Liquidmatrix Security DigestLiquidmatrix Security DigestYour Source For Network and Information Security News Articles
Security Briefing: June 10th
2008-06-10 16:47:00 Finally the iPhone is coming to Canada! Yes, I know I could have a cracked one. I’m just glad to see it officially released here. A question that remains. What kind of data rates are Ted Rogers and company going to charge? Click here to subscribe to Liquidmatrix Security Digest!. Welcome to all of our new ... More About: News , June
Amazon Sites Under DoS?
2008-06-10 16:27:00 Amazon’s website have been going down at an alarming rate over the few days. Apparently those pesky bloggers are pointing to DoS as a possible culprit. From vnunet: The company is remaining tight-lipped on what is causing the problems, so speculation is rife in the blogosphere. One explanation, according to security experts, is that Amazon is suffering ... More About: Amazon , Sites , Hacker , Monitoring
Unencrypted AT&T Laptop with Employee Data Stolen
2008-06-10 04:31:00 Um, whoops. From Consumer Affairs: A laptop containing personal information on AT&T employees and management was stolen from an employee’s vehicle last month, the company said. The laptop, which had no encryption or security protection beyond a password lock, contained names, Social Security numbers, and salary information for an undisclosed number of workers. Employees were notified of the ... More About: Hardware , Laptop , Data Security , Data , Stolen
Stealing Password Hashes with Java and IE
2008-06-09 13:34:00 OK, I read a lot, I mean a lot on a regular basis. There is a lot of tripe floating about the tubes of the internet and I’m always pleased to read a new posting from several folks who buck that trend. Among which I count John Heasman. He has a great new post on ... More About: Education , Java , Hacker , Password , Stealing
Security Briefing: June 9th
2008-06-09 13:29:00 What fresh hell is this? Monday morning and the coffee machine decides to tangle with me. The missus saves the day and potentially my sanity. So, will the iPhone (officially) come to Canada in the WWDC keynote this morning? What say you Vegas? Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Security firm asks for ... More About: News , June
Opera Browser Integrates Malware Protection
2008-06-08 16:27:00 Opera, arguably one of the fastest rendering browsers available, is stepping up on security. With their version 9.5 release they are adding in malware protection courtesy of a deal that was struck with Haute Secure. From Tech Crunch: Haute Secure makes software that aggressively monitors and alerts users to malware sites. Besides the version that is ... More About: Opera , Malware , Opera browser , Browser
Mac User Turns Tables On Thief
2008-06-08 16:07:00 This is a rather amusing story of Kait Duplaga and her adventure to recover her stolen laptop. From Seattle Times Newspaper: Never underestimate the tenacity of a 19-year-old. When Kait Duplaga of White Plains, N.Y., had her laptop stolen ? along with electronics she and her roommates owned ? she didn’t despair. She cleverly used a built-in ... More About: Apple , Crime , Tables , User , Thief
Where You At? UK Big Bro Knows
2008-06-08 15:55:00 It appears that someone at the Telegraph’s political desk woke up. The security community has been moaning about a “surveillance society” for some time. Now, the Telegraph has noticed that people are noticing the trend. That must make it official somehow. (sarcasm is my optiate) From the Telegraph: Fears are growing that the compulsory ID card scheme ... More About: Privacy , Spy Game
CATSA: XRay Machines Are Not For Gum Wrappers
2008-06-08 14:58:00 Well, the US may have the TSA in all of its glory. Here in Canada however, we have the Canadian Air Transport Security Authority (CATSA) and they’re pissed at airport screeners in this country. From The Canadian Press: “Continued inspections across the country have revealed that garbage and other items … are still being dropped inside ... More About: News , Machines , Xray
Nuke Plant Shutdown Due To Upgrade
2008-06-08 04:53:00 Ah the joys of critical infrastructure. One wrong move with a software upgrade and the whole house of cards could come tumbling down. Case in point. From Washington Post: A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer. The incident occurred ... More About: Patches , Nuke , Plant , Shutdown
Your Router Crashing? Could Be XP SP3
2008-06-08 04:49:00 Here’s an interesting article. Apparently people have been noticing that their broadband modems have been crashing. It turns out that the culprit could very well be Windows XP with SP3. From APCMAG: Broadband modem/router maker Billion says XP SP3 has been causing its BiPAC 5200-series routers to go into a constant crash and reboot cycle. The company has ... More About: Hardware , Router
Employees? Vital Data On Stolen Stanford Laptop
2008-06-08 04:45:00 The wall of shame has a new candidate for stolen laptops I’m afraid. This time a laptop with personal information for employees at Stanford University was pinched. From the San Francisco Chronicle: Stanford University has notified tens of thousands of past and current Stanford University employees that their personal information - including their dates of birth, Social ... More About: Crime , Laptop , Employees , Data , Stolen
Securiy Briefing: June 6th
2008-06-06 14:56:00 Working form the home office this morning. The best kind of commute. Now, back to my research. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Google to allow third party code in Gmail? | Builder AU Skype patches security policy bypassing vulnerability | ZDNet Experts warn of security-dodging Trojans | vnunet Microsoft Patch Tuesday promises seven fixes ... More About: News , June
