http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-07-10 18:30:32 - ISN InfoSec News Mailing List : InfoSec News: DHS Systems More Secure, Inspector General Finds:http://wwwinformationweekcom/news/showArticlejhtmlarticleID=218401310By J Nicholas Hoover InformationWeek July 9, 2009The Department of Homeland Security has significantly improved thecybersecurity of its top secret intelligence computer systems in thehttp://www.secuobs.com/revue/news/118914.shtmlhttp://www.secuobs.com/revue/news/118914.shtml Secuobs.com : 2009-07-10 18:30:32 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-28:========================================================================The Secunia Weekly Advisory Summary 2009-07-02 - 2009-07-09This week: 60 advisories http://www.secuobs.com/revue/news/118913.shtmlhttp://www.secuobs.com/revue/news/118913.shtml Secuobs.com : 2009-07-10 18:30:32 - ISN InfoSec News Mailing List - InfoSec News: Cyberattacks could have been mitigated:http://fcwcom/articles/2009/07/13/week-cyberattacksaspxBy Ben Bain FCWcom July 09, 2009Agencies and their service providers need better coordination toquickly stop the type of cyberattacks that recently targetedgovernment Web sites, security experts say http://www.secuobs.com/revue/news/118912.shtmlhttp://www.secuobs.com/revue/news/118912.shtml Secuobs.com : 2009-07-10 18:30:32 - ISN InfoSec News Mailing List - InfoSec News: Three 'critical' Windows fixes due on Patch Tuesday:http://wwwtheregistercouk/2009/07/09/microsoft_july_patch_tuesday_advance/By Dan Goodin in San Francisco The Register 9th July 2009Microsoft on Tuesday plans to release updates patching three criticalWindows security vulnerabilities, two of which are already underattack http://www.secuobs.com/revue/news/118911.shtmlhttp://www.secuobs.com/revue/news/118911.shtml Secuobs.com : 2009-07-10 18:30:32 - ISN InfoSec News Mailing List - InfoSec News: OpenSSH flaw is a hoax warn researchers:http://wwwtechworldcom/security/news/indexcfmnewsID=118941By Jeremy Kirk IDG news service 10 July 2009Security researchers have warned that a reported flaw in OpenSSHSecure Shell is a probable hoaxEarlier this week, SANS received an anonymous email claiming of ahttp://www.secuobs.com/revue/news/118910.shtmlhttp://www.secuobs.com/revue/news/118910.shtml Secuobs.com : 2009-07-10 18:30:32 - ISN InfoSec News Mailing List - InfoSec News: Man arrested for knocking out game rating board site:http://joongangdailyjoinscom/article/viewaspaid=2907243By Seo Ji-eun JoonAng Daily July 10, 2009A man has been arrested for attacking the Web site of the video gamerating board in March this year using a similar method of cyber attackthat knocked out dozens of Korean and US http://www.secuobs.com/revue/news/118909.shtmlhttp://www.secuobs.com/revue/news/118909.shtml Secuobs.com : 2009-07-09 18:40:55 - ISN InfoSec News Mailing List - InfoSec News: UK tabloid in phone hacking probe:http://wwwtheregistercouk/2009/07/09/phone_hack_probe/By John Leyden The Register 9th July 2009Newspapers owned by media mogul Rupert Murdoch have been accused ofsecretly paying over £1m to settle three cases involving the allegeduse of illegal phone tapping against celebrities http://www.secuobs.com/revue/news/118498.shtmlhttp://www.secuobs.com/revue/news/118498.shtml Secuobs.com : 2009-07-09 18:40:55 - ISN InfoSec News Mailing List - InfoSec News: US, South Korea Targeted in Swarm Of Internet Attacks:http://wwwwashingtonpostcom/wp-dyn/content/article/2009/07/08/AR2009070800066htmlBy Ellen Nakashima, Brian Krebs and Blaine Harden Washington PostStaff Writers July 9, 2009US and South Korean authorities yesterday were investigating thesource of attacks on at least 35 government and commercial Web sitesin the two countries, officials saidIn the United States, the attacks primarily targeted Internet sitesoperated by major government agencies, including the departments ofHomeland Security and Defense, the Federal Aviation Administration andthe Federal Trade Commission, according to several computer securityresearchers But The Washington Post's site was also affectedSouth Korea's main spy agency, the National Intelligence Service, saidin a statement that it thought the attacks were carried out "at thelevel of a certain organization or state" but did not elaborate TheSouth Korean news agency Yonhap and the JoongAng Daily, a majornewspaper in Seoul, reported that intelligence officials had toldSouth Korean lawmakers that North Korea or its sympathizers were primesuspects A spokesman for the intelligence service said that it couldnot confirm the reportThe attacks were described as a "distributed denial of service," arelatively unsophisticated form of hacking in which personal computersare commanded to overwhelm certain Web sites with a blizzard of dataThe effort did not involve the theft of sensitive information or thedisabling of crucial operational systems, government and securityexperts said But they noted that it was widespread, resilient andaimed at government siteshttp://www.secuobs.com/revue/news/118497.shtmlhttp://www.secuobs.com/revue/news/118497.shtml Secuobs.com : 2009-07-09 18:40:55 - ISN InfoSec News Mailing List - InfoSec News: Former Teen Hacker’s Suicide Linked to TJX Probe:http://wwwwiredcom/threatlevel/2009/07/hacker/By Kevin Poulsen Threat Level Wiredcom July 9, 2009A Miami man who achieved fame as a teenager for hacking NASA and thePentagon took his own life last year after Secret Service agentsaccused him of being part of the conspiracy responsible for thelargest identity theft in US history, his family saysJonathan James, 24, was found dead of a self-inflicted gunshot woundin his home on May 18, 2008, less than two weeks after agents raidedhis house in connection with a hacking ring that penetrated TJX, DSWand OfficeMax, among others In a five page suicide note, James wrotethat he was innocent, but was certain federal officials would make hima scapegoat“I have no faith in the ‘justice’ system,” he wrote ” Perhaps myactions today, and this letter, will send a stronger message to thepublic Either way, I have lost control over this situation, and thisis my only way to regain control”The note was provided to Wiredcom this week by James’ father, Robert,who kept the details of his son’s death quiet for over a year becauseof the ongoing prosecutions over the retail hackshttp://www.secuobs.com/revue/news/118496.shtmlhttp://www.secuobs.com/revue/news/118496.shtml Secuobs.com : 2009-07-08 15:19:41 - ISN InfoSec News Mailing List - InfoSec News: Majority of vulnerabilities now being exploited:http://wwwtechworldcom/security/news/indexcfmnewsID=118749By John E Dunn Techworld 07 July 2009The number of exploits being written to target specific softwarevulnerabilities could be at all-time highs, new threat figures havesuggested http://www.secuobs.com/revue/news/118019.shtmlhttp://www.secuobs.com/revue/news/118019.shtml Secuobs.com : 2009-07-08 15:19:41 - ISN InfoSec News Mailing List - InfoSec News: GAO: Major Security Flaws at Federal Buildings:http://voiceswashingtonpostcom/federal-eye/2009/07/gao_finds_major_security_flawshtmlFederal Eye By washingtonpostcom Editors Staff writer Spencer S Hsucontributed to this report July 7, 2009The police agency in charge of protecting thousands of federalbuildings http://www.secuobs.com/revue/news/118018.shtmlhttp://www.secuobs.com/revue/news/118018.shtml Secuobs.com : 2009-07-08 15:19:41 - ISN InfoSec News Mailing List - InfoSec News: Linux Advisory Watch - July 6th 2009:+----------------------------------------------------------------------+| LinuxSecuritycom Weekly Newsletter | | July 6th, 2009 Volume 10,Number 28 | | | http://www.secuobs.com/revue/news/118017.shtmlhttp://www.secuobs.com/revue/news/118017.shtml Secuobs.com : 2009-07-08 15:19:41 - ISN InfoSec News Mailing List - InfoSec News: Under Cyberthreat: Defense Contractors:http://wwwbusinessweekcom/technology/content/jul2009/tc2009076_873512htmBusinessWeek July 6, 2009Tim McKnight is well acquainted with threats to cybersecurity Aformer special agent with the FBI, he specialized in corporateespionage and foreign counterintelligence http://www.secuobs.com/revue/news/118016.shtmlhttp://www.secuobs.com/revue/news/118016.shtml Secuobs.com : 2009-07-08 15:19:41 - ISN InfoSec News Mailing List - InfoSec News: CFP: FC 2010 and workshops deadline: September 15, 2009:Forwarded from: Radu Sion Financial Cryptography and Data Security Tenerife, Canary Islands,Spain 25-28 January 2010http://fc10ifcaaiFinancial Cryptography and Data Security is a major internationalforum http://www.secuobs.com/revue/news/118015.shtmlhttp://www.secuobs.com/revue/news/118015.shtml Secuobs.com : 2009-07-06 13:40:56 - ISN InfoSec News Mailing List - InfoSec News: Complex firewalls cost money says new report:http://wwwtechworldcom/security/news/indexcfmnewsID=118561By Tom Jowitt Techworld 03 July 2009Most organisations are getting a poor return on their investments infirewalls due to the complex issues in managing them This is despitethe fact that enterprises are facing on average 300 network attacksevery yearThat's according to an IDC multimedia white paper, The State ofToday's Firewall Management Challenges, sponsored by McAfee"This class of product acts as the gatekeeper to the corporatenetwork," said Charles Kolodgy, research director at IDC in themultimedia presentation "Firewalls inspect IP packets as they enterthe network The inspection is to determine if the packet conforms toa policy For example, is it an acceptable protocol Based upon therules configured into the firewall, the packet will either be allowedthrough, or rejected or dropped Firewalls are the most deployednetwork security technology"Various studies have shown that 94 percent of organisations arethought to have firewalls, although IDC thinks it is more like 85percent of organisations have firewalls in placehttp://www.secuobs.com/revue/news/117165.shtmlhttp://www.secuobs.com/revue/news/117165.shtml Secuobs.com : 2009-07-06 13:40:56 - ISN InfoSec News Mailing List - InfoSec News: More than 100,000 affected by Bord Gais laptop thefts:http://wwwsbpostie/post/pages/p/storyaspx-qqqt=IRELAND-qqqm=news-qqqid=42906-qqqx=1aspBy Nicola Cooke The PostIE July 05, 2009Personal details of more than 100,000 Bord Gais customers were onlaptops stolen from the energy firm last month, significantly morethan http://www.secuobs.com/revue/news/117164.shtmlhttp://www.secuobs.com/revue/news/117164.shtml Secuobs.com : 2009-07-06 13:40:56 - ISN InfoSec News Mailing List - InfoSec News: Troubles Plague Cyberspy Defense:http://onlinewsjcom/article/SB124657680388089139htmlBy SIOBHAN GORMAN The Wall Street Journal July 6, 2009WASHINGTON -- The flagship system designed to protect the USgovernment's computer networks from cyberspies is being stymied bytechnical limitations and privacy concerns, according to current andformer national-security officialsThe latest complete version of the system, known as Einstein, won't befully installed for 18 months, according to current and formerofficials, seven years after it was first rolled out This systemdoesn't protect networks from attack It only raises the alarm afterone has happenedA more capable version has sparked privacy alarms, which could delayits rollout Since the National Security Agency acknowledgedeavesdropping on phone and Internet traffic without warrants in 2005,security programs have been dogged by privacy concerns In the case ofEinstein, ATetT Corp, which would test the system, has sought writtenapproval from the Justice Department before it would agree toparticipate, people familiar with the matter sayhttp://www.secuobs.com/revue/news/117163.shtmlhttp://www.secuobs.com/revue/news/117163.shtml Secuobs.com : 2009-07-06 13:40:56 - ISN InfoSec News Mailing List - InfoSec News: MI6 chief blows his cover as wife's Facebook accountreveals family holidays, showbiz friends and links to David Irving:http://wwwdailymailcouk/news/article-1197562/MI6-chief-blows-cover-wifes-Facebook-account-reveals-family-holidays-showbiz-friends-links-David-IrvinghtmlBy Jason Lewis The Daily Mail 05th July 2009The new head of MI6 has been left exposed by a major personal securityhttp://www.secuobs.com/revue/news/117162.shtmlhttp://www.secuobs.com/revue/news/117162.shtml Secuobs.com : 2009-07-03 12:26:39 - ISN InfoSec News Mailing List - InfoSec News: ‘Rogue broker’ blamed for oil spike:http://wwwftcom/cms/s/0/e0ae2b2a-66f7-11de-925f-00144feabdc0htmlBy Javier Blas and Izabella Kaminska in London FTcom July 2 2009The startling spike in oil prices to their highest level this year onTuesday was caused by a rogue broker who placed a massive bet in thehttp://www.secuobs.com/revue/news/116697.shtmlhttp://www.secuobs.com/revue/news/116697.shtml Secuobs.com : 2009-07-03 12:26:39 - ISN InfoSec News Mailing List - InfoSec News: Two Centuries On, a Cryptologist Cracks a PresidentialCode: http://onlinewsjcom/article/SB124648494429082661htmlBy RACHEL EMMA SILVERMAN The Wall Street Journal July 2, 2009For more than 200 years, buried deep within Thomas Jefferson'scorrespondence and papers, there lay a mysterious cipher -- a codedmessage that appears to have remained unsolved http://www.secuobs.com/revue/news/116696.shtmlhttp://www.secuobs.com/revue/news/116696.shtml Secuobs.com : 2009-07-03 12:26:39 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-27:========================================================================The Secunia Weekly Advisory Summary 2009-06-25 - 2009-07-02This week: 95 advisories http://www.secuobs.com/revue/news/116695.shtmlhttp://www.secuobs.com/revue/news/116695.shtml Secuobs.com : 2009-07-03 12:26:39 - ISN InfoSec News Mailing List - InfoSec News: Month Of Twitter Bugs exposes micro-blogging flaws:http://wwwtheregistercouk/2009/07/03/twitterpwn/By John Leyden The Register 3rd July 2009The Month Of Twitter Bugs has begun with the publication of a flaw ina URL shortening service often used in conjunction with themicro-blogging service http://www.secuobs.com/revue/news/116694.shtmlhttp://www.secuobs.com/revue/news/116694.shtml Secuobs.com : 2009-07-03 12:26:39 - ISN InfoSec News Mailing List - InfoSec News: US takes aim at cyberwarfare:http://wwwwashingtontimescom/news/2009/jul/02/us-takes-aim-at-cyberwarfare/By Shaun Waterman THE WASHINGTON TIMES July 2, 2009The Pentagon's decision last week to establish a unified cybercommandto defend the military's computer networks and attack those of UShttp://www.secuobs.com/revue/news/116693.shtmlhttp://www.secuobs.com/revue/news/116693.shtml Secuobs.com : 2009-07-03 12:26:39 - ISN InfoSec News Mailing List - InfoSec News: REMINDER : HITBSecConf2009 - Malaysia: Call for Papers:Forwarded from: Praburaajan Hi all - just a reminder that the Call for Papers for HITB SecurityConference 2009 Malaysia October 5th - 8th is closing on the _31stof July_ If you have something new and kick-ass to show the world, dosubmit http://www.secuobs.com/revue/news/116692.shtmlhttp://www.secuobs.com/revue/news/116692.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: CoffeeWars X: Call for Beans: Forwarded from: foofus atfoofusnet====== ====== \ // \ // \ // \ // http://www.secuobs.com/revue/news/116369.shtmlhttp://www.secuobs.com/revue/news/116369.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: Govt Agencies Told To Set Up Business Continuity Plan:http://wwwbrudirectcom/indexphp/200907011688/Local-News/govt-agencies-told-to-set-up-business-continuity-planhtmlBy The Brunei Times 01 July 2009A Business continuity plan should be drawn up by all governmentagencies to ensure that their duties are carried out in thepossibility that http://www.secuobs.com/revue/news/116368.shtmlhttp://www.secuobs.com/revue/news/116368.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: Man Fueled ID Theft Scheme With Dumpster Diving:http://cbs13com/local/identitytheftscheme21066693htmlBy Ron Jones CBS 13 Jun 30, 2009Police have arrested a man who allegedly admitted to stealing theidentities of more than 500 people by going through the trash of localbanks and businesses http://www.secuobs.com/revue/news/116367.shtmlhttp://www.secuobs.com/revue/news/116367.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: Details of Chinese malware revealed to all:http://wwwtechworldcom/security/news/indexcfmnewsID=118471By Owen Fletcher IDG news service 02 July 2009A massive database of Chinese malware has been opened up to othersecurity companiesBeijing-based KnownSec gathered the viruses and other information witha http://www.secuobs.com/revue/news/116366.shtmlhttp://www.secuobs.com/revue/news/116366.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: Web Vigilante Arrested for Disrupting Rolling Stone Site,Others:http://wwwwiredcom/threatlevel/2009/06/former-perverted-justice-member-arrested-for-ddosing-rolling-stone-radar/By Kim Zetter Threat Level Wiredcom June 30, 2009A software developer authorities say once worked with the onlinevigilante group Perverted Justice has been charged with launchingdenial of service attacks against websites belonging to Rolling Stone,Radar and othersBruce Raisley, 47, allegedly launched the attacks to block access totwo articles written by the publications that reported embarrassinginformation about him But ironically his attempt to obscure theinformation is now bringing even more attention to it"His actions were alarming in that he chose to attack third partywebsites when he didn't like their content," says Assistant USAttorney Erez Liebermann "It's one thing for him to be unhappy with awebsite It's another thing for him to attack third parties that havenot done anything, which causes damage on the side of the victimcompanies and on the side of any affected computer"According to a federal complaint pdf unsealed today in New Jerseyand written by FBI Special Agent Susan Secco, Raisley launched theattack against nine sites using a botnet that he controlled One ofthe computers in the botnet belonged to the Academic and ResearchNetwork of Slovenia, which is the base for Slovenia's ComputerEmergency Response Team The team helped US authorities trace thebotnet and DDoS attacks to Raisleyhttp://www.secuobs.com/revue/news/116365.shtmlhttp://www.secuobs.com/revue/news/116365.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: Heartland Completes First Step in End-to-End Encryption:http://wwwcutimescom/News/2009/6/Pages/Heartland-Completes-First-Step-in-EndtoEnd-Encryption-aspxBy David Morrison Credit Union Times 6/30/2009Heartland Payment Systems, the card processor whose 2008 securitybreach may have compromised the most card data ever, announced it hascompleted http://www.secuobs.com/revue/news/116364.shtmlhttp://www.secuobs.com/revue/news/116364.shtml Secuobs.com : 2009-07-02 18:23:42 - ISN InfoSec News Mailing List - InfoSec News: Security Guard Busted For Hacking Hospital's HVAC, PatientInformation Computers:http://wwwdarkreadingcom/insiderthreat/security/attacks/showArticlejhtmlarticleID=218300006By Kelly Jackson Higgins DarkReading July 01, 2009A former security guard for a Dallas hospital has been arrested byfederal authorities for allegedly breaking into the facility's HVACand http://www.secuobs.com/revue/news/116363.shtmlhttp://www.secuobs.com/revue/news/116363.shtml Secuobs.com : 2009-06-30 13:37:21 - ISN InfoSec News Mailing List - InfoSec News: Juniper Networks Gags "ATM Jackpot" Researcher:http://riskybiz/news_and_opinion/patrick-gray/2009-06-30/juniper-networks-gags-atm-jackpot-researcherBy Patrick Gray RISKYBIZ June 30, 2009A security researcher due to "jackpot" an ATM live on stage at theupcoming Black Hat security conference in Las Vegas has had his talkpulled by his http://www.secuobs.com/revue/news/115226.shtmlhttp://www.secuobs.com/revue/news/115226.shtml Secuobs.com : 2009-06-30 09:34:53 - ISN InfoSec News Mailing List - InfoSec News: Ex-Arlington Heights man charged with economic espionage:http://wwwdailyheraldcom/story/id=303195By Barbara Vitello Daily Herald Staff 6/26/2009A federal grand jury indicted former Arlington Heights resident DavidYen Lee on charges he stole trade secrets to divulge to a competitorThe indictment, which US http://www.secuobs.com/revue/news/115194.shtmlhttp://www.secuobs.com/revue/news/115194.shtml Secuobs.com : 2009-06-30 09:34:53 - ISN InfoSec News Mailing List - InfoSec News: 'Iceman' pleads guilty in credit card theft case:http://newscnetcom/8301-1009_3-10275442-83htmlBy Elinor Mills Security CNet News June 29, 2009Max Ray Vision, aka "Iceman," pleaded guilty on Monday to two countsof wire fraud stemming from the theft of nearly 2 million credit cardnumbers and $86 million in alleged fraudulent purchases http://www.secuobs.com/revue/news/115193.shtmlhttp://www.secuobs.com/revue/news/115193.shtml Secuobs.com : 2009-06-30 09:34:53 - ISN InfoSec News Mailing List - InfoSec News: Improved FISMA scores don't add up to better security,auditor says:http://fcwcom/articles/2009/06/29/fcw-fisma-metric-changeaspxBy Ben Bain FCWcom June 29, 2009The government’s current choice of metrics is partly to blame for thefact that agencies are reporting improved compliance with securityrequirements even while government investigators continue to findsecurity gaps, auditors sayPart of the problem is that although the Office of Management andBudget requires agencies to establish information technology securitycontrols, the metrics generally do not measure how well those controlsare implemented, according to the Government Accountability Office“Developing and using metrics that measure how well agencies implementimportant controls can contribute to increased focus on the effectiveimplementation of federal information security,” said GregoryWilshusen, director of information security issues at GAO, testifyingJune 25 before the House Science and Technology Committee’s Technologyand Innovation SubcommitteeWilshusen said the current metrics probably served a useful purposewhen they were developed because, at that time, many agencies weren’tperforming basic security controls However, he said, it’s time toexamine how agencies implement the controls and consider other typesof metricshttp://www.secuobs.com/revue/news/115192.shtmlhttp://www.secuobs.com/revue/news/115192.shtml Secuobs.com : 2009-06-30 09:34:53 - ISN InfoSec News Mailing List - InfoSec News: USENIX Security '09: Program Available: Forwarded from:Lionel Garth Jones I'm writing to remind you that the 18th USENIX Security Symposium willtake place August 10-14, 2009, in Montreal, Canada The Early BirdRegistration Deadline is July 20, 2009 Register now to savehttp://wwwusenix http://www.secuobs.com/revue/news/115191.shtmlhttp://www.secuobs.com/revue/news/115191.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: Heartland Data Breach: Institutions Still Feel the Sting:http://wwwbankinfosecuritycom/articlesphpart_id=1568By Linda McGlasson Managing Editor Bank Infosecurity June 23, 2009A Tampa, FL-based credit union has notified 56,000 members that theirVisa check cards were exposed to fraud as a result of the Heartlandhttp://www.secuobs.com/revue/news/114181.shtmlhttp://www.secuobs.com/revue/news/114181.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-26:========================================================================The Secunia Weekly Advisory Summary 2009-06-18 - 2009-06-25This week: 50 advisories http://www.secuobs.com/revue/news/114180.shtmlhttp://www.secuobs.com/revue/news/114180.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: GCHQ steps up strategy to combat cyber-attacks, Brownannounces:http://wwwguardiancouk/politics/2009/jun/25/cyberspace-war-computer-hacking-fraudBy Richard Norton-Taylor guardiancouk 25 June 2009Intelligence agencies led by GCHQ, the government's electronic spycentre, are to step up operations against a growing threat of http://www.secuobs.com/revue/news/114179.shtmlhttp://www.secuobs.com/revue/news/114179.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: ACM CCSW Deadline Extended: 3 July, 11:59pm PDT: Forwardedfrom: Radu Sion Due to numerous requests, we are extending the CCSW deadline untilJuly 3rd, 11:59pm PDT 2009 ACM Cloud Computing Security WorkshopCCSW at CCS 13 November 2009, Hyatt Regency Chicagohttp://cryptocsstonybrook http://www.secuobs.com/revue/news/114178.shtmlhttp://www.secuobs.com/revue/news/114178.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: Pan-European security agency proposed:http://wwwtechworldcom/security/news/indexcfmnewsID=118055By Paul Meller IDG news service 25 June 2009The European Commission has proposed a new independent agency tomanage massive IT systems used by border control authorities, thefirst step in http://www.secuobs.com/revue/news/114177.shtmlhttp://www.secuobs.com/revue/news/114177.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: BC students buy sensitive US defence data for $40 inAfrica:http://wwwcbcca/technology/story/2009/06/23/tech-e-waste-ghana-data-british-columbia-journalism-studentshtmlBy Emily Chung CBC News June 24, 2009A hard drive containing information about multimillion-dollar USdefence contracts was obtained in Ghana by a group of Vancouver http://www.secuobs.com/revue/news/114176.shtmlhttp://www.secuobs.com/revue/news/114176.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: Quick Moderators Note et Donate to the USO: I just wantedto drop a quick note here, last Monday when I mentioned we were havingsome technical difficulties, it came down to operator fatigue, andnothing wrong with the networkWhile waiting on other projects to pop, I volunteer one overnighthttp://www.secuobs.com/revue/news/114175.shtmlhttp://www.secuobs.com/revue/news/114175.shtml Secuobs.com : 2009-06-26 19:31:18 - ISN InfoSec News Mailing List - InfoSec News: Cyber Command: Observers worry about unintendedconsequences:http://fcwcom/articles/2009/06/25/cyber-command-dod-nsaaspxBy John S Monroe FCWcom June 25, 2009The Defense Department’s new US Cyber Command is now thecybersecurity heavyweight in the government division, according tonumerous media accounts http://www.secuobs.com/revue/news/114174.shtmlhttp://www.secuobs.com/revue/news/114174.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Guy Kawasaki's Twitter account compromised; used to delivermalware: http://blogszdnetcom/Apple/p=4243By Jason D O'Grady The Apple Core ZDNetcom June 24th, 2009ZDNet’s own Ryan Naraine reports in his Zero Day security blog thatMac evangelist Guy Kawasaki’s Twitter account was hijacked yesterdayand was used in an attempt to distribute malware to his almost 140,000followersThe attack screenshot above included a link to what purported to bea “sex tape video free download” linked to Gossip Girls star LeightonMeester but, after a series of clicks, the end result was a maliciousTrojanTrend Micro’s Rik Ferguson adds that the payload at the end of themal-Tweet was especially dangerous to both PCs and Macs:In this case, following the link would be a Very Bad Idea because itwill lead you to a malicious website designed to infect both Macs andPCs with a DNS changing Trojan which at the time of writing has low-tonon-existent detection rates by security vendors…http://www.secuobs.com/revue/news/113610.shtmlhttp://www.secuobs.com/revue/news/113610.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-25:========================================================================The Secunia Weekly Advisory Summary 2009-06-11 - 2009-06-18This week: 66 advisories http://www.secuobs.com/revue/news/113609.shtmlhttp://www.secuobs.com/revue/news/113609.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Valuable computer swiped from Cornell:http://wwwtheithacajournalcom/article/20090624/NEWS01/906240359/1126/Valuable+computer+swiped+from+CornellBy Raymond Drumsta Staff Writer June 24, 2009Ithaca police are investigating the theft of a Cornell Universitycomputer which the university said contained a large amount ofpersonal http://www.secuobs.com/revue/news/113608.shtmlhttp://www.secuobs.com/revue/news/113608.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: ITL Bulletin for June 2009: Forwarded from: "Lennon,Elizabeth B" ITL BULLETIN FOR JUNE 2009SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONSKaren Scarfone, Editor Computer Security Division InformationTechnology Laboratory National Institute of Standards and TechnologyUS http://www.secuobs.com/revue/news/113607.shtmlhttp://www.secuobs.com/revue/news/113607.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Gates Creates Cyber-Defense Command:http://wwwwashingtonpostcom/wp-dyn/content/article/2009/06/23/AR2009062303492htmlBy Ellen Nakashima Washington Post Staff Writer June 24, 2009Defense Secretary Robert M Gates issued an order yesterdayestablishing a command that will defend military networks againstcomputer attacks http://www.secuobs.com/revue/news/113606.shtmlhttp://www.secuobs.com/revue/news/113606.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Infowarrior - Iranian Firewall Analysis: ----------Forwarded message ---------- Date: Tue, 23 Jun 2009 11:10:08 -0400From: Richard Forno To:Undisclosed-recipients: ; Subject: Infowarrior - Iranian FirewallAnalysisIranian Traffic Engineering http://asertarbornetworks http://www.secuobs.com/revue/news/113605.shtmlhttp://www.secuobs.com/revue/news/113605.