Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News 
Articles
Security Briefing: May 21st
2008-05-21 13:12:00 Yesterday was the first day on the job with my new day job company. Let me tell you, it was a welcome experience. Very welcome. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Mass SQL injection hits English language websites Criticism for ‘UK database’ plan Mauritius Gets Computer Emergency Response Team TVA Power Plants Vulnerable to ... More About: News
Secret Data in FBI Wiretap Audit Revealed With Ctrl+C
2008-05-21 04:09:00 Of all the stoopid crap… From Wired: Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl +C keys — and that information turns out to be not very sensitive after all. This time around, University of Pennsylvania professor Matt Blaze discovered that the Justice Department’s ... More About: Data Security , Data , Secret , Audit
Govt? Earns ?C? On Computer Security Report Card
2008-05-21 00:46:00 There was always that one kid in class. You know, the one that didn’t always get it. Or spent most of the day staring out the window. Daydreaming knuckle heads that were nowhere near inclined to excel. Well, it appears that they US gov’t is one of those kids. Well, on average anyway. From the Washington ... More About: Politics , Security , Card , Computer , Report
Eicar.pdf
2008-05-20 20:02:00 Didier Stevens has a quick post up about embedding eicar in PDF files. From his site: I like to embed the EICAR Anti-Virus test file in usual formats and less usual formats. Today, I?m publishing a PDF document with an embedded EICAR test file (eicar.txt). This PDF document has also an annotation with a JavaScript action linked ... More About: Forensics
Inside Lockheed Martin?s Wireless Security Lab
2008-05-20 17:00:00 I thought this was an interesting read. From Network World: Jason Crawford has learned that if you want to break into secure Wi-Fi networks, you don’t need to buy equipment from the black market. Instead, you can buy it from Toys “R” Us, he says. Crawford, who works as a principal investigator for R&D projects at Lockheed Martin’s ... More About: Security , Wireless , Inside , Lockheed Martin
Security Briefing: May 20th
2008-05-20 14:19:00 Back to work. It has been over six years since this last happened. Now it’s the first day of work at a new shop. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… PayPal plugs cross-site scripting hole that sidestepped stronger security Firefox developers tinker with new security protections (finally) Internet scam collected data from thousands Open ... More About: News
Parliament, Spy Agency Contracts Exempted From Ombudsman?s Gaze
2008-05-20 04:54:00 From the Canadian Press: Prime Minister Stephen Harper and his cabinet have exempted contracts with Parliament and Canada’s spy agency from oversight by a new ombudsman’s post that was central to the 2006 Conservative election campaign. The government slipped the exemptions through last week in regulations that empower the contract procurement ombudsman under the Accountability Act - ... More About: Politics , Agency , Ombudsman , Contracts
Google Helps Arrest Man In India
2008-05-20 03:00:00 Google pulls a Yahoo in India . From TechCrunch: Today we?re hearing of another arrest, this time in India. 22-year-old IT professional Rahul Krishnakumar Vaid. His crime was writing in an orkut community named ?I hate Sonia Gandhi.? Sonia Gandhi is a prominent politician in India. Vaid was charged under section 292 of Indian Penal Code and section ... More About: Google , Arrest
Veracode Automates Software Testing Process
2008-05-20 01:32:00 Always a fan of Veracode I thought I would share this article on their automated testing process. From Computer Weekly UK: Testing software applications to minimise the risk of security vulnerabilities and compliance failings is a time-consuming and costly process, albeit an essential one. Security testing company Veracode has developed a automated tool that promises ... More About: Software , Process
Firefox 3 Release Candidate 1 Now Available
2008-05-17 16:15:00 Well, in an unceremonious move the Mozilla folks have released the latest incarnation of Firefox . I thought thet might have some fanfare around the launch but, nope. You can download the one for your respective language via the following link. Download page: Firefox 3 rc1 Enjoy. More About: Tools , Release , Release Candidate
Did Someone Forget To Lock The Digital Back Door?
