News & Commentary
Content posted in October 2009
|
New Project Takes Aim At Web Vulnerabilities
New open source honeypot sets bait to lure attackers and to gain first hand information on current attack techniques underway.
LinkedIN With 'Bill Gates'
Bill Gates invited me to join his LinkedIN network. OK, so it wasn't really Bill Gates, but as far as my email system, spam filter, and email client were concerned, it's perfectly normal for Gates to send me a LinkedIn invitation.
FDIC Warns Banks Of 'Money Mule' Bank Customers
Financial institutions should be on the lookout for money mules depositing funds stolen via electronic file transfers, says the Federal Deposit Insurance Corp.
Facebook Wins $711 Million From Spammer
In addition to financial damages, Sanford Wallace, among the first to be crowned "Spam King," may face jail time.
Federal CIO Kundra Plans Cybersecurity Dashboard
The White House, which recently introduced a FISMA reporting tool, outlines plans for new cybersecurity metrics and a dashboard for tracking progress.
Tech Insight: Developing Security Awareness Among Your Users
Skip the 'Wall of Shame' and instead try promotional events, penetration testing your users
Global CIO: SAP Eliminates All-Up-Front Payment Requirement
In a striking move, SAP is extending to 580 very large customers a plan allowing them to spread payment across multiple years instead of making one big capital-expense payment up front.
CSI Speakers Offer Advice On Risk Assessment, Reporting
Security professionals must not be able to only evaluate risk, but also report it in a way top executives can understand, experts say
Getting To Know Your Infrastructure
Knowing your network is a fundamental step for building a successful vulnerability management (VM) project.
New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit
New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're looking for
US-CERT Warns Of BlackBerry-Spying Application
Free PhoneSnoop app listens in on BlackBerry users
NSA To Build $1.5 Billion Cybersecurity Data Center
The massive complex, comprising up to 1.5 million square feet of building space, will provide intelligence and warnings related to cybersecurity threats across government.
Global CIO: Hewlett-Packard's Hurd Says Bad IT Means A Bad CEO
Hurd offers a startling observation about how the roots of bad IT almost always reside in the corner office, and he explains how HP attempts to address the needs of both the CEO and the CIO.
Facebook Phishing Attack Powered By Zeus Botnet, Researchers Say
Scam email messages being generated at a rate of 1,000 per minute
iPhone, BlackBerry, Palm Pre All Vulnerable To Spear-Phishing Experiment
Phony LinkedIn invitation from 'Bill Gates' lands in smartphone inboxes
Know Your Tools
Ever have one of those days where nothing really seems to go right? You're working on something that should be simple and it ends up throwing seemingly unexplainable errors back at you no matter what you try? Then when it does work, you're not sure what you changed that fixed it. Yeah -- me, too.
Global CIO: Greenpeace Shakedown Targets Google, Microsoft, And IBM
Greenpeace is mounting a major assault on the business practices of not just those three companies but the entire IT industry. They will lie to get what they want--and here's the proof.
File Virtualization, The Ultimate Cloud Gateway?
In our last entry we talked about the use of cloud storage as a backup target, but another ideal use case for cloud storage is to use it as an archive area. Almost every IT organization has old data that they want or must keep, but are struggling with where to keep it. Its ability to identify, automatically move and transparently recall data could make file virtualization the ultimate cloud gateway.
Patch Your Firefox
Mozilla just released 16 patches for vulnerabilities in Firefox. Eleven of the flaws are critical, and affect a number of components in the browser.
Global CIO: What CIOs Can Learn From Kindle
The real lesson is in the growing power of machine-to-machine wireless links.
MAAWG's Mission Evolving As Botnets, Web Threats Intensify
ISP group is starting to look at more than just email abuse as attacks span Websites, social networks
SMB Security Survey Shows Sorry State Of Cyber Safety
A new survey of small business cybersecurity offers a bleak picture of the state of things. Bleak unless you're a cybercrook, of course.
SAP, Nokia Partner On Mobile Security
With the joint venture's technology, prescription drugs, software, and other goods could be tagged with smart barcodes to protect them from counterfeiting.
AVG Sends Speedy Small Business Security Signal
New Internet security and anti-virus products for small businesses from AVG are being touted by the company as both secure and speedy, with an array of promised features and administrative tools that address some of the tech-challenges smaller firms face.
Report: Nearly 6 Million Infected Web Pages Across 640K Compromised Sites
Startup founded by ex-Google engineers tallies major jump in Website compromises and breadth of the infections
Five Vulnerabilities That Lead To Identity Theft
ID theft security vendor offers advice on five key areas that end users should watch
ISPs: Email Abuse Down But Not Out
Messaging Anti-Abuse Working Group (MAAWG) says ISPs, bad guys at a draw when it comes to spam, malicious email
Top 10 E-mail Blunders Of 2009, So Far
Proofpoint's list of the ten biggest e-mail gaffes this year shows that organizations have yet to deal with the risks of e-mail.
