Security

ID theft, vulnerabilities, privacy issues, etc

Report finds surge in on-line attacks

Filed under
Security

Internet attacks on businesses and other organizations increased by about 28 per cent in the second half of 2004 compared with the first six months of the year, and hackers are setting their sights on the rapidly emerging mobile-computing market, warns a report on Internet security to be released Monday.

US Advisory panel recommends more federal R&D spending

Filed under
Security

The Presidential IT Advisory Committee (PITAC) has recommended the federal government sharply increase its spending on cybersecurity R&D and shift the focus to fundamental, long-term solutions to security challenges.

"The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects," PITAC warned in a letter submitting the report, titled Cyber Security: A Crisis in Prioritization, to the president. "These vulnerabilities put the nation's entire critical infrastructure at risk."

The strange decline of computer worms

Filed under
Security

Although windows-centric, theregister has published an article on the lessening numbers of "Slammer-style worms". They attribute this decline to "the widespread use of XP SP2 and greater use of personal firewall" rendering "worms far less potent in the same way that boot sector viruses died out with Windows 95 and the introduction of Office 2000 made macro viruses far less common."

Linux Kernel Multiple Vulnerabilities

Filed under
Security

secunia.com has published "some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the others can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system."

Have hackers recruited your PC?

Filed under
Security

BBC news has posted an article relating a study "by security researchers who have spent months tracking more than 100 networks of remotely-controlled machines. They discovered 'bot nets [were]used to launch 226 distributed denial-of-service attacks on 99 separate targets.'"

KDE DCop DoS Vulnerability prior to 3.4

Filed under
KDE
Security

Sebastian Krahmer has reported a vulnerability in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon dcopserver. This can be exploited to lock the dcopserver for arbitrary local users. Successful exploitation may result in decreased desktop functionality for the affected user.

The vulnerability has been reported in versions prior to 3.4.

Solution: Upgrade to KDE 3.4 or apply patch.

Click for more information and links to patches.

Original information on dot.kde.org.

US cyber-security 'nearly failing'

Filed under
Security

Cyber-security in the US is "nearly failing" and has been given a "must try harder" D+ rating by the Federal government.

The US Office of Management and Budget set forth cyber-security standards in the Federal Security Management Act 2002, encouraging federal agencies to tighten their IT systems.

Windows Media Player Digital Rights Management Spy

Filed under
Microsoft
Security

This is something really nasty in the XP filing system... it's in Windows Media Player, and it not only has all the information about Digital Rights Management, it also has all the information about your local police force..... QED... Not only is microsoft spying on you, they are also telling the cops what you have got on your system....

US DHS buys more name analysis tools

Filed under
Security

The Homeland Security Department's Customs and Border Protection agency, an arm of the Border and Transportation Security Directorate, has signed a sole-source contract with Language Analysis Systems Inc. of Herndon, Va., for additional software to help analyze names of people.

The software is particularly useful in winnowing the names of terrorists out of lists of passengers or other data sources.

Linux Advisory Watch - March 11, 2005

Filed under
Security

This week, advisories were released for clamav, kernel, squid, kppp, helixplayer, tzdata, libtool, firefox, ipsec-tools, dmraid, gaim, libexif, gimp, yum, grip, libXpm, xv, ImageMagick, Hashcash, mlterm, dcoidlng, curl, gftp, cyrus-imapd, unixODBC, and mc. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, and SuSE.

Full Details.

Identity Theft Bill Puts Companies On Spot

Filed under
Security

The pressure from Capitol Hill on corporate America to clean up its act with regard to safeguarding sensitive customer information continues to increase, as Sen. Jon Corzine said Thursday that he plans to introduce a new bill next week that will require corporate officers to attest that their companies have adequate measures in place to secure customers' personal data.

Interesting Blog

Filed under
Security

Interesting Spam: Old school Ascii art making a comeback?

"Two days ago I got my first Ascii spam which is undoubtedly just another technique to get past email filters. The spam consists of the staples, forged To: and From: with the intended recipient on the BCC. Then it starts its HTML tags, and uses the PRE tags to format the Ascii text so that it views correctly in a variety of email clients."

Link with pictures.

Companies Should Give Online Consumers More Privacy

Filed under
Security

"To quell the privacy-invasion fears that are stunting the growth of e-commerce, Web marketers need to give consumers more control of the personal information collected about them, according to research by Naresh Malhotra, Regents' professor of marketing at Georgia Tech College of Management."

Big Brother is Watching your Toyota Sienna

Filed under
Security

"The 2005 Toyota Sienna (I'm not sure about earlier models) has an Event Data Recorder (EDR) which is a black box of sorts (sans the audio recording). In the event of a crash, near crash, or airbag deployment, it records various data such as vehicle speed, engine speed, driver seat position, gear selector position, etc."

One in four 'touched' by ID fraud

Filed under
Security

"A quarter of UK adults have had their identity stolen or know someone who has fallen victim to ID fraud, a Which? magazine survey has suggested."

Hacker taps into business school files"

Filed under
Security

"A computer hacker gained access to internal admissions records at Harvard, Stanford and other top business schools, then helped applicants log on and learn their fate weeks ahead of schedule, officials said Thursday."

ChoicePoint was victim of ID theft in '02

Filed under
Security

Despite recent denials, it has been revealed that ChoicePoint was indeed victim to identity thieves earlier than had been previously reported.

Media Player Flaw Speaks Volumes on M$ Security

Filed under
Microsoft
Security

I'm sure everyone's read of M$ latest security blunder relating to it's media player, but I particularly like David Coursey's stance. He says, "By focusing not on the largest number of potential victims but on patching its most current software, Microsoft reveals its tendency to "encourage" customers to buy new software by letting them sway in the breeze for a while."

ID Thieves Robbing the Cradle

Filed under
Security

The Seattle Times is running an interesting piece on a new trend of targetting children and young adults by identity thieves. They contend it's because so many years may pass before it's discovered.

Newest Vulnerabilities in php apps

Filed under
Security

"Multiple vulnerabilities in two popular open-source projects-phpMyAdmin and phpBB-could put users at risk of cross-site scripting and information disclosure attacks, security researchers warned Thursday."

Syndicate content