|
Security Headlines
Back
January 31, 2006
Security firms start The Payment Card Industry Vendor Alliance (SC Magazine)
A handful of data security companies today announced the formation of a new
alliance focused on advocating for those who must comply with the payment
card industry data security standards (PCI DSS).
Why Anti-Virus Profiling is inadequate (IT-Analysis)
There are two techniques that AV products use to try to spot viruses. I have
dealt extensively with one of these—the use of signatures—in articles I've
posted as part of the AVID (Anti-Virus Is Dead) campaign. Signatures are
like fingerprints and can be used to spot known malware.
_____________________________________________________________________________________
January 30, 2006
Windows Vista's hyped security will be tested (Reuters)
Computer hackers are off and running trying to find vulnerabilities in
Microsoft Corp.'s new Windows Vista operating system, putting to test the
software maker's claim that it is the most secure Windows program ever.
Microsoft releases Vista to consumers (SC Magazine)
Microsoft released the long-anticipated consumer versions of the Windows
Vista operating system in New York today, promoting security as one of the
major benefits of the new platform.
Software Security Vulnerabilities Will Continue to Rise in 2007 (Business
Wire)
IBM today announced the highlights of its 2006 security statistics report,
which describes key security findings for 2006 and predicts the nature of
Internet threats expected to emerge in 2007.
_____________________________________________________________________________________
January 29, 2006
Webroot: Windows Vista is more secure, but not secure enough (SC Magazine)
Windows Vista may be hailed as Microsoft's most secure operating
system to date, but the platform contains weaknesses in its default anti-malware
capabilities, one security vendor has concluded.
Is Bharosa Acquisition Bait? (darkREADING)
Authentication specialist may be for sale, but its CEO is not looking
to pair up with another security pure-play
MySpace muscles ISP over hacking site (PC Advisor)
Internet service provider (ISP) GoDaddy.com has come under fire for
pulling a popular hacking website down, allegedly at the request of
MySpace.com
Patients' personal information threatened with computer theft (Salina
Journal)
A laptop computer containing the names, social security numbers and
medical history of up to 1,100 patients is missing, putting them at risk for
identity theft, and Salina Regional Health Center officials are offering a
$2,000 reward for the laptop's return.
January 26, 2006
AACS Confirms Hacks On High-Definition DVD Players (InformationWeek)
A consortium of movie studios and technology companies backing the
encryption system for high-definition DVDs confirmed that hackers have
stolen "title keys."
Symantec warns of new zero-day Word attack (InfoWorld)
Hackers are exploiting a new, unpatched vulnerability in Microsoft
Word that could allow them to take control of a victim's computer, Symantec
has warned. The zero-day vulnerability is the fourth in Microsoft's widely
used Word 2000 software that has not yet been patched, the security company
said in its Security Response Weblog.
_____________________________________________________________________________________
January 25, 2006
Canadians among credit card fraud victims after Winners breach: report (CBC)
Thousands of Canadian credit card holders are victims of fraud after
the security breach at the parent company of Winners and HomeSense,
according to a report.
Former HP exec: target of snooping (San Jose Mercury News)
A former Hewlett-Packard executive has cited the computer and printer
giant's recent board-spying scandal in his suit against the company,
claiming HP used similar fraudulent methods to obtain his private phone
records in August 2005 after giving him a corporate espionage assignment to
obtain trade secrets on rival Dell's printers.
Apple finally patches Quicktime flaw (PC Advisor)
Apple has patched a vulnerability in its QuickTime media player that
could give a hacker control over a computer.
_____________________________________________________________________________________
January 24, 2006
Cisco IOS is Affected by Multiple Vulnerabilities (US-CERT)
Several vulnerabilities have been discovered in Cisco's Internet
Operating System (IOS). A remote attacker may be able to execute arbitrary
code on an affected device, cause an affected device to reload the operating
system, or cause other types of denial of service.
IRS, Kansas City officials search for lost computer tapes (SC Magazine)
The Internal Revenue Service (IRS) and Kansas City officials are
searching for lost agency computer tapes that may have been missing for as
long as two months.
Apple Patches QuickTime (PC World)
Hackers could exploit media player during streaming to run malicious code.
Academics warn of fingerprint biometrics weaknesses (SC Magazine)
Experts from the University of California, Davis warned this week
that the reliability of fingerprint biometrics has declined considerably due
to technological concerns and a growing world population.
_____________________________________________________________________________________
January 23, 2006
'Storm Worm' Now A High-risk Threat: Symantec (Bernama)
Symantec Security Response has raised the risk level of
Trojan.Peacomm, also known as "Storm Worm", to a category 3 threat due to
the speed and volume in which it is being aggressively spammed across the
Internet.
Sophos:Infected attachments replaced by malicious links (SC Magazine)
While the percentage of infected emails declined significantly, the
diminished risk was undone by an even more significant rise in Web-related
threats, reported the experts at Sophos this week.
Technical Cyber Security Alert (US-CERT)
The Sun Java Runtime Environment contains multiple vulnerabilities that can
allow a remote, unauthenticated attacker to execute arbitrary code on a
vulnerable system.