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Consumers Boycott Nokia, Siemens for Selling to Iran:http://wwwwiredcom/threatlevel/2009/06/nokia-siemens-boycott/By Kim Zetter Threat Level Wiredcom June 23, 2009Consumers are calling for a boycott of telecom equipment makers Nokiaand Siemens after the Wall Street Journal reported that the companies’http://www.secuobs.com/revue/news/113604.shtmlhttp://www.secuobs.com/revue/news/113604.shtml Secuobs.com : 2009-06-25 14:34:43 - ISN InfoSec News Mailing List - InfoSec News: Cyber-Scare - The exaggerated fears over digital warfare:http://wwwbostonreviewnet/BR344/morozovphpBy Evgeny Morozov Boston Review July/August 2009The age of cyber-warfare has arrived That, at any rate, is themessage we are now hearing from a broad range of journalists, policyanalysts, and government officials http://www.secuobs.com/revue/news/113603.shtmlhttp://www.secuobs.com/revue/news/113603.shtml Secuobs.com : 2009-06-22 12:36:49 - ISN InfoSec News Mailing List - InfoSec News: Technical Difficulties: We're having some technicaldifficulties and hope to have things working in the next few dayshttp://www.secuobs.com/revue/news/112172.shtmlhttp://www.secuobs.com/revue/news/112172.shtml Secuobs.com : 2009-06-18 12:37:39 - ISN InfoSec News Mailing List - InfoSec News: DoD told to add more cyberwarfare training:http://wwwnavytimescom/news/2009/06/military_cyber_warfare_061609w/By Rick Maze Staff writer June 16, 2009The House Armed Services Committee moved Tuesday to escalate UScyberwarfare efforts with a five-part defensive plan for protectingcritical military information systems http://www.secuobs.com/revue/news/111138.shtmlhttp://www.secuobs.com/revue/news/111138.shtml Secuobs.com : 2009-06-18 12:37:39 - ISN InfoSec News Mailing List - InfoSec News: 'Golden Cash' botnet-leasing network uncovered:http://newscnetcom/8301-1009_3-10266977-83htmlBy Elinor Mills Security CNet News June 17, 2009Researchers at security firm Finjan said on Wednesday that they haveuncovered an underground botnet-leasing network where cyber criminalscan pay $5 to $100 to install malware on 1,000 PCs for things likestealing data and sending spamThe Golden Cash network, dubbed "Your money-making machine" on itshome page, sells access to botnets comprised of thousands ofcompromised PCs to cyber criminals for custom malware spreading jobs,according to issue 2 of the Cybercrime Intelligence Report for 2009Here's how it works: a cyber criminal creates a botnet by hidingmalicious code in a legitimate Web site that is used to turn Websurfing PCs into zombies The code, typically an iFrame, points thePCs to a separate Web site where they are then infected with a Trojanbackdoor that reports back to the Golden Cash command and controlserverIn order to increase the number of botnets, the Golden Cash serverinstalls an FTP file transfer protocol grabber on new zombies tosteal credentials used by the computers to run Web sites, giving theserver control over additional legitimate Web sites Approximately100,000 domains, including corporate domains from around the world,were identified among the stolen FTP credentials under Golden Cash'scontrol, according to the reporthttp://www.secuobs.com/revue/news/111137.shtmlhttp://www.secuobs.com/revue/news/111137.shtml Secuobs.com : 2009-06-18 12:37:39 - ISN InfoSec News Mailing List - InfoSec News: Bord Gais warning over stolen laptop data:http://wwwirishtimescom/newspaper/ireland/2009/0618/1224249068004htmlBy Conor Lally Irish Times June 18, 2009SOME 75,000 Bord Gais customers have been warned to monitor their bankaccounts for suspicious transactions after a laptop computercontaining their account details was stolen http://www.secuobs.com/revue/news/111136.shtmlhttp://www.secuobs.com/revue/news/111136.shtml Secuobs.com : 2009-06-18 12:37:39 - ISN InfoSec News Mailing List - InfoSec News: Heartland Gets Religion on Security:http://blogswsjcom/digits/2009/06/17/heartland-gets-religion-on-security/By Ben Worthen Digits The Wall Street Journal June 17, 2009Heartland Payment Systems CEO Bob Carr is an unlikely spokesman fortech security But that’s what he’s emerging as http://www.secuobs.com/revue/news/111135.shtmlhttp://www.secuobs.com/revue/news/111135.shtml Secuobs.com : 2009-06-18 12:37:39 - ISN InfoSec News Mailing List - InfoSec News: Iran elections: Regime cracks down on opposition as furtherunrest looms:http://wwwguardiancouk/world/2009/jun/17/fresh-iran-protests-planned1By Ian Black, Robert Tait et Mark Tran guardiancouk 17 June 2009Iran was braced for a fifth day of unrest today as the governmentintensified its crackdown on opposition figures with the arrest ofhttp://www.secuobs.com/revue/news/111134.shtmlhttp://www.secuobs.com/revue/news/111134.shtml Secuobs.com : 2009-06-17 16:43:27 - ISN InfoSec News Mailing List - InfoSec News: Stolen laptop contained donors' financial data:http://wwwpostandcouriercom/news/2009/jun/17/stolen_laptop_contained_donors_financial86188/By John P McDermott The Post and Courier June 17, 2009A computer that was swiped from a car in Charleston last yearcontained personal financial information on 84,000 University of NorthDakota http://www.secuobs.com/revue/news/110756.shtmlhttp://www.secuobs.com/revue/news/110756.shtml Secuobs.com : 2009-06-17 16:43:27 - ISN InfoSec News Mailing List - InfoSec News: S Korean military susceptible to cyber terrorism:intelligence officials: http://enewsmcotnet/viewphpid=10376Today In Asia 16 June 2009GWACHEON, South Korea, June 16 Yonhap -- The South Korean militaryremains vulnerable to cyber attacks as an average of 15,000 attemptsare made daily to hack into its computer systems, intelligenceofficials said Tuesday http://www.secuobs.com/revue/news/110755.shtmlhttp://www.secuobs.com/revue/news/110755.shtml Secuobs.com : 2009-06-17 16:43:27 - ISN InfoSec News Mailing List - InfoSec News: Great-grandson of Alexander Graham Bell charged withespionage:http://wwwmetronewsca/halifax/local/article/246266--great-grandson-of-alexander-graham-bell-charged-with-espionageCAPE BRETON POST June 16, 2009A great-grandson of Alexander Graham Bell has been arrested on chargesof being an international spy http://www.secuobs.com/revue/news/110754.shtmlhttp://www.secuobs.com/revue/news/110754.shtml Secuobs.com : 2009-06-17 16:43:27 - ISN InfoSec News Mailing List - InfoSec News: Iran's emerging 'netwar':http://wwwcbcca/technology/story/2009/06/16/iran-twitter-netwar-greg-walton-citizen-labhtmlBy Paul Jay CBC News June 16, 2009As protests in Iran in the aftermath of the national election entertheir fourth day, social messaging tools such as Twitter have emergedas http://www.secuobs.com/revue/news/110753.shtmlhttp://www.secuobs.com/revue/news/110753.shtml Secuobs.com : 2009-06-17 16:43:27 - ISN InfoSec News Mailing List - InfoSec News: DEFCON 17 Updates: Forwarded from: Jeff Moss Just a quick note to everyone to check out what's going on for DEFCONthis year Basically more talks, more tech, more social In a downeconomy hackers still want to playhttps://wwwdefconorg/html/defcon-17/dc-17-index http://www.secuobs.com/revue/news/110752.shtmlhttp://www.secuobs.com/revue/news/110752.shtml Secuobs.com : 2009-06-16 12:34:30 - ISN InfoSec News Mailing List - InfoSec News: More holes open up in Green Dam Youth Escort:http://wwwtheregistercouk/2009/06/15/green_dam/By Joe Fay The Register 15th June 2009A US software firm claims that China's already infamous Green DamYouth Escort censorship software has liberally lifted code from itsown cyber-filtering product http://www.secuobs.com/revue/news/110172.shtmlhttp://www.secuobs.com/revue/news/110172.shtml Secuobs.com : 2009-06-16 12:34:30 - ISN InfoSec News Mailing List - InfoSec News: Jordanian, 2 Pinoys in phone hacking ring face extradition:http://wwwabs-cbnnewscom/nation/06/15/09/jordanian-2-pinoys-phone-hacking-ring-face-extraditionBy David Dizon abs-cbnNEWScom 06/15/2009Manila - Two Filipinos and a Jordanian national in the Philippines arefacing possible extradition to the United States for hacking into thehttp://www.secuobs.com/revue/news/110171.shtmlhttp://www.secuobs.com/revue/news/110171.shtml Secuobs.com : 2009-06-16 12:34:30 - ISN InfoSec News Mailing List - InfoSec News: Oops Building firm blurts out secrets of hush-hush MI5 HQ:http://wwwtimesonlinecouk/tol/news/politics/article6493658eceBy David Leppard The Sunday Times June 14, 2009DETAILS of one of Britain's most sensitive spy bases have beenrevealed after they were posted on the internet by the company thatbuilt it http://www.secuobs.com/revue/news/110170.shtmlhttp://www.secuobs.com/revue/news/110170.shtml Secuobs.com : 2009-06-16 12:34:30 - ISN InfoSec News Mailing List - InfoSec News: New DOD cyber command will focus on the dot-mil domain:http://gcncom/articles/2009/06/15/web-dod-cyber-commandaspxBy William Jackson et Doug Beizer GCNcom June 15, 2009Defense Secretary Robert Gates has not yet made a final decision aboutestablishing a new major command in charge of cyber defense, Deputyhttp://www.secuobs.com/revue/news/110169.shtmlhttp://www.secuobs.com/revue/news/110169.shtml Secuobs.com : 2009-06-15 12:41:23 - ISN InfoSec News Mailing List - InfoSec News: Shen Hacker Does It Again:http://wwwnorthcountrygazetteorg/2009/06/12/shen_hacker/North Country Gazette June 12, 2009CLIFTON PARK - A 16-year-old sophomore at Shenendehowa High School whohacked into the school’s computer system last fall has been arrestedfor doing the same thing again http://www.secuobs.com/revue/news/109734.shtmlhttp://www.secuobs.com/revue/news/109734.shtml Secuobs.com : 2009-06-15 12:41:23 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-24:========================================================================The Secunia Weekly Advisory Summary 2009-06-04 - 2009-06-11This week: 63 advisories http://www.secuobs.com/revue/news/109733.shtmlhttp://www.secuobs.com/revue/news/109733.shtml Secuobs.com : 2009-06-15 12:41:23 - ISN InfoSec News Mailing List - InfoSec News: Instead of Zen Dens, Starwood Builds an Espionage CaseAgainst Hilton:http://wwwwashingtonpostcom/wp-dyn/content/article/2009/06/12/AR2009061204068htmlBy Michael S Rosenwald Washington Post Staff Writer June 13, 2009Earlier this year, Hilton Hotels shipped eight boxes to StarwoodHotels and Resorts Companies don't typically send much mail to theirhttp://www.secuobs.com/revue/news/109732.shtmlhttp://www.secuobs.com/revue/news/109732.shtml Secuobs.com : 2009-06-15 12:41:23 - ISN InfoSec News Mailing List - InfoSec News: Linux Advisory Watch - June 12th 2009:+----------------------------------------------------------------------+| LinuxSecuritycom Weekly Newsletter | | June 12th, 2009 Volume 10,Number 24 | | | http://www.secuobs.com/revue/news/109731.shtmlhttp://www.secuobs.com/revue/news/109731.shtml Secuobs.com : 2009-06-15 12:41:23 - ISN InfoSec News Mailing List - InfoSec News: Chinese firm hits back at cyberspy claims:http://wwwtheregistercouk/2009/06/12/cybersecurity_huawei/By Chris Williams The Register 12th June 2009Exclusive - Chinese networking giant Huawei is battling suggestions itcould be in collusion with the Beijing government and could causemassive disruption to UK communications in a future cyber conflictConcerns have been raised at Cabinet level by senior intelligenceofficials over the presence of the firm's equipment at the centre ofBT's 21CN network backbone upgrade They particularly fear anundetectable "kill switch" that could disable critical communicationsif relations with China seriously deteriorateSimilar cybersecurity disquiet has recently frustrated Huawei'sprogress in India, a massive and growing market for networkingequipment Reports also emerged last year that the Australianintelligence establishment was investigating the firm's involvement innational broadband upgrade workOfficial fears over Huawei's equipment are typically founded on thefirm's origins Cybersecurity hawks point to its unusual privateownership structure and opaque accounting as evidence of its allegedgovernment ties The firm was founded in 1988 by Ren Zhengfei, aformer People's Liberation Army technology research chiefhttp://www.secuobs.com/revue/news/109730.shtmlhttp://www.secuobs.com/revue/news/109730.shtml Secuobs.com : 2009-06-15 12:41:23 - ISN InfoSec News Mailing List - InfoSec News: Whitehall plans new cyber security centre to deter foreignhackers:http://wwwguardiancouk/technology/2009/jun/14/government-security-cyber-crime-hackingBy David Hencke Westminster correspondent guardiancouk 14 June 2009A national cyber security centre to combat the growing threat ofcriminal gangs and foreign states hacking into Whitehall and big http://www.secuobs.com/revue/news/109729.shtmlhttp://www.secuobs.com/revue/news/109729.shtml Secuobs.com : 2009-06-11 13:55:23 - ISN InfoSec News Mailing List - InfoSec News: French military closes Bit Torrent site:http://wwwtheinquirernet/inquirer/news/1184608/french-military-closes-bit-torrent-siteBy Nick Farrell The Inquirer 8 June 2009THE FRENCH MILITARY moved to close down a large Bit Torrent tracker inwhat is the first recorded use of a nation's armed forces under thehttp://www.secuobs.com/revue/news/108464.shtmlhttp://www.secuobs.com/revue/news/108464.shtml Secuobs.com : 2009-06-11 13:55:23 - ISN InfoSec News Mailing List - InfoSec News: China's computers at hacking risk:http://newsbbccouk/2/hi/asia-pacific/8094026stmBy Jonathan Fildes Science and technology reporter BBC News 10 June2009Every PC in China could be at risk of being taken over by malicioushackers because of flaws in compulsory government software http://www.secuobs.com/revue/news/108463.shtmlhttp://www.secuobs.com/revue/news/108463.shtml Secuobs.com : 2009-06-11 13:55:23 - ISN InfoSec News Mailing List - InfoSec News: USENIX EVT/WOTE '09 Registration Now Open: Fowarded from:Lionel Garth Jones Join us in Montreal, Canada, August 10–11, 2009, for the 2009Electronic Voting Technology Workshop/Workshop on TrustworthyElections EVT/WOTE '09This year, the organizers of the USENIX/ACCURATE Electronic Votinghttp://www.secuobs.com/revue/news/108462.shtmlhttp://www.secuobs.com/revue/news/108462.shtml Secuobs.com : 2009-06-11 13:55:23 - ISN InfoSec News Mailing List - InfoSec News: Death of software exec adds pathos to attack on Web hostingfirm:http://blogscomputerworldcom/death_of_software_exec_adds_pathos_to_attack_on_web_hosting_firmBy Jaikumar Vijayan Second Take Computerworld Blogs June 10, 2009The apparent suicide earlier this week by the owner of a company thatdevelops virtualization software used by low cost Web hostingcompanies has added pathos to a massive hacking incident at one of thefirm's UK-based customersKT Ligesh, the 32-year old owner of Bangalore based LX Labs was founddead in his home on Monday morning according to a report in the Timesof India The paper quoting local police said the suicide might havebeen prompted by Lx Lab's recent loss of a contract to a rival firmand other personal issues stemming from the suicide of his mother andsister a few years agoLigesh's death came just a day after VAserv, a UK Web hostingcompany disclosed that unknown hackers had breached its virtual serverinfrastructure and completely deleted 100,000 Web sites being hostedby the company Nearly half of those might have irretrievably lostdata because they did not have back-ups of their data according to astory in The RegisterAccording to VAserv the hackers breached the company's servers bytaking advantage of a zero-day flaw in HyperVM, a virtualizationplatform sold by LX Lab But a note published ostensibly by the hackerclaimed that the attacks had happened because VAserv had insecurepassword management practices and not because of HyperVM flawshttp://www.secuobs.com/revue/news/108461.shtmlhttp://www.secuobs.com/revue/news/108461.shtml Secuobs.com : 2009-06-10 17:53:27 - ISN InfoSec News Mailing List - InfoSec News: DNI: Public trust important for cybersecurity:http://fcwcom/articles/2009/06/09/web-blair-speech-nsa-cyberaspxBy Ben Bain FCWcom June 09, 2009Top intell official says public must be convinced civil liberties areprotectedThe government must convince people that it can bolster cybersecurityhttp://www.secuobs.com/revue/news/108048.shtmlhttp://www.secuobs.com/revue/news/108048.shtml Secuobs.com : 2009-06-10 17:53:27 - ISN InfoSec News Mailing List - InfoSec News: Apple security is 'struggling,' researcher says:http://wwwtheregistercouk/2009/06/09/apple_security_suggestions/By Dan Goodin in San Francisco The Register 9th June 2009 00:52 GMTA well-known security consultant says Apple is struggling toeffectively protect its users against malware and other online threatsand suggests http://www.secuobs.com/revue/news/108047.shtmlhttp://www.secuobs.com/revue/news/108047.shtml Secuobs.com : 2009-06-10 17:53:27 - ISN InfoSec News Mailing List - InfoSec News: Iranian media duped by Barack Obama Blackberry hoax:http://wwwtelegraphcouk/news/worldnews/northamerica/usa/barackobama/5487302/Iranian-media-duped-by-Barack-Obama-Blackberry-hoaxhtmlBy Jeni Oppenheimer Telegraphcouk 09 Jun 2009A Fox news article announced: "The President's Blackberry has beenhacked http://www.secuobs.com/revue/news/108046.shtmlhttp://www.secuobs.com/revue/news/108046.shtml Secuobs.com : 2009-06-10 17:53:27 - ISN InfoSec News Mailing List - InfoSec News: ACM CCSW: 3 Weeks to Go - submission deadline: 26 June :Forwarded from: Radu Sion 2009 ACM Cloud Computing Security Workshop CCSW at CCS 13 November2009, Hyatt Regency Chicago http://cryptocsstonybrookedu/ccsw09CCSW 2009 is pleased to announce Microsoft Research as a gold sponsor,http://www.secuobs.com/revue/news/108045.shtmlhttp://www.secuobs.com/revue/news/108045.shtml Secuobs.com : 2009-06-10 17:53:27 - ISN InfoSec News Mailing List - InfoSec News: Report calls for USAMRIID computer security review:http://wwwfredericknewspostcom/sections/news/displayhtmStoryID=91231By Justin M Palk News-Post Staff June 09, 2009A Defense Science Board report on military biolab safety issued lastmonth identified insider threat as the labs' biggest security problemhttp://www.secuobs.com/revue/news/108044.shtmlhttp://www.secuobs.com/revue/news/108044.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Global ATMs affected by malware claims researcher:http://wwwtechworldcom/security/news/indexcfmnewsID=117060By Jeremy Kirk IDG news service 08 June 2009Cash machines are increasingly hosting malware able to harvest aperson's card details for use in fraud, a situation that could worsenas the malware becomes more sophisticated, according to a securityresearcherAnalysts at Trustwave's SpiderLabs research group were surprisedearlier this year when it obtained the ATM malware sample from afinancial institution in Eastern Europe, said Andrew Henwood, vicepresident of SpiderLabs's Europe, Middle East and Africa operationTrustwave does forensic investigations for major credit card companiesand financial institutions as well as penetration tests"It's the first time we have come across malware of this type,"Henwood saidThe malware records the magnetic stripe information on the back of acard as well as the PIN That data can be printed out on the ATM'sreceipt roll when a special master card is inserted to the ATM thatlaunches a user interface It can also be recorded on the magneticstripe of that master control cardhttp://www.secuobs.com/revue/news/107322.shtmlhttp://www.secuobs.com/revue/news/107322.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Fired worker charged in ID theft, child porn:http://wwwchroncom/disp/storympl/hotstories/6460321htmlBy TOM FOWLER Houston Chronicle June 5, 2009A former Gexa Energy employee has been indicted and faces charges ofidentity theft related to a breach of the electric retail company'scustomer database and possession of child pornography http://www.secuobs.com/revue/news/107321.shtmlhttp://www.secuobs.com/revue/news/107321.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Reminder: DeepSec 2009 Call for Papers is open: Forwardedfrom: DeepSec Conference == REMINDER: === DeepSec In-Depth Security Conference 2009 - TripleSec ==== Call for Papers and ExpertsThe DeepSec organisation reminds everyone of the Call for Papers forthe next conference in November 2009 http://www.secuobs.com/revue/news/107320.shtmlhttp://www.secuobs.com/revue/news/107320.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Linux Advisory Watch - June 5th 2009:+----------------------------------------------------------------------+| LinuxSecuritycom Weekly Newsletter | | June 5th, 2009 Volume 10,Number 23 | | | http://www.secuobs.com/revue/news/107319.shtmlhttp://www.secuobs.com/revue/news/107319.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: T-Mobile investigates possible security breach:http://newscnetcom/8301-1009_3-10259487-83htmlBy Marguerite Reardon Security CNet News June 8, 2009T-Mobile USA is looking into claims that a hacker has broken into itsdata bases and stolen customer and company informationSomeone anonymously posted the claims on the security mailing listFull Disclosure on Saturday In that post, the hacker claims to havegotten access to "everything, their databases, confidential documents,scripts and programs from their servers, financial documents up to2009"The poster said he had offered the information to T-Mobilecompetitors, but they supposedly didn't show any interest Now he sayshe is offering the information to the highest bidderT-Mobile issued a statement that the company is looking into thematter"The protection of our customers' information, and the safety andsecurity of our systems, is absolutely paramount at T-Mobile," thecompany said "Regarding the recent claim, we are fully investigatingthe matter As is our standard practice, if there is any evidence thatcustomer information has been compromised, we would inform thoseaffected as soon as possible"Some security experts were skeptical of the claimshttp://www.secuobs.com/revue/news/107318.shtmlhttp://www.secuobs.com/revue/news/107318.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Webhost hack wipes out data for 100,000 sites:http://wwwtheregistercouk/2009/06/08/webhost_attack/By Dan Goodin in San Francisco The Register 8th June 2009A large internet service provider said data for as many as 100,000websites was destroyed by attackers who targeted a zero-dayvulnerability in a widely-used virtualization applicationTechnicians at UK-based Vaservcom were still scrambling to recoverdata on Monday evening UK time, more than 24 hours after unknownhackers were able to gain root access to the company's system, RusFoster, the company's director told The Register He said theattackers were able to penetrate his servers by exploiting a criticalvulnerability in HyperVM, a virtualization application made by acompany called LXLabs"We were hit by a zero-day exploit" in version 207992 of theapplication, he said "I've heard from other people they've been hitby the same thing"Foster said he's been unable to reach anyone at LXLabs to discuss thesuspected vulnerability The Register has also received no response toinquiries sent to the company, which according to its website islocated in Bangalorehttp://www.secuobs.com/revue/news/107317.shtmlhttp://www.secuobs.com/revue/news/107317.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Security pros find cyberspace review lacking:http://gcncom/articles/2009/06/08/security-pros-say-cyberspace-review-lackingaspxBy Jabulani Leffall GCNcom Jun 08, 2009The Cyberspace Policy Review unveiled last month by President BarackObama, and the creation of a new cybersecurity coordinator position,http://www.secuobs.com/revue/news/107316.shtmlhttp://www.secuobs.com/revue/news/107316.shtml Secuobs.com : 2009-06-09 12:33:42 - ISN InfoSec News Mailing List - InfoSec News: Black Hat Founder Tapped To Advise Homeland Security:http://wwwinformationweekcom/news/showArticlejhtmlarticleID=217800173By Thomas Claburn InformationWeek June 8, 2009Jeff Moss, founder of the Black Hat and DefCon security conferences,was one of 16 people appointed to the Department of Homeland SecurityAdvisory Council HSAC on Friday http://www.secuobs.com/revue/news/107315.shtmlhttp://www.secuobs.com/revue/news/107315.shtml Secuobs.com : 2009-06-05 13:35:07 - ISN InfoSec News Mailing List - InfoSec News: Grand jury says Tracy needs better computer security:http://wwwtracypresscom/pages/full_storypage_label=homeetid=2663611By TP Staff June 3, 2009The city of Tracy needs to beef up its computer security, according toa San Joaquin County civil grand jury report unveiled this weekCity employees have too much access to Web-based e-mail accounts andthe city’s Internet server, the report saysThe city also lacks a written security policy, though it does enforcea strong password policy that requires users to regularly changelog-in codes, according to the reportThe city has 90 days to respond to the grand juryhttp://www.secuobs.com/revue/news/106186.shtmlhttp://www.secuobs.com/revue/news/106186.shtml Secuobs.com : 2009-06-05 13:35:07 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-23:========================================================================The Secunia Weekly Advisory Summary 2009-05-28 - 2009-06-04This week: 64 advisories http://www.secuobs.com/revue/news/106185.shtmlhttp://www.secuobs.com/revue/news/106185.shtml Secuobs.com : 2009-06-05 13:35:07 - ISN InfoSec News Mailing List - InfoSec News: CFP: ICDIM 2009: Forwarded from: Saba Bama Fourth International Conference on Digital Information ManagementICDIM 2009 University of Michigan, Ann Arbor, USA November 1-4,2009 http://wwwicdimorg Technically co-sponsored by the TechnologyManagement Council of IEEE http://www.secuobs.com/revue/news/106184.shtmlhttp://www.secuobs.com/revue/news/106184.shtml Secuobs.com : 2009-06-05 13:35:07 - ISN InfoSec News Mailing List - InfoSec News: FTC Shuts Down 'Worst ISP In US':http://wwwinformationweekcom/news/security/cybercrime/showArticlejhtmlarticleID=217701956By Thomas Claburn InformationWeek June 4, 2009The Federal Trade Commission on Thursday said that it had shut down arogue Internet service provider that knowingly hosted and activelyhttp://www.secuobs.com/revue/news/106183.shtmlhttp://www.secuobs.com/revue/news/106183.shtml Secuobs.com : 2009-06-05 13:35:07 - ISN InfoSec News Mailing List - InfoSec News: ATM malware lets criminals steal data and cash:http://newscnetcom/8301-1009_3-10257277-83htmlBy Elinor Mills Security CNetcom June 4, 2009Malware has been found on ATMs in Eastern Europe and elsewhere thatallows criminals to steal account data and PINs and even empty themachine of its cash, a computer forensics expert said http://www.secuobs.com/revue/news/106182.shtmlhttp://www.secuobs.com/revue/news/106182.shtml Secuobs.com : 2009-06-04 14:28:19 - ISN InfoSec News Mailing List - InfoSec News: Tories seek cybersecurity czar to fight e-crime growth:http://wwwcomputerweeklycom/Articles/2009/06/03/236277/tories-seek-cybersecurity-czar-to-fight-e-crime-growthhtmBy Ian Grant ComputerWeeklycom 03 Jun 2009The Conservative Party will push for a cybersecurity minister to raiseawareness of the importance of fighting computer crime, the shadowhome affairs minister said yesterdayConservative MP James Brokenshire said computer crime was thefastest-growing crime in Britain But there was too littleappreciation in Westminster of its impact on businesses and thepublicBrokenshire was speaking to 200 police and law enforcement officialsat a three-day course on computer forensics hosted by MicrosoftIt is essential to make cybercrime a mainstream issue, he said "Thisis not just for techies"In the US, president Barack Obama has produced a cybersecurity review,and delegates at the Davos World Economic Forum debated cybersecurityin February"But it is still not in the hearts of British politicians We do nothave the appropriate attitude," said Brokenshirehttp://www.secuobs.com/revue/news/105772.shtmlhttp://www.secuobs.com/revue/news/105772.shtml Secuobs.com : 2009-06-04 14:28:19 - ISN InfoSec News Mailing List - InfoSec News: US company invents 'Turing test' to beat bots:http://wwwtechworldcom/security/news/indexcfmnewsID=116903By Jeremy Kirk IDG News Service 03 June 2009A US security company has come up with a technology it says can blockautomated programs responsible for perpetuating nuisances such asspam, fake email registrations and click fraud http://www.secuobs.com/revue/news/105771.shtmlhttp://www.secuobs.com/revue/news/105771.shtml Secuobs.com : 2009-06-04 14:28:19 - ISN InfoSec News Mailing List - InfoSec News: Is the Hacking Threat To National Security Overblown:http://wwwwiredcom/threatlevel/2009/06/cyberthreat/By Ryan Singel Threat Level Wiredcom June 3, 2009Is hacking a real threat to the United States or is it just the latestoverblown threat to national security, whose magnitude is beingexaggerated in order to expand government agencies’ budgets andpowersThat’s the question asked by Threat Level editor Kevin Poulsen at apanel in Computers, Freedom and Privacy in Washington, DC WednesdayAnd it’s important because the government is spending billions ofdollars on computer security, and President Obama is elevatingcyber-security to a national priority, using language that makes evensecurity experts winceAmit Yoran, a former Bush Administration cybersecurity czar, arguesthe answer is easy“Is hacking a national security threat,” Yoran said “The one wordanswer is yes”As proof, Yoran pointed to stories about the denial-of-service attacksin Estonia, attacks on government contractor Booz Allen Hamilton andthe recently reported breach of defense contractor computers that lethackers get at information on the Joint Strike Fighterhttp://www.secuobs.com/revue/news/105770.shtmlhttp://www.secuobs.com/revue/news/105770.shtml Secuobs.com : 2009-06-04 14:28:19 - ISN InfoSec News Mailing List - InfoSec News: At long last, internet's root zone to be secured:http://wwwtheregistercouk/2009/06/04/dnssec_coming/By Dan Goodin in San Francisco The Register 4th June 2009The US government said Wednesday it plans to digitally sign theinternet's root zone by the end of the year, a move that would endyears http://www.secuobs.com/revue/news/105769.shtmlhttp://www.secuobs.com/revue/news/105769.shtml Secuobs.com : 2009-06-04 14:28:19 - ISN InfoSec News Mailing List - InfoSec News: More Than 530,000 Patients Notified In Data Ransom Scare:http://wwwdarkreadingcom/database_security/security/privacy/showArticlejhtmlarticleID=217701702By Tim Wilson DarkReading June 03, 2009Virginia officials are notifying more than a half-million residentsthat their Social Security numbers may have been contained in aprescription http://www.secuobs.com/revue/news/105768.shtmlhttp://www.secuobs.com/revue/news/105768.shtml Secuobs.com : 2009-06-03 16:00:36 - ISN InfoSec News Mailing List - InfoSec News: Cyber Crime police station comes up in Mumbai:http://wwwhinducom/thehindu/holnus/004200906031252htmThe Hindu June 3, 2009Mumbai PTI: A dedicated police station to tackle cyber crime caseshas been set up in the metropolis, third such facility in the countryto deal with new-age offences http://www.secuobs.com/revue/news/105400.shtmlhttp://www.secuobs.com/revue/news/105400.shtml Secuobs.com : 2009-06-03 16:00:36 - ISN InfoSec News Mailing List - InfoSec News: DHS to create online dialogue for security review:http://fcwcom/articles/2009/06/02/homeland-security-national-dialogueaspxBy John S Monroe FCWcom June 02, 2009The new system will be open to security and policy experts nationwideThe Homeland Security Department plans to create an online dialoguewith http://www.secuobs.com/revue/news/105399.shtmlhttp://www.secuobs.com/revue/news/105399.shtml Secuobs.com : 2009-06-02 13:18:31 - ISN InfoSec News Mailing List - InfoSec News: Hackers Compromise 40,000 Web Sites:http://wwweweekeuropecouk/news/hackers-compromise-40-000-web-sites-1029By Brian Prince eWEEK Europe 622009Security researchers at Websense say the tactics are reminiscent ofthe notorious RBN groupResearchers at Websense are reporting a mass compromise that may havehttp://www.secuobs.com/revue/news/104748.shtmlhttp://www.secuobs.com/revue/news/104748.shtml Secuobs.com : 2009-06-02 13:18:31 - ISN InfoSec News Mailing List - InfoSec News: DHS announces cybersecurity personnel: Secretary NapolitanoAnnounces Key Cybersecurity PersonnelRelease Date: June 1, 2009For Immediate Release Office of the Press Secretary Contact:202-282-8010http://wwwdhsgov/ynews/releases/pr_1243885447983shtmUS Department of Homeland Security DHS Secretary Janet Napolitanohttp://www.secuobs.com/revue/news/104747.shtmlhttp://www.secuobs.com/revue/news/104747.shtml Secuobs.com : 2009-06-02 13:18:31 - ISN InfoSec News Mailing List - InfoSec News: Plague of web bugs descend on British sites:http://wwwtheregistercouk/2009/06/01/website_bug_plague/By Dan Goodin in San Francisco The Register 1st June 2009It's been a busy week for high-profile web vulnerabilities, withdiscoveries of careless bugs on the sites of three British companieshttp://www.secuobs.com/revue/news/104746.shtmlhttp://www.secuobs.com/revue/news/104746.shtml Secuobs.com : 2009-06-02 13:18:31 - ISN InfoSec News Mailing List - InfoSec News: Experts: Obama cybersecurity plan short on details:http://wwwnetworkworldcom/news/2009/060109-experts-obama-cybersecurity-plan-shorthtmlBy Grant Gross IDG News Service 06/01/2009US President Barack Obama's new cybersecurity report is short ondetails and creates a federal coordinator position that may havelimited http://www.secuobs.com/revue/news/104745.shtmlhttp://www.secuobs.com/revue/news/104745.shtml Secuobs.com : 2009-06-02 13:18:31 - ISN InfoSec News Mailing List - InfoSec News: In Legal First, Data-Breach Suit Targets Auditor:http://wwwwiredcom/threatlevel/2009/06/auditor_sued/By Kim Zetter Threat Level Wiredcom June 2, 2009When CardSystems Solutions was hacked in 2004 in one of the largestcredit card data breaches at the time, it reached for its securityauditor’s report http://www.secuobs.com/revue/news/104744.shtmlhttp://www.secuobs.com/revue/news/104744.shtml Secuobs.com : 2009-06-01 12:55:19 - ISN InfoSec News Mailing List - InfoSec News: Password breach at Customs leads to huge revenue loss:http://wwwthehindubusinesslinecom/2009/06/01/stories/2009060151480100htmBy TE Raja Simhan The Hindu Business Line June 01, 2009Chennai, May 31 Theft/unauthorised third-party use of customsofficials’ password for accessing the computer network CustomsElectronic Data http://www.secuobs.com/revue/news/104369.shtmlhttp://www.secuobs.com/revue/news/104369.shtml Secuobs.com : 2009-06-01 12:55:19 - ISN InfoSec News Mailing List - InfoSec News: A cybersecurity quiz: Can you tell Obama from Bush:http://newscnetcom/8301-13578_3-10252263-38htmlBy Declan McCullagh Politics and Law CNET News May 29, 2009The US president has announced a comprehensive cybersecuritystrategy for the federal government, saying Internet-based threatshave risen http://www.secuobs.com/revue/news/104368.shtmlhttp://www.secuobs.com/revue/news/104368.shtml Secuobs.com : 2009-06-01 12:55:19 - ISN