Top Stories for Today
[117] When Security Fails, Who Are You Going to Fire? [93] Why Apple should buy Adobe [78] 20 Cell Phones That Leak the Most Radiation [77] Two Madoff computer admins indicted [77] $45,582 telephone bill traced back to Somalia [76] Be prepared for the year of mobile malware [70] High-tech copy machines a gold mine for data thieves [65] Fake MacBook Air, 'big IPhone' Tablet on Show in China [64] Data Breaches Are Heaviest at Hotels [64] TippingPoint: IE8, iPhone will fall first day [61] Apple has pre-sold "hundreds of thousands" of iPads [58] French rail service SNCF closes web security hole [58] Fired CISO says his comments never put data at risk [58] Microsoft Denies Virtual PC Vulnerability [56] RSA Reveals Zeus Trojan Cyber-Crime Infrastructure [52] Judge Approves $9.5 Million Facebook ‘Beacon’ Accord [48] The top 6 enterprise issues for Windows Phone 7 [46] If The Hat Is Black… [44] Turkish hackers disrupt Armenian Olympic website [44] Enterprises Adopting Cloud Faster Than Traditional IT [44] UBC student union considers police investigation for fraudulent votes [42] Faux Facebook emails use password reset ploy [41] Europe 'vulnerable to cyberattack' View the Top 50 articles
Top 20 of the Last 2 Weeks
|
When Security Fails, Who Are You Going to Fire?
Posted by l33tdawg on Friday, March 19, 2010 - 12:02 AM (Reads: 117)
|
Source: CIO
Two recent unrelated news stories struck me as indicative of a fundamental problem with IT security: We seem to favor looking at symptoms over finding the root cause of problems.
The first story was nearly comical for the effort that was expended to pin blame. Back in December, the Conficker virus infected 3,000 computers on the network of the Waikato District Health Board , which encompasses all of the hospitals in a district that accounts for 10% of New Zealand's population. Officials claimed that emergency operations were not affected, but the district hospitals requested that only true emergencies be referred to them. Certainly, it is critical that steps be taken to assure that nothing like this ever happens again.
I just don't agree that an effective response would include a three-month investigation into the incident . The report came in this month, and, believe it or not, they say they found the source of the infection. According to the report, someone plugged an infected USB drive into a computer in a parking garage tollbooth, bringing multiple hospitals to a near standstill for three days.
[   ]
| |
Be prepared for the year of mobile malware
Posted by l33tdawg on Friday, March 19, 2010 - 12:02 AM (Reads: 76)
|
Source: ZDNet (UK)
The number of types of attack on mobile devices may not be growing, but circumstances are conspiring to create a genuine threat, says Rik Ferguson.
The rise in threats to mobile devices is definitely real, although still a long way from reaching epidemic proportions. The real message for the coming months is about preparedness.
There were a limited number of new threats in 2009, but a significant increase in their complexity and criminal intent. Signs are that consumer acceptance of mobile phone-based financial activity is now mainstream, with handset banking applications even being advertised on primetime television.
[ ]
| |
Two Madoff computer admins indicted
Posted by l33tdawg on Friday, March 19, 2010 - 12:01 AM (Reads: 77)
|
Source: Computer World
Two former computer administrators who worked for convicted financial fraudster Bernard Madoff's investment firm were indicted this week on charges of conspiracy and falsifying financial records.
Jerome O'Hara, 47, of Malverne, N.Y., and George Perez , 44, of East Brunswick, N.J., each face a maximum of 30 years in prison if convicted on all charges.
A statement released yesterday by the U.S. Attorney's office for the Southern District of New York said the two men started working for Bernard L. Madoff Investment Securities, LLC (BLMIS) in the early 1990s. Both O'Hara and Perez were responsible for maintaining computer programs that supported Madoff's investment advisory business.
[ ]
| |
Why Apple should buy Adobe
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 93)
|
Source: ZDNet (Blog)
Quick - which Silicon Valley icon creates the computers that creative professionals love? And what SV company creates the software that creative professionals crave?