_____________________________________________________________________________________
January 22, 2006
Card Data Stolen From Major U.S. Retailer Business Wire (ePaynews)
Criminals have hacked into the payment processing systems of The TJX
Companies, a U.S-based retailer which had sales of US$2.5 billion for the
five weeks to December 30, 2006.
As Thieves Go Online to Sell Loot, Their Victims Follow (RedNova)
Popular online marketplaces that have made it easier for thieves to
sell stolen property also are making it easier than ever for victims to
track what was taken from them.
Caught in the Web: Top 10 Internet Scandals of All Time (PC World)
The Web is a great way to deliver information, but it's also a great
way to expose, spread, or jump-start a scandal.
US tops spam relaying and malware leagues of shame (The Register)
Land of the free, home of the botnet The US hosted more than one
third of the websites containing malicious code identified during 2006. The
country also relayed more spam than any other nation last year, according to
a study by net security firm Sophos.
January 19, 2006
New Code Of Ethics To Protect Net Users (InfoWeek)
Yahoo, Google and Microsoft earn praise as they help the OpenNet
Consensus prevent the practice of jailing of online journalists for
arbitrary reasons.
Microsoft updates Excel patch (SC Magazine)
Microsoft re-released on Thursday one of the four fixes it had
distributed as part of this month's Patch Tuesday.
Storm Worm hits computers around the world (Reuters)
Computer virus writers attacked thousands of computers on Friday using an
unusually topical email citing raging European storms, a security company
said.
TJX Hack Highlights Payment Information Insecurity (InfoWeek)
The cost of data breaches, whether the information is lost or stolen,
continues to escalate, costing companies an average of $182 per compromised
record.
_____________________________________________________________________________________
January 18, 2006
Applied Identity's Identiforce (NWC)
Identiforce does an excellent job ensuring that properly
authenticated and authorized users can access the correct resources.
Fortify Software acquires Secure Software (SC Magazine)
Fortify Software announced today that it reached a definitive
agreement to acquire Mclean,Va.-based Secure Software.
EBay Heightens Security Precautions (AP)
Executives at eBay Inc. are touting security as their top priority in
2007 after an internal survey showed that online scammers may be denting the
company's reputation.
_____________________________________________________________________________________
January 17, 2006
Botnet Gang Faces Jail (PC World)
Dutch prosecutors seek prison, fines for two charged in international
hacking scheme.
New VML exploit found, considered unreliable (SC Magaznie)
Hours after hackers posted public code designed to take advantage of
the recently patched Microsoft vector markup language (VML) vulnerability,
VeriSign iDefense security researchers discovered a private, in-the-wild
exploit attacking the bug.
How to Catch Computer Criminals (darkREADING)
FBI issues guidelines to help local cops nail online bad guys
Oracle Releases Patches for Multiple Vulnerabilities (US-CERT)
Oracle has released patches to address numerous vulnerabilities in
different Oracle products. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and denial of
service.
_____________________________________________________________________________________
January 16, 2006
Are viruses, malware winning the security battle? (ZDNet)
Virus programmers seem to know no limits when it comes to creative
ways of making the Internet unsafe. Rootkits, originally programmes designed
to help computer administrators, are the current bugbear for security firms
trying to prevent them from sneaking worms, trojans, and viruses past
anti-virus programs.
MSN hacker gets 27 months' jail (CNETAsia)
Singaporean undergraduate is convicted for stealing several women's instant
messenger accounts and blackmailing one victim.
_____________________________________________________________________________________
January 15, 2007
A touch of Internet 'street smarts' can protect you from hacker attacks
(Inside Bay Area)
WITH COMPUTER viruses and phishing having evolved to organized crime
practiced by well-paid hackers who siphon off and then sell your vital
information, it's more necessary than ever to protect your computer from
intrusion.
Hackers can't wait for iPhone (MacCentral)
Hackers can't wait to get their hands on the smart phone unveiled by Apple
at last week's Macworld Expo.
January 12, 2007
Month of Apple Bugs projects reveals highly critical Mac OS X bug (SC
Magazine)
A highly-critical vulnerability in Mac OS X was disclosed on Thursday that
can potentially be exploited to compromise users' systems.
Cyber-crooks switch to code obfuscation (Infomatics)
Security firm Finjan has reported that dynamic code obfuscation was
increasingly used as a method to bypass traditional signature-based security
systems and propagate malware during the fourth quarter of 2006.
_____________________________________________________________________________________
January 11, 2007
Burglar-Proof Windows? (BusinessWeek)
Vista's new security features may be annoying, but they're good for
you
U.S. warns
about Canadian spy coins (MSNBC)
The Defense Department cautioned its American contractors over what
it described as a new espionage threat: Canadian coins with tiny radio
frequency transmitters hidden inside.
iDefense offers $48,000 for Vista vulnerabilities (SC Magazine)
VeriSign's iDefense Labs this week offered more than $48,000 up for grabs to
researchers who can submit remotely exploitable vulnerabilities in the new
Windows Vista operating system and in Internet Explorer 7.0.
