptops - a device that stores your crypto keys, 2nd factor auth token, acts as your 3G WWAN, GPS enabled,... More About: Days , Gartner
Security Briefing: June 3rd
2008-06-03 14:16:00 The joy of the morning commute. Last week was a complete blur but, traffic is far worse. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Walter Reed says patient data may be compromised | Associated Press Hacker Hijacks Website of Hacking Tool Maker (Metasploit) | Wired Fetching Stolen Laptops | EMQ Philly news anchor embroiled in e-mail hacking scandal | Philly.com French police smash global hacker ring | vnunet Google fixes several site security issues | CNET Exploiting Security Holes Automatically | MIT Technology Review Apple releases Mac OS X Leopard Security Guide | ZDNet Tags: News, Daily Links, Security Blog, Information Security, Security News More About: June
Hackers Invade Mars
2008-06-03 13:50:00 Well, the website for the NASA Phoenix Lander at least. From the Register: Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice. Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read “hacked by VITAL.” As if that wasn’t enough, members of the self-declared “sql loverz crew” redirected baffled visitors of the Phoenix mission’s official webpage and a companion site to a third-party destination. That page gave credit to hackers going by the names BLaSTER and Cr@zy_king. Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites. Evidently, they had better things to do than vet their scripts for SQL-injection vulnerabilities. So these hackers were willing to step in and test the sites for them. Pesky SQL Injection attac... More About: Hackers , Invade
Teen Hacks PA School Computer, Gets Tax Info
2008-06-03 12:23:00 A 15 year old student managed to hack into a school computer in Pennsylvania. He got his hands on 2005 tax return information for 41,000 which sent a town meeting for a loop. From DailyLocal dot com: Borough police arrested a 15-year-old Downingtown West High School freshman on May 21 and charged him with theft by unlawful taking or disposition, computer theft, unlawful duplication and computer trespass. District administrators learned about the intrusion on May 9, when a student told Downingtown West’s principal that another student might have personal information, Griffin said. But 71 school employees did not learn their 2005 W-2 forms were copied until May 16, and Griffin said this was because district officials had to first perform “due diligence.” According to police, the data files contained more than 41,000 adult taxpayers’ names and personal information, including Social Security numbers, and more than 15,000 students’ names and personal information. The school di... More About: Hacks , Computer , Info
Canadian Group Says Facebook Violates Privacy Laws
2008-06-03 04:21:00 You know, I would have to agree with them in principle. From what I have seen Facebook seems to take a dim view of anything/anyone that questions their “rule”. Privacy , schmivacy. From Computer World AU: A Canadian public policy group Friday filed a complaint charging Facebook with 22 separate violations of a Canadian personal information protection law. The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, asks the Privacy Commissioner of Canada to investigate what it describes as Facebook’s failure to inform members how their personal information is disclosed to third parties for advertising and other commercial activities. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information. Facebook did not respond to a request for comment. They didn’t comment? How out of character. In an unrelated story most of the University of Ottawa’s ... More About: Laws , Group
Security Briefing: June 2nd
2008-06-02 12:49:00 I’m baaaaaack! As many of you noticed, Myrcurial was a trooper last week manning the battlements here at Liquidmatrix as I handled a personal project. And now, I can share the good news. My wife and I had our first child last week! Both mother and baby are doing great! Thanks to all of our new ... More About: News , Security , June
Gartner IT Security Summit - Pre-Show
2008-06-02 12:26:00 I’ve arrived at the Gartner IT Security Summit in lovely Washington, DC. The flight was uneventful (after the intensive security screening and additional measures taken at the gate when departing for Washington National). This year, we’re being hosted at the Gaylord National Resort - it’s like a casino-less piece of Vegas right here on ... More About: Show , Conventions
Satellite Hacker Tells All
2008-05-31 19:45:00 From Wired… SAN DIEGO — Christopher Tarnovsky feels vindicated. The software engineer and former satellite-TV pirate has been on the hot seat for five years, accused of helping his former employer, a Rupert Murdoch company, sabotage a rival to gain the top spot in the global pay-TV wars. But two weeks ago a jury in the civil ... More About: News , Satellite , Hacker , Tells
Event Planner: Gartner IT Security Summit
2008-05-30 16:53:00 In case there are any readers who might recognize me, you’ll be able to find me at the Gartner IT Security Summit next week (June 2 -3). I’m hoping to learn something quadranty. The Next Ten Years in Information Security Despite rapidly advancing threats and new technology solutions, it’s relatively easy planning for the next year or ... More About: Event , Conventions
Security Briefing: May 30th
2008-05-30 16:29:00 What a week - it’s like I’m swimming uphill both ways and it’s snowing. An extra large helping of news to make up for being late this morning. And hey - thanks to all of our new subscribers that joined us yesterday. Welcome! Click here to subscribe to Liquidmatrix Security Digest! And now, the news… The Attack ... More About: News
Keynote Speakers for The Last Hope Announced
2008-05-30 03:46:00 Just a heads up — Liquidmatrix Security Digest will be at The Last Hope . There may even be some shwag available. For Immediate Release The very first of the speaker slots for The Last HOPE have been announced with many more to come next week. We have had more submissions than ever and will need ... More About: News , Keynote , Speakers
Security Brieflet (the late edition): May 29th
2008-05-30 01:57:00 A couple of interesting stories over the course of the day… Comcast Defaced (for a short while) I can’t say that I’m all that saddened… it is Comcast after all. Banks don’t disclose all breaches I’d love to argue this one, but I’ve known too many bankers. Back with more Liquidmatrix Love in the morning folks, the night is young ... More About: News , Security , Late , Edition , Late Edition
Security Briefing: May 29th
2008-05-29 16:19:00 Wheeeeee… I’d like to take this moment to again bitch and moan about how much work this is — I don’t know how Dave finds the time and I’m not a morning person and I feel really bad and I’ve been busy and I don’t have enough coffee and… yeah. I got nothin. Have a ... More About: News , Security
Advisory: CiscoWorks Arbitrary Code Execution Vulnerability
2008-05-29 03:56:00 Summary Name: CiscoWorks Arbitrary Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN Management Solution (LMS), Cisco Security Manager (CSM), Cisco TelePresence Readiness Assessment Manager (CTRAM) Risk: High Status: ... More About: Disclosure
Magic Security Bunnies
2008-05-29 01:53:00 Primarily because Brooks asked, but also because there are a whole lot of days where I face the “Magic Bunny” problem. Simply put, in any complex system - say, an application stack which has a backend database, some application servers, some presentation servers and the connecting security stuff and network stuff - there are a number ... More About: Security , Education , Humour
Security Briefing: May 28th
2008-05-28 14:49:00 Insert pithy note about how much fun I’m having and how I enjoy the struggle of reading/collating/loving the links at 0-early-thirty in the frakkin morning. Thanks to all of our new subscribers that joined us yesterday. Welcome! And bunnies. Magic Bunnies! Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Man Allegedly takes a penny ... More About: News
Switch Networks - DEFCON Field Trip?
