http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-07-04 05:16:12 - Office of Inadequate Security : The mothership is alerting members of this online program and forums thattheir account credentials, login and password, have been compromisedAlthough such events are common enough elsewhere on the interwebs,it’s quite unusual for one to affect Apple The email sent to memberswas included in the post: Dear Apple Learning Interchange member,http://www.secuobs.com/revue/news/116878.shtmlhttp://www.secuobs.com/revue/news/116878.shtml 2009-07-04 01:56:36 - Rootsecure.net : Matthieu Suiches: Security 20 is not even a failure It is a nightmarehttp://www.secuobs.com/revue/news/116870.shtmlhttp://www.secuobs.com/revue/news/116870.shtml 2009-07-04 00:26:01 - Security Balance : I’ve just finished Malcolm Gladwell’s book The Tipping Point As usual,Gladwell’s books always bring food for thought on security for meSecurity is deeply related to human behaviour, the main subject of hisbooks The most interesting thing from TP for security is the Dunbar’snumber Honestly, when I read about it I thought http://www.secuobs.com/revue/news/116845.shtmlhttp://www.secuobs.com/revue/news/116845.shtml 2009-07-03 20:15:34 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge : IMAGEPart twenty two of the diverse portfolio of fake security softwareseries will summarize the typosquatted scareware serving domainscurrently in circulation, pushed through the usual distributionchannels, but will also emphasize on the "money trail", namely thepayment processing gateways used in the scareware campaignsIn this particular case the scareware front-ends ultimately leading toChronoPay, which Germany-based Pandora Software has been abusing since2008 under its countless number of aliases such as Meyrocorp forinstanceIMAGEThe scareware domains are as follows:atomscan6 info - 381051927 - Email: donboset@gmailcomlistscan6 com - Email: loiskiltz@gmailcomgoscanedge com - Email: subtenda@gmailcomgoscanfine com - Email: chirelqas@gmailcomin6ch com - Email: relgetn@gmailcomgoscanrich com - Email: pathstals@gmailcomgoscanrank com - Email: alcnafuch@gmailcomina6sk com - Email: equatelepi@gmailcomin6sk com - Email: thomastruby@gmailcomgoscanslim com - Email: chinrfi@gmailcomgowidescan com - Email: alcnafuch@gmailcomgoedgescan com - Email: subtenda@gmailcomgofinescan com - Email: alcnafuch@gmailcomgoelitescan com - Email: funully@gmailcomgorichscan com - Email: pathstals@gmailcomgoslimscan com - Email: chinrfi@gmailcomgosoonscan com - Email: aloxier@gmailcomgoironscan com - Email: aloxier@gmailcomgoflexscan com - Email: alcnafuch@gmailcomgomanyscan com - Email: alcnafuch@gmailcomgoscaniron com - Email: aloxier@gmailcomina6co com - Email: equatelepi@gmailcomin6co com - Email: thomastruby@gmailcomgoscantop com - Email: funully@gmailcomina6iq com - Email: equatelepi@gmailcomgoscanstar com - Email: stgeyman@gmailcomgoscanflex com - Email: chirelqas@gmailcomgoscanmany com - Email: chirelqas@gmailcomscantrue6 info - Email: jokinzer@gmailcomscantool6 info - Email: jokinzer@gmailcomscanzoom6 info - Email: jokinzer@gmailcomlitescan6 info - Email: litescan6infotruescan6 info - Email: jokinzer@gmailcomtoolscan6 info - Email: jokinzer@gmailcomIMAGEatomscan6 info - Email: donboset@gmailcomgenscan6 info - Email: imendegal@gmailcomluxscan6 info - Email: donboset@gmailcomwayscan6 info - Email: jokinzer@gmailcomscanuser6 info - Email: jokinzer@gmailcomscanway6 info - Email: jokinzer@gmailcomscan6line info - Email: jokinzer@gmailcomscan6note info - Email: jokinzer@gmailcomscan6true info - Email: jokinzer@gmailcomscan6tool info - Email: jokinzer@gmailcomtrue6scan info - Email: jokinzer@gmailcomtool6scan info - Email: jokinzer@gmailcomtop6scan info - Email: jokinzer@gmailcomuser6scan info - Email: jokinzer@gmailcomlist6scan info - Email: jokinzer@gmailcomway6scan info - Email: jokinzer@gmailcomscan6user info - Email: jokinzer@gmailcomscan6list info - Email: jokinzer@gmailcomscan6fix info - Email: jokinzer@gmailcomscan6way info - Email: jokinzer@gmailcomIt's pretty obvious case demonstrating the dynamics of the undergroundecosystem A thousand bogus accounts purchased for $10 used in a bulkregistration of scareware serving domains on a revenue sharingaffiliate model ends up in a win-win-win situation for thecybercriminals involved in these processes The practice is becomingrather popular not only due to their interest in less centralizationof the domain control under a single email