Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News Articles
Security Briefing: May 14th
2008-05-14 14:50:00 Finally catching up on my reading. Good times. And now, the news… Microsoft Refutes Windows Vista Vulnerability Report Guide to Secure Web Gateways Breaches Make a Mockery of PCI Security Standards Charter To Begin Tracking Users’ Searches And Inserting Targeted Ads HP buys EDS for $13.9 billion WhiteHat Security Named Web Application Security Innovator by Bank Technology News Brute-Force SSH Server Attacks Surge Mobile ...
U.S. Military To Use RFID To Track Ordnance
2008-05-14 14:41:00 This strikes me as a troubling story. From RFID News: Axcess International has announced its Micro-Wireless RFID system will be used by the U.S. military to enable automatic inventory accounting and perimeter security for ordnance assets. Using the Axcess? Dot tag design, the system uses ultra-small, low cost RFID transmitters assigned to each asset, enabling automatic ... More About: Military , Track
Google Now Blurring Faces In Street View
2008-05-14 04:14:00 After numerous attempts by folks to get Google to remove their faces from Street View, Google is now blurring faces. A quick and easy way to obscure people’s identity. Especially helpful if you’re, say, a prominent musician leaving a German brothel. Nah, that wouldn’t have helped him. Damn you Roxanne. From CNET: The technology uses ... More About: Faces , Search , Privacy
Pfizer Faces Possible Data Breach
2008-05-14 00:09:00 Pfizer has been having a rough year with respect to data breaches. It turns out that a laptop containing the info for roughly 13,000 Pfizer employees is now in the wind. From The Day: The company said late Friday in an e-mail to affected employees, including many at Pfizer Global Research and Development campuses in Groton ... More About: Data Security , Faces , Data , Pfizer , Breach
Security Briefing: May 13th
2008-05-13 14:24:00 So, with the iPhone sold out in UK and USA could a new 3G version be arriving soon? And now, the news… McAfee?s HackerSafe: When all else fails, rebrand it! Study: Top Web Application Vulnerabilities Remain Unfixed FTC to scrutinize contactless payment technology Few expected to make June 30 PCI deadline for Web application security Deconstructing PCI 6.6 FBI Fears Counterfeit Networking ... More About: News , Security
Students Hack For Grades
2008-05-13 13:40:00 Apparently reporters at NBC San Diego have discovered that kid can get hacker tools from the internet. This is another case of kids hacking in to change grades. Sure, this is bad behaviour but, you do have to admire their creativity. I wish I thought of that when I was a kid. Mind you, my ... More About: News , Education , Students , Hack , Hacker
Hacker Publishes Personal Data Of 6 Million
2008-05-13 13:28:00 Ah Chile. Beautiful landscapes. Great wines. And apparently, some jackass that thought it would be fun to publish the personal information for 6 million folks on the web. From AFP via Yahoo News: “Its a serious matter and we’re investigating,” Police Cibercrime Brigade chief Jaime Jara told the newspaper. The data was displayed for several hours ... More About: Personal , Crime , Data Security , Data , Hacker
Of Vultures And Old Wireless Routers
2008-05-12 20:58:00 Ah the joy of the first panicked post departure phone call. Today is my first day away from the office and my now former day joy called. It turns out that an old wireless router that had been sitting in a box in my office had been pinched soon after I left. That’s fairly typical. ... More About: Wireless , Dumbass , Routers , Vultures
Security Briefing: May 12th
2008-05-12 13:11:00 Monday arrives. I thought I could have a nice quiet week to relax/recharge. Nope. The missus has provided me with “the list”. Uh boy. And now, the news… Proof of 3G iPhone launch ‘hidden in code’ (real or hoax?) Hackers Find a New Place to Hide Rootkits Is Real ID Really Going to Happen? Interview: Shlomo Kramer, CEO of Check Point Vista ... More About: News , Security
UK Companies Face Fines For Lax Data Security
2008-05-12 12:47:00 The day of data reckoning has arrived for UK businesses. From Contractor UK: Organisations that recklessly or deliberately commit breaches under the Data Protection Act can now be fined by Britain?s privacy watchdog. Under the Criminal Justice and Immigration Act, the Information Commissioner?s Office has the right to financially punish any outfit found in serious breach of ... More About: Security , Companies , Data Security , Face
Flaw Turns Gmail Into Spamming Machine
