Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News Articles
Core Security Punts On Disclosure
2008-05-08 04:28:00 Core Security , makers of the product Core Impact. Nice folks. I like the product. Apparently they left the gate open and their brains ran away in the night. What am I talking about? Well, they posted a vulnerability in the software of SCADA vendor Wonderware. From their posting: A vulnerability was found in Wonderware SuiteLink Service (slssvc.exe) ... More About: Core , Disclosure
Finjan Finds ID Theft Treasure Chest
2008-05-07 17:46:00 Ok, I am sufficiently absent minded. I read this piece yesterday but, I forgot to share it. It turns out that the folks over at Finjan have discovered a server loaded with stolen personal information. Apparently it was housing 1.4GB worth of purloined info. They have dubbed it a “crimeserver”. How cute. From Reuters: A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks. Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called “crimeserver”. “This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we’ve found in this very short time,” Yuval Ben-It... More About: Chest , Theft , Treasure
New SQL Attack Making The Rounds
2008-05-07 17:14:00 A new SQL Injection attack is making the rounds. There is a great analysis of the attack over on Shadowserver Foundation. From Shadowserver: As predicted, the attacks against ASP and ASP.NET pages via SQL injection have continued. This time the domain name “winzipices.cn” is in the spotlight. It has managed to find itself in the source of over 4,000 pages according to Google. ISC has also has a short diary today mentioning this attack here. It turns out this is also something we have been taking a look at now for a few days. With that being said, we would like to share some information that can help protect end users and organizations. It would appear that our attackers in this instance are taking advantage of the same issues we have discussed in some of our recent postings. However, we do know that the malware and malicious file trail here are different than the last few attacks. For the full analysis read on. Article Link More About: Rounds , Attack
Security Briefing: May 7th
2008-05-07 15:53:00 Today is my exit interview. On sage advice from several I will play nice with others. And now, the news… Rogue MP3 Trojan streaks across P2P networks Microsoft warns of IE7 lock-in with XP SP3 Human error and complacency biggest IT security threats Vulnerabilities in bug tracking system Bugzilla fixed Analysis of Belgian evoting code back online Video: Tackling ... More About: News , Security
WabiSabiLabi To Help Build 0day Appliance
2008-05-07 15:38:00 From Network World: WabiSabiLabi, the company best known for building an online marketplace for security flaws, is getting into the hardware business. The company is working with an unknown Italian company called Oneshield Security to build a unified threat management (UTM) appliance that will integrate the research generated by WabiSabiLabi’s network of researchers. WabiSabiLabi did not say ... More About: News , Build , Appliance
Adult Sites Given No Love For Spam
2008-05-07 15:09:00 Adult website operators got spanked by a US judge yesterday for their use of unsolicited email spam top entice folks to view their content. From Network World: A U.S. judge has ordered the halt to an e-mail campaign by the operators of adult Web sites after complaints by the U.S. Federal Trade Commission and the Department of ... More About: News , Spam , Love , Sites , Adult
Peter Gabriel?s Website Back Online
2008-05-07 14:55:00 Blockheaded thieves made off with Peter Gabriel ’s website over the weekend in a low tech fashion. All is well now. No clue if this was Gabriel’s actual reaction at word of the theft. Had to listen had no choice I did not believe the information [I] just had to trust imagination My heart going boom boom boom From the ... More About: News , Website , Online , Back
German Police Take Down Hacker Ring
2008-05-06 18:19:00 OK, so it didn’t go down quite like that. German police announced today that they have busted a hacker ring from the Hamburg area. From The Local, Germany: Bavarian authorities have broken up a hacker ring based around a 33,000-member internet forum called ‘hacksector,’ police announced on Tuesday. Eleven suspects ranging in age from 15 to 22 years ... More About: Crime , Police , Hacker , Ring
Security Briefing: May 6th
2008-05-06 14:57:00 Nothing witty to say. And now, the news… McAfee, Yahoo Partner on Web Security Phishers target Google AdWords users Malaysian blogger charged with sedition Worst. Idea. Ever. Manhole security barriers flying off the shelves Data Mining Application: Paterva (Pty) Ltd Announces the Release of Maltego Version 2.0 Lucky for NSM ? Extracting files from TFTP packets in Wireshark Safest way to bank online? Your ... More About: News
Have You Seen This Douchebag?