address -- cross checkingreveals the entire portfolio managed under it -- but due to theavailability of the serviceIMAGEclean-pc-now net - 9475233162 - Email:robertsimonkroon@gmailcomfast-spyware-cleaner org - Email: robertsimonkroon@gmailcomspyware-scaner com - Email: robertsimonkroon@gmailcomscan-pc-now com - Email: robertsimonkroon@gmailcomfree-tube-porn biz - Email: robertsimonkroon@gmailcomspyware-killer biz - Email: robertsimonkroon@gmailcomsoftportal-extrafiles com - 642038172exe-profile com - Email: kimwerner92@yahoocomextrafiles-softportal com - Email: opipkl@googlemailcomsoftportal-files com - Email: kimwerner92@yahoocomsoftportal-extrafiles comload-exe-soft com - Email: kimwerner92@yahoocomexe-box com - Email: normtroup@yahoocomhot-exe-area net - Email: josepetie@gmailcomIMAGEspywarecomputerscanv2 com - 69105935 - Email:huang@barkeduhk1live-antimalware-pro-scan com - Email: hongkong@campusparisorg1live-antimalware-scanner com - Email: hongkong@campusparisorgfolderantispywarescanner com - Email: xinhuawuhan@yahoocomantivirushelpscanner com - Email: info@brandturkeycomfastfolderscanner com - Email: info@brandturkeycommycomputerscanner com - Email: vanmullem@yahoocomrestricteddomainhelp com - 8313312481 - Email:franklinnig@yahoocommsncoreupdate com - Email: jen@parallelslivecnworld-payment-system com - Email: info@yashitaindiancomliveinternetupdates com - Email: kuzya77@freebbmailcomonlineantivirusmarket com Email: podbisb@hotmailcomIMAGEthreats-scanner com - 694230204 - Email:vanmullem@yahoocomsecuritypcscanner2 com - Email: office@actionaidinusaorganti-virussecurity3 com - Email: office@actionaidinusaorgprivate-online-scan com - Email: info@kianahorgliveantivirusproscan com - Email: second@freebbmailcomno1virusscan com - Email: info@kianahorgmy-private-protection com - Email: info@kianahorgscanmyfolders com - Email: info@kianahorgscanmycomputerforvirus com - Email: vanmullem@yahoocomonlinescan-ultraantivirus2009 com - 206536176relevantwebsearches comvirussweeper-scanvirus comguardincorp infomainsecsys info - Email: andrewfbecket@gmailcomguardsecurity info - Email: poljaykop@gmailcomvirusalarm-scanvirus netIMAGEbest-protect info - 174142113205 - Email:chainadmin@gmailcombest-protect-av1 info - Email: chainadmin@gmailcombest-antivirus-pc info - Email: chainadmin@gmailcombest-av1-protect info - Email: chainadmin@gmailcomav1-protect info - Email: chainadmin@gmailcomav1-best-protect info - Email: chainadmin@gmailcombest-protect info - Email: chainadmin@gmailcombest-av info - Email: chainadmin@gmailcompay-virusshield cn - 6421314070 - Email: unitedisystems@gmailcomshieldinc infosystemprotectinc infoironshield infomyofficeguard infoprotectionurl infomy-protection infoantivirus09 netfast-antivirusnetIMAGEvirusshieldpro com - 648616127 - Email:unitedisystems@gmailcomprestotuneup com - Email: hycderxvur@whoisservicescnvirussweeper-scanvirus comvirusmelt com - Email: nuhuarrczq@whoisservicescnsystemsec infoshieldinc infomyofficeguard infoprotect-online infoprotectionlol infoprotectionurl infovirussweeper-scan netadvanced-virus-remover2009 com - 92241176188 - Email:masle@maslekztrucount3005 com - Email: chenpoon1732646@yahoocomantivirus-scan-2009 com - Email: cheng2009@yahoocomantivirusxppro-2009 com - Email: u@sochiruadvanced-virusremover2009 com - Email: giogr@uafmbestscanpc comtrucountme com - Email: valentin@gergieakzvs-codec-pro com - Email: bhtjnjhggn@googlemailcomvscodec-pro com - Email: cyber38462@hotmailcomantivirus-2009-ppro com - Email: cheng2009@yahoocomonlinescanxppro com - Email: chenpoon1732646@yahoocomdownloadavr com - Email: gorbun@uafmbestscanpc netIMAGEactivation-antivirus-software com - 2084312483 - Email:matlee@fsukedufxantispy com - Email: TycoonMichael@googlemailcommy-protection info - 6421314070 - Email: hopdavis@gmailcomprotectonline info - 64861747 - Email: hopdavis@gmailcomsafetywwwtools com - 2094412636 - Email:martinsjohnson@spambobcomdefenderupdates2 com - 8924816846 - Email: china@sebansesecuritytoolsdirect com - 2094412622 - Email:RuthMMarcotte@text2recombest-antivirus-security com - 841623752 - Email:valentinyermolaev@gmailcommalwaresdestructor com - 206536174suprotect com - 89149212218 - uuuuu@uafmthreatpcscanner com - 63223110177 ; 7847132216 ; 784717266 -Email: vanmullem@yahoocomantimalwareliveproscannerv3 com - Email: vanmullem@yahoocomantivirus-online-pro-scan com - Email: vanmullem@yahoocomavpro-labs com - 213182197229avprotectionstat com - 745099236explorerfilescan com - 