Right: Apple and Adobe. So why are they 2 separate companies? There’s no good reason, especially now that Adobe’s management can’t figure out how to grow the company. Apple, with over $30 billion in cash, could buy Adobe outright, whose market cap is about $18 billion. A cash and stock offer would also make Adobe shareholders happy.
Apple prefers small, bite size acquisitions. But Apple is a big company: their market cap is 10x Adobe’s. Integration wouldn’t be hard: the 2 company’s headquarters are a 15 minute drive down I-280. Steve could oversee both. A quicker drive than to Pixar up in E-ville.
[ ]
| |
RSA Reveals Zeus Trojan Cyber-Crime Infrastructure
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 56)
| |
Source: eWeek (Europe)
Researchers in EMC’s RSA security division have uncovered an extensive infrastructure propping up the attackers behind the Zeus Trojan.
The findings reflect part of the reason the disruption of Troyak-AS on 9 March only caused Zeus traffic to slow, as opposed to stopping it in its tracks. Troyak is just one part of a larger cyber-crime infrastructure helping to provide “bulletproof” hosting to attackers.
“In light of our findings, AS-Troyak appears to be a piece in an intricate puzzle of networks that are used for malicious purposes,” RSA said yesterday. “We suspect that the purpose of these networks is to connect an armada of eight malicious, bulletproof malware-hosting facilities to the internet, assuring their constant online presence.”
[ ]
| |
Fake MacBook Air, 'big IPhone' Tablet on Show in China
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 65)
| |
Source: PC World
A knock-off MacBook Air running Windows, a tablet computer shaped like a big iPhone and another tablet meant to rival Apple's iPad were all among the devices shown off by a small Chinese gadget maker on Thursday.
Teso, a gadget design outfit in the freewheeling southern Chinese city of Shenzhen, has already sold its MacBook Air look-alike for more than a year and is preparing for sales of its tablets, said a company official surnamed Wu.
The tablet shaped like an iPhone uses the hit Apple phone as a model for details down to the curves on its black rear shell and the single circular button below its screen. But it uses an Intel Atom microprocessor and its screen measures 10 inches, similar to the 9.7-inch screen on Apple's upcoming iPad.
[ ]
| |
Enterprises Adopting Cloud Faster Than Traditional IT
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 44)
|
Source: PC World
Cloud computing, a method of delivering resources such as applications through the internet is still not universal, but it is gradually gaining momentum.
Rob Lovell, chief executive at ThinkGrid, has claimed that the growing awareness of how this technology works is leading more companies to roll out applications based on this model.
Mr. Lovell suggested that key ways of increasing interest are by ensuring it is not built up as an intimidating project, that it is not allowed to become disruptive and is easy to understand, Broadband Choice states. He said: "People will flock to get it because it offers so many more benefits than having your computers and your net servers in your office."
[ ]
| |
The top 6 enterprise issues for Windows Phone 7
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 48)
|
Source: Network World
Sometime in the next few weeks, Microsoft will reveal features, services and shortcomings for Windows Phone 7 in the enterprise. It will be one of those good news/bad news moments for corporate IT departments.
So far, Microsoft's mobile platform executives have hammered at the consumer focus for the radically redesigned Windows Phone operating system. At this week's MIX10 Web developer conference, where details of the Windows Phone platform and development tools were unveiled, executives sidestepped, minimized or deflected nearly every question about how and how well the operating system will play in business mobility.
"Not all the enterprise elements are being disclosed here," says Todd Brix, senior director, product management, for Microsoft's mobile communications business. "More will be coming up later in the spring."
[ ]
| |
Judge Approves $9.5 Million Facebook ‘Beacon’ Accord
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 52)
| |
Source: Wired (Threat Level)
A federal judge on Wednesday approved a $9.5 million settlement to a class action lawsuit challenging Facebook’s program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations.
The case concerned allegations Facebook’s now defunct “Beacon” program breached federal wiretap and video-rental privacy laws. Terms of the settlement, in which Facebook denied any wrongdoing, require the site to finance what the deal calls a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study online privacy.