UK Jobs Website Hacked
The news site Guardian is warning members of its UK jobs site that the site has been breached, and that personal data may been snagged.
Christian Site's Poll Backfires
The Alpha Course, a Christian Website, has created an instant Internet poll asking if God exists. So far, 96 percent of respondents clicked on "NO."
Cloud Based Backup, Ready For Business?
Cloud based backup services have been successful in the consumer space. Companies like Mozy, Carbonite and others are protecting thousands of laptops and home desktops, but can cloud based backups services move beyond protecting consumer or prosumer data and into the data center? Are cloud based backups ready for business?
Using Evil WiFi To Educate Users, IT Admins
For my keynote at Operation WebLock, I was asked to include a demo or two that would leave attendees rethinking some of their current practices. It didn't take a long to come up with a few different possibilities, but I settled on one of my favorite attacks: wireless network- impersonation and connection hijacking.
Smartphones Call For Security-Smarter Users
Smartphones, and all the other smartstuff filling our pockets, bags, lives, make for mobile convenience and access -- including access by crooks. Time to get your smartphone-using staff to dial up their security practices.
The ABCs Of DAM
Database activity monitoring (DAM) has been the biggest advancement in database security in the past decade. Identity management controls access, and encryption protects data on media, but monitoring verifies usage.
Application Security Is National Security
Hacks targeting U.S. government computers are coming from China. We knew that. The Chinese hackers are relying on zero-day software vulnerabilities to exploit critical systems. So, tell me again: why aren't we doing more to require applications be built secure from the start?
Tech Insight: Managing Vulnerability In The Cloud
You can't control everything in the cloud, but you can control your data's exposure in the cloud
Trend Micro Secures Virtual, Cloud Servers
To address unique server security challenges, Trend Micro is connecting its Deep Security software to virtual machines and the cloud.
Gift Cards Convenient And Easy To Hack
Researchers reveal hacks for prepaid gift cards
Trusting Trust
An old and respected paper about compilers teaches us a lot about network security architecture.
Reducing Storage Complexity In Server Virtualization
The storage component of a virtualized server infrastructure has been labeled as complex and expensive. In our prior entries about selecting a storage foundation we discussed what systems and protocols are available that might help simplify and reduce costs for storage in a virtualized environment. Beyond physi
My Hat Is Blue
For the past two days I have been back in Seattle. It was almost two years ago I left the city, and was not sure when I'd get a chance to return. Microsoft's BlueHat security conference was a great reason to come back to my favorite rainy city.
What is BlueHat?
From Security Perspective, Windows 7 Off To A Rocky Start
Experts express consternation over early vulnerabilities, UAC configuration issues
Feds' Security Spending On a Roll: Over 8 Percent Growth Over Next Five Years
New data from research firm Input finds security spending growing twice that of overall federal IT buying
Evidence Points To China In Cyber Attacks
A Northrup Grumman report suggests that the Chinese government is behind a coordinated series of attacks on U.S. government and private sector computer systems.
Major Secure Email Products And Services Miss Spear-Phishing Attack
Experiment successfully slips fake LinkedIn invite from 'Bill Gates' into inboxes
Microsoft And Mozilla Compete, Cooperate
In its patch release last week, Microsoft described an interesting side effect in one of its bulletins.
FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach
Agency alleges that data broker didn't do enough to protect information after massive breach in 2005
Understanding Hard Drive Performance
In the last performance entries we discussed understanding storage bandwidth and understanding storage controllers. Next up is to understand the performance characteristics of the hard drive itself and how the mechanical hard drive can be the performance bottleneck.
Firefox Web Browser Weaponization Redux
I've written about the Samurai Web Testing Framework (WTF) LiveCD project and some of the Firefox Add-Ons that can be used to transform Firefox into a highly capable Web application penetration testing tool. Now the Add-Ons included in Samurai and a few others have been bundled together into the Samurai WTF Firefox Collection--essentially, a one-stop shop for Web browser weaponization.
Metasploit Project Sold To Rapid7
Open-source Metasploit penetration testing tool creator HD Moore joins Rapid7, commercial Metasploit products to come
|
White Papers
Video
1 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10902
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
PUBLISHED: 2018-08-21
From DHS/US-CERT's National Vulnerability Database CVE-2018-10902
PUBLISHED: 2018-08-21
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possib...
CVE-2018-10932PUBLISHED: 2018-08-21
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
CVE-2018-15660PUBLISHED: 2018-08-21
** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account numbe...
CVE-2018-15661PUBLISHED: 2018-08-21
** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: th...
CVE-2018-15481PUBLISHED: 2018-08-21
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This