Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News 
Articles
Another Helping Of Spam Every 3 Seconds
2008-04-17 18:57:00 No, not that kind. Spam . You know, that insidious type of email detritus that clogs your inbox and the “tubes” of the internet. Apparently, a new spam site hits the interweb every 3 seconds. I can’t say that I’m surprised in the least. Why else would companies like IronPort and their ilk have so much business? From ... More About: Seconds
Security Briefing: April 17th
2008-04-17 15:24:00 Started to climb out of my funk this morning…only to get more shyte news. I guess it’s just one of the those weeks. On the upside the week is almost over. And now, the news… Agencies won’t say what data they collect, or how they protect it IT crash hits Virgin Blue Consultant pleads guilty to identity theft Crackdown ... More About: News , Security , April
Apple Plugs Prize Winning 10K Hole
2008-04-17 14:22:00 Somehow, that title sounds very wrong. Ah well. Glad to see that Apple has managed to get around to fixing the hole that made Charlie Miller a cool $10,000 (US) at CanSecWest in Vancouver a few weeks ago. From Network World: The bug lay in the way WebKit would process certain specially crafted JavaScript commands. In order ... More About: News , Hole , Winning
Apply Head To Desk, Repeat
2008-04-16 19:42:00 Today is a soul crusher. So was yesterday. There are times where my day job can remove my will to soldier on. This is one of those days. I was turned down for Black Hat (to attend that is). So, I’ll be applying as press in the hopes that I can get a pass. Failing that ... More About: News , Work , Frustration , Head , Desk
I?ve fallen and I can?t get up?
2008-04-16 15:58:00 The middle of the week. The hump. The point where you’re starting to think of the blessed relief of alcohol coursing through your veins for the weekend. And yet, there’s so much to do, Monday’s MITs are still on your sheet as incomplete, there’s 4 new incident tickets in your queue and inbox zero is a fond memory ... More About: Fallen
Stopping The Corporate Spy
2008-04-16 14:59:00 Here is an interesting piece from InfoWorld: Corporations are woefully unprepared to counter attempts at corporate espionage, say experts who perform vulnerability assessments designed to uncover security weaknesses. U.S. corporations lose as much as $300 billion a year to hacking, cracking, physical security breaches, and other criminal activity, according to Ira Winkler, author of “Spies Among ... More About: Corporate , Spying
Security Briefing: April 16th
2008-04-16 13:27:00 Sorry about yesterday folks. I was in a craptacular mood and thought that it would be better to keep it to myself. A huge thanks to Myrcurial for stepping up with a couple postings yesterday. Nice! And now, the news… Oracle patches ’sitting duck’ database vulns Malicious Microprocessor Opens New Doors for Attack MiFare RFID crack more extensive than ... More About: News , Security , Data Security , April
Wired?s Threat Level and the CIA
2008-04-15 16:47:00 I think that El Jefe must’ve slept in as the daily news isn’t up yet… I’m surprised at how quickly this story is spreading… It seems that the CIA has had a bit of an XSS problem (as it turns out, for a while now) and Wired ’s Threat Level thought it would be a good one to ... More About: Data Security , Vulnerability
Seatec Astronomy
2008-04-15 15:55:00 In my day to day life, I use 5 different computers and 2 PDAs. I know. It’s ridiculous. Heck, I even make fun of myself. I’m trying to figure out how to manage the passwords that I need in such a way as to ensure that they are always available, yet maintain the break between what is mine ... More About: News , Astronomy
India?s External Affairs Servers Hacked By China
2008-04-15 04:44:00 Chinese hackers make the news again. This time in India . From The Times of India: Chinese hackers broke into the computer network of the Ministry of External Affairs (MEA) recently prompting the government to think about fortifying the system. No sensitive information is believed to have been accessed during the hacking, which was detected during regular checks ... More About: News , China , Servers , Hacked
Do your REAL job?
2008-04-14 16:33:00 In an effort to keep El Jefe off guard, here’s the return of what was supposed to be a feature… back when I did the first one. It’s a Monday morning in my part of the universe, and I’d like it to be the kind of Monday morning where good things happen for you all too. In ... More About: Real
Security Briefing: April 14th
2008-04-14 15:03:00 Monday and its back to the grind…well, almost. Working on the book proposal this week. This will be a long process but, one that I feel I need to do. Thinking positive. And now, the news… Hackers open new front in payment card data thefts Government says employee emails are a matter of national security IT ... More About: News , Security , April
Vista?s UAC Security Was Designed To Annoy
2008-04-14 14:50:00 Here is a great article from Ars that sheds some light on the thought process that went into Vista ’s UAC from RSA 2008. Microsoft thought that death by a thousand pop ups. From Ars Technica: User Account Control is easily one of the most hated features of Windows Vista, according to readers. The seemingly endless stream of ... More About: News , Security
US War Robots in Iraq Turn On Soldiers
2008-04-14 14:37:00 You knew this had to happen at some point. From The Register: Ground-crawling US war robots armed with machine guns, deployed to fight in Iraq last year, reportedly turned on their fleshy masters almost at once. The rebellious machine warriors have been retired from combat pending upgrades. The revelations were made by Kevin Fahey, US Army program executive ... More About: News , Robots , Soldiers , Turn
Wiping the Hard Drive
2008-04-12 00:06:00 These days a large number of enterprise customers lease their laptops and desktops. A normal enough business practice. But, when that lease it up do they wipe the hard drives? The ever growing number of data breach stories would lead one to expect that it’s not as common as it should be. Joanna Jasper ... More About: News , Drive , Hard , Hard Drive
Don?t quit your day job?