2008-05-06 14:32:00 Interpol has sent out a request for help this morning and we’re only too happy to pass the word along. From INTERPOL: INTERPOL is asking for the public?s help in identifying a man pictured sexually abusing children in a series of images found on the Internet and retrieved from the computer of a convicted paedophile. The man, whose ... More About: Crime , Douchebag
Security First, Requirements Later
2008-05-06 04:15:00 I find it interesting to watch the mad rush to beef up security at the US border points without any real thought to requirements. Sure, keep out the baddies. But, how exactly? There is the constantly escalating method or there could some semblance of a plan? From IDG Norway: News continues to worsen for business travelers carrying ... More About: Security , Airline Security
OK, So, Now What Yahoo?
2008-05-06 03:10:00 OK, so the date has ended. Microsoft didn’t get to second base. Yahoo was jilted for being too high maintenance and their stock dropped 15% today. So, what now for Yahoo? From Internet News: “With Microsoft’s withdrawal, we’ll be better able to focus our energy on growing our industry leadership and maximizing value for stockholders,” Yang said. The ... More About: Search , Yahoo!
Chinese Hackers Attack Indian Sites
2008-05-05 15:37:00 The Chinese army’s hackers continue to grab headlines. From The Times of India: China?s cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability. ( ... More About: News , Sites , Hackers
Security Briefing: May 5th
2008-05-05 14:24:00 Monday of my last week at work. I can see that the realization is beginning to set in with my co-workers. Well, I hope that I can share all I can before I’m off to carousel. I’d also like to say thanks to the folks who discovered the “donate” button on the next column over to ... More About: News , Security
Personal Data Anyone?
2008-05-05 02:51:00 Morning mail call. I may already be a winner, check. $10,000 from Publishers Clearing House, indeed. Ah, tax forms…with the social security number on the label. WTF? From Tulsa World: Tax forms were sent out to thousands of people in Wisconsin with their Social Security numbers on the mailing labels. A vendor hired by the state of Georgia lost ... More About: Personal , Data Security , Data , Privacy
Students Accused Of Hacking To Alter Grades
2008-05-04 04:58:00 Wow, this story really gave me a flashback to the 80’s. I remember watching as Ferris Bueller hacked into the school computers to change his grades. That was one of the early influences that helped shape my career. Glad to see that the spirit lives on. I do think that the Fort Bend Independent School ... More About: News , Students , Hacker , Grades , Alter
Air Marshalls On ?No Fly? List
2008-05-02 16:01:00 Sweet (insert deity). Thx to Charlie who emailed us in the story. From The Washington Times: Some federal air marshals have been denied entry to flights they are assigned to protect when their names matched those on the terrorist no-fly list, and the agency says it’s now taking steps to make sure their agents are allowed to ... More About: List , Airline Security
Japanese Worker Disciplined For 780K+ P0rn Hits
2008-05-02 15:42:00 Sweet Jeebus in a birch bark canoe. This guy managed to keep his job after he was caught surfing p0rn from the office. If ever there was a case for content filtering in an office this guy is the poster boy. From BBC: A local council employee in Japan has been punished after it was discovered he ... More About: Japanese , Dumbass , Hits , Worker
Security Briefing: May 2nd
2008-05-02 14:45:00 Ugh. Due to a misconfiguration by yours truly the news posting for yesterday didn’t see the light of day. So, as a penance I’m going to provide an extra long briefing round up for today. Thanks to all of our readers! And now, the news… Sun Microsystems to cut 1,500 to 2,500 jobs Almost 200 HMRC staff ... More About: News , Security
HSBC Catches Attempted £70 Million Fraudsters
2008-05-02 14:29:00 HSBC is back in the news again today. This time for a more positive reason than last we checked in on them. It appears that a rogue employee decided it was pay day. I guess he saw “Catch me if you can” one too many times. From the Reg: An HSBC worker has been charged after police ... More About: Million
Facebook Loophole Open To ID Theft
2008-05-01 18:41:00 I’ve never been one to entirely believe in the safety of social networking apps. Surfers beware. From the Telegraph UK: A loophole on social networking site Facebook could allow identity thieves to access the personal data of users, according to an investigation. By simply downloading an application, users enable its creator to view sensitive information, even if they ... More About: News , Open , Theft
Storm Botnet, Shrinking From Gale To Drizzle?