China Denies Hacking US Gov Laptop
2008-06-06 14:15:00 “Wasn’t me. Didn’t see me do it” - Bart Simpson From the Associated Press: China on Friday denied allegations that its operatives secretly copied the contents of a U.S. government laptop computer and used the data to try to hack into Commerce Department computers. U.S. authorities say they are investigating whether surreptitious copying took place when a laptop ... More About: Politics , Laptop , Hacker , Spy Game
Tripwire Releases VMWare Security Tool
2008-06-06 04:59:00 I received an email from the folks over at Tripwire today. They have released a tool that can be used to check the security on VMWare configs. I haven’t got the time to review this one so I’ll leave to you the good readership to arrive at your own conclusions. From Tripwire: Tripwire® ConfigCheckTM is a free ... More About: Security , Tools , Tool , Virtual , Vmware
US-CERT Gets New Boss
2008-06-06 04:51:00 Former DOJ staffer Mischel Kwon to head up the US-CERT. From Network World: The U.S. Department of Homeland Security has chosen a new head of its U.S. Computer Emergency Readiness Team (US-CERT). Mischel Kwon, will start as director of US-CERT on June 24, a DHS spokeswoman said Thursday. She is presently acting deputy director of IT security and ... More About: Politics , Boss , Cert
Last HOPE Radio
2008-06-05 13:32:00 Keeping tabs on the upcoming Last Hope conference this July. From the Last Hope: For Immediate Release THE LAST HOPE TO FEATURE HACKER RADIO At The Last HOPE conference, hackers will broadcast their minds and their iPods. In the center of the summer’s top hacker event will be a small isolation booth. “Radio Statler!” as the station is called, will ... More About: Conventions
Security Briefing: June 5th
2008-06-05 12:48:00 Damn these infernal mornings. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… 1st Source Bank replacing debit cards after security breach | Network World Microsoft Warns Of Bug In Apple’s Safari | CRN Going Back to Basics To Fight Botnets | Top Tech News EU security agency warns over insecure printing | The Register Information at thieves’ ... More About: June
Hacking Case Shuts Out Valedictorian, Other Seniors
2008-06-05 05:28:00 And what did we learn today class? That’s right. Hacking the school computers has consequences associated with it. Now slap yourself and head back into the detention hall. Dumbass . From the Houston Chronicle: George Bush High School’s valedictorian is among a group of Fort Bend Independent School District seniors who will not be allowed to take part ... More About: Hacker , Case , Seniors
Oracle Database 11g Gets Praise From InfoWorld
2008-06-05 05:18:00 From InfoWorld: I expect most Oracle Database shops will find at least five of these life changers in Oracle Database 11g. But there’s one feature, Real Application Testing, that’s so compelling, it’s almost enough reason to upgrade on its own. There’s not a shop out there that doesn’t make code changes, and they all need a ... More About: Data Security , Review , Praise
GAO: FDIC Needs Stronger Security Controls
2008-06-05 05:09:00 Meh, they only handle the insurance for your money. No biggie right? From FCW: A key reason for the latest weaknesses the auditors found is that the FDIC did not always fully implement critical information security program activities, GAO said. For example, multiple FDIC users shared the same login ID and password, had unrestricted access to application source ... More About: Security , Data Security , Stronger
PCI Compliance: Learning from the U.S. Air Force
2008-06-05 02:12:00 SC Magazine has an interesting piece on PCI compliance (section 6.6) and the author maps it against the US Airforce’s response to web breaches. From SC Magazine: In the spring of 2005, someone broke into a web application for the Assignment Management System of the United States Air Force , and stole 33,000 records. As data breaches ... More About: Learning , Air Force , Compliance
Security Briefing: June 4th
2008-06-04 15:08:00 It’s a hump day miracle. I’ve made it half way through the week and I’m not completely psychotic from a lack of REM sleep. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… UK citizens’ portal exposes edit kit interface | The Register Setting the stage for the latest PCI deadline | SC Magazine Banks are confusing consumers on PC security | ZDNet Australia Watchdog urges firms to lock up customer digital data | The Globe and Mail Secret Bits: How Codes Became Unbreakable | InformIT New security frontier is all about data | The Sydney Morning Herald Worm hits several SA sites | ITWeb South Africa US raises entry bar with online database for visitors | Times Online Tags: News, Daily Links, Security Blog, Information Security, Security News More About: June
Last Hope On Locks
2008-06-03 16:48:00 Here is another update from the folks at “Last Hope ” conference taking place this July in NYC. FOR IMMEDIATE RELEASE Security Experts to Disclose Major Flaws Affecting Over 95% of All Locks New York, NY - June 2, 2008 - This summer, hackers from around the world will be teaming up with lock picking and security experts to show the public exactly how insecure their locks are. Recent studies have proven that locks of all varieties (including so-called “high security” locks) can be compromised, some by persons with a minimal skill. Attendees at The Last HOPE conference in July will learn firsthand about security vulnerabilities inherent in standard lock designs, from the most common ones used on our front doors to the high security models used by industry and in government. Attempts to alert the security industry to these dangers have not met with much success, which is why we believe it is in the public interest to demonstration certain methods of bypass. &ldq...