2008-04-11 17:33:00 In this episode… the triumphant return! Previously on LSD… There are many copies… Sigh. So it’s been a while since I’ve posted. Something that El Jefe Lewis (over there with the smirk) takes up with me every.damn.time.we.talk. So I’m working to remedy that. This week, in reasons that you shouldn’t walk away from the steaming heap of nonsense that ... More About: Quit
Security Briefing: April 11th
2008-04-11 14:52:00 The week is drawing to a close. I mope quietly in my backyard as I ponder the RSA 2008 conference that I missed. From the emails I received it sounds like it was an interesting time. Not to mention the Olympic torch debacle. Ah, well. Have a great weekend everyone! And now, the news… Recipients of RSA(R) ... More About: News , Security , April
From RSA 2008: Insider Security Risks Exposed
2008-04-10 23:31:00 Is this horse dead yet? As long as humans are involved there will always be an “insider threat”. From Silicon: Employees are still one of the biggest threats to corporate IT security both through malicious and accidental actions. Vipin Samar, VP of database security at Oracle, said: “You see a whole range of people through which your security ... More About: News , Security , Threats , Insider , 2008
CNET: Echo Boom Hackers: Shame
2008-04-10 19:52:00 There is a growing trend in the “echo” generation. They’re knee deep in the social networking world without a care for consequences of hacking. It’s amazing how many times I see the MySpace denizens act as if they have some sort of anonymity. News flash folks, you don’t. From CNET: On Thursday morning, at this year’s ... More About: Crime , Hacker , Hackers , Boom , Shame
Reaching Acceptance? Extending Apologies?
2008-04-10 16:02:00 In the past… once or twice… I’ve scrapped with Joe Weiss over issues. Yesterday, Joe got up on a stage at RSA in SF and told people some truth. Wednesday, computer-security experts who recently re-examined the Bellingham incident called its victims the first verified human causalities of a control-system computer incident. They argue that government cybersecurity standards ... More About: Acceptance
10 Security Threats To Watch For
2008-04-10 16:01:00 People do love their “top 10″ lists. Security folks are no different. Here is a list of ten threats to keep an eye on. Of course this is by no means exhaustive. From Network World: Virtualization can help make more efficient use of hardware, but it also creates new security problems. In particular, it ... More About: Watch , Top 10 List , Threats
Security Briefing: April 10th
2008-04-10 13:53:00 OK, based on the emails I received yesterday (thx by the way), I’m sure. I’m going to take the plunge and start working on a book. Now, don’t expect anything soon. Based on Portswigger’s comment I can see at least a year from now. I have toyed with this idea since I was a young ... More About: News , Security , April
Joanna On RSA
2008-04-10 05:13:00 Joanna Rutkowska gave a talk at RSA today and found out the joys of San Francisco fire regulations. From Invisible Things: Today I was giving a speech at the RSA Conference in San Francisco. The RSA is a really big conference and also seems to me like a very well organized one ? e.g. they have ... More About: Conventions , Joanna
Database Administration Security Strategy
2008-04-10 05:03:00 From Computer Weekly: Given the vital importance of the information held within corporate and government databases it is surprising that the security of these databases is often of unknown provenance, at least as far as those charged with information security duties are concerned. I am not setting out to offend an entire section of the IT industry ... More About: Security , Strategy , Data Security , Database , Administration
RSA: Cyber Storm II
2008-04-10 04:54:00 Earlier today there was a town hall meeting that reviewed the recent Cyber Storm II excercise. This was a massive simulated computer attack. I was involved in the first Cyber Storm exercise and one of the funniest parts of that was that someone took it upon themselves to return fire. Amusing, albeit counter productive. From Information ... More About: Conventions
Raytheon Launches Cyber-Security Unit
2008-04-10 04:42:00 To throw more fuel on Myrcurial’s “cyber” fire I figured I would point folks to this article from the Arizona Star. I have to admit that I completely agree with him on the gratuitous use of the word “cyber” by talking heads and mainstream media. From azstarnet: Raytheon Co., which bought data-protection company Oakley Networks last year, ... More About: Security , Cyber , Unit
A Call to Arms?
2008-04-09 21:36:00 It’s time folks. It’s time for us to band together, united in a common cause with critical impacts on our lives. It’s time to stamp out forever the disingenuous use of the prefix “Cyber” by the douchetard squadron of aged wannabes. (Note, The almighty Goog comes up with over 157,000 instances of the prefix on *.gov) It has ... More About: Arms , Call
Veracode Gets The ?Fonz? Rating
2008-04-09 16:50:00 Now, Veracode is a company that I see as an excellent growth company. I’ve been a fan of theirs since I first met them at RSA 2007. The long and the short of it is that this is a company that does binary analysis of your in-house code. For a fee of course. I had ... More About: The Fonz
Security Briefing: April 9th
2008-04-09 14:55:00 Wednesday. Pondering writing a book. A substantial undertaking but, am I up for the task? Hmmm. And now, the news… RSA - Microsoft: Let’s talk about trust Security Sleuths Search for a Single Sign-On Solution Symantec Statistics and Malware’s Mushroom Cloud Three quarters of organisations think applications can be exploited by criminals RSA?s Coviello: Let?s cook up a thinking security defense ... More About: News , April
Enjoying The Sun?Oh Right, It?s Patch Tuesday
More articles from this author:2008-04-09 00:00:00 Well, there’s death, taxes and patch Tuesday . Today has 5 critical on tap as well as 3 important patches. MS08-018: Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) MS08-021: Vulnerabilities in GDI Could Allow Remote Code Execution (948590) MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) MS08-023: Security Update of ActiveX ... More About: Patches , Patch 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