2008-05-17 00:27:00 It seems that more and more stories about fake Cisco gear are popping up. And, shocker, most of the gear originated in China. This has led to the inevitable thrust and parry of the media’s lust for anything scandalous. “If it bleeds it leads” my old editor used to tell me. Which is funny when ... More About: Back , Digital , Door , Lock
Jane?s Launches Terrorism Events Map
2008-05-16 18:46:00 If you are at all involved in physical security as a portion of your portfolio no doubt you have considered terrorism in your risk assessments. The grand dame of mil space security information, Jane ’s, announced a new service for tracking terrorism and insurgent activities around the globe. From the press release: Jane?s Terrorism and Insurgency Centre ... More About: Events , Military , Physical Security
Security Briefing: May 16th
2008-05-16 15:19:00 OK, first day jitters are starting to kick in. The funny thing is that my first day doesn’t start until this Tuesday. Breathe. And now, the news… DNS trouble knocks NSA off Internet The Ethics of Vulnerability Research Hardened stateless session cookies Security hole in Internet Explorer allows attackers to execute arbitrary programs Of PRNGs and annoying alerts ... More About: News
Fawcett Forgives Woman Who Leaked Medical Info
2008-05-16 14:55:00 Always one for grabbing the spotlight (inexplicably at times) Farrah Fawcett has forgiven the hospital staffer that leaked her personal info. From Starpulse: Farrah Fawcett has forgiven the hospital worker accused of selling her confidential medical details to the media, insisting she’s just a “pawn” in the system. Lawanda Jackson has been indicted by a federal jury and ... More About: Medical , Data Security , Info , Privacy , Woman
Last Hope To Track Visitors
2008-05-16 14:43:00 As I was reducing my email inbox down to zero (miracle of miracles) I noticed that the Last Hope mailing list had an interesting gem. From the email: This summer, hackers from around the world will track the movements of thousands of visitors to New York City. As part of a social experiment, attendees at a hacker ... More About: Conventions , Privacy , Track , Visitors
Yahoo Search Security Beta Draws Ire
2008-05-16 05:46:00 Ah the growing pains of a new product. Imagine that, it labeled Google as a malicious site. From eWeek: A company says Yahoo ’s new feature incorrectly flagged its Web site and was slow to respond. The beta version of Yahoo’s Search Scan security feature has come under fire for false positives and other mistakes. SearchScan is the ... More About: Security , Beta , Yahoo search
Security Briefing: May 15th
2008-05-15 16:10:00 Spilled coffee on my keyboard…ugh. And now, the news… Where The Web Is Weak Preparation Key to Managing Data Breaches The Cost Of Privacy Colonel suggests using hackers’ tool against them Guide to VoIP Security Phishing botnet expands by hacking legit sites Kaminsky on DNS rebinding attacks, hacking techniques OSU: Important Security Alert Click here to subscribe to Liquidmatrix Security Digest! Tags: News , ...
Microsoft: Four Updates Close Six Holes
2008-05-15 15:47:00 From Heise.de: As previously announced, Microsoft published four security bulletins along with updates for six security holes on May patch day. The Redmond developers classify four of the holes as critical because they allow attackers to inject malicious code. Security Bulletins MS08-026 and MS08-027 remedy two security holes in Word and one in Publisher that attackers could ... More About: Updates , Patches , Close , Holes
Responding To A Financial Security Breach
2008-05-15 15:44:00 There has been a large number of data security breaches recently involving financial institutions. Here is a write up by Inno Eroraha on the response to a breach. From SC Magazine: Financial institutions are heavily regulated. They are required to implement security programs following regulations such as SOX, GLBA, SEC, NASD, etc. In fact, most of these ... More About: Security , Data Security , Breach
Three Indicted For Dave & Buster?s Hack
2008-05-15 15:39:00 Marcia Savage has a nice write up on the Dave & Buster s data breach. From Search Security: Three men were indicted on charges of hacking into computer systems at 11 Dave & Buster’s restaurants and stealing credit and debit card numbers. The 27-count federal indictment unsealed Monday in New York charges Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr ... More About: Crime , Hack , Hacker
Security Briefing: May 14th
2008-05-14 14:50:00 Finally catching up on my reading. Good times. And now, the news… Microsoft Refutes Windows Vista Vulnerability Report Guide to Secure Web Gateways Breaches Make a Mockery of PCI Security Standards Charter To Begin Tracking Users’ Searches And Inserting Targeted Ads HP buys EDS for $13.9 billion WhiteHat Security Named Web Application Security Innovator by Bank Technology News Brute-Force SSH Server Attacks Surge Mobile ...