2008-05-12 04:19:00 Uh boy. The spammers are at it again. From CNET: A “serious security flaw” in Gmail turns Google’s e-mail service into a spamming machine, according to a recent security report. INSERT, the Information Security Research Team, has created a proof of concept that exploits the “trust hierarchy” that exists between mail service providers. By exploiting a flaw in ... More About: Spam , Spamming , Machine , Phishing
Proposed Bill Aims To Pressure DHS
2008-05-09 15:59:00 There was a bill tabled on Wednesday in US Congress that aims to hold DHS’s feet to the flames. From Securityfocus: Rep. Jim Langevin, D-RI, introduced a bill on Wednesday that aims to hold the U.S. Department of Homeland Security responsible for investigating every cyber attack and for shoring up its network security. The bill would better ... More About: News , Bill
Security Briefing: May 9th
2008-05-09 15:03:00 It’s here at last! Today is my last day in the salt mine. And now, the news… Wanted: Americans to join Al Qaeda Google security tool goes beyond the network Facebook partners with AGs for kids’ safety (every bit helps) Vista security credentials tarnished in malware survey Final EUSecWest 2008 Speakers Microsoft Cofee brews ‘back door’ fears Cell Phone Spying Is our minister of ... More About: News , Security
HSBC Issues Statement On MIA Server
2008-05-09 05:08:00 HSBC has been having a rough week with regards to data security stories in the media. Turns out that they lost a server at a location in Hong Kong two weeks ago. From The Asian Banker: The Hongkong and Shanghai Banking Corporation Limited confirms one of its computer servers went missing on 26 April 2008 at ... More About: Data Security , Issues , Server , Statement
Patch Tuesday Approaches
2008-05-09 03:52:00 It’s that time again. The only difference for me this time is that I’ll be relaxing on the deck. I’ll stop basking in it once I start the new gig. From PC World: Although Microsoft’s note does not describe the bugs in detail, it looks like the company is planning to fix a known bug in the ... More About: Patches , Patch , Tuesday
NeoCatena Firewall To Ensure RFID Network Security
2008-05-09 02:07:00 Hmm. OK. I’m not sure what to make of this one. RFID is not my specialty to say the least. Any one have thoughts on this one? From RFID Journal: NeoCatena, a Sunnyvale, Calif., startup company, has emerged to address an issue its founders believe is of growing importance to end users of RFID technology: system security. The ... More About: Security , Firewall , Wireless , Network Security , Network
Tomorrow, The Exit
2008-05-09 01:56:00 It’s been a long haul working in critical infrastructure. There were times were the boredom and politics were overwhelming but, I know that I was able to make a difference. Now, I’m moving on to new adventures. I think I’m going to keep the new job under wraps for now. Some of you know where ... More About: Tomorrow
What a Botnet Looks Like
2008-05-08 17:28:00 Over on CSO they have an interesting graphical representation of a botnet. David Vorel mapped interconnected bots to create the map. The map allows you to zoom in a la Google Maps. Check it out. Article Link More About: News , Botnet
US State Department Loses 1,000 Laptops
2008-05-08 17:19:00 Ouch! From vnunet: An audit at the US State Department has revealed the loss of over 1,000 laptops, some of which held security information. Around $30m worth of computing hardware is “unaccounted for”, the bulk of it laptops. These include over 400 from the Anti-Terrorism Assistance Program, some containing security material. Nita M. Lowey, a representative on the House ... More About: Laptops , Crime , Data Security , State Department
Security Briefing: May 8th
2008-05-08 14:34:00 Cleaning out the office. What a time sucker that can be. And now, the news… Is China attacking Belgian computers? Rare SCADA bug poses power plant risk News Corp manager knew of hacking claim Hacking American Idol Cross-Site-Scripting with Morse code How to Prevent ID Theft at Your First Job Response team boosts open-source security Adobe comes clean on PDF bugs Click here to subscribe ... More About: Security
Core Security Punts On Disclosure
2008-05-08 04:28:00 Core Security , makers of the product Core Impact. Nice folks. I like the product. Apparently they left the gate open and their brains ran away in the night. What am I talking about? Well, they posted a vulnerability in the software of SCADA vendor Wonderware. From their posting: A vulnerability was found in Wonderware SuiteLink Service (slssvc.exe) ... More About: Core , Disclosure
Finjan Finds ID Theft Treasure Chest