2008-05-01 18:26:00 The folks at MessageLabs are stating that the Storm botnet has dropped down to around 100K nodes from it’s prjected high of over two million. From IT News: MessageLabs’ Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers. The security firm ... More About: Malware , Botnet , Storm botnet
Security Briefing: April 30th
2008-04-30 18:39:00 “It’s gonna be a bright, sunshiny day” And now, the news… Declassified NSA Document Reveals the Secret History of TEMPEST Evidence presented in New Jersey e-voting discrepancies Microsoft postpones automatic Service Pack updates The Battle for Your Browser SQL injection attack infects hundreds of thousands of websites EFF blasts Microsoft over DRM validation McAfee ‘Hacker Safe’ cert sheds more cred Off Topic: Southwest Airlines ... More About: News , Security , April
Exit Stage Left?
2008-04-30 18:29:00 Well, after six years working in the critical infrastructure vertical I have decided to move on. I tendered my resignation yesterday and will be moving on the new adventures in a few weeks. I’ll let slip my new day job at that time. It has been an interesting ride to say the least. There have ... More About: Left , Stage
Blogger Uses iPhone As Boarding Pass
2008-04-30 14:57:00 I wonder if Christopher Soghoian had tried this one? A blogger by the name of Gerald Buckley used his iPhone to provide his boarding pass at a American Airlines gate. From gwhiz: I was travelling yesterday to San Antonio. An all-day, down and back. Last week I went to Houston via Southwest Air and had Twittered I ... More About: Mobile , Blogger , Iphone , Airline Security , Pass
PCI Council Issues Clarification on Web App Security
2008-04-30 14:28:00 This one got past me last week. From Search Security : Responding to a wave of criticism and confusion surrounding the imminent deadline for a new section of the PCI Data Security Standard regarding Web application security, the PCI Security Standards Council has released documentation intended to clarify the requirements for securing Web applications. The clarification is meant ... More About: News , Issues
Live In Concert
2008-04-25 17:49:00 Well, we’re no Led Zeppelin, Tragically Hip or Peter Gabriel. That being said it should a great time tonight when the band that I play bass for, “The Shiitake Project” takes the stage at Clinton’s in Toronto. We are raising money for prostate cancer research. The show gets rolling around 9 pm and cover is $10 ... More About: Concert , Live
Security Briefing: April 25th
2008-04-25 14:49:00 Friday, finally. Only a few hours till the band takes the stage. And now, the news… Click here to subscribe! Researcher Finds New Way to Hack Oracle Database UK Info Chief Takes Aim at Security Breaches Feds to leave disclosure of data security breaches to businesses: legislative plan Security testing standards council launched Cracking the ‘Great Firewall’ of China’s Web censorship Thieves ... More About: News , April
FSA To Banks, Smarten Up
2008-04-25 14:35:00 Things don’t look so rosy in the FSA report with respects to how financial institutions handle data security. From eGov Monitor: The Financial Services Authority (FSA) has published today its report on Data Security in Financial Services. Whilst it might make for uncomfortable reading, this is a timely report from the FSA, and its relevance extends beyond ... More About: Banks
Spammer, Sharp Like Beach Ball
More articles from this author:2008-04-25 03:15:00 Wow, how stupid do they think I am? It’s a rhetorical question wise guy. Here’s a phishing email that I received this evening. —————— ;– From: Chianelli, Russell R. Date: Thu, Apr 24, 2008 at 8:05 PM Subject: UNICEF ORGANISATION DONATION AWARDED PIN NUMBERS U-777-1815, D-01-47 CONTACT INFOS (**********@yahoo.com.hk) To: undisclosed-recipients UNICEF ORGANISATION DONATION. Unicef Organisation Concern. The Unicef Orgnasation, Would like ... More About: News , Spam , Beach , Phishing , Sharp 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
