Security News
New Twitter Attack Details Emerge
The attack that took down Twitter Dec. 17 used legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army. The incident underscores the importance for businesses of keeping an eye on DNS security.
Beyond ACTA: Proposed EU - Canada Trade Agreement Intellectual Property Chapter Leaks
Canada's participation in the Anti-Counterfeiting Trade Agreement negotiations has understandably generated enormous public concern as leaked documents indicate that ACTA would have a dramatic impact on Canadian copyright law. The U.S. has proposed provisions that would mandate a DMCA-style implementation for the WIPO Internet treaties and encourage the adoption of a three-strikes and you're out system to cut off access where there are repeated allegations of infringement.
Top 10 worst tech presents for Christmas
Here are ten geek gifts for people who’ve been naughty, or not naughty enough.
Our [Honey Pot Project] 1 Billionth Spam Message
On Wednesday, December 9, 2009 at 06:20 (GMT) Project Honey Pot received its billionth email spam message. The message, a picture of which is displayed below, was a United States Internal Revenue Service (IRS) phishing scam. The spam email was sent by a bot running on a compromised machine in India (122.167.68.1). The spamtrap address to which the message was sent was originally harvested on November 4, 2007 by a particularly nasty harvester (74.53.249.34) that is responsible for 53,022,293 other spam messages that have been received by Project Honey Pot.
http://www.projecthoneypot.org/1_billionth_spam_message_stats.php
Getting Started With Full Disk Encryption
Today, full-system encryption in software is feasible and practical. Here's how to get up and running using solutions from PGP, McAfee, Sophos, and open-source options TrueCrypt and DiskCryptor.
Bank's antifraud tactics stun security expert: How much do they know?
AVG's Roger Thompson discusses brush identity-theft prevention measures
Hackers Brew Self-Destruct Code to Counter Police Forensics
Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.
US and Russia in cyber security talksDecember 14, 2009 by John Lister
The United States and Russia have begun discussions on increasing security online. The two sides are also said to be working for an agreement to cut the number of online military attacks.
SQL attacks take off in last year
Online attacks against databases have taken off in the past 18 months, according to data released by IBM’s X-Force security team.
Unu hits Kaspersky a second time with SQL Injection disclosure
Unu, who has gained a good deal of attention lately, is known for his vulnerability disclosures that center on SQL Injection. In his latest adventures, he returns to a vendor he has targeted in the past, security software specialist Kaspersky.
http://www.thetechherald.com/article.php/200950/4931/Unu-hits...
Four Database Security Tips for Dealing with SQL Injections
SQL injection placed No. 3 on Verizon's list of the 15 most common attacks in its data breach report. Preventing SQL injections can be the difference between data security and a screaming headline. Here are a few short tips on how to help protect your databases and applications.
http://www.eweek.com/c/a/Security/4-Database-Security-Tips-for...
10 Email Security Lessons To Be Learned From Climategate
With climate change critics using hacked emails to discredit scientists ahead of COP15, eWEEK looks at what IT managers and security administrators can do to protect their own inboxes
Adobe fixes critical Flash Player flaws
Adobe on Tuesday patched seven vulnerabilities in Flash Player, six of them for critical bugs that hackers could use to hijack Windows, Mac or Linux machines.
http://www.computerworld.com/s/article/9142021/Adobe_fixes_critical_Flash_Player_flaws
SQL injection attack claims 132,000+
A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009.
Google chief: Only miscreants worry about net privacy
If you're concerned about Google retaining your personal data, then you must be doing something you shouldn't be doing. At least that's the word from Google CEO Eric Schmidt.
The Gawker Guide to Getting Past Airport Security This Holiday Travel Season
Christmas is coming, so it won't be long before you're walking barefoot through spilled soda and children's vomit at a security checkpoint in some godforsaken airport. Fortunately, the TSA has leaked a sensitive document explaining how to avoid all that.
Facebook shuts down Beacon program, donates $9.5 million to settle lawsuit
Facebook has agreed to shut down a program that sparked a lawsuit alleging privacy violations, and set up a $9.5 million fund for a nonprofit foundation that will support online privacy, safety and security.
24,000 employees affected by data breach
Personal information exposed on the Internet, University working to minimize future threats
www.ndsmcobserver.com/news/24-000-employees-affected-by-data-breach-1.979963
Cybercrime is crime with different tactics – interview with Bruce Schneier
Cybercrime is just like any other type of crime only with different tactics, Bruce Schneier tells Infosecurity.
'Fake fingerprint' Chinese woman fools Japan controls
A Chinese woman managed to enter Japan illegally by having plastic surgery to alter her fingerprints, thus fooling immigration controls, police claim.