[ ]
| |
Apple has pre-sold "hundreds of thousands" of iPads
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 61)
| |
Source: Apple Insider
Apple is on pace to potentially sell more iPads in its first three months than it sold iPhones in the three months after the touch-screen handset made its debut back in 2007, people familiar with the company's running sales totals say.
Since going on sale for pre-order last Friday morning, customers have purchased "hundreds of thousands of the device," those same people told The Wall Street Journal. By comparison, Apple sold roughly 1.2 million iPhones in the three months following its June 29, 2007 launch.
Meanwhile, the newspaper claims that Apple is 'racing' to tie up a broad number of content licensing deals before the iPad officially hits the market in under three weeks. In particular, the company is trying to convince television networks to drop the price of TV shows that users would downloaded directly to the device.
[ ]
| |
20 Cell Phones That Leak the Most Radiation
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 78)
|
Source: CNet News
Way back in 2000, I introduced CNET's Cell Phone Radiation Chart, which let readers know how their particular model rated in terms of SAR or specific absorption rate levels, measured by the FCC as part of its cell phone certification process. Today, the list is maintained by our intrepid mobile editors--Kent German, Bonnie Cha, and Nicole Lee--but in honor of the list's 10-year anniversary, we're giving it a little color and displaying the whole thing in pictures.
As we note in our intro to the list, for a phone to pass FCC certification and be sold in the United States, its maximum SAR level must be less than 1.6 watts per kilogram. In Europe, the level is capped at 2 watts per kilogram, whereas Canada allows a maximum of 1.6 watts per kilogram. The SAR level listed in our charts represents the highest SAR level measured with the phone next to the ear as tested by the FCC. It's possible for the SAR level to vary between different transmission bands (the same phone can use multiple bands during a call), and different testing bodies can obtain different results.
[ ]
| |
Data Breaches Are Heaviest at Hotels
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 64)
| |
Source: WSJ
Hackers are now stealing credit-card data from hotels more often than any other industry, according to data-security companies.
In a recent report, SpiderLabs, a unit of data-security firm Trustwave, said 38% of its data-breach investigations in 2009 occurred at hotels. Financial services accounted for 19% of the company's data-breach investigations. Once an attack occurred, it took an average of 156 days for the business to realize it, according to the report. The problem has continued into 2010, says Nicholas Percoco, senior vice president of Trustwave and head of SpiderLabs.
Verizon Business, another data-security firm, noticed a similar increase in attacks on hotels starting around last April, says Dave Ostertag, manager of investigative response at Verizon Business, a unit of Verizon Communication Inc.
[ ]
| |
$45,582 telephone bill traced back to Somalia
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 77)
| |
Source: hickoryrecord.com
It only took 12 hours for a hacker to run up $45,582 in telephone charges for a local furniture company.
More than 10,000 minutes of phone calls were made from the phones at Sherrill Furniture on Highland Ave. NE from 9 p.m. on Friday, March 5 to 9 a.m. the following day. The company reported the security breach to police Tuesday and the preliminary investigation revealed that the phone calls originated in Somalia.
Investigators know that calls were made to Austria, Bulgaria, France, Korea, and the Philippines. "We're not sure why the calls were made," said Capt. Thurman Whisnant of the Hickory Police Department.
[ ]
| |
French rail service SNCF closes web security hole
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 58)
| |
Source: Connexion France
A WEB security loophole allowing hackers to access the personal details of thousands of rail passengers has been closed after it was uncovered by a newspaper.
The SNCF has been aware of the flaw since June 2008, according to Le Canard Enchainé, which received a leaked internal memo from then warning of a "possible misuse of customer data".
A hacker showed how easy it was to access the name, address, telephone number and date of birth of customers registered on www.voyages-sncf.com - all that was needed was one person's railcard number. The Canard says this data is very valuable - fetching between €8 and €20 per person when sold on to other companies for marketing purposes.