InfoSec News Mailing List - InfoSec News: Ex-Employee Fingered in Texas Power Company Hack:http://wwwwiredcom/threatlevel/2009/05/efh/By Kevin Poulsen Threat Level Wiredcom May 29, 2009The FBI is investigating a computer intrusion at a large Texas powercompany that crippled the firm’s energy forecast system for a day inMarch, costing it over $26,000 http://www.secuobs.com/revue/news/104367.shtmlhttp://www.secuobs.com/revue/news/104367.shtml Secuobs.com : 2009-06-01 12:55:19 - ISN InfoSec News Mailing List - InfoSec News: Contractors Vie for Plum Work, Hacking for US:http://wwwnytimescom/2009/05/31/us/31cyberhtmlBy CHRISTOPHER DREW and JOHN MARKOFF The New York Times May 30, 2009MELBOURNE, Fla — The government’s urgent push into cyberwarfare hasset off a rush among the biggest military companies for billions ofdollars in new defense contracts http://www.secuobs.com/revue/news/104366.shtmlhttp://www.secuobs.com/revue/news/104366.shtml Secuobs.com : 2009-05-29 18:32:17 - ISN InfoSec News Mailing List - InfoSec News: BNP DDoS 'mega-assault' not actually mega in the least:http://wwwtheregistercouk/2009/05/27/bnp_ddos_diddums/By John Leyden The Register 27th May 2009A supposedly massive denial of service attack against the BritishNational Party website has been exposed as a gross exaggerationThe assault, which began on Friday, was described by the party in anemail appeal for funds as the "largest cyber attack in recordedhistory" and comparable only to a 2001 assault against Microsoft*Nick Griffin, leader of the controversial far-right political party,asked the party's supporters to stump up the £5,000 urgently needed topurchase hardware and servers supposedly needed to keep the site upand runningGriffin's email appeal claims that the assault came from "easternEurope and Russia" and that Clear Channel, a firm supplying Euroelection billboard advertising services to the BNP, is also underattack and contemplating legal actionHowever, Clear Channel, after checking with its US-based techies, saidthat it was not under any kind of cyber-attack, much less on the phoneto its lawyershttp://www.secuobs.com/revue/news/103158.shtmlhttp://www.secuobs.com/revue/news/103158.shtml Secuobs.com : 2009-05-29 18:32:17 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-22:========================================================================The Secunia Weekly Advisory Summary 2009-05-21 - 2009-05-28This week: 59 advisories http://www.secuobs.com/revue/news/103157.shtmlhttp://www.secuobs.com/revue/news/103157.shtml Secuobs.com : 2009-05-29 18:32:17 - ISN InfoSec News Mailing List - InfoSec News: DHS wants budget to back cybersecurity efforts:http://gcncom/articles/2009/06/01/cybereye-box-dhs-cybersecurity-budgetaspxBy William Jackson GCNcom May 27, 2009Department requests an addition $81 million for cybersecurityJust how the Obama administration manages cybersecurity has yet to behttp://www.secuobs.com/revue/news/103156.shtmlhttp://www.secuobs.com/revue/news/103156.shtml Secuobs.com : 2009-05-29 18:32:17 - ISN InfoSec News Mailing List - InfoSec News: Landis case twist: hacking lab computer:http://www3signonsandiegocom/stories/2009/may/29/1s29landis215559-landis-case-twist-hacking-lab-com/By Mark Zeigler Union-Tribune Staff Writer May 29, 2009Cyclist Floyd Landis had a post-race urine sample at the Tour deFrance return positive for synthetic testosterone in July 2006 http://www.secuobs.com/revue/news/103155.shtmlhttp://www.secuobs.com/revue/news/103155.shtml Secuobs.com : 2009-05-28 13:31:28 - ISN InfoSec News Mailing List - InfoSec News: Finland to found cyberwar unit - TS:http://wwwhelsinkitimesfi/htimes/domestic-news/general/6439-finland-to-found-cyberwar-unit-ts-htmlHelsinki Times 27 May 2009The Finnish military is to establish a cyberwar unit charged withprotecting government data communications, regional daily TurunSanomat http://www.secuobs.com/revue/news/102657.shtmlhttp://www.secuobs.com/revue/news/102657.shtml Secuobs.com : 2009-05-28 13:31:28 - ISN InfoSec News Mailing List - InfoSec News: Sun CTO to form cloud security forum:http://wwwzdnetasiacom/news/security/0,39044215,62054388,00htmBy Tom Espiner ZDNet UK May 27, 2009Sun's UK chief technology officer is working with major Britishpublic and private organizations to set up a cross-sector forum toresolve cloud-computing security issues http://www.secuobs.com/revue/news/102656.shtmlhttp://www.secuobs.com/revue/news/102656.shtml Secuobs.com : 2009-05-28 13:31:28 - ISN InfoSec News Mailing List - InfoSec News: Seminal password tool rises from Symantec ashes:http://wwwtheregistercouk/2009/05/27/l0phtcrack_returns/By Dan Goodin in San Francisco The Register 27th May 2009More than three years after Symantec unceremoniously pulled the plugon L0phtcrack, the seminal tool for auditing and cracking passwords isback with a set of new capabilities http://www.secuobs.com/revue/news/102655.shtmlhttp://www.secuobs.com/revue/news/102655.shtml Secuobs.com : 2009-05-28 13:31:28 - ISN InfoSec News Mailing List - InfoSec News: Fake web traffic can hide secret chat:http://wwwnewscientistcom/article/mg20227096200-fake-web-traffic-can-hide-secret-chathtmlBy Paul Marks New Scientist 26 May 2009THE internet's underlying technology can be harnessed to let peopleexchange secret messages, perhaps allowing free speech an outlet inoppressive regimes http://www.secuobs.com/revue/news/102654.shtmlhttp://www.secuobs.com/revue/news/102654.shtml Secuobs.com : 2009-05-28 13:31:28 - ISN InfoSec News Mailing List - InfoSec News: FBI, US Marshals reconnect after security problems:http://fcwcom/articles/2009/05/26/web-fbi-marshals-computeraspxBy Ben Bain FCWcom May 26, 2009Both agencies had taken some systems offline last weekThe FBI’s external unclassified network is once again online afterofficials last week temporarily suspended its connection to theInternet http://www.secuobs.com/revue/news/102653.shtmlhttp://www.secuobs.com/revue/news/102653.shtml Secuobs.com : 2009-05-28 13:31:28 - ISN InfoSec News Mailing List - InfoSec News: RAF base security reviewed after breach:http://wwwpressandjournalcouk/Articleaspx/1234376The Press and Journal 27/05/2009SECURITY has been tightened at a Moray air base after a man indisguise was allowed to walk in unchallenged by guards, a Ministry ofDefence spokeswoman said http://www.secuobs.com/revue/news/102652.shtmlhttp://www.secuobs.com/revue/news/102652.shtml Secuobs.com : 2009-05-27 12:08:56 - ISN InfoSec News Mailing List - InfoSec News: RAF officers face 'blackmail over missing vice files':http://wwwtelegraphcouk/news/newstopics/politics/defence/5383310/RAF-officers-face-blackmail-over-missing-vice-fileshtmlBy Thomas Harding, Defence Correspondent and Ben Leach 25 May 2009The Ministry of Defence has admitted that files had been stolen, andhttp://www.secuobs.com/revue/news/102170.shtmlhttp://www.secuobs.com/revue/news/102170.shtml Secuobs.com : 2009-05-27 12:08:56 - ISN InfoSec News Mailing List - InfoSec News: ICITST-2009: Deadline for Paper Submission is Approaching:Forwarded from: dlin at icitstorgApologies for cross-postingsICITST-2009The 4th International Conference for Internet Technology and SecuredTransactions ICITST-2009, Technical Co-Sponsored by IEEE UK/RISection, November 9–12, 2009, London, UK wwwicitst http://www.secuobs.com/revue/news/102169.shtmlhttp://www.secuobs.com/revue/news/102169.shtml Secuobs.com : 2009-05-27 12:08:56 - ISN InfoSec News Mailing List - InfoSec News: UK Snubs Support For Home of WWII Enigma:http://wwweweekeuropecouk/news/uk-snubs-support-for-home-of-wwii-enigma--939By Andrew Donoghue eWEEK Europe 20-05-2009Government refuses to upgrade wartime code-breaking site BletchleyPark - which had a visit from actor and techno-phile Stephen Fry http://www.secuobs.com/revue/news/102168.shtmlhttp://www.secuobs.com/revue/news/102168.shtml Secuobs.com : 2009-05-27 12:08:56 - ISN InfoSec News Mailing List - InfoSec News: Obama, White House To Oversee Cybersecurity Leadership:http://wwwinformationweekcom/news/government/federal/showArticlejhtmlarticleID=217700171By J Nicholas Hoover InformationWeek May 26, 2009President Barack Obama on Tuesday announced the White House willcreate a new directorate or position within the executive branch todeal with http://www.secuobs.com/revue/news/102167.shtmlhttp://www.secuobs.com/revue/news/102167.shtml Secuobs.com : 2009-05-27 12:08:56 - ISN InfoSec News Mailing List - InfoSec News: Hilton BlackBerry Lost - Why She Should Worry AboutSecurity:http://wwwwirelessandmobilenewscom/2009/05/hilton_blackberry_lost_-_why_she_should_worry_about_securityhtmlWireless and Mobile News May 22, 2009Paris Hilton lost her BlackBerry Bold, last night, at the Cannes FilmFestival in the wee hours of the morning http://www.secuobs.com/revue/news/102166.shtmlhttp://www.secuobs.com/revue/news/102166.shtml Secuobs.com : 2009-05-27 12:08:56 - ISN InfoSec News Mailing List - InfoSec News: Audit: TSA has weak IT security controls:http://fcwcom/articles/2009/05/26/tsa-has-weak-it-controls-audit-saysaspxBy Alice Lipowicz FCWcom May 26, 2009The Transportation Security Administration had 15 informationtechnology control deficiencies in fiscal 2008 that collectivelyrepresent a http://www.secuobs.com/revue/news/102165.shtmlhttp://www.secuobs.com/revue/news/102165.shtml Secuobs.com : 2009-05-26 16:16:46 - ISN InfoSec News Mailing List - InfoSec News: Royal chauffeur 'who allowed reporters to sit in theQueen's Bentley' is suspended:http://wwwdailymailcouk/news/article-1186959/Royal-chauffeur-allowed-reporters-sit-Queens-Bentley-suspendedhtmlBy Rebecca English DailyMailcouk 24th May 2009Buckingham Palace was forced to launch an urgent security review todayby the Queen who was furious after a royal chauffeur took a £1,000bribe from undercover reporters for access to her fleet of limousinesFormer army officer Brian Sirjusingh, who lives in a grace-and-favourapartment in the Royal Mews, brought the two men into the heart of thepalace without any security checks and gave them a guided tour of themonarch's fleet of official carsIn a deal set up by a £200-an-hour Lithuanian escort girl who is alsoallowed unfettered access to the Palace, he encouraged the News of theWorld journalists, who were posing as wealthy Middle Easternbusinessmen, to sit on the back seat of her Bentley, bragging: 'That'swhere the Queen sits'The incident is a terrible embarrassment to Scotland Yard's Royaltyand Diplomatic Protection Squad who claimed to have put stringentchecks in place following a string of security breacheshttp://www.secuobs.com/revue/news/101711.shtmlhttp://www.secuobs.com/revue/news/101711.shtml Secuobs.com : 2009-05-26 16:16:46 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-21:========================================================================The Secunia Weekly Advisory Summary 2009-05-14 - 2009-05-21This week: 79 advisories http://www.secuobs.com/revue/news/101710.shtmlhttp://www.secuobs.com/revue/news/101710.shtml Secuobs.com : 2009-05-26 16:16:46 - ISN InfoSec News Mailing List - InfoSec News: Defense Dept, Industry Join to Protect Data:http://wwwwashingtonpostcom/wp-dyn/content/article/2009/05/24/AR2009052402140htmlBy Ellen Nakashima Washington Post Staff Writer May 25, 2009LINTHICUM, Md -- At 2:42 pm one recent Wednesday, on the fourthfloor of a squat brick office building under the flight path of jetslanding http://www.secuobs.com/revue/news/101709.shtmlhttp://www.secuobs.com/revue/news/101709.shtml Secuobs.com : 2009-05-26 16:16:46 - ISN InfoSec News Mailing List - InfoSec News: Army migrating computers to Vista:http://wwwarmymil/-news/2009/05/20/21389-army-migrating-computers-to-vista/By Gary Sheftick and Delawese Fulton Armymil May 20, 2009WASHINGTON Army News Service, May 20, 2009 -- The Army is migratingall of its Windows-based computers to Microsoft's Vista operatingsystem http://www.secuobs.com/revue/news/101708.shtmlhttp://www.secuobs.com/revue/news/101708.shtml Secuobs.com : 2009-05-26 16:16:46 - ISN InfoSec News Mailing List - InfoSec News: USENIX Security '09 Registration Now Open: Forwarded from:Lionel Garth Jones You're invited to join us at the 18th USENIX Security Symposium,August 10-14, 2009, in Montreal, Canada USENIX Security '09 will helpyou stay ahead of the game by offering cutting-edge research on topicsranging http://www.secuobs.com/revue/news/101707.shtmlhttp://www.secuobs.com/revue/news/101707.shtml Secuobs.com : 2009-05-21 19:58:47 - ISN InfoSec News Mailing List - InfoSec News: Deploying Disney: How Social Engineers Take Advantage ofChildhood Lessons:http://wwwinformitcom/articles/articleaspxp=1341012By Chris Nickerson InformIT May 20, 2009Security consultant Chris Nickerson points out that social engineersthe kind you hire as consultants aren't evil; in fact, they want tohelp you prevent people from stealing your secrets http://www.secuobs.com/revue/news/100189.shtmlhttp://www.secuobs.com/revue/news/100189.shtml Secuobs.com : 2009-05-21 19:58:47 - ISN InfoSec News Mailing List - InfoSec News: Cyber Security et Information Intelligence ResearchMinitrack @ HICSS-43: Forwarded from: Frederick Sheldon Cyber Security and Information Intelligence Research MinitrackCSIIRMREMINDER: June 15 is the submission deadlinePapers presented at theHawaii International Conference on System Sciences Jan http://www.secuobs.com/revue/news/100188.shtmlhttp://www.secuobs.com/revue/news/100188.shtml Secuobs.com : 2009-05-21 19:58:47 - ISN InfoSec News Mailing List - InfoSec News: Army's stolen laptop sparks 'embarrassing' security scare:http://newsscotsmancom/scotland/Army39s-stolen--laptop-sparks5283785jpBy ALAN McEWEN Edinburgh Evening News 20 May 2009AN army laptop said to contain the personal details of servingsoldiers and their families sparked a security scare after it wasstolen from a http://www.secuobs.com/revue/news/100187.shtmlhttp://www.secuobs.com/revue/news/100187.shtml Secuobs.com : 2009-05-19 12:51:03 - ISN InfoSec News Mailing List - InfoSec News: Schools' Cybersecurity Needs Improvement:http://wwwinformationweekcom/news/security/attacks/showArticlejhtmlarticleID=217500591By KC Jones InformationWeek May 18, 2009Although school districts have moved toward improving network andbuilding security, a rise in breaches has caused overall school IThttp://www.secuobs.com/revue/news/98241.shtmlhttp://www.secuobs.com/revue/news/98241.shtml Secuobs.com : 2009-05-19 12:51:03 - ISN InfoSec News Mailing List - InfoSec News: NBN needs expert security: Conroy:http://wwwaustralianitnewscomau/story/0,24897,25502816-15306,00htmlBy Karen Dearne Australian IT May 19, 2009FEDERAL Communications Minister Stephen Conroy says technologysecurity specialists will help with the detailed design, operating andidentity http://www.secuobs.com/revue/news/98240.shtmlhttp://www.secuobs.com/revue/news/98240.shtml Secuobs.com : 2009-05-19 12:51:03 - ISN InfoSec News Mailing List - InfoSec News: OpenSSH chink bares encrypted data packets:http://wwwtheregistercouk/2009/05/19/open_ssh_hack/By Dan Goodin The Register 19th May 2009Cryptographers are urging users of a widely employed network protocolto make sure they're running the latest version after discovering aflaw that could allow attackers to read data that's supposed to remainencryptedAll programs that incorporate the OpenSSH implementation of SSH, shortfor Secure Shell, should make sure they use version 52, whichprovides several countermeasures to prevent the attacks Other SSHimplementations may be vulnerable as well, the researchers from theInformation Security Group at the University of London's RoyalHolloway saidThe attack exploits subtle differences in the way SSH software reactswhen encountering errors during cryptographic processing By directingspecially manipulated packets at the application, an attacker has aone in 262,144 chance of recovering 32 bits of plaintext from anarbitrary chunk of ciphertextWhile those are extremely limited odds, the design flaw still poses asignificant threat given the way many applications that employ SSHwork VPNs, or virtual private networks, for example, repeatedlyreconnect to a server extremely rapidly each time they aredisconnected With some programs reconnecting several times persecond, a determined attacker might find ample opportunity to succeedhttp://www.secuobs.com/revue/news/98239.shtmlhttp://www.secuobs.com/revue/news/98239.shtml Secuobs.com : 2009-05-19 12:51:03 - ISN InfoSec News Mailing List - InfoSec News: Call for Presentations - 2009 Annual CND RetT Workshop:Forwarded from: "Holleran, John C" 2009 Annual CND RetT Workshop Call for PresentationsThe focus area for this year's DoD Computer Network Defense Researchand Technology Program Management Office workshop will be “Strategiesand http://www.secuobs.com/revue/news/98238.shtmlhttp://www.secuobs.com/revue/news/98238.shtml Secuobs.com : 2009-05-18 15:44:56 - ISN InfoSec News Mailing List - InfoSec News: Defense declares war on spam in bid to protect networks:http://wwwnextgovcom/nextgov/ng_20090514_2422phpBy Bob Brewin NextGovcom 05/14/2009The Defense Information Systems Agency asked technology companies onWednesday for ideas on how to build an e-mail defense system on theperimeter of its networks that can scan 50 million inbound messages aday to catch spam, viruses and cyberattacksIn a notice to industry, DISA said it needs to protect 700unclassified network domains and that, while there are many individuale-mail domains administered by Defense Department units, "there is apossibility these may be combined into one enterprise DoD e-maildomain"Defense currently scans e-mails for viruses and spam coming intosystems serving the military services, commands or units DISA wantsto extend the protection to the interface between the Internet and itsunclassified network, the Non-classified Internet Protocol RouterNetwork The agency also wants the ability to scan all outbounde-mails from the 5 million usersThe issue of spam is serious, Defense reports Army Lt Gen Keith BAlexander, director of the National Security Agency, told an audienceattending the RSA Security Conference in San Francisco in April thatabout 20 billion e-mails are sent globally every day, of which 65percent to 70 percent are spamhttp://www.secuobs.com/revue/news/97679.shtmlhttp://www.secuobs.com/revue/news/97679.shtml Secuobs.com : 2009-05-18 15:44:56 - ISN InfoSec News Mailing List - InfoSec News: Software upgrade company wins $100K contest at MIT:http://wwwbostoncom/business/technology/articles/2009/05/16/software_upgrade_company_wins_100k_contest_at_mit/By Hiawatha Bray Boston Globe Staff May 16, 2009When home computer users have to reboot their machines to install asoftware upgrade, it's a nuisance http://www.secuobs.com/revue/news/97678.shtmlhttp://www.secuobs.com/revue/news/97678.shtml Secuobs.com : 2009-05-18 15:44:56 - ISN InfoSec News Mailing List - InfoSec News: San Antonio to get Air Force cyber command:http://wwwmysanantoniocom/military/45051917htmlBy Gary Martin Express-News 05/15/2009WASHINGTON - Lackland AFB in San Antonio is being selected by AirForce officials as the headquarters for a new cyber command, anofficial close to the selection process said late Thursday http://www.secuobs.com/revue/news/97677.shtmlhttp://www.secuobs.com/revue/news/97677.shtml Secuobs.com : 2009-05-18 15:44:56 - ISN InfoSec News Mailing List - InfoSec News: 'Kramer' Is In The Building:http://wwwdarkreadingcom/blog/archives/2009/05/post_1htmlBy Steve Stasiukonis Hacked Off Dark Reading May 15, 2009My firm, Secure Network Technologies, was recently hired by a largehealthcare provider to perform a security assessment As part of thehttp://www.secuobs.com/revue/news/97676.shtmlhttp://www.secuobs.com/revue/news/97676.shtml Secuobs.com : 2009-05-15 19:32:24 - ISN InfoSec News Mailing List - InfoSec News: Unsafe at any speed: Memcpy banished in Redmond:http://wwwtheregistercouk/2009/05/15/microsoft_banishes_memcpy/By Dan Goodin in San Francisco The Register 15th May 2009Memcpy and brethren, your days are numbered At least in developmentshops that aspire to secure codingMicrosoft plans to formally banish the popular programming functionthat's been responsible for an untold number of securityvulnerabilities over the years, not just in Windows but in countlessother applications based on the C language Effective later this year,Microsoft will add memcpy, CopyMemory, and RtlCopyMemory to itslist of function calls banned under its secure development lifecycleMemcpy has long served as a basic staple of C-based languages,providing a simple way to copy the contents from one chunk of memoryto another Its drawback comes when the source to be copied containsmore bytes than its destination, creating overflows that presentattackers with opportunities to remotely execute code in theunderlying application"That's definitely one of those notoriously dangerous C commands,"said Johannes Ullrich, CTO of the SANS Institute, who teaches securecoding classes to developers He likened memcpy to other riskyfunctions such as strcpy and strcat, which have Microsoft hasalready banned after exacting untold misery over the yearshttp://www.secuobs.com/revue/news/96887.shtmlhttp://www.secuobs.com/revue/news/96887.shtml Secuobs.com : 2009-05-15 19:32:24 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-20:========================================================================The Secunia Weekly Advisory Summary 2009-05-07 - 2009-05-14This week: 54 advisories http://www.secuobs.com/revue/news/96886.shtmlhttp://www.secuobs.com/revue/news/96886.shtml Secuobs.com : 2009-05-15 19:32:24 - ISN InfoSec News Mailing List - InfoSec News: IG: DHS data centers at risk:http://wwwfcwcom/Articles/2009/05/13/DHS-data-centers-at-risks-says-IGaspxBy Alice Lipowicz FCWcom May 13, 2009The Homeland Security Department set up a huge data center on theMississippi Gulf Coast in 2006 without considering protections againsthttp://www.secuobs.com/revue/news/96885.shtmlhttp://www.secuobs.com/revue/news/96885.shtml Secuobs.com : 2009-05-15 19:32:24 - ISN InfoSec News Mailing List - InfoSec News: Corporate-espionage, e-mail break-in case zaps electronicsindustry:http://wwwnetworkworldcom/news/2009/051409-amx-email-espionagehtmlBy Ellen Messmer Network World 05/14/2009A corporate-espionage case in which an executive from electronicsmanufacturer, AMX Corp, broke into the e-mail system of the marketinghttp://www.secuobs.com/revue/news/96884.shtmlhttp://www.secuobs.com/revue/news/96884.shtml Secuobs.com : 2009-05-15 19:32:24 - ISN InfoSec News Mailing List - InfoSec News: Updated Speakers List and CFP: The 2009 ACM Cloud ComputingSecurity Workshop CCSW: Forwarded from: Radu Sion 2009 ACM Cloud Computing Security Workshop CCSW at CCS 13 November2009, Hyatt Regency Chicago http://cryptocsstonybrookedu/ccsw09CCSW 2009 is pleased to announce four distinguished speakers http://www.secuobs.com/revue/news/96883.shtmlhttp://www.secuobs.com/revue/news/96883.shtml Secuobs.com : 2009-05-14 10:45:28 - ISN InfoSec News Mailing List - InfoSec News: FBI expects Va hacker probe to take two more weeks:http://wwwtimesdispatchcom/rtd/news/local/article/HACKGATER12_20090512-180002/267283/By Tyler Whitley Richmond Times-Dispatch May 12, 2009The FBI has not discovered the hacker who broke into the Department ofHealth Profession's computer, nor has it discovered what private http://www.secuobs.com/revue/news/96255.shtmlhttp://www.secuobs.com/revue/news/96255.shtml Secuobs.com : 2009-05-14 10:45:28 - ISN InfoSec News Mailing List - InfoSec News: Insider May Have Breached More Than 10, 000 Patient RecordsAt Johns Hopkins:http://wwwdarkreadingcom/insiderthreat/security/privacy/showArticlejhtmlarticleID=217400831By Tim Wilson DarkReading May 13, 2009An employee at Johns Hopkins Hospital may have leaked the personalinformation of more than 10,000 patients in an identity fraud scamhttp://www.secuobs.com/revue/news/96254.shtmlhttp://www.secuobs.com/revue/news/96254.shtml Secuobs.com : 2009-05-14 10:45:28 - ISN InfoSec News Mailing List - InfoSec News: Suspect held over espionage against Alinghi:http://wwwguardiancouk/sport/2009/may/13/sailing-alinghi-industrial-espionageBy Matt Scott The Guardian 13 May 2009A suspect has been arrested in the south of France for allegedlyconducting industrial espionage against the America's Cup holders,Alinghi http://www.secuobs.com/revue/news/96253.shtmlhttp://www.secuobs.com/revue/news/96253.shtml Secuobs.com : 2009-05-14 10:45:28 - ISN InfoSec News Mailing List - InfoSec News: More money and staff a must for DHS to take lead role forcybersecurity: http://wwwnextgovcom/nextgov/ng_20090513_8393phpBy Jill R Aitoro NextGovcom 05/13/2009The Homeland Security Department needs more money and employees tosupport a planned increase in responsibility for governmentwidecybersecurity, leading some security specialists to speculate that thehttp://www.secuobs.com/revue/news/96252.shtmlhttp://www.secuobs.com/revue/news/96252.shtml Secuobs.com : 2009-05-14 10:45:28 - ISN InfoSec News Mailing List - InfoSec News: Information-sharing platform hacked:http://fcwcom/articles/2009/05/13/web-dhs-hsin-intrusion-hackaspxBy Ben Bain FCWcom May 13, 2009Homeland Security Information Network suffers intrusionsThe Homeland Security Department’s platform for sharing sensitive butunclassified data with state and local authorities was hackedrecently, a DHS official has confirmedThe intrusion into the Homeland Security Information Network HSINwas confirmed to Federal Computer Week by Harry McDavid, the chiefinformation officer for DHS’ Office of Operations Coordination andPlanning McDavid said the US Computer Emergency Readiness Teamreported an intrusion into the system in late March The initial hackwas brief and limited, and it was followed by a more extensive hack inearly April, McDavid saidThe hacker or hackers gained access to the data by getting into theHSIN account of a federal employee or contractor, McDavid said Thebulk of the data obtained was federal, but some state information wasalso accessed, he added, and the organizations that owned the data andCongress were notified of the intrusionThe files that were accessed contained administrative data such astelephone numbers and e-mail addresses of state and federal employeesHowever, an investigation into the incidents has found that no SocialSecurity numbers, driver's license numbers or financial data wereobtained, McDavid saidhttp://www.secuobs.com/revue/news/96251.shtmlhttp://www.secuobs.com/revue/news/96251.shtml Secuobs.com : 2009-05-12 09:17:58 - ISN InfoSec News Mailing List - InfoSec News: Chu: IT security a drag on Energy's mission:http://fcwcom/articles/2009/05/11/chu-it-security-a-dragaspxBy Matthew Weigelt FCWcom May 11, 2009Energy secretary wants to balance information security, missionEnergy Secretary Steven Chu has said the Energy Department needs toconsider whether its information security systems are worth the dragon its mission“We’re going to be looking at information technologies," Chu said atpress briefing May 7 about the department's fiscal 2010 budgetproposal "Do we have the right balance between keeping our IT securefrom viruses to how it compromises productivity”In an April 29 speech at the National Renewable Energy Laboratory inGolden, Colo, Chu said “well-meaning people” in the chief informationofficer’s office and in the procurement and finance offices “whose jobit is to protect the Department of Energy” actually hinder what thedepartment can do“They forgot the Department of Energy has a job, and it’s not toprotect the Department of Energy It’s to get something done,” hesaid Terrible accidents and financial waste are bad things, he said,but added, “It has to be balanced against the mission of thedepartment and so this is something that I feel very strongly about”http://www.secuobs.com/revue/news/94815.shtmlhttp://www.secuobs.com/revue/news/94815.shtml Secuobs.com : 2009-05-12 09:17:58 - ISN InfoSec News Mailing List - InfoSec News: State drug database regaining functions after cyberattack:http://hamptonroadscom/2009/05/state-drug-database-regaining-functions-after-cyberattackBy Bill Sizemore The Virginian-Pilot May 12, 2009The Virginia Department of Health Professions is slowly restoring itscomputer functions in the wake of a hacker attack but still can't sayhttp://www.secuobs.com/revue/news/94814.shtmlhttp://www.secuobs.com/revue/news/94814.shtml Secuobs.com : 2009-05-12 09:17:58 - ISN InfoSec News Mailing List - InfoSec News: China blocks US from cyber warfare:http://washingtontimescom/news/2009/may/12/china-bolsters-for-cyber-arms-race-with-us/By Bill Gertz The Washington Times May 12, 2009China has developed more secure operating software for its tens ofmillions of computers and is already installing it on government andhttp://www.secuobs.com/revue/news/94813.shtmlhttp://www.secuobs.com/revue/news/94813.shtml Secuobs.com : 2009-05-11 14:50:03 - ISN InfoSec News Mailing List - InfoSec News: Hackers strike UC Berkeley computer systems:http://abclocalgocom/kgo/storysection=news/local/east_bayetid=6803387By Heather Ishimaru abc7newscom May 08, 2009BERKELEY, CA KGO -- The University of California, Berkeley isnotifying 160,000 people they could be victims of identity thefthttp://www.secuobs.com/revue/news/94380.shtmlhttp://www.secuobs.com/revue/news/94380.shtml Secuobs.com : 2009-05-11 14:50:03 - ISN InfoSec News Mailing List - InfoSec News: StratCom wants DoD cyber units joined:http://wwwairforcetimescom/news/2009/05/airforce_space_commander_050809/By Bruce Rolfsen Staff writer Air Force Times May 10, 2009The head of US Strategic Command, which oversees US interests inspace and cyberspace, believes the Defense Department needs toorganize http://www.secuobs.com/revue/news/94379.shtmlhttp://www.secuobs.com/revue/news/94379.shtml Secuobs.com : 2009-05-11 14:50:03 - ISN InfoSec News Mailing List - InfoSec News: Agencies in Oklahoma taking steps to protect data:http://newsokcom/agencies-in-oklahoma-taking-steps-to-protect-data/article/3367302BY MICHAEL MCNUTT NewsOKcom May 7, 2009Policies and procedures have been changed to cut the risk of personalinformation being compromised because of stolen or misplaced laptophttp://www.secuobs.com/revue/news/94378.shtmlhttp://www.secuobs.com/revue/news/94378.shtml Secuobs.com : 2009-05-11 14:50:03 - ISN InfoSec News Mailing List - InfoSec News: Cadets Trade the Trenches for Firewalls:http://wwwnytimescom/2009/05/11/technology/11cybergameshtmlBy COREY KILGANNON and NOAM COHEN The New York Times May 10, 2009WEST POINT, NY -- The Army forces were under attack Communicationswere down, and the chain of command was broken http://www.secuobs.com/revue/news/94377.shtmlhttp://www.secuobs.com/revue/news/94377.shtml Secuobs.com : 2009-05-11 14:50:03 - ISN InfoSec News Mailing List - InfoSec News: PCI: A Brand, Not a Security Standard:http://attritionorg/security/rants/pci/heartland01htmlPCI: A Brand, Not a Security Standard Fri May 8 21:09:02 EDT 2009security curmudgeonI am so fed up with this entire ordeal As a customer who was twiceaffected by Heartland's security breach two different cards throughtwo http://www.secuobs.com/revue/news/94376.shtmlhttp://www.secuobs.com/revue/news/94376.shtml Secuobs.com : 2009-05-11 14:50:03 - ISN InfoSec News Mailing List - InfoSec News: Comedian sneaks into US State department:http://wwwtelegraphcouk/news/worldnews/northamerica/usa/5295148/Comedian-sneaks-into-US-State-departmenthtmlTelegraphcouk 08 May 2009Comedian Armando Iannucci got past security guards at the US Statedepartment in Washington with a pass which "could have been producedby http://www.secuobs.com/revue/news/94375.shtmlhttp://www.secuobs.com/revue/news/94375.shtml Secuobs.com : 2009-05-08 12:48:07 - ISN InfoSec News Mailing List - InfoSec News: Hacking of prescription database may lead to headaches:http://hamptonroadscom/2009/05/hacking-prescription-database-may-lead-headachesBy Bill Sizemore The Virginian-Pilot May 8, 2009The possible breach of a state electronic prescription drug data-basecould have an ironic effect: promotion of prescription drug fraud andhttp://www.secuobs.com/revue/news/93593.shtmlhttp://www.secuobs.com/revue/news/93593.shtml