U.S. Military To Use RFID To Track Ordnance
2008-05-14 14:41:00 This strikes me as a troubling story. From RFID News: Axcess International has announced its Micro-Wireless RFID system will be used by the U.S. military to enable automatic inventory accounting and perimeter security for ordnance assets. Using the Axcess? Dot tag design, the system uses ultra-small, low cost RFID transmitters assigned to each asset, enabling automatic ... More About: Military , Track
Google Now Blurring Faces In Street View
2008-05-14 04:14:00 After numerous attempts by folks to get Google to remove their faces from Street View, Google is now blurring faces. A quick and easy way to obscure people’s identity. Especially helpful if you’re, say, a prominent musician leaving a German brothel. Nah, that wouldn’t have helped him. Damn you Roxanne. From CNET: The technology uses ... More About: Faces , Search , Privacy
Pfizer Faces Possible Data Breach
2008-05-14 00:09:00 Pfizer has been having a rough year with respect to data breaches. It turns out that a laptop containing the info for roughly 13,000 Pfizer employees is now in the wind. From The Day: The company said late Friday in an e-mail to affected employees, including many at Pfizer Global Research and Development campuses in Groton ... More About: Data Security , Faces , Data , Pfizer , Breach
Security Briefing: May 13th
2008-05-13 14:24:00 So, with the iPhone sold out in UK and USA could a new 3G version be arriving soon? And now, the news… McAfee?s HackerSafe: When all else fails, rebrand it! Study: Top Web Application Vulnerabilities Remain Unfixed FTC to scrutinize contactless payment technology Few expected to make June 30 PCI deadline for Web application security Deconstructing PCI 6.6 FBI Fears Counterfeit Networking ... More About: News , Security
Students Hack For Grades
2008-05-13 13:40:00 Apparently reporters at NBC San Diego have discovered that kid can get hacker tools from the internet. This is another case of kids hacking in to change grades. Sure, this is bad behaviour but, you do have to admire their creativity. I wish I thought of that when I was a kid. Mind you, my ... More About: News , Education , Students , Hack , Hacker
Hacker Publishes Personal Data Of 6 Million
2008-05-13 13:28:00 Ah Chile. Beautiful landscapes. Great wines. And apparently, some jackass that thought it would be fun to publish the personal information for 6 million folks on the web. From AFP via Yahoo News: “Its a serious matter and we’re investigating,” Police Cibercrime Brigade chief Jaime Jara told the newspaper. The data was displayed for several hours ... More About: Personal , Crime , Data Security , Data , Hacker
Of Vultures And Old Wireless Routers
2008-05-12 20:58:00 Ah the joy of the first panicked post departure phone call. Today is my first day away from the office and my now former day joy called. It turns out that an old wireless router that had been sitting in a box in my office had been pinched soon after I left. That’s fairly typical. ... More About: Wireless , Dumbass , Routers , Vultures
Security Briefing: May 12th
2008-05-12 13:11:00 Monday arrives. I thought I could have a nice quiet week to relax/recharge. Nope. The missus has provided me with “the list”. Uh boy. And now, the news… Proof of 3G iPhone launch ‘hidden in code’ (real or hoax?) Hackers Find a New Place to Hide Rootkits Is Real ID Really Going to Happen? Interview: Shlomo Kramer, CEO of Check Point Vista ... More About: News , Security
UK Companies Face Fines For Lax Data Security
More articles from this author:2008-05-12 12:47:00 The day of data reckoning has arrived for UK businesses. From Contractor UK: Organisations that recklessly or deliberately commit breaches under the Data Protection Act can now be fined by Britain?s privacy watchdog. Under the Criminal Justice and Immigration Act, the Information Commissioner?s Office has the right to financially punish any outfit found in serious breach of ... More About: Security , Companies , Data Security , Face 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