[ ]
| |
If The Hat Is Black…
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 46)
| |
Source: The New New Internet
Much of cybersecurity is based on thinking like criminals. Security consultants, pen testers and software experts make our computers safer based on their expectations of what a hacker will do. One security expert, Robert Hansen, CEO of SecTheory, is bridging the gap between the blackhat and the professionals.
Hansen has been spending months delving into the world of the blackhat. Gaining their trust, he has been able to have candid conversations about hacking and security with the experts. He then blogs insights gained from these conversations. Hansen is trying to better understand the tactics, mindsets and motivations of a cyber hacker. In a recent post, Hansen says that most hackers do acknowledge that security features are doing well to make cyber crime harder.
[ ]
| |
High-tech copy machines a gold mine for data thieves
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 70)
| |
Source: The Star
Want to know what expenses your boss claimed last month? How much your colleague makes? What the co-worker down the hall is really working on? Forget about hacking their computers – you might want to hit the nearest photocopier instead.
Turns out the newfangled, multi-purpose copy machines in your office keep a wealth of copied data on a hard drive that anyone can hack.
In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about. It's just making a copy of a document, right? How risky could that be? Very risky, as it turns out. You might want to press cancel on the copy machine right about now.
[ ]
| |
Faux Facebook emails use password reset ploy
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 42)
| |
Source: SC Magazine (US)
A widespread phishing campaign is making the rounds that claims to be from Facebook but is meant to infect victims' PCs, researchers said.
The fraudulent emails arrive with a note stating that the recipient's Facebook password was changed and they can find the new one in an attached ZIP file, said Dave Marcus, security research and communications manager at McAfee Avert Labs, in a blog post.
The malicious attachment actually contains an assortment of malware, depending on the message, including trojans and rogue anti-virus programs, he said. The scam is global in its reach and, as of Wednesday afternoon, the malware contained in the phishing run ranked as the sixth most prevalent global virus that McAfee was tracking. It is possible that machines compromised with the Cutwail or Rustock botnets are delivering the spam messages, Marcus said.
[ ]
| |
Fired CISO says his comments never put data at risk
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 58)
| |
Source: IT World (Canada)
Robert Maley was fired from his job as the chief information security officer for the state of Pennsylvania earlier this month after he spoke, without proper authorization, about security incidents involving the state during a panel discussion at EMC Corp.’s RSA trade show.
References he made to a security incident involving the online driving test system at the Pennsylvania Department of Transportation in particular were believed to have led to his termination. A state spokesman has not commented, citing privacy rules, except to confirm that Maley is no longer employed by the commonwealth. In this interview, Maley gives his side of the events that led to his dismissal.
[ ]
| |
UBC student union considers police investigation for fraudulent votes
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 44)
| |
Source: canada.com
After six weeks and $42,000, the UBC Alma Mater Society student union elections may become a police matter following a meeting of the council last Monday regarding the hacked election.
AMS president Bijan Ahmadian confirmed the student union's council asked UBC general manager Ross Horton to contact the police in hopes of identifying the hacker or hackers responsible for tampering with the election.
The AMS election was held entirely online. An estimated 731 of the 6,900 votes cast in January's election were deemed to be fraudulent. Following the discovery of the fraud, a private company was hired to investigate.
[ ]
| |
TippingPoint: IE8, iPhone will fall first day
Posted by l33tdawg on Friday, March 19, 2010 - 12:00 AM (Reads: 64)
| |
Source: Computer World
Microsoft's Internet Explorer 8, not Apple's Safari, will be the first browser to fall in next week's Pwn2Own hacking challenge, the contest organizer said today.
Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, also predicted that Apple's iPhone will be the only smartphone hacked during the contest, which starts March 24.
Portnoy, who organized the fourth annual Pwn2Own, changed his predictions from earlier bets he made a month ago because of new information he received from researchers who have registered for the contest. Previously, Portnoy said that Apple's browser would crumble before rivals from Google, Microsoft and Mozilla; he had also declined to speculate on which mobile phone, if any, would collapse under attack.