Secuobs.com : 2009-05-08 12:48:07 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-19:========================================================================The Secunia Weekly Advisory Summary 2009-04-30 - 2009-05-07This week: 47 advisories http://www.secuobs.com/revue/news/93592.shtmlhttp://www.secuobs.com/revue/news/93592.shtml Secuobs.com : 2009-05-08 12:48:07 - ISN InfoSec News Mailing List - InfoSec News: Purdue class treats hard drive as crime scene:http://wwwjconlinecom/article/20090506/NEWS0501/905060341By ERIC WEDDLE Journal and Courier May 6, 2009If a picture is worth a thousand words, than a suspect's Web browserhistory, e-mails, chat logs, cell phone and electronic documents couldequal a conviction http://www.secuobs.com/revue/news/93591.shtmlhttp://www.secuobs.com/revue/news/93591.shtml Secuobs.com : 2009-05-08 12:48:07 - ISN InfoSec News Mailing List - InfoSec News: Computer hard drive sold on eBay 'had details of top secretUS missile defence system':http://wwwdailymailcouk/news/article-1178239/Computer-hard-drive-sold-eBay-details-secret-U-S-missile-defence-systemhtmlBy Daily Mail Reporter 07th May 2009Highly sensitive details of a US military missile air defence systemwere found on a second-hand hard drive bought on eBay http://www.secuobs.com/revue/news/93590.shtmlhttp://www.secuobs.com/revue/news/93590.shtml Secuobs.com : 2009-05-08 12:48:07 - ISN InfoSec News Mailing List - InfoSec News: Police prying into stars' data:http://wwwbostoncom/news/local/massachusetts/articles/2009/05/06/police_prying_into_stars_data/s_campaign=8315By Andrea Estes and Peter Schworm Boston Globe Staff May 6, 2009Police from communities across the state have repeatedly tapped intothe http://www.secuobs.com/revue/news/93589.shtmlhttp://www.secuobs.com/revue/news/93589.shtml Secuobs.com : 2009-05-08 12:48:07 - ISN InfoSec News Mailing List - InfoSec News: EUSecWest 2009 May27/28 London Agenda and PacSec 2009Nov 4/5 Tokyo CFP deadline: June 1 2009: Forwarded from: Dragos RuiuEUSecWest 2009 SpeakersEfficient UAK Recovery attacks against DECT - Ralf-Philipp Weinmann,University of Luxembourg A year in the life of an Adobe Flash securityresearcher - Peleus Uhley, Adobe Pwning your grandmother's iPhonehttp://www.secuobs.com/revue/news/93588.shtmlhttp://www.secuobs.com/revue/news/93588.shtml Secuobs.com : 2009-05-07 13:52:14 - ISN InfoSec News Mailing List - InfoSec News: Hacker attack on village Web site went unnoticed formonths:http://wwwchippewacom/articles/2009/05/06/news/doc4a01ae5be2dae632955634txtBy LIZ HOCHSTEDLER Chippewa Herald May 6, 2009Visitors to the village of Lake Hallie Web site could have beenbombarded with links to explicit sites, but would have had to dig deepto find them http://www.secuobs.com/revue/news/93092.shtmlhttp://www.secuobs.com/revue/news/93092.shtml Secuobs.com : 2009-05-07 13:52:14 - ISN InfoSec News Mailing List - InfoSec News: IT Security Job Tips for Surviving a Tough Economy:http://wwweweekcom/c/a/Security/IT-Security-Job-Tips-for-Surviving-a-Tough-Economy-899036/By Brian Prince eWEEKcom 2009-05-05Between layoffs in the IT industry and belt tightening by enterprises,security groups need to know what prospective employers are lookingfor http://www.secuobs.com/revue/news/93091.shtmlhttp://www.secuobs.com/revue/news/93091.shtml Secuobs.com : 2009-05-07 13:52:14 - ISN InfoSec News Mailing List - InfoSec News: IG: Air traffic control system vulnerable to cyberattack:http://gcncom/articles/2009/05/06/air-traffic-control-vulnerabilitiesaspxBy Kathleen Hickey GCNcom May 06, 2009The Federal Aviation Administration’s air traffic control system isvulnerable to cyberattacks via Web applications that support thesystem, http://www.secuobs.com/revue/news/93090.shtmlhttp://www.secuobs.com/revue/news/93090.shtml Secuobs.com : 2009-05-07 13:52:14 - ISN InfoSec News Mailing List - InfoSec News: Teen fake cop back in trouble:http://wwwchicagodefendercom/article-4256-teen-fake-cop-back-ihtmlBy Kathy Chaney Chicago Defender May 5, 2009The 14-year-old boy who successfully passed himself off as a Chicagopolice officer in the presence of other officers for several hours inFebruary has broken the law again http://www.secuobs.com/revue/news/93089.shtmlhttp://www.secuobs.com/revue/news/93089.shtml Secuobs.com : 2009-05-07 13:52:14 - ISN InfoSec News Mailing List - InfoSec News: ICITST-2009: Deadline for Paper Submission is ApproachingKindly email this Call for Papers to your colleagues, faculty membersand postgraduate students: Forwarded from: dlin at icitstorgApologies for cross-postingsICITST-2009The 4th International Conference for Internet Technology and SecuredTransactions ICITST-2009, Technical Co-Sponsored by IEEE UK/RISection, November 9–12, 2009, London, UK wwwicitst http://www.secuobs.com/revue/news/93088.shtmlhttp://www.secuobs.com/revue/news/93088.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: Officials: North is operating cyber warfare unit targetingKorea, US:http://joongangdailyjoinscom/article/viewaspaid=2904450Yonhap May 06, 2009North Korea operates a cyber warfare unit that seeks to disrupt SouthKorean and US military networks and visits US military sites morefrequently than any other country, intelligence sources in Seoul saidhttp://www.secuobs.com/revue/news/92667.shtmlhttp://www.secuobs.com/revue/news/92667.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: P2P bill could regulate Web browsers, FTP clients:http://newscnetcom/8301-13578_3-10233419-38htmlBy Declan McCullagh Politics and Law CNET News May 5, 2009news analysis - The US House of Representatives has scheduled ahearing Tuesday to examine a bill that would force peer-to-peerapplications to provide specific notice to consumers that their filesmight be sharedThe hearing before a House Energy subcommittee comes about a monthafter reports that specifications about the helicopter used as MarineOne may have been leaked through a P2P network Meanwhile, a secondHouse committee is probing whether LimeWire or another P2P applicationwas responsibleTuesday's hearing is expected to focus on a bill introduced in Marchby Rep Mary Bono Mack, a California Republican The catch: while itappears intended to target only P2P applications, the measure sweepsin Web browsers, FTP applications, instant messaging utilities, andother common programs tooBono's Informed P2P User Act says that it will be "unlawful" for P2Psoftware to cause files to be made available unless two rules arefollowed First, the utility's installation process must provide"clear and conspicuous notice" of its features and obtain the user's"informed consent" Second, the program must step through thatnotice-and-consent process every time it runshttp://www.secuobs.com/revue/news/92666.shtmlhttp://www.secuobs.com/revue/news/92666.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: Heartland Payment Systems' PCI Compliance Is Reinstated:http://wwwdarkreadingcom/security/perimeter/showArticlejhtmlarticleID=217201395By Tim Wilson DarkReading May 04, 2009Heartland Payment Systems, which exposed the personal information ofmillions of credit card customers in a major data breach last year,has http://www.secuobs.com/revue/news/92665.shtmlhttp://www.secuobs.com/revue/news/92665.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: Lost BlackBerry had patient data:http://thechronicleheraldca/NovaScotia/1120326htmlBy BEVERLEY WARE South Shore Bureau The Chronicle Herald May 5, 2009BRIDGEWATER -- The provincial Health Department is phoning dozens ofcontinuing care clients after an employee based in Bridgewater losther http://www.secuobs.com/revue/news/92664.shtmlhttp://www.secuobs.com/revue/news/92664.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: Swedish Hacker Indicted in Cisco, NASA Attacks:http://onlinewsjcom/article/SB124157855780690631htmlBy SIOBHAN GORMAN and YOCHI J DREAZEN The Wall Street Journal May 6,2009WASHINGTON -- A Swedish computer hacker was indicted Tuesday forbreaking into the networks of tech-gear maker Cisco Systems Inc http://www.secuobs.com/revue/news/92663.shtmlhttp://www.secuobs.com/revue/news/92663.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: Calgary fraud charges dropped to extradite hacker to US:http://wwwcbcca/canada/calgary/story/2009/05/05/calgary-tenenbaum-analyzer-hacker-extraditionhtmlCBC News May 5, 2009A hacker who once cracked the Pentagon's computer system is going tobe extradited from Calgary to face charges in New York ofmasterminding a global fraud network http://www.secuobs.com/revue/news/92662.shtmlhttp://www.secuobs.com/revue/news/92662.shtml Secuobs.com : 2009-05-06 15:23:19 - ISN InfoSec News Mailing List - InfoSec News: McAfee website visited by plague of security locusts:http://wwwtheregistercouk/2009/05/05/mcafee_site_bugs/By Dan Goodin in San Francisco The Register 5th May 2009McAfee's website has been has been hit by at least three nasty bugsthat left its customers susceptible to phishing and other types ofscams http://www.secuobs.com/revue/news/92661.shtmlhttp://www.secuobs.com/revue/news/92661.shtml Secuobs.com : 2009-05-05 12:31:24 - ISN InfoSec News Mailing List - InfoSec News: LTTE won first round in the cyber war: Hacked Army andLankapuwath websites – Army site restored:http://wwwasiantribunecom/q=node/17204Asiantribunecom 2009-05-01The official website of Sri Lanka Army, wwwarmylk and one of anotherSri Lanka Government’s site - Lanka Puwath wwwlankapuwathlk havebeen hacked by suspected LTTE hackers this morning May 1 http://www.secuobs.com/revue/news/92151.shtmlhttp://www.secuobs.com/revue/news/92151.shtml Secuobs.com : 2009-05-05 12:31:24 - ISN InfoSec News Mailing List - InfoSec News: Korea, US Join Forces to Fight Cyber Terrorism:http://wwwkoreatimescokr/www/news/nation/2009/05/113_44315htmlBy Do Je-hae Staff Reporter Korea Times 05-04-2009South Korea and the United States will work more closely to securesecurity information and protect their intelligence networks fromcyber http://www.secuobs.com/revue/news/92150.shtmlhttp://www.secuobs.com/revue/news/92150.shtml Secuobs.com : 2009-05-05 12:31:24 - ISN InfoSec News Mailing List - InfoSec News: Microsoft Offers Secure Windows … But Only to theGovernment:http://wwwwiredcom/threatlevel/2009/04/air-force-windows/By Kim Zetter Threat Level Wiredcom April 30, 2009It’s the most secure distribution version of Windows XP ever producedby Microsoft: More than 600 settings are locked down tight, andcritical http://www.secuobs.com/revue/news/92149.shtmlhttp://www.secuobs.com/revue/news/92149.shtml Secuobs.com : 2009-05-05 12:31:24 - ISN InfoSec News Mailing List - InfoSec News: Security Researchers Uncover 70GB of Financial Data Stolenby Botnet:http://wwweweekcom/c/a/Security/Security-Researchers-Uncover-70-GB-of-Financial-Data-Stolen-by-Botnet-501015/By Brian Prince eWEEKcom 2009-05-04Researchers at the University of California, Santa Barbara, say theyseized control of the Torpig botnet for 10 days earlier in 2009 andhttp://www.secuobs.com/revue/news/92148.shtmlhttp://www.secuobs.com/revue/news/92148.shtml Secuobs.com : 2009-05-05 12:31:24 - ISN InfoSec News Mailing List - InfoSec News: LayerOne 2009 - Final Update: Forwarded from: LayerOne CallFor Papers LayerOne 2009 May 23-24 Anaheim Marriott Anaheim, Californiahttp://layeroneinfoWell folks, LayerOne 2009 is happening in just a few weeks time Wewanted to make one final announcement before we begin last minutehttp://www.secuobs.com/revue/news/92147.shtmlhttp://www.secuobs.com/revue/news/92147.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Black Hat USA CFP closing next Tuesday: Forwarded from:jmoss Hey guys, just a reminder that the CFP for Black Hat USA is closingnext TuesdayI'll post the first batch of acceptances next week some really solidstuff this year from hacking ATM machines and lock picking forensicsto http://www.secuobs.com/revue/news/91064.shtmlhttp://www.secuobs.com/revue/news/91064.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Dallas police seeking impostor who helped make arrests:http://wwwdallasnewscom/sharedcontent/dws/news/localnews/stories/042809dnmetdpdimposter3cac535htmlBy TANYA EISERER The Dallas Morning News April 28, 2009A 21-year-old man claiming to be in the military helped Dallas patrolofficers answer calls and make arrests, and he accompanied them on aride-along, but officials say he was the one taking police for a rideThe impostor, identified as Ryan Caskey, wore a bulletproof vest andcarried a US Marine military police badge and a Glock, which hereportedly drew from its holster as he kicked in a door at a Far NorthDallas apartmentAuthorities said Caskey, who is wanted for questioning, claimed to bein an FBI task force, had the cop lingo and swagger down pat, andfollowed officers in his black Crown Victoria with red and blueflashing lights in the dashboard"They just assumed that with his credentials that he was legit," saidLt Andy Harvey, a Dallas police spokesman "I guess the more he did,the more he felt comfortable doing it"http://www.secuobs.com/revue/news/91063.shtmlhttp://www.secuobs.com/revue/news/91063.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Secunia Weekly Summary - Issue: 2009-18:========================================================================The Secunia Weekly Advisory Summary 2009-04-23 - 2009-04-30This week: 47 advisories http://www.secuobs.com/revue/news/91062.shtmlhttp://www.secuobs.com/revue/news/91062.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Batten down the cyber-hatches:http://wwweconomistcom/world/europe/displaystorycfmstory_id=13569241Apr 30th 2009 EconomistcomSecuring vulnerable networks across EuropeOVER the past ten years the European Union has failed to protect thecontinent’s energy security Will it do any better when it comes tocyber-security http://www.secuobs.com/revue/news/91061.shtmlhttp://www.secuobs.com/revue/news/91061.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: ITL Bulletin for April 2009: Fowarded from: ElizabethLennon ITL BULLETIN FOR APRIL 2009THE SYSTEM DEVELOPMENT LIFE CYCLE SDLCShirley Radack, Editor Computer Security Division InformationTechnology Laboratory National Institute of Standards and TechnologyUS http://www.secuobs.com/revue/news/91060.shtmlhttp://www.secuobs.com/revue/news/91060.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Analyst discusses cyber warfare:http://thedartmouthcom/2009/04/30/news/cyberwarfare/By Tatiana Cooke, The Dartmouth April 30, 2009Understanding China’s strategic approach to cyber warfare is essentialto defending the United States from hackers, Timothy Thomas, ananalyst at the Foreign Military Studies Office at Fort Leavenworth inKansas, said in a lecture on Tuesday in the Haldeman Center Theanonymous nature of cyber attacks often complicates cyber defense,Thomas said in the lectureCyber warfare is increasingly important in international relations,Thomas said He explained that a large scale attack on USinfrastructure has the potential to affect everything from thecountry’s banking system to its military operationsThomas compared his work with cyber warfare to his previous workmonitoring Russian intelligence in the Soviet Army Studies Office ofthe Army during the Cold War Western countries did not know whatactions the Soviet Union would take at that point, he said, just ascurrent military strategists are unaware what to expect with regardsto cyber warfareIt is difficult for governments to trace the source of a cybersecurity breach because attackers can route information throughservers in several countries, Thomas said Even when the country oforigin is known, as with many attacks originating from China, it isimpossible to determine whether the attacker was acting independentlyor in service of the country’s governmenthttp://www.secuobs.com/revue/news/91059.shtmlhttp://www.secuobs.com/revue/news/91059.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Lawmakers Seek to Tighten Cyber Regulation on Power Grids:http://wwwwashingtonpostcom/wp-dyn/content/article/2009/04/29/AR2009042902953htmlBy Brian Krebs washingtonpostcom Staff Writer April 29, 2009Key lawmakers in the House and Senate are seeking to grant federalregulators new powers to protect the US http://www.secuobs.com/revue/news/91058.shtmlhttp://www.secuobs.com/revue/news/91058.shtml Secuobs.com : 2009-05-01 17:48:39 - ISN InfoSec News Mailing List - InfoSec News: Call for donations for InfoSec News:http://wwwinfosecnewsorg/donatehtmlRichard Clarke once said"If you spend more on coffee than on IT security, then you will behacked What's more, you deserve to be hacked"For $100 at the local diner, you can buy a bottomless cup of coffeehttp://www.secuobs.com/revue/news/91057.shtmlhttp://www.secuobs.com/revue/news/91057.shtml Secuobs.com : 2009-04-30 22:07:51 - ISN InfoSec News Mailing List - InfoSec News: Swine Flu: 5 Tips to Ensure Pandemic Preparation:http://wwwbankinfosecuritycom/articlesphpart_id=1422By Linda McGlasson Managing Editor Bank Infosecurity April 29, 2009The Swine Flu, if unchecked, could prove to be the pandemic thatindustry experts have warned about, and so financial regulators andhttp://www.secuobs.com/revue/news/90694.shtmlhttp://www.secuobs.com/revue/news/90694.shtml Secuobs.com : 2009-04-30 22:07:51 - ISN InfoSec News Mailing List - InfoSec News: Report: US needs clear policy on cyberattacks:http://fcwcom/articles/2009/04/29/web-cyberoffense-recommendationsaspxBy Ben Bain FCWcom April 29, 2009The United States policy and legal framework regarding launchingcyberattacks is "ill-informed, undeveloped and highly uncertain" andthe http://www.secuobs.com/revue/news/90693.shtmlhttp://www.secuobs.com/revue/news/90693.shtml Secuobs.com : 2009-04-30 22:07:51 - ISN InfoSec News Mailing List - InfoSec News: Approaching Deadlines for USENIX Security-RelatedWorkshops: Forwarded from: Lionel Garth Jones Submissions deadlines are approaching for Workshops co-located withUSENIX Security '09 in Montreal, Canada: HotSec '09, CSET '09,MetriCon 40, and WOOT '09 -- CSET '09: 2nd Workshop on CyberSecurity Experimentation and Test http://www.secuobs.com/revue/news/90692.shtmlhttp://www.secuobs.com/revue/news/90692.shtml Secuobs.com : 2009-04-30 22:07:51 - ISN InfoSec News Mailing List - InfoSec News: US military's cyberwar rules 'ill-formed,' says panel:http://wwwtheregistercouk/2009/04/29/cyberwar_report/By Dan Goodin in San Francisco The Register 29th April 2009The United States government has yet to form a coherent policy forengaging in warfare that involves attacks on a country's electricalhttp://www.secuobs.com/revue/news/90691.shtmlhttp://www.secuobs.com/revue/news/90691.shtml Secuobs.com : 2009-04-29 12:27:40 - ISN InfoSec News Mailing List - InfoSec News: Swine flu: time to review business continuity plans:http://wwwcomputerweeklycom/Articles/2009/04/27/235812/swine-flu-time-to-review-business-continuity-planshtmBy Bill Goodwin ComputerWeeklycom 27 Apr 2009Businesses were urged to review their business continuity plans amidwarnings that a swine flu could lead to absenteeism rates of up to 40%if a pandemic takes holdThe warning follows growing concern over the H1N1 virus, which has ledto between 20 and 80 deaths in Mexico, with further cases reported inUS Spain and New ZealandAnalyst firm Gartner advised businesses to place IT at the forefrontof their business continuity plans as the virus spreads"It is important to have pandemic contingency plans that define whatyou would do if the workforce absenteeism rates exceeded 40% or youhad to close your offices As you develop and refresh those plansdon't forget that mobile and wireless technology has a part to play,"said analyst Nick JonesGartner advises businesses to use wireless broadband to allowemployees to work remotely Organisations should consider buyingmobile broadband adaptors with built-in wireless capabilityhttp://www.secuobs.com/revue/news/89694.shtmlhttp://www.secuobs.com/revue/news/89694.shtml Secuobs.com : 2009-04-29 12:27:40 - ISN InfoSec News Mailing List - InfoSec News: US Steps Up Effort on Digital Defenses:http://wwwnytimescom/2009/04/28/us/28cyberhtmlBy DAVID E SANGER, JOHN MARKOFF and THOM SHANKER The New York TimesApril 27, 2009This article was reported by David E Sanger, John Markoff and ThomShanker and written by Mr SangerWhen American forces in Iraq wanted to lure members of Al Qaeda into atrap, they hacked into one of the group’s computers and alteredinformation that drove them into American gun sightsWhen President George W Bush ordered new ways to slow Iran’s progresstoward a nuclear bomb last year, he approved a plan for anexperimental covert program — its results still unclear — to bore intotheir computers and undermine the projectAnd the Pentagon has commissioned military contractors to develop ahighly classified replica of the Internet of the future The goal isto simulate what it would take for adversaries to shut down thecountry’s power stations, telecommunications and aviation systems, orfreeze the financial markets — in an effort to build better defensesagainst such attacks, as well as a new generation of online weaponsJust as the invention of the atomic bomb changed warfare anddeterrence 64 years ago, a new international race has begun to developcyberweapons and systems to protect against themhttp://www.secuobs.com/revue/news/89693.shtmlhttp://www.secuobs.com/revue/news/89693.shtml Secuobs.com : 2009-04-29 12:27:40 - ISN InfoSec News Mailing List - InfoSec News: Auditors: Coast Guard, FEMA weak on controls:http://fcwcom/articles/2009/04/28/coast-guard-and-fema-weak-on-it-controls-say-auditorsaspxBy Alice Lipowicz FCWcom April 28, 2009The Coast Guard made more progress than the Federal EmergencyManagement Agency in securing information technology systems in fiscal2008, http://www.secuobs.com/revue/news/89692.shtmlhttp://www.secuobs.com/revue/news/89692.shtml http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-05-31 11:30:41 - ISN InfoSec News Mailing List : InfoSec News Lockheed Martin Bets Big on Quantum Computing http wwwpcworldcom article 228921 lockheed_martin_bets_big_on_quantum_computinghtml By Keir Thomas PCWorld May 28, 2011 Defense contractor Lockeed Martin Corp is betting big on the promise of quantum computing The company recently shelled out big money to Canadian firm D-Wave for http://www.secuobs.com/revue/news/308096.shtmlhttp://www.secuobs.com/revue/news/308096.shtml Secuobs.com : 2011-05-31 11:30:41 - ISN InfoSec News Mailing List - InfoSec News CALL FOR POSTERS - 4th Summer School on Network and Information Security NIS'11 Forwarded from Ioannis Askoxylakis OUR SINCERE APOLOGIES IF YOU RECEIVE MULTIPLE COPIES OF THIS ANNOUNCEMENT http://www.secuobs.com/revue/news/308095.shtmlhttp://www.secuobs.com/revue/news/308095.shtml Secuobs.com : 2011-05-31 11:30:41 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, May 22, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 22, 2011 24 Incidents Added http://www.secuobs.com/revue/news/308094.shtmlhttp://www.secuobs.com/revue/news/308094.shtml Secuobs.com : 2011-05-31 11:30:41 - ISN InfoSec News Mailing List - InfoSec News 35 Million Google Profiles Captured In Database http wwwinformationweekcom news security privacy 229700122 By Mathew J Schwartz InformationWeek May 27, 2011 Caveat poster A security researcher has assembled a single database containing 35 million people's Google Profiles information, including http://www.secuobs.com/revue/news/308093.shtmlhttp://www.secuobs.com/revue/news/308093.shtml Secuobs.com : 2011-05-31 11:30:41 - ISN InfoSec News Mailing List - InfoSec News Survey Breaches Cost Some Healthcare Organizations 100K Per Day http wwwdarkreadingcom database-security 167901020 security news 229700106 survey-breaches-cost-some-healthcare-organizations-100k-per-dayhtml By Kelly Jackson Higgins Dark Reading May 27, 2011 Most healthcare organizations have made compliance with security and http://www.secuobs.com/revue/news/308092.shtmlhttp://www.secuobs.com/revue/news/308092.shtml Secuobs.com : 2011-05-31 11:30:41 - ISN InfoSec News Mailing List - InfoSec News Lockheed Martin investigates possible link between cyber attack and RSA data breach http wwwcomputerweeklycom Articles 2011 05 31 246816 Lockheed-Martin-investigates-possible-link-between-cyber-attack-and-RSA-datahtm By Warwick Ashford ComputerWeeklycom 31 May 2011 US-based global defence firm Lockheed Martin says it has beefed up http://www.secuobs.com/revue/news/308091.shtmlhttp://www.secuobs.com/revue/news/308091.shtml Secuobs.com : 2011-05-31 11:30:41 - ISN InfoSec News Mailing List - InfoSec News Moderator's note We're changing hosts May 31, 2011 Just a quick note, we're changing hosts from Steadfast Networks to Tegatai Phoenix You've probably noticed we've been running an ad for Tegatai since October, but if you never bothered to look Tegatai Phoenix delivers proactive information security, datacenter, and http://www.secuobs.com/revue/news/308090.shtmlhttp://www.secuobs.com/revue/news/308090.shtml Secuobs.com : 2011-05-27 11:38:28 - ISN InfoSec News Mailing List - InfoSec News PSN Hack Dings Sony s Bottom Line http mashablecom 2011 05 26 sony-playstation-network-170m By Todd Wasserman Mashablecom May 26, 2011 Sony expects the hacker attack on its PlayStation network to cost the company about 170 million The company says it expects a significant decline in operating profits http://www.secuobs.com/revue/news/307531.shtmlhttp://www.secuobs.com/revue/news/307531.shtml Secuobs.com : 2011-05-27 11:38:28 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-21 The Secunia Weekly Advisory Summary 2011-05-19 - 2011-05-26 This week 54 advisories http://www.secuobs.com/revue/news/307530.shtmlhttp://www.secuobs.com/revue/news/307530.shtml Secuobs.com : 2011-05-27 11:38:28 - ISN InfoSec News Mailing List - InfoSec News China confirms deployment of online army http englishpeopledailycomcn 90001 90776 90786 7392068html chinadailycomcn May 26, 2011 The development of China's Online Blue Army unit is for improving the defense capabilities of the People's Liberation Army PLA , a Chinese Defense Ministry spokesman said on Wednesday, citied by Beijing News Launching the Online Blue Army is based on the PLA's needs, and enforcing the ability of Internet security protection is an important issue in its military training programs, Defense Ministry spokesman Geng Yansheng said Geng's comments came in response to questions during the ministry's news conference in Beijing asking if the Online Blue Army is China's Internet squad aimed at carrying out attacks on other countries' Internet systems The PLA Daily reported earlier the PLA's Guangzhou command had invested tens of millions of yuan in building the specialized Internet squad http://www.secuobs.com/revue/news/307529.shtmlhttp://www.secuobs.com/revue/news/307529.shtml Secuobs.com : 2011-05-27 11:38:28 - ISN InfoSec News Mailing List - InfoSec News Experts Pressure SCADA developers on security as you would software vendors http wwwcsoonlinecom article 682990 experts-pressure-scada-developers-on-security-as-you-would-software-vendors By George V Hulme CSO May 26, 2011 The discovery of a number of what have been described as serious vulnerabilities within industrial control systems built by manufacturing http://www.secuobs.com/revue/news/307528.shtmlhttp://www.secuobs.com/revue/news/307528.shtml Secuobs.com : 2011-05-27 11:38:28 - ISN InfoSec News Mailing List - InfoSec News Manal al-Sharif Imprisoned For 10 More Days For Driving in Saudi Arabia http wwwcare2com causes womens-rights blog manal-al-sharif-imprisoned-for-10-more-days-for-driving-in-saudi-arabia By Kristina Chew Care2com May 26, 2011 Manal al-Sharif, the Saudi woman who was arrested early Sunday morning for defying her country's ban on women driving and calling for a June 17th mass drive on Facebook, created was supposed to be released from prison today But authorities say that she will be held for ten more days, the Guardian reports According to her lawyer, al-Sharif is being charged with driving without a licence, provoking other women to do the same and provoking public opinion in Saudi Arabia It is disputed by lawyers whether it is illegal for women to drive under national law but it is socially and religiously unacceptable in many quarters The investigator needs another 10 days to complete his investigation, said Al Sharif's lawyer, Adnan Al Salah He will decide whether Manal is innocent and has to be released or he will refer her to the prosecution unit, a government organisation and they might refer her to a special prosecutor to deal with the case I feel the fair and right thing would have been to release her on bail Al-Sharif had also posted a video online of her driving and another video in which she described how women could participate in the June 17 protest Manal al-Sharif is, says the Saudi Women weblog, a woman whom Saudi Arabia should be proud of She is one of the first women in the world to be a Certified Ethical Hacker-EC-Council CISSP- ISC 2 Certified ISO 27001 Implementer and Lead Auditor -BSI ISO She is an IT security consultant at the biggest oil company in Saudi, ARAMCO http://www.secuobs.com/revue/news/307527.shtmlhttp://www.secuobs.com/revue/news/307527.shtml Secuobs.com : 2011-05-27 11:38:28 - ISN InfoSec News Mailing List - InfoSec News InsecureID No more secrets http wwwcringelycom 2011 05 insecureid-no-more-secrets By Robert X Cringely I, Cringely May 25th, 2011 Back in March I heard from an old friend whose job it is to protect his company s network from attack Any word on just what was compromised at RSA http://www.secuobs.com/revue/news/307526.shtmlhttp://www.secuobs.com/revue/news/307526.shtml Secuobs.com : 2011-05-26 07:45:06 - ISN InfoSec News Mailing List - InfoSec News Sony Begins Providing ID Theft Protection for PlayStation Hack http wwwpcmagcom article2 0,2817,2385909,00asp By Mark Hachman PCMagcom May 25, 2011 Sony has begun sending out formal emails advising users of its PlayStation Network how to sign up for the identity theft protection services it said it would offer customers http://www.secuobs.com/revue/news/307262.shtmlhttp://www.secuobs.com/revue/news/307262.shtml Secuobs.com : 2011-05-26 07:45:06 - ISN InfoSec News Mailing List - InfoSec News Apple iPhone encryption cracked by Russian firm http newstechworldcom security 3282137 apple-iphone-encryption-cracked-by-russian-firm By John E Dunn Techworldcom 25 May 11 Having cracked Apple iPhone backups last year, Russian security company ElcomSoft appears to have found a reliable way to beat the layered http://www.secuobs.com/revue/news/307261.shtmlhttp://www.secuobs.com/revue/news/307261.shtml Secuobs.com : 2011-05-26 07:45:06 - ISN InfoSec News Mailing List - InfoSec News Military set to lead on US domestic cyber-security http wwwtheregistercouk 2011 05 25 pentagon_lead_us_cyber_security By Lewis Page The Register 25th May 2011 The US military will play a leading role in defending homeland America from cyber attacks, and this will include providing cybersecurity to key infrastructure on US soil http://www.secuobs.com/revue/news/307260.shtmlhttp://www.secuobs.com/revue/news/307260.shtml Secuobs.com : 2011-05-26 07:45:06 - ISN InfoSec News Mailing List - InfoSec News DHS plans expansion of cybersecurity workforce http wwwfederaltimescom article 20110524 IT03 105240302 1018 DEPARTMENTS By NICOLE BLAKE JOHNSON Federal Times May 24, 2011 The Department of Homeland Security plans to grow its cybersecurity workforce by more than 50 percent, as lawmakers and the White House work http://www.secuobs.com/revue/news/307259.shtmlhttp://www.secuobs.com/revue/news/307259.shtml Secuobs.com : 2011-05-26 07:45:06 - ISN InfoSec News Mailing List - InfoSec News BofA Breach 'A Big, Scary Story' http wwwbankinfosecuritycom articlesphp art_id 3673 By Tracy Kitten Managing Editor Bank Info Security May 25, 2011 An internal breach at US financial giant Bank of America shows how some corporations do not focus enough attention on mitigating internal fraud risks http://www.secuobs.com/revue/news/307258.shtmlhttp://www.secuobs.com/revue/news/307258.shtml Secuobs.com : 2011-05-25 