63223110178; 7847132221; 784717268Email: xinhuawuhan@yahoocomantivirushelpscanner com A 83133125116; 69105935;83133125116 - Email: info@brandturkeycomfastfolderscanner com - Email: info@brandturkeycommycomputerscanner com - Email: info@brandturkeycommal-warexls net - 72910826 - Email: joehugardo@yaruinternetware-safe com - Email: candikeller@yaruIMAGEscanonlinesite info - 6614874126scanonlineblog infoscanonlineshop infoscanonlinenow infoyouravprotection com - 745098162 - Email: armandgregory3@gmailcomregisterantivirus com Email: edareyra@gmailcomavprotectionstat comavagent-pro com - 8313312646 - Email: dwrdcardenas95@gmailcomdownloads-123 com - Email: dwrdcardenas95@gmailcomsoft-process com - Email: dwrdcardenas95@gmailcomdownload-123 cn - Email: dwrdcardenas95@gmailcomactupdate net - Email: dwrdcardenas95@gmailcomIMAGENow the emphasis on the payment gateways, currently active andprocessing the scareware transactions:softwaresecuredbilling com - 209845122 -TemchenkoViktor@googlemailcomsoftsales-discount com - Email: daunrwwciq@whoisservicescnbest-internet-payments com - 209845148 - Email:specsupport@gmailcomadioro com - 21317415232 - Email:xyhsbjlrl@whoisprivacyprotectcomsecure-plus-payments com - 209825204 - Email: sparck000@mailcomsecurepnm-software com - 209845124 - Email:pnm-softwarecom@liveinternetmarketingltdcomsoft-process com - 8313312646 - Email: XtPbtP@privacypostcomprivatesecuredpayments com - 7846216238 - Email:TemchenkoViktor@googlemailcomIMAGEThese payment processing gateways are sometimes front-end tothe original and often legitimate payment processors In thisparticular case, the the legitimate processor is Netherlands-basedChronoPay, which is known to have been used in the past by affiliatesin the scareware affiliate model in the past, with several complaintsfor repeated credit card billing, which in reality is included in thescareware's Terms of ServiceUpon a successful purchase - the customer is told that "This chargewill appear on your card statement as CHRPaycom/ducforceide"Interestingly, Pandora Software has also been using the followingChronoPay accounts for over an year - Chrpaycom/meyrocorp;CHrpaycom/pnra using disconnected numbers, CallerID's of scarewareoperations, desperate attempts to contact the alias for the front-endpayment processor, ultimately resulting in several hundred ChronoPayrelated complaintsNext to scareware, ChronoPay Pavel Vrublevsky acting as CEO is alsoknown to have been used in a mobile application scam dissected here,as well as being a victim of a DDoS attack in 2008, which is prettylogical since if ChronoPay is the payment processor of choice for thehundreds of thousands of scareware generated revenues on daily basis,the commissions ChronoPay takes from cybercriminals would be more thanwelcome in the competing payment processor's networkRelated posts:Dissecting a Swine Flu Black SEO CampaignMassive Blackhat SEO Campaign Serving ScarewareFrom Ukrainian Blackhat SEO Gang With LoveFrom Ukrainian Blackhat SEO Gang With Love - Part TwoFrom Ukraine with Scareware Serving Tweets, Bogus LinkedIn/ScribdAccounts, and Blackhat SEO FarmsFake Web Hosting Provider - Front-end to Scareware Blackhat SEOCampaign at BlogspotA Diverse Portfolio of Fake Security Software - Part Twenty OneA Diverse Portfolio of Fake Security Software - Part TwentyA Diverse Portfolio of Fake Security Software - Part NineteenA Diverse Portfolio of Fake Security Software - Part EighteenA Diverse Portfolio of Fake Security Software - Part SeventeenA Diverse Portfolio of Fake Security Software - Part SixteenA Diverse Portfolio of Fake Security Software - Part FifteenA Diverse Portfolio of Fake Security Software - Part FourteenA Diverse Portfolio of Fake Security Software - Part ThirteenA Diverse Portfolio of Fake Security Software - Part TwelveA Diverse Portfolio of Fake Security Software - Part ElevenA Diverse Portfolio of Fake Security Software - Part TenA Diverse Portfolio of Fake Security Software - Part NineA Diverse Portfolio of Fake Security Software - Part EightA Diverse Portfolio of Fake Security Software - Part SevenA Diverse Portfolio of Fake Security Software - Part SixA Diverse Portfolio of Fake Security Software - Part FiveA Diverse Portfolio of Fake Security Software - Part FourA Diverse Portfolio of Fake Security Software - Part ThreeA Diverse Portfolio of Fake Security Software - Part TwoDiverse Portfolio of Fake Security SoftwareThis post has been reproduced from Dancho Danchev's blog IMAGEIMAGEIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/116792.shtmlhttp://www.secuobs.com/revue/news/116792.shtml 2009-07-03 20:08:15 - Securosis Blog : Going through my feed reader this morning when I ran across this poston Dark Reading about Your First Three Steps for database security Asthese are supposed to be your first steps with database security,the suggestions not only struck me as places I would not start, itoffered a method that I would not employ I believe that there thereis a better way to proceed, so I offer you my alternative set ofrecommendationsThe biggest issue I had with the article was not that these steps didnot improve security, or that the tools were not right for the job,but the path you are taken down by performing these steps are thewrong ones Theoretically its a good idea to understand the scope ofthe database security challenge when starting, but infeasible inpractice Databases are large, complex applications, and starting witha grand plan on how to deal with all of them is a great way to grindthe process to a halt and require multiple restarts when your planbeaks apart This article advises you start your process by catalogingevery single database instance, and then try to catalog all of thesensitive data in those databases This is the security equivalent toa 'cartesian product' with a database select statement And just as itis with database queries, it results in an enormous, unwieldy amountof data You can labor through the result and determine what toprotect, but not howAt Securosis, we're all about simplifying security, I am a personaladvocate of the 'divide and conquer' methodology Start small Pickthe one or two critical databases in your organization, and startthere Your database administrator knows which database is thecritical one Heck, even your CFO knows which one that is: it's thatgiant SAP/Oracle one in the corner that he is still pissed off he hadto sign the $10 million dollar requisition forNow, here are the basics steps:* Patch your databases to address most known security issues Highlyrecommended you test the patch prior to operational deployment* Configuring your database Consult the vendor recommendations onsecurity You will need to balance these suggestions withoperational consistency ie don't break you applications Thereare also third party security practitioners who offer advice ontheir blogs for free, and free assessment tools that will help alot* Get rid of the default passwords, remove unneeded user accounts,and make sure that nothing users, web connections, storedprocedures, modules, etc is available to the 'public'Consider this an education exercise to provide base understanding ofwhat needs to be addressed and how best to proceed At this point youshould be ready to a you can document what exactly your 'corporateconfiguration policies' are and b develop a tiered plan of action totackle databases in descending order of priority Keep in mind thatthese are just a fraction of the preventative security controls youmight employ, and does not address active security measures orforensic analysis You are still a ways off from employing moreintermediate and advanced security stuff like Database ActivityMonitoring, auditing and Data Loss Prevention- Adrian 0 CommentsIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/116788.shtmlhttp://www.secuobs.com/revue/news/116788.shtml 2009-07-03 19:39:55 - Cryptome : July 3, 2009http://www.secuobs.com/revue/news/116776.shtmlhttp://www.secuobs.com/revue/news/116776.shtml 2009-07-03 15:52:49 - Schneier on Security : Good essay -- "The Staggering Cost of Playing it 'Safe'" -- about thepolitical motivations for terrorist security policy Senator BarbaraBoxer has led an effort to at least put together a public database ofash storage sites so that people can judge the risk to the areas wherethey live However, even this effort has been blocked not byIMAGEhttp://www.secuobs.com/revue/news/116741.shtmlhttp://www.secuobs.com/revue/news/116741.shtml 2009-07-03 15:26:54 - Advanced Password Cracking Insight : In my previous post I suggested several variants of computer securitytranslated by different laws Now I’d like to get to ciphers…againviewed by law So, how does the law see encryption and decryptionissues through glasses of security standard First of all, it saysthere simply should be encryption/decryption tools availableENCRYTION AND DECRYPTION A – http://www.secuobs.com/revue/news/116728.shtmlhttp://www.secuobs.com/revue/news/116728.shtml 