[ ]
| |
|
HITB Ezine
WANT TO GET PUBLISHED? SEND YOUR ARTICLES TO ZARULSHAHRIN -AT- HACKINTHEBOX.ORG
Issue #1 - #37
Issue #38
HITBSecConf2010 - Dubai
Register now for the 4th annual deep-knowledge security conference in Dubai!
Keynote 1: John Viega (CTO, SaaS, McAfee Inc.)
Keynote 2: Lurene Grenier (Team Lead, VRT, Sourcefire) & Matt Olney (Research Engineer, VRT, Sourcefire) 
Conference Speakers (alphabetical order):
1.) Arnauld Mascret (Sogeti / Cap Gemini)
2.) Christophe Devaux (Sogeti / Cap Gemini)
3.) Daniel Mende (ERNW GmbH)
4.) Dino Covotsos (Managing Director, Telspace Systems)
5.) Fredric Raynal (Head of Research, Sogeti/Cap Gemini)
6.) Gynvael Coldwind (Researcher, Hispasec)
7.) Laurent Oudot (Founder, TEHTRI-Security)
8.) Marc Schoenefeld (Independent Network Security Specialist)
9.) Oliver Roeschke (ERNW GmbH)
10.) Saumil Shah (Founder, Net-Square)
11.) Shawn Merdinger (Security Researcher)
12.) The Grugq (Senior Security Researcher, COSEINC)
There are very limited seats and registrants are encouraged to register early!
REGISTER NOW
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· dsa-2015-1.txtDebian Linux Security Advisory 2015-1 - A local vulnerability has been discovered in drbd8.
· phpbb2plus-sql.txtphpBB2 Plus version 1.53 suffers from a remote SQL injection vulnerability.
· oraclexdb-overflow.txtOracle XDB FTP service UNLOCK buffer overflow exploit that spawns a reverse shell.
· phpnukerd-sql.txtPHP-Nuke Ratedownload suffers from a remote SQL injection vulnerability.
· ninkobb-addadmin.txtNinkoBB version 1.3RC4 change / add administrator cross site request forgery exploit.
· joomlaalert-sql.txtJoomla Alert suffers from a remote SQL injection vulnerability.
· miranda-fail.txtMiranda versions 0.8.16 and 0.9.0 alpha build #6 Unicode and SVN rev. 11383 suffer from a silent TLS failure.
· arp_sniff.cARP Sniff (Sniffer Lite) is a tiny ARP sniffer. This tool will be useful to analyze the ARP packets in the network. The tool gives out two types of information, the 14 byte Ethernet header and 28 byte ARP header. The tool requires G++ compiler and a libpcap package. Three arguments are coded as of now. One is to list the available devices, second is to sniff the default device and third is to sniff the device given as argument. The sniffer outputs the Ethernet header (Source MAC address, Destination MAC address and Ethernet type), ARP Header (Hardware type, Protocol type, Hardware address length, Protocol address length, Opcode, Source Hardware address and Protocol address, Destination hardware address and Protocol address).
Topics
· All topics
· AMD News (Feb 23, 2010)
· Apple News (Mar 19, 2010)
· Articles (Mar 03, 2009)
· Ask Us (Feb 01, 2003)
· Audio/Video (Mar 11, 2010)
· Encryption (Mar 10, 2010)
· Games (Mar 17, 2010)
· Hardware (Mar 19, 2010)
· HITB News (Feb 09, 2010)
· Industry News (Mar 19, 2010)
· Intel News (Mar 11, 2010)
· Law and Order (Mar 19, 2010)
· Linux (Feb 25, 2010)
· Microsoft (Mar 19, 2010)
· Networking (Mar 10, 2010)
· PDAs (Feb 09, 2007)
· Privacy (Mar 18, 2010)
· Red Hat (Mar 09, 2010)
· Science (Mar 18, 2010)
· Security (Mar 19, 2010)
· Software & Programming (Mar 18, 2010)
· Spam (Jan 26, 2010)
· Technology (Mar 17, 2010)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (Mar 19, 2010)
· Wireless (Mar 03, 2010)
Follow us
Join our Facebook Group 
Follow us on Twitter 
Follow our RSS feed 
|
@ Evolution