12:12:12 - ISN InfoSec News Mailing List - InfoSec News Sony says hacker stole 2,000 records from Canadian site http wwwcomputerworldcom s article 9217028 Sony_says_hacker_stole_2_000_records_from_Canadian_site By Robert McMillan IDG News Service May 24, 2011 The problems keep coming for Sony On Tuesday the company confirmed that someone had hacked into its website and stolen about 2,000 customer http://www.secuobs.com/revue/news/306973.shtmlhttp://www.secuobs.com/revue/news/306973.shtml Secuobs.com : 2011-05-25 12:12:12 - ISN InfoSec News Mailing List - InfoSec News Businesses most at risk from Web hackers http wwwusatodaycom money industries technology 2011-05-22-cnbc-businesses-at-risk-of-hacking_nhtm By Peter Suciu CNBCcom May 24, 2011 Career criminal Willie Sutton is credited with saying that he robbed banks, because that's where the money is, and while Sutton later http://www.secuobs.com/revue/news/306972.shtmlhttp://www.secuobs.com/revue/news/306972.shtml Secuobs.com : 2011-05-25 12:12:12 - ISN InfoSec News Mailing List - InfoSec News New hack on Comodo reseller exposes private data http wwwtheregistercouk 2011 05 24 comodo_reseller_hacked By Dan Goodin in San Francisco The Register 24th May 2011 Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data http://www.secuobs.com/revue/news/306971.shtmlhttp://www.secuobs.com/revue/news/306971.shtml Secuobs.com : 2011-05-24 08:03:34 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, May 15, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 15, 2011 53 Incidents Added http://www.secuobs.com/revue/news/306733.shtmlhttp://www.secuobs.com/revue/news/306733.shtml Secuobs.com : 2011-05-24 08:03:34 - ISN InfoSec News Mailing List - InfoSec News Tight defense budgets could yield better cybersecurity, information sharing http fcwcom articles 2011 05 23 dod-budget-problems-cybersecurity-information-sharingaspx By Amber Corrin FCWcom May 23, 2011 The Defense Department s ongoing budget struggles could lead to streamlined cybersecurity efforts and better shared capabilities across http://www.secuobs.com/revue/news/306732.shtmlhttp://www.secuobs.com/revue/news/306732.shtml Secuobs.com : 2011-05-24 08:03:34 - ISN InfoSec News Mailing List - InfoSec News Financial services firms to increase IT spending survey http wwwnetworkworldcom news 2011 052311-bloomberg-surveyhtml By Ann Bednarz Network World May 23, 2011 IT execs in the financial services industry say they plan to increase tech spending and use more managed services as they struggle to process http://www.secuobs.com/revue/news/306731.shtmlhttp://www.secuobs.com/revue/news/306731.shtml Secuobs.com : 2011-05-24 08:03:34 - ISN InfoSec News Mailing List - InfoSec News Man Gets Past Willis Tower Security, All the Way Up to 102nd Floor http wwwmyfoxchicagocom dpp news metro willis-sears-tower-man-security-threat-elevator-chicago-terrorism-20110523 By Craig Wall FOX Chicago News 23 May 2011 Chicago - Willis Tower security is investigating how a disheveled man wandered into an elevator and made it all the way up to the 102nd floor before anyone stopped him The camera in the Franklin Street lobby of the Willis Tower shows a security officer directing people where to go on Monday, May 16, as they usually do But, when the long haired, 42-year-old psychiatric patient wandered in, security missed him After meandering down several hallways, the man follows an employee with a key pass into a freight elevator and makes his way up the Tower A spokesman for the Willis Tower says it was while the man was in the elevator that he was spotted by security He was in the building for 16 minutes, making it all the way up to the 102nd floor On his way down he was arrested on the 32nd floor and charged with misdemeanor trespassing http://www.secuobs.com/revue/news/306730.shtmlhttp://www.secuobs.com/revue/news/306730.shtml Secuobs.com : 2011-05-24 08:03:34 - ISN InfoSec News Mailing List - InfoSec News 4th Summer School on Network and Information Security NIS'11 - CALL FOR PARTICIPATION Forwarded from Ioannis Askoxylakis OUR SINCERE APOLOGIES IF YOU RECEIVE MULTIPLE COPIES OF THIS ANNOUNCEMENT http://www.secuobs.com/revue/news/306729.shtmlhttp://www.secuobs.com/revue/news/306729.shtml Secuobs.com : 2011-05-23 12:01:12 - ISN InfoSec News Mailing List - InfoSec News Michaels Breach Who's Liable http wwwbankinfosecuritycom articlesphp art_id 3668 By Tracy Kitten Managing Editor Bank Info Security May 22, 2011 A Chicago consumer affected by the Michaels card breach has filed a federal lawsuit against the crafts retailer, claiming it should have http://www.secuobs.com/revue/news/306522.shtmlhttp://www.secuobs.com/revue/news/306522.shtml Secuobs.com : 2011-05-23 12:01:12 - ISN InfoSec News Mailing List - InfoSec News Small firms learn size doesn't matter to hackers http wwwlatimescom business la-fi-smallbiz-security-20110523,0,5494792story By Cyndia Zwahlen Los Angeles Times May 23, 2011 It took all of three minutes for the hacker to break into the small accounting firm's computer system The virtual open window into the system turned out to be a computer equipped with outdated software It provided access to the office network and the hacker was able to get files that included private financial information That was a shock, said Lynne Leavitt, a partner at the four-person Los Angeles firm, Brakensiek Leavitt Pleger I thought we had good security I thought we were safe Luckily, it was just a test The hacker had been employed by a security company to test the accountants' digital defenses As a result, the firm put in new software and adopted new security procedures Cyber security is not just for big businesses That's one of the myths we come across 'I am too small,' said Stan Stahl, head of a Los Angeles cyber-security company Citadel Information Group Inc and president of the Los Angeles chapter of the Information Systems Security Assn, a trade group http://www.secuobs.com/revue/news/306521.shtmlhttp://www.secuobs.com/revue/news/306521.shtml Secuobs.com : 2011-05-23 12:01:12 - ISN InfoSec News Mailing List - InfoSec News ORNL may add security role http wwwknoxnewscom news 2011 may 21 ornl-may-add-security-role By Frank Munger Knoxville News Sentinel May 21, 2011 OAK RIDGE - Oak Ridge National Laboratory has become America's hub for scientific supercomputing, hosting the Department of Energy's top http://www.secuobs.com/revue/news/306520.shtmlhttp://www.secuobs.com/revue/news/306520.shtml Secuobs.com : 2011-05-23 12:01:12 - ISN InfoSec News Mailing List - InfoSec News ACM CCS'11 Call for Tutorials Forwarded from ACM CCS 2011 CCS'11 Tutorial submissions http wwwsigsacorg ccs CCS2011 cfpshtml CALL FOR TUTORIALS Tutorial submissions Proposals for long 3-hour and short 15-hour tutorials on research topics of current and emerging interest should be http://www.secuobs.com/revue/news/306519.shtmlhttp://www.secuobs.com/revue/news/306519.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News Military fends off major cyber attack http wwwnewsinenglishno 2011 05 19 military-fends-off-major-cyber-attack Views and News from Norway May 19, 2011 Norwegian military personnel were the targets of what s being described as a massive cyber attack this spring, one day after Norway started http://www.secuobs.com/revue/news/306087.shtmlhttp://www.secuobs.com/revue/news/306087.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News NK has 30,000 electronic warfare specialists Fox News http englishdongacom srv servicephp3 bicode 060000 biid 2011051977548 dongacom May 19, 2011 North Korea has as many as 30,000 electronic warfare specialists as part of the elite core of the North s military, Fox News said Tuesday Quoting US and South Korean intelligence, the US http://www.secuobs.com/revue/news/306086.shtmlhttp://www.secuobs.com/revue/news/306086.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-20 The Secunia Weekly Advisory Summary 2011-05-12 - 2011-05-19 This week 45 advisories http://www.secuobs.com/revue/news/306085.shtmlhttp://www.secuobs.com/revue/news/306085.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News Russia expels Israeli military attache for 'industrial espionage' http wwwtelegraphcouk news worldnews europe russia 8524198 Russia-expels-Israeli-military-attache-for-industrial-espionagehtml By Andrew Osborn, Moscow Adrian Blomfield in Jerusalem Telegraphcouk May 19, 2011 In a scandal that risks souring traditionally good relations between the http://www.secuobs.com/revue/news/306084.shtmlhttp://www.secuobs.com/revue/news/306084.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News City tightens computer security http wwwdispatchcom live content local_news stories 2011 05 19 city-tightens-computer-securityhtml sid 101 By Doug Caruso THE COLUMBUS DISPATCH May 19, 2011 Columbus is taking steps to plug a gap in its computer security, the city's technology director said yesterday http://www.secuobs.com/revue/news/306083.shtmlhttp://www.secuobs.com/revue/news/306083.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News Google Silently Patches Android Authentication Flaw http wwweweekcom c a Security Google-Silently-Patches-Android-Authentication-Flaw-837349 By Fahmida Y Rashid eWEEKcom 2011-05-19 Google is implementing a server-side fix to address the authentication flaw that allows third-parties to access Android user data on Google http://www.secuobs.com/revue/news/306082.shtmlhttp://www.secuobs.com/revue/news/306082.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News Data breach affects about 4,000 SEC workers http wwwlatimescom business la-fi-sec-security-20110519,0,5665948story By Shan Li Los Angeles Times May 19, 2011 The Securities and Exchange Commission is having some security problems of its own About 4,000 agency employees, including several in Los Angeles, have http://www.secuobs.com/revue/news/306081.shtmlhttp://www.secuobs.com/revue/news/306081.shtml Secuobs.com : 2011-05-20 12:01:29 - ISN InfoSec News Mailing List - InfoSec News SecArt-11 IJCAI Workshop on Intelligent Security Call For Participation Forwarded from Yacine Zemali CALL FOR PARTICIPATION SECART 2011 The Third International Intelligent Security Workshop Barcelona, Spain, July 18, 2011 An IJCAI-11 Workshop http://www.secuobs.com/revue/news/306080.shtmlhttp://www.secuobs.com/revue/news/306080.shtml Secuobs.com : 2011-05-19 12:03:16 - ISN InfoSec News Mailing List - InfoSec News OIG raps HHS agencies for lax PHI security http wwwcmionet indexphp option com_articles view article id 27819 By Editorial Staff CMIOnet May 18, 2011 The US Department of Health Human Services HHS Office of Inspector General OIG has released two reports released two reports that http://www.secuobs.com/revue/news/305831.shtmlhttp://www.secuobs.com/revue/news/305831.shtml Secuobs.com : 2011-05-19 12:03:16 - ISN InfoSec News Mailing List - InfoSec News Mossad carries out daring London raid on Syrian official Forwarded from William Knowles http wwwtelegraphcouk news worldnews middleeast israel 8514919 Mossad-carries-out-daring-London-raid-on-Syrian-officialhtml By Duncan Gardham Security Correspondent The Telegraph 15 May 2011 The original plan was apparently to assassinate the official and Israel only averted what would have been a huge diplomatic rift with Britain, when they decided the target was more valuable alive than dead The operation involved at least 10 undercover agents on the streets of Britain and led directly to a controversial bombing raid into Syrian territory that destroyed a nuclear reactor that was under construction It closely mirrored the assassination of Mahmoud al-Mabhouh, a senior Hamas arms trader, who was killed in his hotel room in Dubai last year using agents disguised as tennis players The operation began when Israeli intelligence picked up an online booking for a senior Syrian nuclear official at a hotel in Kensington, west London, in late 2006, according to the Israeli authors of the book Israel vs Iran the Shadow War Mossad then dispatched three undercover teams to Britain including a team of spotters who were sent to Heathrow airport to identify the official as he flew in from Damascus under a false name A second team booked into his hotel, while a third monitored his movements and any visitors Communications without intelligence is noise Intelligence without communications is irrelevant Gen Alfred M Gray, USMC C4Iorg - Computer Security, Intelligence - http wwwc4iorg http://www.secuobs.com/revue/news/305830.shtmlhttp://www.secuobs.com/revue/news/305830.shtml Secuobs.com : 2011-05-19 12:03:16 - ISN InfoSec News Mailing List - InfoSec News Iran accused of hacking nuke inspectors' phones, PCs http wwwtheregistercouk 2011 05 19 iaea_cellphone_tampering_probe By Dan Goodin in San Francisco The Register 19th May 2011 United Nations nuclear officials are investigating reports that Iranian spies may have hacked agency phones and laptops that were left http://www.secuobs.com/revue/news/305829.shtmlhttp://www.secuobs.com/revue/news/305829.shtml Secuobs.com : 2011-05-19 12:03:16 - ISN InfoSec News Mailing List - InfoSec News Top Cybersecurity Official Resigns http wwwnationaljournalcom whitehouse top-cybersecurity-official-resigns-20110518 By Marc Ambinder National Journal May 18, 2011 Phil Reitinger, the Department of Homeland Security s top cyber and computer crimes official, is resigning just days after the http://www.secuobs.com/revue/news/305828.shtmlhttp://www.secuobs.com/revue/news/305828.shtml Secuobs.com : 2011-05-19 12:03:16 - ISN InfoSec News Mailing List - InfoSec News SCADA hack talk canceled after US, Siemens request http newscnetcom 8301-27080_3-20064112-245html By Elinor Mills InSecurity Complex CNet News May 18, 2011 Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after US cybersecurity and Siemens representatives asked them not to discuss their work publicly We were asked very nicely if we could refrain from providing that information at this time, Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today I decided on my own that it would be in the best interest of securityto not release the information Beresford said he and independent researcher Brian Meixell planned on doing a physical demonstration at the TakeDown Conference and shared their slides and other information on vulnerabilities and exploits with Siemens, ICS-CERT Industrial Control Systems Cyber Emergency Response Team , and the Idaho National Lab on Monday A DHS official provided this statement DHS' Industrial Control Systems Cyber Emergency Response Team ICS-CERT frequently engages with industry partners and members of the cybersecurity community to share actionable vulnerability information and mitigation measures in an effort to better secure our nation's critical infrastructure In this collaboration, DHS always prioritizes the responsible disclosure of vulnerability information, while concurrently providing actionable solutions and recommendations to better secure our nation's infrastructure This responsible disclosure process does not encourage the release of sensitive vulnerability information without also validating and releasing a solution http://www.secuobs.com/revue/news/305827.shtmlhttp://www.secuobs.com/revue/news/305827.shtml Secuobs.com : 2011-05-19 12:03:16 - ISN InfoSec News Mailing List - InfoSec News Registration for USENIX Security '11 and the Co-located Workshops Is Now Open Forwarded from Lionel Garth Jones Join us in San Francisco, CA, August 8-12, 2011, for a week covering the latest research in the security of computer systems, networks, healthcare, electronic voting, and more We know that keeping up with the latest advances in security can be costly and time-consuming The 20th USENIX Security Symposium and the co-located workshops make it easier than ever to stay ahead of the game The week includes - USENIX Security '11 20th USENIX Security Symposium Monday-Friday, August 8-12, 2011 http wwwusenixorg events sec11 The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks The 5-day program includes a Keynote Address by Charlie Stross, award-winning science fiction writer refereed papers invited talks a tutorial program poster session and more - EVT WOTE '11 2011 Electronic Voting Technology Workshop Workshop on Trustworthy Elections Monday-Tuesday, August 8-9, 2011 http wwwusenixorg events evtwote11 EVT WOTE brings together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors - CSET '11 4th Workshop on Cyber Security Experimentation and Test Monday, August 8, 2011 http wwwusenixorg events cset11 The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security Because of the complex and open nature of the subject matter, CSET '11 is designed to be a workshop in the traditional sense Presentations will be interactive, with the expectation that a substantial amount of this time may be given to questions and audience discussion - FOCI '11 USENIX Workshop on Free and Open Communications on the Internet Monday, August 8, 2011 http wwwusenixorg events foci11 The first USENIX Workshop on Free and Open Communications on the Internet FOCI seeks to bring together researchers and practitioners from both technology and policy who are working on policies or technologies to detect or circumvent practices that inhibit free and open communications on the Internet - WOOT '11 5th USENIX Workshop on Offensive Technologies Monday, August 8, 2011 http wwwusenixorg events woot11 Progress in the field of computer security is driven by a symbiotic relationship between our understandings of attack and of defense The USENIX Workshop on Offensive Technologies WOOT aims to bring together researchers and practitioners in systems security to present research advancing the understanding of attacks on operating systems, networks, and applications - HealthSec '11 2nd USENIX Workshop on Health Security and Privacy Tuesday, August 9, 2011 http wwwusenixorg events healthsec11 HealthSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy The highly interactive workshop will combine posters and brief presentations by position paper authors, slightly longer talks by extended abstract authors, and panel discussions - HotSec '11 6th USENIX Workshop on Hot Topics in Security Tuesday, August 9, 2011 http wwwusenixorg events hotsec11 HotSec is renewing its focus by placing singular emphasis on new ideas and problems HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to large-scale threats, network security, hardware security, software security, physical security, programming languages, applied cryptography, privacy, human-computer interaction, emerging computing environment, sociology, and economics - MetriCon 60 Sixth Workshop on Security Metrics Tuesday, August 9, 2011 http wwwsecuritymetricsorg content Wikijsp page Metricon60 Attendance at MetriCon 60 is by invitation only Whether you're a researcher, a system administrator, or a policy wonk, come to the 20th USENIX Security Symposium and the co-located workshops to find out how changes in computer security are going to affect you See you in San Francisco PS Connect with other attendees, check out additional discounts, and help spread the word Facebook http wwwfacebookcom eventphp eid 222251427791082 Twitter http twittercom usenix sec11 Additional Discounts http wwwusenixorg events sec11 discountshtml Help Promote http wwwusenixorg events sec11 promotehtml http://www.secuobs.com/revue/news/305826.shtmlhttp://www.secuobs.com/revue/news/305826.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Michaels Breach Bigger than Reported http wwwbankinfosecuritycom articlesphp art_id 3628 By Tracy Kitten Managing Editor Bank Info Security May 12, 2011 The Michaels debit breach is much bigger than the company initially thought Michael Stores initially reported that a scheme, in which point-of-sale http://www.secuobs.com/revue/news/305800.shtmlhttp://www.secuobs.com/revue/news/305800.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News FBI fights to protect ISPs that snoop on their customers http wwwtheregistercouk 2011 05 12 fbi_protects_isps By Dan Goodin in San Francisco The Register 12th May 2011 The FBI has finally come clean on the real reason it doesn't want to name phone and internet service providers that participate in a sweeping http://www.secuobs.com/revue/news/305799.shtmlhttp://www.secuobs.com/revue/news/305799.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Social Networking Here To Stay Despite Security Risks http wwwinformationweekcom news security privacy 229500138 By Paul McDougall InformationWeek May 12, 2011 Companies need to accept that employees will spend at least part of their day on social networks like Facebook, Twitter, and Linked In, and http://www.secuobs.com/revue/news/305798.shtmlhttp://www.secuobs.com/revue/news/305798.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Security expert says casino databases tempting target for cyberterrorism http wwwvegasinccom news 2011 may 12 security-expert-says-casino-databases-tempting-tar By Richard N Velotta Vegas Inc 12 May 2011 As repositories of the personal information and financial records of hundreds of thousands of guests enrolled in loyalty programs, Las Vegas http://www.secuobs.com/revue/news/305797.shtmlhttp://www.secuobs.com/revue/news/305797.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Square Enix customer data leaked after Sony problems http wwwbangkokpostcom tech computer 237244 square-enix-customer-data-leaked-after-sony-problems Bangkok Post 16 05 2011 Japanese game developer Square Enix Holdings said email addresses of 25,000 customers as well as resumes of 250 job applicants were leaked http://www.secuobs.com/revue/news/305796.shtmlhttp://www.secuobs.com/revue/news/305796.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Android Malware Volume Jumps 400pourcents http wwwinformationweekcom news 229500572 By Mathew J Schwartz InformationWeek May 13, 2011 The volume of attacks that target the Android mobile operating system has increased by 400pourcents since the summer of 2010 Also in that timeframe, one in 20 enterprise mobile devices has gone missing http://www.secuobs.com/revue/news/305795.shtmlhttp://www.secuobs.com/revue/news/305795.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Internet attack files sent to RCMP http wwwtimescolonistcom Internet attack files sent RCMP 4784705 storyhtml Times Colonist May 14, 2011 Details of the cyberattack that choked thousands of websites hosted by Islandnetcom are now in the hands of the RCMP Mark Morley, who owns Islandnet http://www.secuobs.com/revue/news/305794.shtmlhttp://www.secuobs.com/revue/news/305794.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News David Millar reacts angrily to UCI's secret Tour de France doping investigation leaked by L'Equipe http wwwtelegraphcouk sport othersports cycling 8512926 David-Millar-reacts-angrily-to-UCIs-secret-Tour-de-France-doping-investigation-leaked-by-LEquipehtml By Brendan Gallagher The Telegraph 13 May 2011 An angry David Millar insists heads should roll within cycling's http://www.secuobs.com/revue/news/305793.shtmlhttp://www.secuobs.com/revue/news/305793.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Teens sentenced for vicious attack on UK hosting firm http newstechworldcom security 3279975 teens-sentenced-for-vicious-attack-on-uk-hosting-firm By John E Dunn Techworld 16 May 11 Two UK teens have been sentenced to a suspended prison term and community service for a vicious online campaign that caused an online http://www.secuobs.com/revue/news/305792.shtmlhttp://www.secuobs.com/revue/news/305792.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, May 8, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 8, 2011 17 Incidents Added http://www.secuobs.com/revue/news/305791.shtmlhttp://www.secuobs.com/revue/news/305791.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News How security chief's bank details leaked http wwwsmhcomau technology security how-security-chiefs-bank-details-leaked-20110516-1eopzhtml By Ben Grubb The Sydney Morning Herald May 16, 2011 Security firm Symantec's Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws The security chief, Craig Scroggie, told of his experience at a Symantec roundtable discussion in Sydney last week which revealed the average cost of a data breach to Australian companies was 2 million He said the government should implement Australian Law Reform Commissioner ALRC recommendations requiring companies to notify customers when a data breach has occurred, but raised questions over how it could be enforced Such laws would require an organisation to notify individuals if, for example, their username, password or credit card details had been breached by a hacker The government has been criticised for failing to implement these laws despite sitting on recommendations for them since 2008 http://www.secuobs.com/revue/news/305790.shtmlhttp://www.secuobs.com/revue/news/305790.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Cyber attackers try Treasury hack at least once a day http wwwcsoonlinecom article 682397 cyber-attackers-try-treasury-hack-at-least-once-a-day By Anh Nguyen CSO May 16, 2011 'Hostile intelligence agencies' made hundreds of attempts to hack into the Treasury's computer system last year, Chancellor George Osborne has revealed http://www.secuobs.com/revue/news/305789.shtmlhttp://www.secuobs.com/revue/news/305789.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Zeus Sourcecode Leak Opens Up New Crimeware Markets Researchers http wwwcrncom news security 229500710 zeus-sourcecode-leak-opens-up-new-crimeware-markets-researchershtm By Stefanie Hoffman CRN May 16, 2011 Sourcecode for the notorious Zeus banking Trojan leaked onto the Internet could have been a strategic move to reinvigorate demand for http://www.secuobs.com/revue/news/305788.shtmlhttp://www.secuobs.com/revue/news/305788.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News ISI Major hacked army officer's mail http wwwhindustantimescom ISI-Major-hacked-army-officer-s-mail Article1-698006aspx By Sanjib Kr Baruah Hindustan Times New Delhi May 16, 2011 A serving Inter-Services Intelligence ISI officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many http://www.secuobs.com/revue/news/305787.shtmlhttp://www.secuobs.com/revue/news/305787.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Hack attacks on US could spark military action http wwwtheregistercouk 2011 05 17 white_house_cyberspace_strategy By Dan Goodin in San Francisco The Register 17th May 2011 The Obama Administration has put the world on notice that hack attacks directed against US assets could be met with military action http://www.secuobs.com/revue/news/305786.shtmlhttp://www.secuobs.com/revue/news/305786.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Regulator plans to discipline Hyundai Capital over hacking http englishyonhapnewscokr business 2011 05 18 55 0503000000AEN20110518003500320FHTML Yonhap News Agency 2011-05-18 SEOUL, May 18 Yonhap -- South Korea's financial regulator decided Wednesday to punish Hyundai Capital Services Inc for lax computer http://www.secuobs.com/revue/news/305785.shtmlhttp://www.secuobs.com/revue/news/305785.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Researcher hacks Facebook to expose rival's private photographs http newstechworldcom security 3280301 researcher-hacks-facebook-to-expose-rivals-private-photographs By John E Dunn Techworld 17 May 11 An Australian security researcher has compromised Facebook security in the most personal way imaginable, publically hacking private http://www.secuobs.com/revue/news/305784.shtmlhttp://www.secuobs.com/revue/news/305784.