2009-07-03 14:49:22 - Global Security Mag Online : Reconnue parmi les 10 premières sociétés françaises d'Ingénierie,spécialisée dans l'Industrie de Process, ERAS s'engage aux côtés desindustriels dans la conception et la maîtrise d'ouvre globale de leursprojets Avec 16 implantations en France, ERAS Ingénierie est àproximité de ses clients, avec des équipes réactives, impliquées et àl'écoute de leurs besoins Son siège social est basé à LyonBesoin de sécuriser le Siège social et les seize agencesEras gère des projets importants qui s'appuient sur des -Marchéshttp://www.secuobs.com/revue/news/116714.shtmlhttp://www.secuobs.com/revue/news/116714.shtml 2009-07-03 12:41:58 - Rootsecure.net : Security Fix: PC Invader Costs Ky County $415,000 "Cyber criminals basedin Ukraine stole $415,000 from the coffers of Bullitt County, Kentuckythis week"http://www.secuobs.com/revue/news/116706.shtmlhttp://www.secuobs.com/revue/news/116706.shtml 2009-07-03 11:21:18 - Security Bloggers Network : Sales of security hardware and appliances fell more than 16 percent inthe first quarter of the year, which is pretty steep but not nearly asbad as the 20-plus percent decline in sales of core networking gearWhile market research firm Infonetics believes security appliances—firewall/VPNs,unified threat management devices, etc—will rebound before year'send, many vendors are now pursuing a strategy of “hardware+services,”in which the user still buys an on-premises appliance but alsosubscribes to an ongoing service This hybrid schema is an approachlong championed by Microsoft, which coined the awkward term “softwareplus services” as means to recognize consumers' desire to buyapplications as a service but also the necessity to continuepurchasing and hosting on-site and client-side applications It'sreally not a bad idea from an architecture and operationalperspective But Microsoft still hasn't unlocked the secret to making“software plus services” a profitable venture for its throng ofsolution providers by the way, don't expect too many answers on thatfront at Microsoft's Worldwide Partner Conference in two weeks—more onthat later Earlier this week, Cisco's CTO Padmasree Warrior declaredthat the networking giant will not get into the infrastructure as aservice business Rather, Cisco intends to stay on the peripheryenabling cloud and managed services, and delivering applications andplatforms through the cloud think Webex Cisco goes to great lengthsto inject itself into the cloud conversation, stating repeatedly thatthere is no collaboration unless the network ie, it's gear isproviding the pipes both in the cloud and on-premises And managingthose devices and providing subscription-based services e-mailsecurity, for one are a grand part of its strategy Many othersecurity hardware vendors—SonicWall, WatchGuard, Fortinet and, morerecently, Websense—have long supported the managed services movementby providing technologies and products that enable the delivery ofmanaged services, as well as providing managed service providers withspecial discounting to acquire equipment to fill their data centersWhat's coming is the melding of these hardware assets with securityapplication services—such as anti-spam filtering, Web filtering,anti-virus scanning, e-mail security—with the on-premises appliancesOn the surface, it appears as a natural bridge between the traditionalmodel of on-premises network security to the era of cloud-basedsecurity services What remains to be seen is if this hybrid modelwill have any more success than the Microsoft experiment Again, backto Microsoft: Under “software-plus-services,” Microsoft is paying itsSAAS resellers 12 percent on the initial sale plus an additional 6percent commission for the first year's subscription Each additionalyear, Microsoft will pay the partner 6 percent Microsoft resellershave complained loudly that these margins are not fair or good fortheir business; Microsoft's retort is often that the profitopportunity is value-added services that solution providers bring inthe form of migration, integration and customization Few solutionproviders have reported finding green fields in after-market salesopportunities At least software still retains relatively high marginsfor both vendors and solution providers Hardware, though, has longlost the fat margins of its glory days Hardware plus services willhave to overcome the challenges of low-margin hardware As morehardware-plus-services offerings come to