2008-05-07 17:46:00 Ok, I am sufficiently absent minded. I read this piece yesterday but, I forgot to share it. It turns out that the folks over at Finjan have discovered a server loaded with stolen personal information. Apparently it was housing 1.4GB worth of purloined info. They have dubbed it a “crimeserver”. How cute. From Reuters: A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks. Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called “crimeserver”. “This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we’ve found in this very short time,” Yuval Ben-It... More About: Chest , Theft , Treasure
New SQL Attack Making The Rounds
2008-05-07 17:14:00 A new SQL Injection attack is making the rounds. There is a great analysis of the attack over on Shadowserver Foundation. From Shadowserver: As predicted, the attacks against ASP and ASP.NET pages via SQL injection have continued. This time the domain name “winzipices.cn” is in the spotlight. It has managed to find itself in the source of over 4,000 pages according to Google. ISC has also has a short diary today mentioning this attack here. It turns out this is also something we have been taking a look at now for a few days. With that being said, we would like to share some information that can help protect end users and organizations. It would appear that our attackers in this instance are taking advantage of the same issues we have discussed in some of our recent postings. However, we do know that the malware and malicious file trail here are different than the last few attacks. For the full analysis read on. Article Link More About: Rounds , Attack
Security Briefing: May 7th
2008-05-07 15:53:00 Today is my exit interview. On sage advice from several I will play nice with others. And now, the news… Rogue MP3 Trojan streaks across P2P networks Microsoft warns of IE7 lock-in with XP SP3 Human error and complacency biggest IT security threats Vulnerabilities in bug tracking system Bugzilla fixed Analysis of Belgian evoting code back online Video: Tackling ... More About: News , Security
WabiSabiLabi To Help Build 0day Appliance
2008-05-07 15:38:00 From Network World: WabiSabiLabi, the company best known for building an online marketplace for security flaws, is getting into the hardware business. The company is working with an unknown Italian company called Oneshield Security to build a unified threat management (UTM) appliance that will integrate the research generated by WabiSabiLabi’s network of researchers. WabiSabiLabi did not say ... More About: News , Build , Appliance
Adult Sites Given No Love For Spam
2008-05-07 15:09:00 Adult website operators got spanked by a US judge yesterday for their use of unsolicited email spam top entice folks to view their content. From Network World: A U.S. judge has ordered the halt to an e-mail campaign by the operators of adult Web sites after complaints by the U.S. Federal Trade Commission and the Department of ... More About: News , Spam , Love , Sites , Adult
Peter Gabriel?s Website Back Online
2008-05-07 14:55:00 Blockheaded thieves made off with Peter Gabriel ’s website over the weekend in a low tech fashion. All is well now. No clue if this was Gabriel’s actual reaction at word of the theft. Had to listen had no choice I did not believe the information [I] just had to trust imagination My heart going boom boom boom From the ... More About: News , Website , Online , Back
German Police Take Down Hacker Ring
2008-05-06 18:19:00 OK, so it didn’t go down quite like that. German police announced today that they have busted a hacker ring from the Hamburg area. From The Local, Germany: Bavarian authorities have broken up a hacker ring based around a 33,000-member internet forum called ‘hacksector,’ police announced on Tuesday. Eleven suspects ranging in age from 15 to 22 years ... More About: Crime , Police , Hacker , Ring
Security Briefing: May 6th
2008-05-06 14:57:00 Nothing witty to say. And now, the news… McAfee, Yahoo Partner on Web Security Phishers target Google AdWords users Malaysian blogger charged with sedition Worst. Idea. Ever. Manhole security barriers flying off the shelves Data Mining Application: Paterva (Pty) Ltd Announces the Release of Maltego Version 2.0 Lucky for NSM ? Extracting files from TFTP packets in Wireshark Safest way to bank online? Your ... More About: News
Have You Seen This Douchebag?
More articles from this author:2008-05-06 14:32:00 Interpol has sent out a request for help this morning and we’re only too happy to pass the word along. From INTERPOL: INTERPOL is asking for the public?s help in identifying a man pictured sexually abusing children in a series of images found on the Internet and retrieved from the computer of a convicted paedophile. The man, whose ... More About: Crime , Douchebag 1, 2, 3, 4, 5, 6, 7 |
 |
|
 |