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Qld cops denounce 'ethical hacking' http wwwzdnetcomau qld-cops-denounce-ethical-hacking-339315264htm By Stilgherrian ZDNetcomau May 18th, 2011 Police have spoken out strongly against so-called ethical hacking in the wake of yesterday's demonstration of a Facebook privacy hack at the http://www.secuobs.com/revue/news/305783.shtmlhttp://www.secuobs.com/revue/news/305783.shtml Secuobs.com : 2011-05-19 08:11:23 - ISN InfoSec News Mailing List - InfoSec News Ruxcon 2011 Call For Papers Forwarded from cfp at ruxconorgau Ruxcon 2011 Call For Papers The Ruxcon team is pleased to announce the call for papers for the seventh annual Ruxcon conference This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia The deadline for submissions is the 30th of July What is Ruxcon Ruxcon is the premier technical computer security conference in the Australia-Pacific region The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community For more information, please visit http wwwruxconorgau Presentation Information Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech Presentation Submissions Ruxcon would like to invite people who are interested in security to submit a presentation Topics of interest include, but are not limited to o Mobile Device Security o Virtualization, Hypervisor, and Cloud Security o Malware Analysis o Reverse Engineering o Exploitation Techniques o Rootkit Development o Code Analysis o Forensics and Anti-Forensics o Embedded Device Security o Web Application Security o Network Traffic Analysis o Wireless Network Security o Cryptography and Cryptanalysis o Social Engineering o Law Enforcement Activities o Telecommunications Security SS7, 3G 4G, GSM, VOIP, etc Submissions should thoroughly outline your desired presentation subject If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations ruxcon org au The deadline for submissions is the 30th of July If approved we will additionally require i A brief personal biography between 2-5 paragraphs in length ii A description on your presentation between 2-5 paragraphs in length Contact Details Presentation Submissions presentations ruxcon org au http://www.secuobs.com/revue/news/305782.shtmlhttp://www.secuobs.com/revue/news/305782.shtml Secuobs.com : 2011-04-29 20:12:43 - ISN InfoSec News Mailing List - InfoSec News Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools http wwwkirotvcom education 27708043 detailhtml By kirotvcom Webstaff April 28, 2011 SEATTLE -- Someone has stolen teacher passwords and changed grades in a Seattle Public Schools computer system, the district said in an email to teachers obtained Thursday by KIRO 7 Eyewitness News http://www.secuobs.com/revue/news/301675.shtmlhttp://www.secuobs.com/revue/news/301675.shtml Secuobs.com : 2011-04-29 20:12:43 - ISN InfoSec News Mailing List - InfoSec News ICANN taps DefCon founder for top security spot http wwwv3couk v3-uk news 2046681 icann-taps-defcon-founder-security-spot By Shaun Nichols V3couk 29 Apr 2011 The Internet Corporation for Assigned Names and Numbers ICANN has named Jeff Moss as its new chief security officer A security expert and respected member of the hacking community, Moss is best known for his roles in founding the DefCon and Black Hat security conferences He has also worked in advisory positions for the US Department of Homeland Security The appointment of Moss will bring to ICANN a security head who is well-versed in the attitudes and techniques which have driven research in both security intrusions and detections in recent years The hiring also comes at a time when ICANN and other internet governance groups are working to roll out security measures such as DNSSEC http://www.secuobs.com/revue/news/301674.shtmlhttp://www.secuobs.com/revue/news/301674.shtml Secuobs.com : 2011-04-29 20:12:43 - ISN InfoSec News Mailing List - InfoSec News US-Russian dictionary defines cyber war, other concepts http gcncom articles 2011 04 28 us-russia-cyber-dictionaryaspx By William Jackson GCNcom April 28, 2011 It is all very well to talk about cyberspace and cybersecurity, but what do they mean, exactly A US-Russian effort is proposing common definitions http://www.secuobs.com/revue/news/301673.shtmlhttp://www.secuobs.com/revue/news/301673.shtml Secuobs.com : 2011-04-29 20:12:43 - ISN InfoSec News Mailing List - InfoSec News Advance Announcement 2011 ACM Cloud Computing Security Workshop CCSW is back Forwarded from noreply at cryptocsstonybrookedu 2011 ACM Cloud Computing Security Workshop CCSW at CCS October 21, 2011, SWISSOTEL Chicago http cryptocsstonybrookedu ccsw11 Dear Colleagues, CCSW is back The past workshops were a tremendous success, with over http://www.secuobs.com/revue/news/301672.shtmlhttp://www.secuobs.com/revue/news/301672.shtml Secuobs.com : 2011-04-28 12:03:35 - ISN InfoSec News Mailing List - InfoSec News Phone-hacking laws are 'very uneven and unclear' http wwwguardiancouk media 2011 apr 26 phone-hacking-laws-christopher-graham By James Robinson guardiancouk 26 April 2011 The information commissioner has told a powerful group of MPs that legislation outlawing phone hacking is very uneven and very unclear http://www.secuobs.com/revue/news/301341.shtmlhttp://www.secuobs.com/revue/news/301341.shtml Secuobs.com : 2011-04-28 12:03:35 - ISN InfoSec News Mailing List - InfoSec News PlayStation credit card data was encrypted http wwwzdnetcomau playstation-credit-card-data-was-encrypted-339314012htm By Darren Pauli ZDNetcomau April 28th, 2011 Sony has confirmed that the credit card details possibly stolen in a breach of its PlayStation Network PSN were encrypted http://www.secuobs.com/revue/news/301340.shtmlhttp://www.secuobs.com/revue/news/301340.shtml Secuobs.com : 2011-04-28 12:03:35 - ISN InfoSec News Mailing List - InfoSec News Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College http wwwherald-mailcom news local hm-cyber-experts-dissect-hacker-attacks-during-cybersecurity-forum-at-hagerstown-community-college-20110427,0,2996601story By ANDREW SCHOTZ herald-mailcom April 27, 2011 Experts Wednesday detailed simple and complex ways to protect computers http://www.secuobs.com/revue/news/301339.shtmlhttp://www.secuobs.com/revue/news/301339.shtml Secuobs.com : 2011-04-28 12:03:35 - ISN InfoSec News Mailing List - InfoSec News Cyberespionage US finds FBI agents in elite unit lack necessary skills Forwarded from Justin Lundy http wwwcsmonitorcom USA 2011 0427 Cyberespionage-US-finds-FBI-agents-in-elite-unit-lack-necessary-skills By Mark Clayton Staff writer The Christian Science Monitor April 27, 2011 Many of the Federal Bureau of Investigation's field agents assigned to an elite cyber investigative unit lack the skills needed to investigate cases of cyberespionage and other computerized attacks on the US, the Justice Department inspector general reported Wednesday That's a problem because the US is under constant and increasing cyberattack with 5,499 known intrusions into US government computer systems in 2008 alone -- a 40 percent jump from 2007, the inspector general's office found Investigating these kinds of cyberespionage attacks falls largely on the FBI as the lead agency for the National Cyber Investigative Joint Task force, which also includes representatives from 18 different intelligence agencies and is assigned to investigate the most difficult national security intrusions -- those by a foreign power for intelligence gathering or terrorist purposes But in interviews with 36 field agents in 10 of the FBI's 56 field offices nationwide, 13 agents, or more than a third, reported that they lacked the networking and counterintelligence expertise to investigate national security computer intrusion cases Five of the agents told investigators they did not think they were able or qualified to investigate such cases, the report said The inspector general report does not indicate whether the 36 field agents who were interviewed are a representative sampling of the FBI s cyber unit http://www.secuobs.com/revue/news/301338.shtmlhttp://www.secuobs.com/revue/news/301338.shtml Secuobs.com : 2011-04-28 12:03:35 - ISN InfoSec News Mailing List - InfoSec News ACM CCS'11 Reminder Deadline Approaching May 6, 2011 Forwarded from ACM CCS 2011 Apologies for multiple copies of this announcement The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security Papers should have relevance to the construction, evaluation, application, or operation of secure systems Theoretical papers must make a convincing argument for the practical significance of the results All topic areas related to computer and communications security are of interest and in scope Accepted papers will be published by ACM Press in the conference proceedings Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security Paper Submission Process Submissions must be made by the deadline of May 6, 2011, through the website http wwweasychairorg conferences conf ccs2011 The review process will be carried out in two phases and authors will have an opportunity to comment on the first-phase reviews Authors will be notified of the first-phase reviews on Monday, June 20, 2011 and can send back their comments by Thursday, June 23, 2011 Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop Simultaneous submission of the same work is not allowed Authors of accepted papers must guarantee that their papers will be presented at the conference Paper Format Submissions must be at most 10 pages in double-column ACM format note pages must be numbered excluding the bibliography and well-marked appendices, and at most 12 pages overall Submissions must NOT be anonymized Only PDF or Postscript files will be accepted Submissions not meeting these guidelines risk rejection without consideration of their merits Tutorial Submissions Proposals for long 3-hour and short 15-hour tutorials on research topics of current and emerging interest should be submitted electronically to the tutorials chair by May 24, 2011 The guidelines for tutorial proposals can be found on the website Important Dates - Paper submission due Friday, May 6, 2011 23 59 UTC - 11 - First round reviews communicated to authors Monday, June 20, 2011 - Author comments due on Thursday, June 23, 2011 23 59 UTC - 11 - Acceptance notification Friday, July 15, 2011 - Final papers due Thursday, August 11, 2011 GENERAL CHAIR Yan Chen Northwestern University, USA PROGRAM CHAIRS George Danezis Microsoft Research, UK Vitaly Shmatikov University of Texas at Austin, USA PROGRAM COMMITTEE Michael Backes Saarland University and MPI-SWS, Germany Bruno Blanchet INRIA, Ecole Normale Superieure, and CNRS, France Dan Boneh Stanford University, USA Nikita Borisov University of Illinois at Urbana-Champaign, USA Herbert Bos VU, Netherlands Srdjan Capkun ETHZ, Switzerland Avik Chaudhuri Adobe Advanced Technology Labs, USA Shuo Chen Microsoft Research, USA Manuel Costa Microsoft Research, UK Anupam Datta CMU, USA Stephanie Delaune CNRS and ENS-Cachan, France Roger Dingledine The Tor Project, USA Orr Dunkelman University of Haifa and Weizmann Institute, Israel Ulfar Erlingsson Google, USA Nick Feamster Georgia Tech, USA Bryan Ford Yale University, USA Cedric Fournet Microsoft Research, UK Paul Francis MPI-SWS, Germany Michael Freedman Princeton University, USA Guofei Gu Texas A M University, USA Nicholas Hopper University of Minnesota, USA Collin Jackson CMU Silicon Valley, USA Markus Jakobsson Paypal, USA Jaeyeon Jung Intel Labs Seattle, USA Apu Kapadia Indiana University Bloomington, USA Jonathan Katz University of Maryland, USA Stefan Katzenbeisser TU Darmstadt, Germany Arvind Krishnamurthy University of Washington, USA Christopher Kruegel University of California, Santa Barbara, USA Ralf Kuesters University of Trier, Germany Ninghui Li Purdue University, USA Benjamin Livshits Microsoft Research, USA Heiko Mantel TU Darmstadt, Germany John Mitchell Stanford University, USA Fabian Monrose University of North Carolina at Chapel Hill, USA Steven Murdoch University of Cambridge, UK David Naccache Ecole Normale Superieure, France Arvind Narayanan Stanford University, USA Kenny Paterson Royal Holloway, University of London, UK Niels Provos Google, USA Mike Reiter University of North Carolina at Chapel Hill, USA Thomas Ristenpart University of Wisconsin, USA Hovav Shacham University of California, San Diego, USA Adam Smith Pennsylvania State University, USA Anil Somayaji Carleton University, Canada Francois-Xavier Standaert UCL, Belgium Eran Tromer Tel Aviv University, Israel Leendert Van Doorn AMD, USA Paul Van Oorschot Carleton University, Canada Bogdan Warinschi University of Bristol, UK Brent Waters University of Texas at Austin, USA Robert Watson University of Cambridge, United Kingdom Xiaowei Yang Duke University, USA Haifeng Yu National University of Singapore, Singapore http://www.secuobs.com/revue/news/301337.shtmlhttp://www.secuobs.com/revue/news/301337.shtml Secuobs.com : 2011-04-27 11:50:15 - ISN InfoSec News Mailing List - InfoSec News Police Wireless network hacker targeted Seattle-area businesses http wwwseattlepicom local article Police-Wireless-network-hacker-targeted-1344185php By LEVI PULKKINEN SEATTLEPICOM STAFF April 19, 2011 Law officers have moved to seize a Seattle man's car they claim was used in a wardriving spree that saw Seattle-area wireless networks hacked http://www.secuobs.com/revue/news/301077.shtmlhttp://www.secuobs.com/revue/news/301077.shtml Secuobs.com : 2011-04-27 11:50:15 - ISN InfoSec News Mailing List - InfoSec News China Implicated In Hacking Of SMB Online Bank Accounts http wwwdarkreadingcom advanced-threats 167901091 security attacks-breaches 229402294 china-implicated-in-hacking-of-smb-online-bank-accountshtml By Kelly Jackson Higgins Darkreading April 26, 2011 This time it wasn't an advanced persistent threat associated with http://www.secuobs.com/revue/news/301076.shtmlhttp://www.secuobs.com/revue/news/301076.shtml Secuobs.com : 2011-04-27 11:50:15 - ISN InfoSec News Mailing List - InfoSec News Court order cripples Coreflood botnet, says FBI http wwwcomputerworldcom s article 9216190 Court_order_cripples_Coreflood_botnet_says_FBI By Gregg Keizer Computerworld April 26, 2011 Although the Federal Bureau of Investigation FBI said a federal temporary restraining order has crippled the Coreflood botnet in the US http://www.secuobs.com/revue/news/301075.shtmlhttp://www.secuobs.com/revue/news/301075.shtml Secuobs.com : 2011-04-27 11:50:15 - ISN InfoSec News Mailing List - InfoSec News USENIX HotSec '11 Submission Deadline Extended Forwarded from Lionel Garth Jones I'm writing to remind you that the submission deadline for the 6th USENIX Workshop on Hot Topics in Security has been extended Please submit all work by 11 59 pm EST on May 12, 2011 HotSec takes a broad view of security and privacy and encompasses research on new security ideas and problems Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic Topics of interest include, but are not limited to the following Large-scale threats Network security Hardware security Software security Physical security Programming languages Applied cryptography Privacy Human-computer interaction Emerging computing environment Sociology Economics Attendance will be limited to 35-50 participants, with preference given to the authors of accepted position papers presentations Submission guidelines and more information can be found at http wwwusenixorg hotsec11 cfpb HotSec '11 will take place Tuesday, August 9, 2011, in San Francisco, CA It is co-located with the 20th USENIX Security Symposium, which will take place August 10-12, 2011 We look forward to your submissions Patrick McDaniel, Pennsylvania State University HotSec '11 Program Chair hotsec11chair at usenixorg http://www.secuobs.com/revue/news/301074.shtmlhttp://www.secuobs.com/revue/news/301074.shtml Secuobs.com : 2011-04-27 11:50:15 - ISN InfoSec News Mailing List - InfoSec News USENIX WOOT '11 Submission Deadline Approaching Forwarded from Lionel Garth Jones I'm writing to remind you that the submission deadline for the 5th USENIX Workshop on Offensive Technologies WOOT '11 is approaching Please submit all work by May 2, 2011, at 11 59 pm PDT http://www.secuobs.com/revue/news/301073.shtmlhttp://www.secuobs.com/revue/news/301073.shtml Secuobs.com : 2011-04-26 12:05:39 - ISN InfoSec News Mailing List - InfoSec News Phishing Consumer Education Lacking http wwwbankinfosecuritycom articlesphp art_id 3571 By Tracy Kitten Managing Editor Bank Info Security April 22, 2011 The Oak Ridge National Laboratory, located in Tennessee, recently disconnected Internet access after hackers attacked employees at the federal facility http://www.secuobs.com/revue/news/300795.shtmlhttp://www.secuobs.com/revue/news/300795.shtml Secuobs.com : 2011-04-26 12:05:39 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, April 17, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 17, 2011 45 Incidents Added http://www.secuobs.com/revue/news/300794.shtmlhttp://www.secuobs.com/revue/news/300794.shtml Secuobs.com : 2011-04-26 12:05:39 - ISN InfoSec News Mailing List - InfoSec News The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures http wwweweekeuropecouk comment the-rising-tide-of-cyber-threats-could-engulf-national-infrastructures-27457 By Eric Doyle eWEEK Europe April 25, 2011 Cyber-attacks are increasing but national infrastructures are ill-prepared to defend themselves http://www.secuobs.com/revue/news/300793.shtmlhttp://www.secuobs.com/revue/news/300793.shtml Secuobs.com : 2011-04-26 12:05:39 - ISN InfoSec News Mailing List - InfoSec News New Workshop USENIX FOCI '11 Submission Deadline Approaching Forwarded from Lionel Garth Jones We're writing to remind you that the submission deadline for the first USENIX Workshop on Free and Open Communications on the Internet FOCI '11 is approaching Please submit your work by May 1, 2011, at 11 59 pm PDT http wwwusenix http://www.secuobs.com/revue/news/300792.shtmlhttp://www.secuobs.com/revue/news/300792.shtml Secuobs.com : 2011-04-22 11:53:59 - ISN InfoSec News Mailing List - InfoSec News Is China winning the cyber war http fcwcom articles 2011 04 25 buzz-china-cyber-spyingaspx By Michael Hardy FCWcom April 21, 2011 The Cold War took its name from the relative lack of shooting that characterized it The United States and Soviet Union fought one another politically, diplomatically and economically but rarely with guns or tanks It was not a hot war We have a couple of hot wars going on now, but there's another cold war under way, too -- one being fought between the United States and China, primarily using IT And it looks as though China has the upper hand at the moment According to US investigators, China has stolen terabytes of sensitive data, from user names and passwords for State Department computers to designs for multibillion-dollar weapons systems, write Brian Grow and Mark Hosenball in a report for Reuters And Chinese hackers show no signs of letting up http://www.secuobs.com/revue/news/300218.shtmlhttp://www.secuobs.com/revue/news/300218.shtml Secuobs.com : 2011-04-22 11:53:59 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-16 The Secunia Weekly Advisory Summary 2011-04-14 - 2011-04-21 This week 101 advisories http://www.secuobs.com/revue/news/300217.shtmlhttp://www.secuobs.com/revue/news/300217.shtml Secuobs.com : 2011-04-22 11:53:59 - ISN InfoSec News Mailing List - InfoSec News Navy gives contract for cyber support http wwwupicom Business_News Security-Industry 2011 04 21 Navy-gives-contract-for-cyber-support UPI-61591303391774 United Press International April 21, 2011 MCLEAN, Va, April 21 UPI -- Virginia's Booz Allen Hamilton has been awarded a contract to support the US http://www.secuobs.com/revue/news/300216.shtmlhttp://www.secuobs.com/revue/news/300216.shtml Secuobs.com : 2011-04-22 11:53:59 - ISN InfoSec News Mailing List - InfoSec News Phishing Attack Hits Oak Ridge National Laboratory http wwwinformationweekcom news government security 229402048 By Elizabeth Montalbano InformationWeek April 21, 2011 The Department of Energy's Oak Ridge National Laboratory is investigating a sophisticated phishing attack that forced it to shut down email and Internet access last week http://www.secuobs.com/revue/news/300215.shtmlhttp://www.secuobs.com/revue/news/300215.shtml Secuobs.com : 2011-04-22 11:53:59 - ISN InfoSec News Mailing List - InfoSec News 2nd CfP CRiSIS 2011 Risks and Security of Internet and Systems Forwarded from Marius Minea CALL FOR PAPERS PDF version at http crisis2011csuptro CRiSIS2011-CfPpdf The Sixth International Conference on Risks and Security of Internet and Systems CRiSIS 2011 Timisoara, Romania, 26-28 September 2011 http://www.secuobs.com/revue/news/300214.shtmlhttp://www.secuobs.com/revue/news/300214.shtml Secuobs.com : 2011-04-19 11:58:10 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, April 10, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 10, 2011 15 Incidents Added http://www.secuobs.com/revue/news/299340.shtmlhttp://www.secuobs.com/revue/news/299340.shtml Secuobs.com : 2011-04-19 11:58:10 - ISN InfoSec News Mailing List - InfoSec News Experts agree Wind turbine 'hacker' is a fake http wwwcomputerworldcom s article 9215913 Experts_agree_Wind_turbine_hacker_is_a_fake By Robert McMillan IDG News Service April 18, 201l An anonymous hacker who claimed to have broken into monitoring systems at a New Mexico wind turbine facility made the whole thing up, security http://www.secuobs.com/revue/news/299339.shtmlhttp://www.secuobs.com/revue/news/299339.shtml Secuobs.com : 2011-04-19 11:58:10 - ISN InfoSec News Mailing List - InfoSec News Police nab 2 suspects in Hyundai Capital hacking scandal http englishdongacom srv servicephp3 bicode 040000 biid 2011041995298 The Dong-A Ilbo April 19, 2011 Police have caught two men suspected of being hired to hack personal information from Hyundai Capital Services, Korea s major lending company and a financial unit of Hyundai Motor Group http://www.secuobs.com/revue/news/299338.shtmlhttp://www.secuobs.com/revue/news/299338.shtml Secuobs.com : 2011-04-19 11:58:10 - ISN InfoSec News Mailing List - InfoSec News European Space Agency hacked, sensitive data released publicly http thenextwebcom eu 2011 04 18 european-space-agency-hacked-sensitive-data-released-publicly By Matt Brian The Next Web April 18, 2011 It is reported that yesterday the European Space Agency ESA website was compromised by a hacker, opening up sensitive project logs and http://www.secuobs.com/revue/news/299337.shtmlhttp://www.secuobs.com/revue/news/299337.shtml Secuobs.com : 2011-04-19 11:58:10 - ISN InfoSec News Mailing List - InfoSec News Southwest Ambulance reports data breach http wwwazcentralcom business articles 2011 04 18 20110418southwest-ambulance-reports-data-breachhtml by Ken Alltucker April 18, 2011 The Arizona Republic A former Southwest Ambulance employee took 581 patient records that included the names, financial and medical information from those http://www.secuobs.com/revue/news/299336.shtmlhttp://www.secuobs.com/revue/news/299336.shtml Secuobs.com : 2011-04-19 11:58:10 - ISN InfoSec News Mailing List - InfoSec News Recon 2011 - Accepted Talks , Training, Call For Papers Reminder - July 8 to 10, 2011 - Montreal, Quebec Forwarded from hfortier at reconcx _ - _ - ,__ _ http://www.secuobs.com/revue/news/299335.shtmlhttp://www.secuobs.com/revue/news/299335.shtml Secuobs.com : 2011-04-18 11:51:38 - ISN InfoSec News Mailing List - InfoSec News Whitehats pierce giant hole in Microsoft security shield http wwwtheregistercouk 2011 04 18 windows_heap_exploit_shield_pierced By Dan Goodin in San Francisco The Register 18th April 2011 In late December, Microsoft researchers responding to publicly posted attack code that exploited a vulnerability in the FTP service of IIS http://www.secuobs.com/revue/news/299060.shtmlhttp://www.secuobs.com/revue/news/299060.shtml Secuobs.com : 2011-04-18 11:51:38 - ISN InfoSec News Mailing List - InfoSec News SSA exposed SSNs, names, birth dates for 36, 000 people, IG says http fcwcom articles 2011 04 14 ssa-privacy-breach-death-master-fileaspx By Alice Lipowicz FCWcom April 14, 2011 The Social Security Administration publicly made available the names, dates of birth, Social Security numbers and other sensitive personal http://www.secuobs.com/revue/news/299059.shtmlhttp://www.secuobs.com/revue/news/299059.shtml Secuobs.com : 2011-04-18 11:51:38 - ISN InfoSec News Mailing List - InfoSec News White House draft bill would put DHS in charge of civilian computer networks http thehillcom blogs hillicon-valley technology 156293-white-house-draft-bill-would-put-dhs-in-charge-of-civilian-networks By Gautham Nagesh The Hill 04 15 11 The White House is circulating a piece of draft legislation that would give the Department of Homeland Security oversight over cybersecurity at civilian agencies, according to a report from FedNewsRadio The proposed legislation combines the comprehensive cybersecurity bill introduced last year by the Senate Homeland Security Committee with the administration's memo from July 2010 to expand DHS's responsibilities over non-military networks, according to the report Like the Homeland Security bill sponsored by Sens Joe Lieberman I-Conn , Susan Collins R-Maine and Thomas Carper D-Del , the bill would create a White House cybersecurity office that reports to the Secretary of DHS on day-to-day matters But the legislation also goes beyond the Homeland Security bill by giving DHS authority over gov domains that is similar to the authority enjoyed by US CyberCommand, the military's cybersecurity unit, over the gov domain http://www.secuobs.com/revue/news/299058.shtmlhttp://www.secuobs.com/revue/news/299058.shtml Secuobs.com : 2011-04-18 11:51:38 - ISN InfoSec News Mailing List - InfoSec News 'Banks unaware of data outsourcing risks' http wwwkoreatimescokr www news biz 2011 04 123_85363html By Kim Tong-hyung Korea Times 04-17-2011 Korea, a country fascinated with e-this and e-that, touts itself as the planet s information technology IT capital But the self-awarded title http://www.secuobs.com/revue/news/299057.shtmlhttp://www.secuobs.com/revue/news/299057.shtml Secuobs.com : 2011-04-18 11:51:38 - ISN InfoSec News Mailing List - InfoSec News EVT WOTE '11 Submission Deadline is Wednesday, April 20 Forwarded from Lionel Garth Jones We're writing to remind you that the submission deadline for the 2011 Electronic Voting Technology Workshop Workshop on Trustworthy Elections EVT WOTE '11 is quickly approaching Please submit your work by http://www.secuobs.com/revue/news/299056.shtmlhttp://www.secuobs.com/revue/news/299056.shtml Secuobs.com : 2011-04-15 07:44:23 - ISN InfoSec News Mailing List - InfoSec News External hacker suspected in Nonghyup network crash http englishdongacom srv servicephp3 bicode 040000 biid 2011041541348 The Dong-A Ilbo April 15, 2011 Prosecutors have begun an investigation into the National Agricultural Cooperative Federation, also called Nonghyup or NH Bank, which has suffered a major network crash http://www.secuobs.com/revue/news/298640.shtmlhttp://www.secuobs.com/revue/news/298640.shtml Secuobs.com : 2011-04-15 07:44:23 - ISN InfoSec News Mailing List - InfoSec News Annoucement ClubHack Magazine Issue 15-April 2011 released Forwarded from Abhijeet Patil Hi All, Here we are with our 15th Issue of CHMag March witnessed the launch of the much awaited Mozilla Firefox 4 so we dedicated this issue to Mozilla Due to overwhelming response of Call For Articles , we have http://www.secuobs.com/revue/news/298639.shtmlhttp://www.secuobs.com/revue/news/298639.shtml Secuobs.com : 2011-04-15 07:44:23 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-15 The Secunia Weekly Advisory Summary 2011-04-07 - 2011-04-14 This week 92 advisories http://www.secuobs.com/revue/news/298638.shtmlhttp://www.secuobs.com/revue/news/298638.shtml Secuobs.com : 2011-04-15 07:44:23 - ISN InfoSec News Mailing List - InfoSec News Serial hacker admits breaching Federal Reserve computers http wwwtheregistercouk 2011 04 14 federal_research_hacker_guilty By Dan Goodin in San Francisco The Register 14th April 2011 A Malaysian national has admitted hacking a computer network operated by the US Federal Reserve Bank and possessing stolen payment card data http://www.secuobs.com/revue/news/298637.shtmlhttp://www.secuobs.com/revue/news/298637.shtml Secuobs.com : 2011-04-15 07:44:23 - ISN InfoSec News Mailing List - InfoSec News USAID waives FISMA for iPads http wwwfiercegovernmentitcom story usaid-waives-fisma-ipads 2011-04-13 By Molly Bernhart Walker FierceGovernmentIT April 13, 2011 Many US Agency for International Development workers are using iPads--a fact that recently drew the ire of Secretary of State Hillary http://www.secuobs.com/revue/news/298636.shtmlhttp://www.secuobs.com/revue/news/298636.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News Information security in Manpower Ministry gets ISO http mainomanobserverom node 47100 Oman Daily Observer 12 April 2011 MUSCAT - A celebration was held at the Ministry of Manpower honouring the Information System Department for getting the ISO 27001 certificate for managing the information security http://www.secuobs.com/revue/news/297769.shtmlhttp://www.secuobs.com/revue/news/297769.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, April 3, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 3, 2011 27 Incidents Added http://www.secuobs.com/revue/news/297768.shtmlhttp://www.secuobs.com/revue/news/297768.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News GCHQ says BlackBerry is safest http wwwitprocouk 632704 gchq-says-blackberry-is-safest By Tom Brewster IT Pro 11 April 2011 BlackBerrys are the only recommended smartphones for handling highly sensitive Government data, according to a GCHQ division The UK's National Technical Authority for Information Assurance at GCHQ http://www.secuobs.com/revue/news/297767.shtmlhttp://www.secuobs.com/revue/news/297767.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News Yet Another Security Firm Breached Employee Email, User Accounts Leaked http wwwdarkreadingcom database-security 167901020 security attacks-breaches 229401358 yet-another-security-firm-breached-employee-email-user-accounts-leakedhtml By Kelly Jackson Higgins Darkreading April 11, 2011 Another week, another security firm breach Hackers have posted http://www.secuobs.com/revue/news/297766.shtmlhttp://www.secuobs.com/revue/news/297766.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News US needs cyber-emergency response, lawmaker says http wwwcomputerworldcom s article 9215715 US_needs_cyber_emergency_response_lawmaker_says By Grant Gross IDG News Service April 11, 2011 The US needs a cybersecurity emergency response capability to help businesses under major attacks, a US senator said Monday http://www.secuobs.com/revue/news/297765.shtmlhttp://www.secuobs.com/revue/news/297765.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News France investigates cyber espionage at defence helicopter firm http wwwtheinquirernet inquirer news 2042435 france-investigates-cyber-espionage-defence-helicopter-firm By Asavin Wattanajantra The Inquirer April 11 2011 FRENCH AUTHORITIES are investigating a suspected case of cyber hacking and espionage at a helicopter engine company http://www.secuobs.com/revue/news/297764.shtmlhttp://www.secuobs.com/revue/news/297764.shtml Secuobs.com : 2011-04-12 12:02:18 - ISN InfoSec News Mailing List - InfoSec News UW team wins Cyber Defense Competition http seattletimesnwsourcecom html localnews 2014746226_uwcyberwin12mhtml By Brittney Wong Staff Reporter Seattle Times April 11, 2011 After two years of not placing, a University of Washington team took home the first-place trophy from this year's National Collegiate Cyber http://www.secuobs.com/revue/news/297763.shtmlhttp://www.secuobs.com/revue/news/297763.shtml Secuobs.com : 2011-04-11 11:52:48 - ISN InfoSec News Mailing List - InfoSec News Thousands Of US Airways Pilots Victims Of Possible Insider Data Breach http wwwdarkreadingcom database-security 167901020 security attacks-breaches 229401204 thousands-of-us-airways-pilots-victims-of-possible-insider-data-breachhtml By Kelly Jackson Higgins Darkreading Apr 07, 2011 The US Airline Pilots Association USAPA said it has been working with http://www.secuobs.com/revue/news/297488.shtmlhttp://www.secuobs.com/revue/news/297488.shtml Secuobs.com : 2011-04-11 11:52:48 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-14 The Secunia Weekly Advisory Summary 2011-03-31 - 2011-04-07 This week 71 advisories http://www.secuobs.com/revue/news/297487.shtmlhttp://www.secuobs.com/revue/news/297487.shtml Secuobs.com : 2011-04-11 11:52:48 - ISN InfoSec News Mailing List - InfoSec News Hyundai Capital admits to unprecedented information leak http englishhanicokr arti english_edition e_national 472385html By Jung Hyuk-june The Hankyoreh April 11, 2011 A recently announced hacking incident at Hyundai Capital marked an unprecedented systematic accessing of customer financial information by hackers, resulting in major aftereffects http://www.secuobs.com/revue/news/297486.shtmlhttp://www.secuobs.com/revue/news/297486.shtml Secuobs.com : 2011-04-11 11:52:48 - ISN InfoSec News Mailing List - InfoSec News CSET '11 Submission Deadline Is Monday, April 18 Forwarded from Lionel Garth Jones We're writing to remind you that the submission deadline for the 4th Workshop on Cyber Security Experimentation and Test CSET '11 is quickly approaching Please submit your work by April 18, 2011, at 11 59 pm PDT http wwwusenix http://www.secuobs.com/revue/news/297485.shtmlhttp://www.secuobs.com/revue/news/297485.shtml Secuobs.com : 2011-04-07 11:32:12 - ISN InfoSec News Mailing List - InfoSec News Attackers find old vulnerabilities are still the best http gcncom articles 2011 04 05 hp-cybersecurity-report-old-vulnerabilitiesaspx By William Jackson GCNcom April 05, 2011 The number of new vulnerabilities being discovered has leveled off for the past two years and is well down from its 2006 peak, according to a http://www.secuobs.com/revue/news/296809.shtmlhttp://www.secuobs.com/revue/news/296809.shtml Secuobs.com : 2011-04-07 11:32:12 - ISN InfoSec News Mailing List - InfoSec News Windows servers hacked at The Hartford insurance company http wwwcomputerworldcom s article 9215582 Windows_servers_hacked_at_The_Hartford_insurance_company By Robert McMillan IDG News Service April 6, 2011 Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers http://www.secuobs.com/revue/news/296808.shtmlhttp://www.secuobs.com/revue/news/296808.shtml Secuobs.com : 2011-04-07 11:32:12 - ISN InfoSec News Mailing List - InfoSec News Israel mulls creation of elite counter-cyberterrorist unit http wwwtheregistercouk 2011 04 06 isreal_mulls_elite_counter_hacker_unit By John Leyden The Register 6th April 2011 Israel is mulling the creation of a counter-cyberterrorism unit designed to safeguard both government agencies and core private sector firms against hacking attacks http://www.secuobs.com/revue/news/296807.shtmlhttp://www.secuobs.com/revue/news/296807.shtml Secuobs.com : 2011-04-07 11:32:12 - ISN InfoSec News Mailing List - InfoSec News Hacker Sitcom Breaking In Taps Espionage-Lite Trend http wwwwiredcom underwire 2011 04 hacker-sitcom-breaking-in By Hugh Hart Underwire Wiredcom April 6, 2011 The hackers in new comedy Breaking In look as though they spend more time at the gym than they do hunched over a computer Hollywood-handsome, these sitcom tech wizards may not walk the awkward nerd walk, but they do get to work in an office anchored by Captain Kirk s Star Trek chair Debuting Wednesday, Breaking In centers on geeky high-tech consultants hired by clients to detect breaches in their security systems In an era rife with institutional larceny, leaky intelligence and high-level buffoonery, it s one of several TV shows that are in no mood to present espionage in an entirely serious light NBC s Chuck, for example, casts an everyday schlub as a key player in intelligence operations CBS new dramedy Chaos, titled in homage to Maxwell Smart s nemeses at KAOS, offers up operatives practiced in the craft of cynical asides FX Network s animated Archer showcases doofus spies, while USA Network s Burn Notice equips its former CIA agents with expertise in pyrotechnics, surveillance and wisecracks They all operate in the somber shadow of 24 s relentless antiterrorist Jack Bauer, the grim character whose exploits defined for nearly a decade the deadly earnest anxieties faced by Americans in the early