2008-05-27 21:43:00 Ashlee Vance put together a well researched piece for El Reg on Switch Networks and their new Las Vegas datacentre. It seems that Switch picked up an ex-Enron property for a song and has 20+ large scale interconnects in a harmless little LVNV location. They’ve kept it quiet for the benefit of their military customers, ... More About: Conventions , Trip , Field
Blogtard or Hero ?
2008-05-27 17:30:00 In a recent The Register article, the firing of a TJX employee who blogged about security deficiencies was noted… TJX Companies, the mammoth US retailer whose substandard security led to the world’s biggest credit card heist, has fired an employee after he left posts in an online forum that made disturbing claims about security practices at ... More About: Education , Dumbass , Hero
Security Briefing: May 27th
2008-05-27 15:30:00 Sorry for the lack of content yesterday. Due to a PBCAK failure to pay attention I neglected to publish write yesterday’s article. So, they’ll trickle out over the next couple days I’ll try to do better while Dave takes some time off to work on a personal project. Thanks to all of our new subscribers ... More About: News , Security
Stopbadware Scolds Apple Over Safari ?Carpet Bomb?
2008-05-23 20:11:00 From Network World: An antimalware organization has called on Apple to beef up its Safari Web browser to protect users from exploits that could let attackers download malicious code to a Mac or Windows user’s desktop. Stopbadware.org, a group founded by Google, Chinese computer maker Lenovo Group and Sun, on Monday asked Apple to reconsider its refusal ... More About: Malware , Bomb , Carpet
Companies Admit To Reading Email
2008-05-23 16:40:00 No great shock here. I used to be one of “those guys” years ago who read employee email. And let me tell you, most non-spam email (try 90%) is trivial crap. From Tech Herald: So who reads your email at the office? Apparently more people than you think. Forty-four percent of the companies responding to the ... More About: Companies , Reading , Email , Monitoring
Trillian Hit With Security Bug
2008-05-23 15:23:00 From the Register: The discovery of a trio of security bugs means that users of the popular Trillian instant messaging client need to update their software. All three of the newly discovered bugs create a means for hackers to inject malware onto the PCs of surfers running vulnerable versions of the multi-protocol chat application from Cerulean Studios. ... More About: Security , Vulnerability
Security Briefing: May 23rd
2008-05-23 12:43:00 Sorry for the lack of content yesterday. Due to a PBCAK I neglected to publish yesterday’s articles. So, they’ll trickle out over the next couple days. Thanks to all of our new subscribers that joined us yesterday. Welcome! Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Power Company Slammed For Weak Cyber Security ... More About: News
Cisco CSO, Antivirus is ?Completely Wasted Money?
2008-05-23 04:12:00 Part of me has a hard time disagreeing in principle. But, then again what is better to protect users from themselves as they savage Windows Vista? Yes, I’m being sarcastic. Who’d a thunk it. From ZDNet Australia: Companies are wasting money on security processes ? such as applying patches and using antivirus software ? which ... More About: Antivirus , Money , Malware , Cisco , Wasted
SANS Contributes To IMPACT
2008-05-22 01:02:00 SANS is ponying up coin for the “International Multi…” well, short form is IMPACT. It’s an interenational group for fighting cyber computer crime, terrorism and things that go bump in the night. From GCN: The SANS Institute has announced a $1 million contribution to the International Multilateral Partnership Against Cyber-Terrorism (IMPACT) and started sharing technical information with ...
Swedish Nuke Plant Sealed Off Due To Bomb Scare
More articles from this author:2008-05-21 13:42:00 From the AP: Authorities sealed off a nuclear plant in southeastern Sweden after a welder arrived for work with a plastic bag containing traces of an explosive substance, police and plant officials said. Investigators were questioning the man, a welder who was scheduled to do work at the Oskarshamn plant on Wednesday, police spokesman Sven-Erik Karlsson said. Plant ... More About: Nuke , Bomb , Swedish 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