Myrcurial gets placed in the Leader’s Quadrant - Gartner Days 1&2
2008-06-03 16:23:00 Gartner IT Security Summit - June 1-3, 2008 - Washington, DC. Alright - call this an omnibus posting. I had planned to do a better job of intra-day postings, but the schedule here is hectic and as anyone who knows me can attest, I really do work to get maximum value out of any conference that I go to. Highlights here - much more detail available if anyone comments/emails me to ask. Day 1 Opening Keynote - The next 10 years in IT Security - Rated: Good. Keynote - Google’s Security - Rated: Excellent. Keynote - SciFi Authors’ Future View of IT Security - Rated: Excellent. “F” Track - Gartner Analysts/Researchers speak on the topic of “The CISO” - Rated: Mediocre to Good. Exhibition Floor - Rated: Good. Food - Rated: Hotel Std. Bring Pepto Product Highlight - Alcatel-Lucent OmniAccess 3500 Nonstop Laptop Guardian It’s a way to lojack your laptops - a device that stores your crypto keys, 2nd factor auth token, acts as your 3G WWAN, GPS enabled,... More About: Days , Gartner
Security Briefing: June 3rd
2008-06-03 14:16:00 The joy of the morning commute. Last week was a complete blur but, traffic is far worse. Click here to subscribe to Liquidmatrix Security Digest! And now, the news… Walter Reed says patient data may be compromised | Associated Press Hacker Hijacks Website of Hacking Tool Maker (Metasploit) | Wired Fetching Stolen Laptops | EMQ Philly news anchor embroiled in e-mail hacking scandal | Philly.com French police smash global hacker ring | vnunet Google fixes several site security issues | CNET Exploiting Security Holes Automatically | MIT Technology Review Apple releases Mac OS X Leopard Security Guide | ZDNet Tags: News, Daily Links, Security Blog, Information Security, Security News More About: June
Hackers Invade Mars
2008-06-03 13:50:00 Well, the website for the NASA Phoenix Lander at least. From the Register: Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice. Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read “hacked by VITAL.” As if that wasn’t enough, members of the self-declared “sql loverz crew” redirected baffled visitors of the Phoenix mission’s official webpage and a companion site to a third-party destination. That page gave credit to hackers going by the names BLaSTER and Cr@zy_king. Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites. Evidently, they had better things to do than vet their scripts for SQL-injection vulnerabilities. So these hackers were willing to step in and test the sites for them. Pesky SQL Injection attac... More About: Hackers , Invade
Teen Hacks PA School Computer, Gets Tax Info
2008-06-03 12:23:00 A 15 year old student managed to hack into a school computer in Pennsylvania. He got his hands on 2005 tax return information for 41,000 which sent a town meeting for a loop. From DailyLocal dot com: Borough police arrested a 15-year-old Downingtown West High School freshman on May 21 and charged him with theft by unlawful taking or disposition, computer theft, unlawful duplication and computer trespass. District administrators learned about the intrusion on May 9, when a student told Downingtown West’s principal that another student might have personal information, Griffin said. But 71 school employees did not learn their 2005 W-2 forms were copied until May 16, and Griffin said this was because district officials had to first perform “due diligence.” According to police, the data files contained more than 41,000 adult taxpayers’ names and personal information, including Social Security numbers, and more than 15,000 students’ names and personal information. The school di... More About: Hacks , Computer , Info
Canadian Group Says Facebook Violates Privacy Laws
2008-06-03 04:21:00 You know, I would have to agree with them in principle. From what I have seen Facebook seems to take a dim view of anything/anyone that questions their “rule”. Privacy , schmivacy. From Computer World AU: A Canadian public policy group Friday filed a complaint charging Facebook with 22 separate violations of a Canadian personal information protection law. The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, asks the Privacy Commissioner of Canada to investigate what it describes as Facebook’s failure to inform members how their personal information is disclosed to third parties for advertising and other commercial activities. The complaint also alleges that Facebook has failed to obtain permission from members for disclosure of their personal information. Facebook did not respond to a request for comment. They didn’t comment? How out of character. In an unrelated story most of the University of Ottawa’s ... More About: Laws , Group
Security Briefing: June 2nd
More articles from this author:2008-06-02 12:49:00 I’m baaaaaack! As many of you noticed, Myrcurial was a trooper last week manning the battlements here at Liquidmatrix as I handled a personal project. And now, I can share the good news. My wife and I had our first child last week! Both mother and baby are doing great! Thanks to all of our new ... More About: News , Security , June 1, 2, 3, 4, 5, 6, 7 |
|
 |
|
 |