post-9 11 years But the strain of eternal vigilance took its toll by the time Fox s action series ended its run last May Now espionage programs lean on goofy, Get Smart-style attitude more than earnest patriotism http://www.secuobs.com/revue/news/296806.shtmlhttp://www.secuobs.com/revue/news/296806.shtml Secuobs.com : 2011-04-07 11:32:12 - ISN InfoSec News Mailing List - InfoSec News HealthSec '11 Submission Deadline Extended to April 12 Forwarded from Lionel Garth Jones The submission deadline for the 2nd USENIX Workshop on Health Security and Privacy HealthSec '11 has been extended, but is almost here Please submit all work by Tuesday, April 12, 2011, at 11 59 pm UTC 7 59 pm EDT http://www.secuobs.com/revue/news/296805.shtmlhttp://www.secuobs.com/revue/news/296805.shtml Secuobs.com : 2011-04-06 11:48:54 - ISN InfoSec News Mailing List - InfoSec News Cyberwars Should Not Be Defined in Military Terms, Experts Warn http wwwnationaldefensemagazineorg blog Lists Posts Postaspx ID 363 By Eric Beidel NDIA Blog 4 5 2011 NATIONAL HARBOR, Md -- Military leaders have repeatedly proclaimed that they cyberspace should be considered a battle domain, like land, sea, air and space http://www.secuobs.com/revue/news/296570.shtmlhttp://www.secuobs.com/revue/news/296570.shtml Secuobs.com : 2011-04-06 11:48:54 - ISN InfoSec News Mailing List - InfoSec News Phone hacking NoW journalists arrested http wwwguardiancouk media 2011 apr 05 phone-hacking-affair-now-journalists-arrested By Amelia Hill Guardiancouk 5 April 2011 The former news editor and current chief reporter from the News of the World have been arrested on suspicion of unlawfully intercepting mobile http://www.secuobs.com/revue/news/296569.shtmlhttp://www.secuobs.com/revue/news/296569.shtml Secuobs.com : 2011-04-06 11:48:54 - ISN InfoSec News Mailing List - InfoSec News PCTEL Plans Secure Android Phone for 'Top Secret' Clearances http wwwpcmagcom article2 0,2817,2383072,00asp By Mark Hachman PC Mag April 4, 2011 PCTEL said Monday that the company had established a supply agreement for the development of a secure Android phone that it will market to government agencies whose employees have Top Secret clearance http://www.secuobs.com/revue/news/296568.shtmlhttp://www.secuobs.com/revue/news/296568.shtml Secuobs.com : 2011-04-06 11:48:54 - ISN InfoSec News Mailing List - InfoSec News DNSSEC Finally Comes To com, But Secure DNS Still Has A Long Way To Go http wwwdarkreadingcom advanced-threats 167901091 security vulnerabilities 229400940 dnssec-finally-comes-to-i-com-i-but-secure-dns-still-has-a-long-way-to-gohtml By Kelly Jackson Higgins Darkreading Apr 05, 2011 The DNSSEC protocol for securing the Internet Domain Services Name DNS http://www.secuobs.com/revue/news/296567.shtmlhttp://www.secuobs.com/revue/news/296567.shtml Secuobs.com : 2011-04-06 11:48:54 - ISN InfoSec News Mailing List - InfoSec News RSA detailing SecurID hack to customers sworn to secrecy http wwwnetworkworldcom news 2011 040511-rsa-hack-ndahtml By Ellen Messmer Network World April 05, 2011 RSA has started providing more detail into the mid-March attack on its SecurID token-based authentication system, but to get a fuller story you http://www.secuobs.com/revue/news/296566.shtmlhttp://www.secuobs.com/revue/news/296566.shtml Secuobs.com : 2011-04-05 11:59:44 - ISN InfoSec News Mailing List - InfoSec News Former Gucci Employee Charged in Computer Hacking Case http onlinewsjcom article SB10001424052748703712504576243312850500374html By Chad Bray The Wall Street Journal April 5, 2011 NEW YORK -- A former Gucci America Inc computer network engineer was charged with remotely taking over the company's computers, shutting down http://www.secuobs.com/revue/news/296283.shtmlhttp://www.secuobs.com/revue/news/296283.shtml Secuobs.com : 2011-04-05 11:59:44 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, March 27, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 27, 2011 40 Incidents Added http://www.secuobs.com/revue/news/296282.shtmlhttp://www.secuobs.com/revue/news/296282.shtml Secuobs.com : 2011-04-05 11:59:44 - ISN InfoSec News Mailing List - InfoSec News About 50 clients hit by Epsilon e-mail marketing breach http wwwcomputerworldcom s article 9215488 About_50_clients_hit_by_Epsilon_e_mail_marketing_breach By Robert McMillan IDG News Service April 4, 2011 About 50 companies were affected by a major security breach at e-mail service provider Epsilon Interactive that caused many US http://www.secuobs.com/revue/news/296281.shtmlhttp://www.secuobs.com/revue/news/296281.shtml Secuobs.com : 2011-04-05 11:59:44 - ISN InfoSec News Mailing List - InfoSec News Hacker erased a season's worth of 'Zodiac Island' http wwwlatimescom entertainment sns-rt-television-us-zodiactre72u7xk-20110331,0,7230801story By Eriq Gardner Hollywood Reporter Los Angeles Times March 31, 2011 New York -- The producer of the syndicated children's TV series Zodiac Island claims that an entire season of the show has been wiped out thanks to a fired employee at its data-hosting company who hacked into networked computers and destroyed its work Zodiac Island has run on more than 100 US TV stations around the country, including ABC, NBC, Fox, and CBS affiliates The show is produced by Hawaii-based WER1 World Network, which signed up with Wisconsin-based ISP and data-hosting company, CyberLynk According to a lawsuit that was filed last week in Hawaii District Court, a man named Michael Scott Jewson was terminated from CyberLynk intentionally wiped it out Jewson is alleged to have been charged in February with a federal computer crime violation and admitted his guilt in a plea agreement The data breach allegedly knocked out 6,480 WER1 electronic files, or 300 gigabytes of data, comprising two years of work from hundreds of contributors globally, including animation artwork and live action video production http://www.secuobs.com/revue/news/296280.shtmlhttp://www.secuobs.com/revue/news/296280.shtml Secuobs.com : 2011-04-05 11:59:44 - ISN InfoSec News Mailing List - InfoSec News HITB-Announce HITBSecConf2011 - Malaysia Call for Papers Now Open Forwarded from Hafez Kamal The Call for Papers for the 9th annual HITBSecConf in Malaysia is now open The event takes place from the 10th - 13th of October at the new Intercontinental Kuala Lumpur As always the first two days will be dedicated to hands on technical training sessions followed by a 2-day quad track conference featuring keynote speaker Kenneth Geers CCD CoE and Jennifer Granick Attorney, Zwilinger Genetski LLP This years conference will also feature a brand new attack-only Capture The Flag - Tower of Hackf00 Madness, an updated lock picking village set up and run by members from TOOOL US now includes impressioning , an industry exhibition and technology showcase and last but not least the HITB Labs and SIGINT sessions As always, talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before Submissions are due _no later than 15th July 2011_ HITB CFP http cfphackintheboxorg Topics of interest include, but are not limited to the following Cloud Security 3G 4G WIMAX Security File System Security SS7 GSM VoIP Security Smart Card and Physical Security Network Protocols, Analysis and Attacks Applications of Cryptographic Techniques Side Channel Analysis of Hardware Devices Data Recovery, Forensics and Incident Response Analysis of Malicious Code Viruses Malware Windows Linux OS X NIX Security Vulnerabilities Next Generation Exploit and Exploit Mitigation Techniques WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security Each non-resident speaker will receive accommodation for 3 nights 4 days and travel reimbursement up to EUR120000 Your submission will be reviewed by The HITB CFP Review Committee which includes Charlie Miller Principal Analyst, Independent Security Evaluators Jeremiah Grossman Founder, Whitehat Security Red Dragon Thanh THC, VNSECURITY, Intel Corp Mark Curphey Director, Microsoft Corp Cesar Cerrudo Founder CEO ArgenISS Saumil Shah Founder CEO Net-Square Shreeraj Shah Founder, BlueInfy Fredric Raynal Sogeti Cap Gemini Robert Hansen rsnake SecTheory Alexander Kornburst Red Database Emmanuel Gadaix Founder, TSTF Andrea Barisani Inverse Path Ed Skoudis InGuardians Haroon Meer Thinkst Chris Evans Google Philippe Langlois TSTF Skyper THC NOTE We do not accept product or vendor related pitches If you would like to showcase your company's products or technology, please contact us for further participation opportunities Event Website http conferencehackintheboxorg hitbsecconf2011kul We look forward to receiving your submissions and to seeing you in Malaysia in October or in May at HITB2011AMS - The HITBmy Team Tel 603-20394724 Fax 603-20318359 http://www.secuobs.com/revue/news/296279.shtmlhttp://www.secuobs.com/revue/news/296279.shtml Secuobs.com : 2011-04-01 12:30:17 - ISN InfoSec News Mailing List - InfoSec News Searching For Security s Yardstick http wwwdarkreadingcom security-monitoring 167901086 security security-management 229400652 searching-for-security-8217-s-yardstickhtml By Tim Wilson Darkreading March 30, 2011 There s an old saying in IT You can t manage what you can t measure http://www.secuobs.com/revue/news/295638.shtmlhttp://www.secuobs.com/revue/news/295638.shtml Secuobs.com : 2011-04-01 12:30:17 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-13 The Secunia Weekly Advisory Summary 2011-03-24 - 2011-03-31 This week 50 advisories http://www.secuobs.com/revue/news/295637.shtmlhttp://www.secuobs.com/revue/news/295637.shtml Secuobs.com : 2011-04-01 12:30:17 - ISN InfoSec News Mailing List - InfoSec News EU parliament suspends webmail after cyber-attack http wwwtheregistercouk 2011 03 31 eu_parliament_hack By John Leyden The Register 31st March 2011 The European Parliament network has fallen under cyber-attack, leading to a suspension of webmail and other security restrictions The assault, which has led to the suspension of webmail access in Strasbourg, comes after attacks against the European Commission and the External Action Service networks The Parliament and the Commission run over separate networks The attack on the parliamentary network was reportedly detected on 24 March, two days after problems with the Commission's Microsoft Exchange email server system first emerged An EU official said that the two attacks appeared to be co-ordinated, well-organised and geared towards extracting sensitive information This is not a couple of teenage boys hacking into the EU institutions, the official told European Voice http://www.secuobs.com/revue/news/295636.shtmlhttp://www.secuobs.com/revue/news/295636.shtml Secuobs.com : 2011-04-01 12:30:17 - ISN InfoSec News Mailing List - InfoSec News Porn Star HIV Test Database Leaked http gawkercom 5787392 porn-star-hiv-test-database-leaked By Adrian Chen Gawkercom March 30, 2011 The patient database of the private health clinic that conducts STD tests for California's porn industry has been breached, exposing test results and personal details about thousands of current and former porn performers, some of which have been published on a Wikileaks-style website Earlier this year, a website called Porn Wikileaks posted a list of what it claimed were the real names of more than 15,000 porn performers past and present, alongside their stage names and dates of birth This essentially outed them to any passing Googler, which caused an uproar in the industry since many porn performers try to keep their real name secret, for obvious reasons That 15,000 names were on the list was significant, especially considering only about 1,200-1,500 performers are currently working in California's Porn Valley It turns out that many of the names came from a database belonging to the Adult Industry Medical Healthcare Foundation AIM , which conducts the majority of STD tests for the porn industry Working straight performers get tested at least once every 28 days The porn gossip blogger Mike South first reported the breach after he was contacted by a number of porn performers who said the information posted about them on Porn Wikileaks must have come from AIM's database Their proof They had only used the stage names that were posted on Porn Wikileaks once, when registering for testing at AIM One former porn performer we spoke to registered for an HIV test with AIM using a stage name he made up off the top of my head when he started in the industry eight years ago and he never used it again He picked a new stage name when he appeared in his first adult video But the stage name he gave AIM recently appeared on Porn Wikileaks, linked to his real name That stage name was never used, it was never spoken anywhere else It was written down one time and one time only and that was on the HIV form for AIM, he said Without a question the leak came from AIM http://www.secuobs.com/revue/news/295635.shtmlhttp://www.secuobs.com/revue/news/295635.shtml Secuobs.com : 2011-04-01 12:30:17 - ISN InfoSec News Mailing List - InfoSec News Former Intelligence CIO New BofA CISO http wwwbankinfosecuritycom articlesphp art_id 3486 By Eric Chabrow Executive Editor GovInfoSecuritycom March 31, 2011 Patrick Gorman, a former associate director of the Office of the Director of National Intelligence, is the new chief information security http://www.secuobs.com/revue/news/295634.shtmlhttp://www.secuobs.com/revue/news/295634.shtml Secuobs.com : 2011-03-31 08:37:47 - ISN InfoSec News Mailing List - InfoSec News Bank of America Denies Breach http wwwbankinfosecuritycom articlesphp art_id 3479 By Tracy Kitten Managing Editor Bank Info Security March 28, 2011 Bank of America branches in Greater Detroit were reportedly flooded this past weekend, after several BofA debit cardholders noticed fraudulent transactions on their accounts http://www.secuobs.com/revue/news/295321.shtmlhttp://www.secuobs.com/revue/news/295321.shtml Secuobs.com : 2011-03-31 08:37:47 - ISN InfoSec News Mailing List - InfoSec News Industry chain behind hacker attacks on government websites http newsxinhuanetcom english2010 china 2011-03 31 c_13806104htm Englishnewscn 2011-03-31 BEIJING, March 31 Xinhuanet -- Two young men, Fan Dongdong and Wen Chao, who have only a junior high school education, received 18- and 12-month sentences for hacking into the website of the country's Supreme People's Procuratorate, the top agency for legal supervision, and more than a dozen other government websites Xin Zuguo, a judge with the People's Court of Chaoyang District in Beijing, said this was not an isolated case From May 10 to 16 of last year, 81 government websites on the mainland were hacked and altered, including four ministry-level websites, according to the National Computer Network Emergency Response Technical Team Coordination Center of China CNCERT CC The rampant hacking against government websites is aimed at making illegal profits, and an industry chain already exists, Xinhua reported The hackers can make money by putting illegal links on the government websites http://www.secuobs.com/revue/news/295320.shtmlhttp://www.secuobs.com/revue/news/295320.shtml Secuobs.com : 2011-03-31 08:37:47 - ISN InfoSec News Mailing List - InfoSec News Hackers breach bank's online system http wwwkjonlinecom news hackers-breach-banks-online-system_2011-03-30html By Keith Edwards centralmainecom Staff Writer March 31, 2011 AUGUSTA -- Kennebec Savings Bank's online banking system was infiltrated by an outside party and bank officials are working with a team of http://www.secuobs.com/revue/news/295319.shtmlhttp://www.secuobs.com/revue/news/295319.shtml Secuobs.com : 2011-03-31 08:37:47 - ISN InfoSec News Mailing List - InfoSec News Thief Gets Away with Eisenhower Medical Center Computer http wwwkpsplocal2com news local story Thief-Gets-Away-with-Eisenhower-Medical-Center iHz9UARsj02KcejAkj2inAcspx By KPSP Local 2 News kpsplocal2com 3 30 2011 A computer housing the information of thousands of Eisenhower Medical Center has been stolen, potentially compromising a half of a million records The Rancho Mirage hospital says the computer was taken back on March 11, but it wasn't discovered missing until March 14 when a worker returned from the weekend A report was filed with the Riverside County Sheriff's Department on March 18, but no arrests have been made We're told that the records of more than 514,000 patients were on the computer, which listed patients names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers The computer did not contain any information regarding the patients' medical conditions or treatments at EMC or any other medical records, a press released issued by the hospital said http://www.secuobs.com/revue/news/295318.shtmlhttp://www.secuobs.com/revue/news/295318.shtml Secuobs.com : 2011-03-31 08:37:47 - ISN InfoSec News Mailing List - InfoSec News HealthSec '11 Submission Deadline Approaching Forwarded from Lionel Garth Jones We are writing to remind you that the submission deadline for the 2nd USENIX Workshop on Health Security and Privacy HealthSec '11 is quickly approaching Please submit all work by Tuesday, April 5, 2011, at 11 59 pm UTC 7 59 pm http://www.secuobs.com/revue/news/295317.shtmlhttp://www.secuobs.com/revue/news/295317.shtml Secuobs.com : 2011-03-30 12:43:52 - ISN InfoSec News Mailing List - InfoSec News Report NASA Vulnerable To Crippling Cyber Attacks http wwwibtimescom articles 128181 20110329 nasa-audit-cyber-attacks-cybercriminals-inspector-generalhtm By Gabriel Perna International Business Times March 29, 2011 The computer network NASA relies upon to carry out its billion dollar missions is just like your Mac or PC at home http://www.secuobs.com/revue/news/295080.shtmlhttp://www.secuobs.com/revue/news/295080.shtml Secuobs.com : 2011-03-30 12:43:52 - ISN InfoSec News Mailing List - InfoSec News SecurID Breach Warning Signs In The Audit Logs http wwwdarkreadingcom security-monitoring 167901086 security security-management 229400558 securid-breach-warning-signs-in-the-audit-logshtml By Kelly Jackson Higgins Darkreading March 29, 2011 Most security experts caution RSA SecurID customers not to panic about http://www.secuobs.com/revue/news/295079.shtmlhttp://www.secuobs.com/revue/news/295079.shtml Secuobs.com : 2011-03-30 12:43:52 - ISN InfoSec News Mailing List - InfoSec News BP employee loses laptop containing data on 13, 000 oil spill claimants http wwwcomputerworldcom s article 9215316 BP_employee_loses_laptop_containing_data_on_13_000_oil_spill_claimants By Jaikumar Vijayan Computerworld March 29, 2011 The personal information of 13,000 individuals who had filed compensation claims with BP after last year's disastrous oil spill may have been potentially compromised after a laptop containing the data was lost by a BP employee The information, which had been stored in an unencrypted fashion on the missing computer, included the names, Social Security numbers, addresses, phone numbers, and dates of birth of those who filed claims related to the Deepwater Horizon accident BP said in a statment that the personal information had been stored in a spreadsheet maintained by the company for the purposes of tracking claims arising from the accident The lost laptop was immediately reported to law enforcement authorities and BP security, but has not been located despite a thorough search, BP said on Tuesday The information was part of a claims process that was implemented before BP had established its Gulf Coast Claims Facility http://www.secuobs.com/revue/news/295078.shtmlhttp://www.secuobs.com/revue/news/295078.shtml Secuobs.com : 2011-03-30 12:43:52 - ISN InfoSec News Mailing List - InfoSec News ASIO plugs national security gap http wwwdailytelegraphcomau news national asio-plugs-national-security-gap story-e6freuzr-1226030367928 By Simon Benson The Daily Telegraph March 30, 2011 SPY agencies moved to plug a major national security hole in the Federal Parliament after it was discovered computers of several Cabinet http://www.secuobs.com/revue/news/295077.shtmlhttp://www.secuobs.com/revue/news/295077.shtml Secuobs.com : 2011-03-29 08:35:53 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, March 20, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 20, 2011 20 Incidents Added http://www.secuobs.com/revue/news/294744.shtmlhttp://www.secuobs.com/revue/news/294744.shtml Secuobs.com : 2011-03-29 08:35:53 - ISN InfoSec News Mailing List - InfoSec News Oz parliamentary network breached http wwwtheregistercouk 2011 03 28 china_hacks_oz_parliament_net By Richard Chirgwin The Register 28th March 2011 In a security breach that presumably now has Chinese spies trawling through the kind of letters MPs do their best to deflect or ignore, the http://www.secuobs.com/revue/news/294743.shtmlhttp://www.secuobs.com/revue/news/294743.shtml Secuobs.com : 2011-03-29 08:35:53 - ISN InfoSec News Mailing List - InfoSec News MySQL Web site falls victim to SQL injection attack http wwwcomputerworldcom s article 9215249 MySQL_Web_site_falls_victim_to_SQL_injection_attack By Jeremy Kirk IDG News Service March 28, 2011 Oracle's MySQLcom customer Web site was compromised over the weekend by a pair of hackers who publicly posted usernames, and in some cases http://www.secuobs.com/revue/news/294742.shtmlhttp://www.secuobs.com/revue/news/294742.shtml Secuobs.com : 2011-03-29 08:35:53 - ISN InfoSec News Mailing List - InfoSec News Researchers point out holes in McAfee's Web site http newscnetcom 8301-27080_3-20048135-245html By Elinor Mills InSecurity Complex CNet News March 28, 2011 Researchers disclosed on a public security e-mail list today three vulnerabilities in the Web site of security firm McAfee, whose site has been found to have bugs several times before http://www.secuobs.com/revue/news/294741.shtmlhttp://www.secuobs.com/revue/news/294741.shtml Secuobs.com : 2011-03-28 13:12:14 - ISN InfoSec News Mailing List - InfoSec News Saskatchewan privacy commissioner dumpster dives to recover medical files http wwwwinnipegfreepresscom arts-and-life life health saskatchewan-privacy-commissioner-wades-through--dumpster-to-recover-files-118588064html By Jennifer Graham The Canadian Press 03 24 2011 REGINA - Dumpster diving isn't something Saskatchewan's privacy http://www.secuobs.com/revue/news/294519.shtmlhttp://www.secuobs.com/revue/news/294519.shtml Secuobs.com : 2011-03-28 13:12:14 - ISN InfoSec News Mailing List - InfoSec News Solo Iranian hacker takes credit for Comodo certificate attack http wwwcomputerworldcom s article 9215245 Solo_Iranian_hacker_takes_credit_for_Comodo_certificate_attack By Gregg Keizer Computerworld March 27, 2011 A solo Iranian hacker on Saturday claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, http://www.secuobs.com/revue/news/294518.shtmlhttp://www.secuobs.com/revue/news/294518.shtml Secuobs.com : 2011-03-28 13:12:14 - ISN InfoSec News Mailing List - InfoSec News Bank Of America Accounts Hacked http wwwclickondetroitcom news 27328557 detailhtml WDIV Detroit March 26, 2011 ROYAL OAK, Mich -- Thousands of Bank of America customers' account information could be in jeopardy after a major security breach Christy Clark went to a Royal Oak drug store Friday, but when her debit http://www.secuobs.com/revue/news/294517.shtmlhttp://www.secuobs.com/revue/news/294517.shtml Secuobs.com : 2011-03-28 13:12:14 - ISN InfoSec News Mailing List - InfoSec News Russian Security Team to Upgrade SCADA Exploit Tool http wwwpcworldcom businesscenter article 223317 russian_security_team_to_upgrade_scada_exploit_toolhtml By Jeremy Kirk IDG News March 25, 2011 A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new http://www.secuobs.com/revue/news/294516.shtmlhttp://www.secuobs.com/revue/news/294516.shtml Secuobs.com : 2011-03-28 13:12:14 - ISN InfoSec News Mailing List - InfoSec News Computer files lost at Maryville http wwwchicagobreakingnewscom news local chibrknews-computer-files-lost-at-maryville-20110325,0,783981story Chicago Breaking News Staff report March 25, 2011 A Des Plaines-based social service agency that serves abused children announced today that computer files containing personal and medical information on almost 4,000 children who lived at agency facilities dating back to 1992 are missing Maryville Academy, which last year worked with about 1,600 children in residential, shelter and hospital programs, lost three files with information on about 3,900 people, the agency said in an email this afternoon The files were either stolen or misplaced The files were in a locked storage room in Maryville s facility in Des Plaines The agency is investigating how they may have disappeared, Sister Catherine F Ryan, Maryville s executive director, said in the statement Data in the files may include birth dates, relatives names, Social Security numbers, medical treatment and other information http://www.secuobs.com/revue/news/294515.shtmlhttp://www.secuobs.com/revue/news/294515.shtml Secuobs.com : 2011-03-28 13:12:14 - ISN InfoSec News Mailing List - InfoSec News Slightly Off-Topic The Greatest Pre-Launch Start-Up Pitch Ever This is slighty off-topic for InfoSec News, but I've started paying attention to the venture capital security space for possible inclusion in the next version of ISN BUT if you're an angel or venture capitalist and would like to hear a couple of interesting security and networking ideas, please drop me a line at wk at infosecnews Dot org and I'll be happy to put you in touch with those parties So I've watched this YouTube video below about three times, and I was convinced this was one of the best social engineering stunts ever caught on video, til I started 'lightly' researching 'Rachel Sequoia' and found the article below, now I'm not so sure, I think she's serious http wwwyoutubecom watch v wyrFWbGiGOc Enjoy William Knowles InfoSecNewsorg - - http networkeffectallthingsdcom 20110325 viral-video-the-greatest-pre-launch-start-up-pitch-ever By Liz Gannes NetworkEffect AllThingsD March 25, 2011 It s start-up demo season in Silicon Valley not that pitching start-ups ever goes out of season in California And here is a video of the Silicon Valley start-up pitch in its most ultimate form I have watched this at least four times tonight Let s not give away too much of the big idea, but every good pitch needs Stories of personal relevance Mumbo-jumbo about a big market A plan to spend and make money Boasts of differentiated technology A check-in app Share the Air lacks none of these How real is this Well, presenter Rachel Sequoia apparently did participate in an investor pitch session at the one and only meeting of the Venture Capital Fundraising Club of Silicon Valley in February http://www.secuobs.com/revue/news/294514.shtmlhttp://www.secuobs.com/revue/news/294514.shtml Secuobs.com : 2011-03-25 08:14:37 - ISN InfoSec News Mailing List - InfoSec News Congressman Probing HBGary Scandal Fears Domestic Surveillance http blogsforbescom parmyolson 2011 03 23 congressman-probing-hbgary-scandal-fears-domestic-surveillance By Parmy Olson Forbescom March 23 2011 When a small team of hackers launched a 24-hour assault on software security firm HBGary Federal last month, they did so to take revenge on http://www.secuobs.com/revue/news/294117.shtmlhttp://www.secuobs.com/revue/news/294117.shtml Secuobs.com : 2011-03-25 08:14:37 - ISN InfoSec News Mailing List - InfoSec News European Commission hit by cyberattack http wwwcomputerworldcom s article 9215041 European_Commission_hit_by_cyberattack By Jennifer Baker IDG News Service March 24, 2011 The European Commission, including the body's diplomatic arm, has been hit by what officials said Thursday was a serious cyberattack http://www.secuobs.com/revue/news/294116.shtmlhttp://www.secuobs.com/revue/news/294116.shtml Secuobs.com : 2011-03-25 08:14:37 - ISN InfoSec News Mailing List - InfoSec News Gmail, Hotmail Pose Government Security Risk http wwwinformationweekcom news security vulnerabilities showArticlejhtml articleID 229400231 By Mathew J Schwartz InformationWeek March 24, 2011 Government use of Webmail is under fire in Australia, with one government oversight group calling for it to be blocked inside http://www.secuobs.com/revue/news/294115.shtmlhttp://www.secuobs.com/revue/news/294115.shtml Secuobs.com : 2011-03-25 08:14:37 - ISN InfoSec News Mailing List - InfoSec News Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack http wwweweekcom c a Security Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785 By Fahmida Y Rashid eWEEKcom 2011-03-24 TripAdvisor discovered a data breach in its systems that allowed attackers to grab a portion of the Web site s membership list from its http://www.secuobs.com/revue/news/294114.shtmlhttp://www.secuobs.com/revue/news/294114.shtml Secuobs.com : 2011-03-24 11:38:18 - ISN InfoSec News Mailing List - InfoSec News 7 communication mistakes CSOs still make http wwwcsoonlinecom article 677948 7-communication-mistakes-csos-still-make By Joan Goodchild Senior Editor CSO March 23, 2011 For many years, we heard security professionals lament the way they are perceived Terms such as the place where good ideas go to die and the http://www.secuobs.com/revue/news/293850.shtmlhttp://www.secuobs.com/revue/news/293850.shtml Secuobs.com : 2011-03-24 11:38:18 - ISN InfoSec News Mailing List - InfoSec News Tech Insight HTTPS Is Evil http wwwdarkreadingcom authentication 167901072 security privacy 229301300 tech-insight-https-is-evilhtml By Adam Ely Contributing Writer Darkreading Mar 23, 2011 Last week, Twitter joined Facebook and other social networks in a default HTTPS option to help protect the privacy of users on its site Many believe the author of FireSheep is to thank for pushing HTTPS support up the priority list for social networks With the new HTTPS setting, millions of people are now able to protect their private -- and not so private -- postings from prying eyes on airplanes, at coffee shops, or anywhere else they might browse their favorite social network sites Facebook was cheered by the security community for finally taking this fundamental step in protecting the sessions and data of users Enterprise IT organizations, on the other hand, aren't so sure about the new security measures Their first question How do you monitor what's coming in and out of the corporation if all of the transports are encrypted The perils of social networks have been researched and reported many times The reality is that any transport method out of an organization http://www.secuobs.com/revue/news/293849.shtmlhttp://www.secuobs.com/revue/news/293849.shtml Secuobs.com : 2011-03-24 11:38:18 - ISN InfoSec News Mailing List - InfoSec News Federal Cyber Attacks Rose 39pourcents In 2010 http wwwinformationweekcom news government security showArticlejhtml articleID 229400156 By Elizabeth Montalbano InformationWeek March 23, 2011 Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents http://www.secuobs.com/revue/news/293848.shtmlhttp://www.secuobs.com/revue/news/293848.shtml Secuobs.com : 2011-03-24 11:38:18 - ISN InfoSec News Mailing List - InfoSec News ZeuS cybercrime cookbook on sale in underground forums http wwwtheregistercouk 2011 03 23 zeus_source_code_sale By John Leyden The Register 23rd March 2011 Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit though underground forums The would-be seller, nicknamed IOO, has lent credibility to the offer by including screenshots of what appears to be portions of the source code for ZeuS to his sales pitch IOO offers to discuss the sale to prospective buyers via either Jabber or ICQ He is prepared to accept payment via any escrow service The screenshots make reference to peinfectorcpp, a project of ZeuS known as Murofet Security researchers - while unable to verify the sale is genuine - are taking the potential offer seriously Prior to this there were several rumors that the Zeus Zbot code was sold to the creator of SpyEye, writes Peter Kruse, an eCrime specialist who works for Danish security consultancy CSIS Security http://www.secuobs.com/revue/news/293847.shtmlhttp://www.secuobs.com/revue/news/293847.shtml Secuobs.com : 2011-03-24 11:38:18 - ISN InfoSec News Mailing List - InfoSec News Firm points finger