_____________________________________________________________________________________
January 10, 2007
FBI has nine suspects in election site hacker case (The Naperville Sun)
An Internet hacker faces a federal prosecution for adding information
to the DuPage County Election Commission's Web site before last November's
election if FBI agents are able to gather enough incriminating evidence.
Microsoft leaves Word zero-day holes unpatched (USA Today)
Microsoft on Tuesday released fixes for vulnerabilities in its
Windows and Office software, but left several known Word zero-day flaws
without a patch. Microsoft published four security bulletins with fixes for
10 vulnerabilities. Three of the bulletins are deemed "critical."
Blog-Savvy French Set For Cyberbattle In 2007 Poll (TechWeb)
Cyberspace is turning into a hotly contested arena in this year's French
presidential elections, as candidates seek to harness the Internet's vast
but volatile resources to give them a decisive edge.
_____________________________________________________________________________________
January 9, 2007
MIT Kerberos Vulnerabilities (US-CERT)
The MIT Kerberos administration daemon contains two vulnerabilities
that may allow a remote, unauthenticated attacker to execute arbitrary code.
Simple precautions can help in preventing identity theft (The Buffalo News)
The best offense, they say, is a good defense. Nothing could be truer
when it comes to the growing problem of identity theft.
Identity bandits (Cape Cod Times)
When identity thieves stole sensitive information about thousands of
consumers from Alpharetta, Ga.-based ChoicePoint Inc. in February 2005, it
caused a national uproar.
$40,000 DRM hack
challenge (p2pnet)
Crack the 'protected' software and win
_____________________________________________________________________________________
January 8, 2007
OpenOffice tackles 'highly critical' hole (ElectricNews)
OpenOffice.org has patched a critical vulnerability in the open
source application suite.
Best practices in Wi-Fi network security (techcentral)
As wireless technology explodes in popularity it also presents a new
challenge to IT security, especially as it relates to maintaining
confidentiality and integrity of data.
Apple QuickTime RTSP Buffer Overflow (US-CERT)
Apple QuickTime contains a buffer overflow in the handling of RTSP URLs.
This can allow a remote attacker to execute arbitrary code on a vulnerable
system. January 4, 2007
Security project focuses on Apple (BBC News)
Researchers start a project to publish data about one Apple security
bug every day in January.
Acrobat Reader flaw opens many websites to XSS attacks (SC Magazine)
Security experts warned users Wednesday of a vulnerability in Adobe Acrobat
Reader plug-in that makes websites that use PDFs susceptible to cross-site
scripting (XSS) attacks and worms, as well as putting users at risk of theft
of cookies and session information.
_____________________________________________________________________________________
January 3, 2007
New Computer Program Prevents Crashes And Hacker Attacks (Science Daily)
Today's computers have more than 2,000 times as much memory as the machines
of yesteryear, yet programmers are still writing code as if memory is in
short supply. Not only does this make programs crash annoyingly, but it also
can make users vulnerable to hacker attacks, says computer scientist Emery
Berger from the University of Massachusetts Amherst.
Cisco
Adds Severity Scores to PSIRT Security Advisories (Yahoo)
The Cisco® Product Security Incident Response Team will include
severity scores in every security advisory that it issues in 2007 and
beyond, Cisco announced today. The inclusion of these scores, which measure
the risk levels posed by a particular vulnerability, or multiple
vulnerabilities, is intended to help Cisco customers better prioritize their
software change- and patch-management projects.
Unpatched bug bites QuickTime (The Register)
First release from Month of Apple Bugs Security researchers have uncovered a
buffer overflow flaw in Apple's QuickTime media player software that creates
a means for hackers to load malware onto vulnerable systems.
_____________________________________________________________________________________
January 2, 2007
Wireless not worth hacking? (The Register)
Times have changed Opinion For four years, I've been pretty clear
about my personal opinions on wireless hackers. I don't worry about them. So
when I say: "It's time to worry about wireless hackers," it's not just
another security consultant scare story being recycled - it's because I
think things have changed.
Hidden Dimensions - A Major Apple Weakness Could Harm Mac OS X (The Mac
Observer)
There is a thick layer of insulation between Apple's technical people
and their technical customers. This has been an irritation before, but it
could become a problem in the future
Cozying Up to Blackhat Hackers (Wired News)
Keep your friends close and your enemies closer. Why Jim Christy, the
Pentagon's toughest internet crime fighter, hangs out with hackers. By Robin
Mejia for Wired magazine.
_____________________________________________________________________________________
January 1,
2007
QuickTime Flaw Kicks Off Month of Apple Bugs (Washington Post)
A previously undocumented flaw in Apple's QuickTime media player
could be exploited remotely by attackers to install malicious software on
computers running either the Windows or Mac OS X operating systems,
according to the inaugural posting by the Month of Apple Bugs project, a
month-long effort that promises to feature a newly described security hole
in Apple's software each day
Is Wireless Technology Encouraging Fraud? (TechWeb)
Is wireless technology encouraging fraud? Yes, says Brad Keller, who manages
E-commerce risks for a large financial institution. No, counters Craig
Mathias, a principal at Farpoint Group, which specializes in wireless
networking and mobile computing. |