at Iran for SSL certificate theft http wwwcomputerworldcom s article 9214998 Firm_points_finger_at_Iran_for_SSL_certificate_thefthttp wwwcomputerworldcom s article 9214998 Firm_points_finger_at_Iran_for_SSL_certificate_theft By Gregg Keizer Computerworld March 23, 2011 Iran may have been involved in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL certificates through its UserTrust arm Today, Comodo's CEO said his company believes the attack was state-sponsored and pointed a finger at Iran We believe these are politically motivated, state driven funded attacks, said Melih Abdulhayoglu, the CEO and founder of Comodo, a Jersey City, NJ-based security company that is also allowed to issue site certificates http://www.secuobs.com/revue/news/293846.shtmlhttp://www.secuobs.com/revue/news/293846.shtml Secuobs.com : 2011-03-24 11:38:18 - ISN InfoSec News Mailing List - InfoSec News SecArt-11 3rd Workshop on Intelligent Security - Deadline Approaching April 4, 2011 Forwarded from Yacine Zemali Apologies if you receive multiple copies Please distribute this call to interested parties 3rd Workshop on Intelligent Security Security and Artificial Intelligence SecArt-11 http://www.secuobs.com/revue/news/293845.shtmlhttp://www.secuobs.com/revue/news/293845.shtml Secuobs.com : 2011-03-23 11:35:52 - ISN InfoSec News Mailing List - InfoSec News Nasdaq Hasn't Lost Any Clients Because Of Hacking - Executive http onlinewsjcom article BT-CO-20110322-714075html By Kristina Peterson DOW JONES NEWSWIRES MARCH 22, 2011 NEW YORK Dow Jones -- Nasdaq OMX Group Inc NDAQ hasn't lost any clients at its corporate-communications service because of last month's http://www.secuobs.com/revue/news/293564.shtmlhttp://www.secuobs.com/revue/news/293564.shtml Secuobs.com : 2011-03-23 11:35:52 - ISN InfoSec News Mailing List - InfoSec News SecurID Customers Advised To Prepare For Worst Case http wwwinformationweekcom news security attacks showArticlejhtml articleID 229301337 By Mathew J Schwartz InformationWeek March 22, 2011 How serious is the security threat posed by the theft of inside information about SecurID, the two-factor authentication system sold by http://www.secuobs.com/revue/news/293563.shtmlhttp://www.secuobs.com/revue/news/293563.shtml Secuobs.com : 2011-03-23 11:35:52 - ISN InfoSec News Mailing List - InfoSec News RSA hack -- a lesson in how not to handle a PR disaster http eskenziwordpresscom 2011 03 21 rsa-hack-pourcentsE2pourcents80pourcents93-a-lesson-in-how-not-to-handle-a-pr-disaster By yvonneeskenzi March 21, 2011 I ve been doing PR for the IT security industry for 16 years and there has never been such a major breach to an IT security vendor, as the one http://www.secuobs.com/revue/news/293562.shtmlhttp://www.secuobs.com/revue/news/293562.shtml Secuobs.com : 2011-03-23 11:35:52 - ISN InfoSec News Mailing List - InfoSec News USENIX LEET '11 in Two Weeks Forwarded from Lionel Garth Jones I'm writing to remind you that the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats LEET '11 is just a week away There's still time Register today and join us in Boston, MA, on March 29, 2011 http://www.secuobs.com/revue/news/293561.shtmlhttp://www.secuobs.com/revue/news/293561.shtml Secuobs.com : 2011-03-22 11:39:44 - ISN InfoSec News Mailing List - InfoSec News Natalie Portman joins list of compromised celebs http wwwsmhcomau lifestyle people natalie-portman-joins-list-of-compromised-celebs-20110322-1c4bthtml The Sydney Morning Herald March 22, 2011 Natalie Portman has been named among a growing list of stars who have allegedly been targeted by a ring of internet hackers http://www.secuobs.com/revue/news/293266.shtmlhttp://www.secuobs.com/revue/news/293266.shtml Secuobs.com : 2011-03-22 11:39:44 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, March 13, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 13, 2011 61 Incidents Added http://www.secuobs.com/revue/news/293265.shtmlhttp://www.secuobs.com/revue/news/293265.shtml Secuobs.com : 2011-03-22 11:39:44 - ISN InfoSec News Mailing List - InfoSec News Why DHS, Not White House, Took Lead on RSA Breach Response http wwwgovinfosecuritycom articlesphp art_id 3454 By Eric Chabrow Executive Editor GovInfoSecuritycom March 21, 2011 Pondering government cybersecurity leadership, first thoughts might go to the White House and the office of Cybersecurity Coordinator Howard Schmidt http://www.secuobs.com/revue/news/293264.shtmlhttp://www.secuobs.com/revue/news/293264.shtml Secuobs.com : 2011-03-22 11:39:44 - ISN InfoSec News Mailing List - InfoSec News S Korea to tighten security of gov't computer networks against DDoS attack http englishyonhapnewscokr national 2011 03 22 16 0301000000AEN20110322003200315FHTML 2011 03 22 SEOUL, March 22 Yonhap -- Security of the state Internet network being used by central and local administrations will be beefed up, the home affairs ministry said Tuesday, after the country came under a massive cyber attack, known as the distributed denial-of-service DDoS attack, early this month The Ministry of Public Administration and Security said it will put intranets of city, county and ward offices as well as the state Internet network under the protection of the government's computer system to automatically shut off abnormally heavy traffic and provide security against DDoS attacks The government will also build a computer system for sharing information on malignant codes in cooperation with civilian experts, Kim Nam-seok, the first vice home affairs minister, said during a forum with chief computer security officers here Hiring 60 more computer security officials for central and local governments and providing them short-term domestic and overseas trainings this year were also part of the countermeasures http://www.secuobs.com/revue/news/293263.shtmlhttp://www.secuobs.com/revue/news/293263.shtml Secuobs.com : 2011-03-22 11:39:44 - ISN InfoSec News Mailing List - InfoSec News New Workshop USENIX FOCI '11 Call for Papers Now Available Forwarded from Lionel Garth Jones On behalf of the first USENIX Workshop on Free and Open Communications on the Internet FOCI '11 program committee, we invite you to submit short position papers or work-in-progress reports on policies or http://www.secuobs.com/revue/news/293262.shtmlhttp://www.secuobs.com/revue/news/293262.shtml Secuobs.com : 2011-03-18 12:14:34 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-11 The Secunia Weekly Advisory Summary 2011-03-10 - 2011-03-17 This week 67 advisories http://www.secuobs.com/revue/news/292546.shtmlhttp://www.secuobs.com/revue/news/292546.shtml Secuobs.com : 2011-03-18 12:14:34 - ISN InfoSec News Mailing List - InfoSec News Vanessa Hudgens in talks with police over nude photo leak as FBI close in on celebrity hacker ring http wwwdailymailcouk tvshowbiz article-1367160 Vanessa-Hudgens-talks-police-nude-photo-leak-FBI-close-celebrity-hacker-ringhtml By Daily Mail Reporter 17th March 2011 High School Musical star Vanessa Hudgens met with police yesterday to discuss her latest nude photo scandal http://www.secuobs.com/revue/news/292545.shtmlhttp://www.secuobs.com/revue/news/292545.shtml Secuobs.com : 2011-03-18 12:14:34 - ISN InfoSec News Mailing List - InfoSec News GAO Says IRS Data Security Problems Persist http wwwinformationweekcom news government security showArticlejhtml articleID 229301206 By Elizabeth Montalbano InformationWeek March 17, 2011 The IRS still isn't doing enough security-wise to protect the confidentially of financial and taxpayer information -- particularly http://www.secuobs.com/revue/news/292544.shtmlhttp://www.secuobs.com/revue/news/292544.shtml Secuobs.com : 2011-03-18 12:14:34 - ISN InfoSec News Mailing List - InfoSec News RSA warns SecurID customers after company is hacked http wwwcomputerworldcom s article 9214757 RSA_warns_SecurID_customers_after_company_is_hacked By Robert McMillan IDG News Service March 17, 2011 EMC's RSA Security division says the security of the company's two-factor SecurID tokens could be at risk following a sophisticated http://www.secuobs.com/revue/news/292543.shtmlhttp://www.secuobs.com/revue/news/292543.shtml Secuobs.com : 2011-03-17 12:11:43 - ISN InfoSec News Mailing List - InfoSec News RIM urges BlackBerry users to turn off JavaScript http wwwnetworkworldcom news 2011 031611-rim-blackberry-javascripthtml By Brad Reed Network World March 16, 2011 Research in Motion is recommending that IT departments and users disable JavaScript on their BlackBerry devices, citing a vulnerability unearthed http://www.secuobs.com/revue/news/292251.shtmlhttp://www.secuobs.com/revue/news/292251.shtml Secuobs.com : 2011-03-17 12:11:43 - ISN InfoSec News Mailing List - InfoSec News Security Experts 'A Wake-up Call for the Rest of the World' http wwwbankinfosecuritycom articlesphp art_id 3432 By Tracy Kitten Managing Editor Bank Info Security March 16, 2011 The crisis in Japan shows the world is an increasingly smaller place On Tuesday, stocks in the US and Europe took hits, as the impact of http://www.secuobs.com/revue/news/292250.shtmlhttp://www.secuobs.com/revue/news/292250.shtml Secuobs.com : 2011-03-17 12:11:43 - ISN InfoSec News Mailing List - InfoSec News Hospitality Industry On Mission To Curb Cyberattacks http wwwdarkreadingcom authentication 167901072 security attacks-breaches 229301147 hospitality-industry-on-mission-to-curb-cyberattackshtml By Kelly Jackson Higgins Darkreading March 16, 2011 Three major hospitality trade associations have banded together to warn http://www.secuobs.com/revue/news/292249.shtmlhttp://www.secuobs.com/revue/news/292249.shtml Secuobs.com : 2011-03-17 12:11:43 - ISN InfoSec News Mailing List - InfoSec News CarolinaCon-7 - Apr 29th thru May 1st 2011 - Raleigh NC Forwarded from Vic Vandal We're baaaaaaack CarolinaCon-7 will be held on April 29th thru May 1st 2011 in Raleigh NC For the cheap price of your average movie admission with popcorn and a drink YOU could get a full weekend of the following instead http://www.secuobs.com/revue/news/292248.shtmlhttp://www.secuobs.com/revue/news/292248.shtml Secuobs.com : 2011-03-16 08:05:51 - ISN InfoSec News Mailing List - InfoSec News Dataloss Weekly Summary Week of Sunday, March 6, 2011 Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 6, 2011 6 Incidents Added http://www.secuobs.com/revue/news/291954.shtmlhttp://www.secuobs.com/revue/news/291954.shtml Secuobs.com : 2011-03-16 08:05:51 - ISN InfoSec News Mailing List - InfoSec News Ottawa urged to fight power-grid hackers http wwwcanadacom technology Ottawa urged fight power grid hackers 4442522 storyhtml By Ian MacLeod Postmedia News March 15, 2011 Computer hackers are penetrating Canada's power grid, say industry insiders who want the federal government to act http://www.secuobs.com/revue/news/291953.shtmlhttp://www.secuobs.com/revue/news/291953.shtml Secuobs.com : 2011-03-16 08:05:51 - ISN InfoSec News Mailing List - InfoSec News Web attackers deface gov't sites, steal from financials http wwwcsoonlinecom article 677028 web-attackers-deface-gov-t-sites-steal-from-financials By Robert Lemos CSO March 15, 2011 Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web http://www.secuobs.com/revue/news/291952.shtmlhttp://www.secuobs.com/revue/news/291952.shtml Secuobs.com : 2011-03-14 07:56:40 - ISN InfoSec News Mailing List - InfoSec News Red Flag cyber operations Part II - Cyber operators stand against red team 'aggressors' http wwwafspcafmil news storyasp id 123246419 By Tech Sgt Scott McNabb 24th Air Force Public Affairs 3 11 2011 NELLIS AIR FORCE BASE, Nev -- It's not supposed to be easy For the first time in Red Flag exercise history, cyber and space operators are a fully integrated part of the friendly forces blue team that defend the interest of the United States and her allies against the aggressors of the red team It's imperative that our operators are faced with difficult scenarios The intent is that they learn from the high pressure scenarios to rapidly and deliberately integrate their unique skills and capabilities with air and space forces to better prepare them grow as cyber operators and as leaders, said Col Mark Ware, 24th Air Force director of operations When the other Airmen participating in Red Flag see the impact on flying and space operations with and without cyber support, they should better understand what their cyber teammates bring to the fight and how we can all work together to defeat our adversaries Initial results from the realistic combat training exercise indicate the blue team's cyber operators made it through early struggles to reach mission success and, in some cases, shut down various red team capabilities before they were employed The way I see it, in ancient Greek or Roman times, warriors wore 60 to 70 pounds of armor, said 2nd Lt Louis Murphy, who belongs to the 33rd Network Warfare Squadron, but served as commander for the blue team, working out of the Information Operations range, located at Lackland Air Force Base, Texas Today in Iraq and Afghanistan, they also wear about 60 to 70 pounds of body armor It's a lot better armor, but it's never perfect The same is true for cyber No matter what program you have, it won't be perfect You adjust and get better Red team's cyber aggressors are formidable and push the blue team to their very limits Elements of Red Flag's cyber red team include - Detachment 2, 318th Information Operations Group, charged with creating an exercise scenario that will allow for realistic cyber play and integration with standard kinetic operations - The 57th Information Aggressor Squadron provides the cyber targets for US Air Force cyber warfighters - The 177th Information Aggressor Squadron, Kansas Air National Guard, is the sister squadron to the 57th IAS These units along with some individual Reserve Airmen provide a wide breadth of opposition for the blue team to lock horns with Capt Christian Fisher, Det 2 Exercise Flight commander, said he and others worked on scenarios for months to optimize the training experience It is important for cyber operations to be included in Red Flag so that members of the cyber community can plan and execute a mission alongside the air and space operations communities, said Captain Fisher Without integrating those three, no one outside the cyber community is ever going to know where cyber operations are going to be beneficial because they will have no idea what the cyber community is capable of In order to make cyber operations as effective as they can be they need to be integrated with air and space operations, and the first step of that integration is participating in large force exercises like Red Flag where non-cyber operators can see what cyber brings to the fight Seamless integration of joint operations is the ultimate goal for these new efforts in Red Flag, said Maj Gen Richard Webber, 24th Air Force commander We are elevating the level of training to new heights, in order to learn how to best employ our operational forces to achieve desired effects for the joint and coalition teams Captain Fisher said the impact of including cyber operations in Red Flag is that it allows for more solutions to the tactical problems that are presented to the exercise participants In some cases cyber operations may allow for a similar but less persistent effect on a target set than dropping a bomb, which may be more beneficial in the long term depending on what the desired end state is, he said It's really how Red Flag continues to be a premier training event for the Air Force even as the operational environment changes based on the evolution of technology Maj Frank Lyons, 57th IAS team chief, gave an example of a possible scenario his red aggressors would test the blue team with We the red team set up a cyber café where a terrorist is uploading the latest propaganda video to a server so all his buddies can see it, he said The blue forces would do something to either prevent the video from being seen, or to prevent the terrorist from having Internet access Each cyber aggressor team varies in size according to the mission For Red Flag 11-3, there are 24 team members operating as the adversary Maj Drew Bjerken, 177th IAS Weapons and Tactics Flight commander and overall Red Flag 11-3 red team mission commander, said he looks forward to presenting a cyber adversary that is reactive and in some cases aggressive rather than only providing targets as in years past The majority of the red team offensive cyber operators come from the 177th IAS while the majority of the red team defenders belong to the 57th IAS Allowing red to go offensive presents blue net defenders their first opportunity to integrate so deeply into Red Flag, said Major Bjerken This integration is key, as Air and Space Operations Centers commanders know what to do when they are under attack by air or ground forces, but often they are unaware of how to react and what needs to be done when under attack by cyber forces Chief Master Sgt Kevin Slater, 24th Air Force command chief, said operations integration may be the most important success story of this exercise Cyber's integration into Red Flag is as much about educating our air and space teammates on the critical mission assurance attributes of cyber as it is an opportunity to further our efforts to operationalize the cyber domain and the cyber warriors who operate in it, he explained Cyber operators taking part in Red Flag didn't happen overnight Captain Fisher said he, personally, has been integrating cyber operations into US Warfare Center exercises, to include Red Flag, for two years now He said Det 2, 318th IOG has been doing this for almost six years This was the next logical step as we continue to mature Air Force cyber operations We are building a Culture of Cyber in the Air Force, structuring cyber training in the model of air and space operations training, said General Webber Red Flag is the best tactical exercise in the world and adding cyber to the 'fight' made sense because the cyber domain is integral to the Air Force's ability to fly, fight and win Our operators are getting right alongside their air and space counterparts, testing their abilities in realistic wartime situations This will make Red Flag more realistic and train our Airmen to make the right decisions when things get tough Captain Fisher said a successful exercise is one where the participants learn something He wants cyber operators to walk away from this exercise with a better understanding of operations outside of the cyber community, based on their interaction with everyone else during this exercise I think the biggest area for improvement for the cyber community is going to come from the lessons that we learn in running the command and control of cyber operations within the AOC, he said Currently there exist a handful of theories on how to best integrate and control cyber operations within the AOC this will be one of the first exercises where we will be executing operations based on some of those theories When the exercise is done, we should be able to walk away with a much clearer understanding of where cyber operations fits into the AOC structure and what the best way to C2 cyber operations within the AOC is The final week of Red Flag 11-3 is underway and cyber inputs will add the crescendo to this unique exercise General Webber said he looks forward to studying the results of the exercise, and is thankful the men and women in cyber operations will be able to take their experiences back with them The red team is truly testing the skills of our blue team members, but the blue team continues to counter the attacks and strengthen the defense, he said As tactical cyber involvement grows within Red Flag and more of our operators get the opportunity to take part in the exercises, we will create a more seasoned, battle-ready cyber force I hope that our cyber, space and air operators all come away from this exercise with an appreciation for each other's missions, and bring back to real-life operations a sense of how to better coordinate and integrate for greater operational results Editor's Note This is the second story in a series about Air Force cyber operators taking exercise inputs in Red Flag http://www.secuobs.com/revue/news/291382.shtmlhttp://www.secuobs.com/revue/news/291382.shtml Secuobs.com : 2011-03-14 07:56:40 - ISN InfoSec News Mailing List - InfoSec News Backup Files Put Database Information At Risk http wwwdarkreadingcom database-security 167901020 security storage-security 229300828 backup-files-put-database-information-at-riskhtml By Ericka Chickowski Contributing Writer Darkreading March 11, 2011 No matter how many safeguards organizations install to protect their http://www.secuobs.com/revue/news/291381.shtmlhttp://www.secuobs.com/revue/news/291381.shtml Secuobs.com : 2011-03-14 07:56:40 - ISN InfoSec News Mailing List - InfoSec News Murdoch reporter 'hired computer hacker' http wwwindependentcouk news media press murdoch-reporter-hired-computer-hacker-2240975html By Cahal Milmo and Martin Hickman Independentcouk 14 March 2011 A senior journalist at Rupert Murdoch's News of the World allegedly paid a private investigator to hack into the computer of a former intelligence officer The BBC's Panorama programme, to be broadcast tonight, will claim that the hacking led to the interception of emails in July 2006, when the newspaper was being edited by Andy Coulson, who later resigned as the Prime Minister's communications director Mr Coulson, who is not the senior journalist who allegedly commissioned the hacking, has always denied any knowledge of lawbreaking at the title According to Panorama, one attempt centred on a former intelligence officer who had sensitive information about an informant in Northern Ireland who was the subject of a court order Football managers are also said to have been the target of computer hacking So far allegations of hacking at the News of the World NotW have involved the illegal eavesdropping of mobile phone voicemails The NotW's royal editor Clive Goodman was jailed alongside a private investigator, Glenn Mulcaire, four years ago for hacking the phones of royal aides http://www.secuobs.com/revue/news/291380.shtmlhttp://www.secuobs.com/revue/news/291380.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News Man allegedly hacked boss's e-mail after firing http wwwsheboyganpresscom article 20110311 SHE0101 103110440 Man-allegedly-hacked-boss-s-e-mail-after-firing Sheboygan Press staff March 10, 2011 A 19-year-old Plymouth man was charged Wednesday for allegedly hacking into his former boss's e-mail account after being fired, using it to http://www.secuobs.com/revue/news/291023.shtmlhttp://www.secuobs.com/revue/news/291023.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2011-10 The Secunia Weekly Advisory Summary 2011-03-03 - 2011-03-10 This week 67 advisories http://www.secuobs.com/revue/news/291022.shtmlhttp://www.secuobs.com/revue/news/291022.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News New Jersey Nearly Sold Secret Data http wwwnytimescom 2011 03 10 nyregion 10computershtml By RICHARD PÉREZ-PEÑA The New York Times March 9, 2011 Files on abused children Employee evaluations Tax returns A list of computer passwords Names, addresses, birth dates and other information http://www.secuobs.com/revue/news/291021.shtmlhttp://www.secuobs.com/revue/news/291021.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News Electronic Health Records Raise Security Risks http wwwinformationweekcom news healthcare security-privacy showArticlejhtml articleID 229300722 By Nicole Lewis InformationWeek March 10, 2011 According to a survey of 1,000 people who recently visited a healthcare facility, 49pourcents believe that electronic health records EHRs will have a http://www.secuobs.com/revue/news/291020.shtmlhttp://www.secuobs.com/revue/news/291020.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News iPhone, BlackBerry tumble to Pwn2Own hackers http wwwcomputerworldcom s article 9214169 iPhone_BlackBerry_tumble_to_Pwn2Own_hackers By Gregg Keizer Computerworld March 10, 2011 Apple's iPhone 4 and RIM's BlackBerry Torch 9800 both succumbed to hackers today at Pwn2Own, but two other smartphones running Android and http://www.secuobs.com/revue/news/291019.shtmlhttp://www.secuobs.com/revue/news/291019.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News Stolen laptop creates concern for OrthoMontana patients http billingsgazettecom news local crime-and-courts article_94661460-7145-57e2-8670-1548341b0588html By Rob Rogers The Billings Gazette March 10, 2011 OrthoMontana is scrambling to warn current and past patients that their personal information may be on a laptop computer that was recently http://www.secuobs.com/revue/news/291018.shtmlhttp://www.secuobs.com/revue/news/291018.shtml Secuobs.com : 2011-03-11 15:43:01 - ISN InfoSec News Mailing List - InfoSec News Techies Get to Work at Hacker Dojo http onlinewsjcom article SB10001424052748703386704576186530946790912html By GEOFFREY A FOWLER The Wall Street Journal March 10, 2011 MOUNTAIN VIEW -- In Silicon Valley, sometimes even computer geeks want a little human contact And one place they gather is Hacker Dojo in http://www.secuobs.com/revue/news/291017.shtmlhttp://www.secuobs.com/revue/news/291017.shtml Secuobs.com : 2011-03-10 15:53:16 - ISN InfoSec News Mailing List - InfoSec News 35,000 Chinese websites hacked in 2010 http englishpeoplecomcn 90001 98649 7315003html By People's Daily Online March 10, 2011 A total of 35,000 websites on the Chinese mainland were attacked by hackers in 2010, including 4,635 government websites, according to the Internet security report released by the National Computer Network Emergency Response Technical Team Coordination Center of China CNCERT CC on March 9 The report shows that the IP addresses of 5 million domestic host computers were infected with a trojan horse or corpse virus According to the report, government websites are vulnerable to hacker attacks and websites of financial institutions have become the main targets of hackers According to the monitoring by the CNCERT CC, 35,000 websites on Chinese mainland were victims of hackers in 2010, a decrease of 22 percent from 2009 Of them, however, 4,635 were government websites, an increase of 68 percent from a year earlier Around 60 percent of ministerial-level websites have potential security risks to various degrees Hackers use two main means to attack government websites One means is to turn the homepage of government websites into that of hacker organizations in order to show off their skills and the other is to hide hackers' own pages on government Web sites before telling potential buyers that the servers and bandwidth of the government Web sites have been under their control and can be leased and transferred to criminals, said Zhou Yonglin, head of the Operation Department under the CNCERT CC Furthermore, there is an increasingly evident profit-seeking trend for network criminal behaviors websites of large-scale e-commerce operators, financial institutions and third party online payment service providers have become the main targets of phishing Hackers have made knockoff websites and tempted users to log in and trade in order to steal their accounts and passwords, leading to losses http://www.secuobs.com/revue/news/290728.shtmlhttp://www.secuobs.com/revue/news/290728.shtml Secuobs.com : 2011-03-10 15:53:16 - ISN InfoSec News Mailing List - InfoSec News US agents charge ex-employee of NJ technology company with giving China sensitive military data http wwwnjcom news indexssf 2011 03 federal_agents_charge_ex-emplohtml By Jason Grant The Star-Ledger March 08, 2011 Federal agents today arrested and charged a former employee of a New Jersey-based division of a technology company with giving China http://www.secuobs.com/revue/news/290727.shtmlhttp://www.secuobs.com/revue/news/290727.shtml Secuobs.com : 2011-03-10 15:53:16 - ISN InfoSec News Mailing List - InfoSec News Data Breach Affects 2,777 Henry Ford Health System Patients http wwweweekcom c a Health-Care-IT Data-Breach-Affects-2777-Henry-Ford-Health-System-Patients-415908 By Brian T Horowitz eWEEKcom 2011-03-09 The Henry Ford Health System in Detroit has started notifying by postal mail 2,777 patients affected by a missing flash drive http://www.secuobs.com/revue/news/290726.shtmlhttp://www.secuobs.com/revue/news/290726.shtml Secuobs.com : 2011-03-10 15:53:16 - ISN InfoSec News Mailing List - InfoSec News Safari, IE hacked first at Pwn2Own http wwwcomputerworldcom s article 9214002 Safari_IE_hacked_first_at_Pwn2Own By Gregg Keizer Computerworld March 9, 2011 Apple's Safari and Microsoft's Internet Explorer IE both fell to the first hackers who tried their luck on the browsers at Wednesday's opening day of Pwn2Own http://www.secuobs.com/revue/news/290725.shtmlhttp://www.secuobs.com/revue/news/290725.shtml Secuobs.com : 2011-03-10 15:53:16 - ISN InfoSec News Mailing List - InfoSec News New cyber espionage unit revealed http wwwtheagecomau technology security new-cyber-espionage-unit-revealed-20110309-1bo0yhtml By Dylan Welch The Sydney Morning Herald March 10, 2011 ASIO has created a unit to combat cyber spying, in the latest move by government to protect Australia's online networks http://www.secuobs.com/revue/news/290724.shtmlhttp://www.secuobs.com/revue/news/290724.shtml Secuobs.com : 2011-03-10 15:53:16 - ISN InfoSec News Mailing List - InfoSec News RECON 2011 CFP Forwarded from hfortier at reconcx _ - _ - ,__ _ http://www.secuobs.com/revue/news/290723.shtmlhttp://www.secuobs.com/revue/news/290723.shtml Secuobs.com : 2011-03-09 15:41:37 - ISN InfoSec News Mailing List - InfoSec News Naval Academy adds cybersecurity courses http wwwhometownannapoliscom news nav 2011 03 08-21 Naval-Academy-adds-cybersecurity-courseshtml By EARL KELLY Staff Writer Capital Gazette Communications 03 08 11 In its first significant change to the core curriculum in 10 years, the Naval Academy is adding two mandatory cybersecurity courses aimed at preparing junior officers for today's warfare, academy officials said yesterday The first course will be required next spring for freshmen, or plebes, in the Class of 2015, Academic Dean Andrew Phillips told the school's civilian oversight board during its meeting in Annapolis The second required course will start during the Class of 2015's junior year The plebe course will focus on recognizing cyber risks and threats, Phillips said http://www.secuobs.com/revue/news/290446.shtmlhttp://www.secuobs.com/revue/news/290446.shtml Secuobs.com : 2011-03-09 15:41:37 - ISN InfoSec News Mailing List - InfoSec News Hacking of DuPont, J J, GE Were Undisclosed Google-Type Attacks http wwwbusinessweekcom news 2011-03-08 hacking-of-dupont-j-j-ge-were-undisclosed-google-type-attackshtml By Michael Riley and Sara Forden Bloomberg March 08, 2011 The FBI broke the news to executives at DuPont Co late last year that hackers had cracked the company s computer networks for the second time in 12 months, according to a confidential Dec 9, 2010, e-mail discussing the investigation About a year earlier, DuPont had been hit by the same China- based hackers who struck Google Inc and unlike Google, DuPont kept the intrusion secret, internal e-mails from cyber-security firm HBGary Inc show As DuPont probed the incidents, executives concluded they were the target of a campaign of industrial spying, the e-mails show The attacks on DuPont and on more than a dozen other companies are discussed in about 60,000 confidential e-mails that HBGary, hired by some of targeted businesses, said were stolen from it on Feb 6 and posted on the Internet by a group of hacker-activists known as Anonymous The companies attacked include Walt Disney Co, Sony Corp, Johnson Johnson, and GE, the e-mails show The incidents described in the stolen e-mails portray industrial espionage by hackers based in China, Russia and other countries US law enforcement agencies say the attacks have intensified in number and scope over the past two years http://www.secuobs.com/revue/news/290445.shtmlhttp://www.secuobs.com/revue/news/290445.shtml