market, security solutionproviders should study the go-to-market equation and ask a fewcritical questions:* What are the initial and recurring commission/margins* How are services delivered and supported* Are there additional discounts/rebates for hardware attached tothe sale* Who's responsible for selling subscription renewals and what's thecommission plan* What are the integration and customization opportunities, and whatare the recommended pricing structures* And, of course, who ultimately owns the customer relationshipImportant point because, historically, hardware resellers haveheld near-exclusive control over the relationship with theircustomers; in a subscription program, the vendor has direct touchon the customerProviding integrated cloud-based services with on-premises offeringsis not a bad idea But security solution providers should performtheir due diligence before rushing into a hybrid relationship and makesure there's enough profitability for both you and the vendorhttp://www.secuobs.com/revue/news/116673.shtmlhttp://www.secuobs.com/revue/news/116673.shtml 2009-07-03 11:21:18 - Security Bloggers Network : Is Paris Hilton a slut This is the age of universal Internetconnectivity, web 20 or even “web 20+”, massive search engines andalso atheism: this leads us to believe that “The Truth 20” OMFG isundoubtedly possessed by Google If http://www.secuobs.com/revue/news/116667.shtmlhttp://www.secuobs.com/revue/news/116667.shtml 2009-07-03 08:25:51 - Security Musings : Recently, Nick discussed how cross-site scripting XSS is one of themajor areas of concern for Web application security and showed us howto avoid attacks from a coding perspective Now, Mozilla Security hasproposed a new defense against XSS called Content Security PolicyCSP CSP provides an extra layer of security by allowing the Webhttp://www.secuobs.com/revue/news/116654.shtmlhttp://www.secuobs.com/revue/news/116654.shtml 2009-07-03 07:24:22 - OVAL News : MITRE hosted the first-ever Security Automation Developer Days 2009 onJune 8-12, 2009, at MITRE in Bedford, Massachusetts, USAhttp://www.secuobs.com/revue/news/116644.shtmlhttp://www.secuobs.com/revue/news/116644.shtml 2009-07-03 07:24:22 - OVAL News : OVAL is scheduled to participate in a Making Security Measurable booth atBlack Hat Briefings 2009 on July 29-30, 2009 at Caesars Palace LasVegas in Las Vegas, Nevada, USAhttp://www.secuobs.com/revue/news/116642.shtmlhttp://www.secuobs.com/revue/news/116642.shtml 2009-07-03 06:09:41 - Fortinet FortiGuard Blog : Remember that magical, silver bullet I spoke of when discussing the UScyber security plan and the future of cyber security Well, therestill is no such item in existence yet; and there likely never will beone key solution Securing cyberspace is a global problem that can notbe addressed by one plan such http://www.secuobs.com/revue/news/116596.shtmlhttp://www.secuobs.com/revue/news/116596.shtml 2009-07-03 06:09:11 - Decurity Blog : Today Ellen Nakashima of The Washington Post published an article aboutDHS USCERT, NSA and Telecommunications providers collaborating tomonitor Civilian Agency Internet traffic using DHS’s planned Einstein3 tool to help defend these civilian government entities The articlecorrectly illustrates that NSA has the expertise and tools likeTutelage to know more about the context of the attacks It also statesthat DHS has the authorization to monitor using Einstein enforced bythe TIC program If you’ll remember a while back I talked aboutTrusted Internet Connection TIC and its role in consolidatingInternet points of presence and providing chokepoints to monitor anddefend for the government For reference see:http://blogdecuritycom/indexphp/dec_template/more/dhs_einstein_tic_overview/andhttp://blogdecuritycom/indexphp/dec_template/more/dhs_blog_round_table/In short, TIC mandated government agencies to meet very stringentrequirements in order to become a TICAP provider or use pre-approvedTICAP’s Telecom or other Agency for all Internet traffic Themonitoring capabilities of these TIC’s is referenced in my earlierposts, but let’s just say its EVERYTHING Not that I’m complaining,from a capabilities perspective I think NSA and Cyber Command shouldbe making the most out of this information to help protect thegovernment and as Richard Bejtlich speculates eventually “com” NSAhas the expertise and intelligence data while DHS has theauthorization to monitor, the framework to force everyone to playTIC and a toolset that is evolving Einstein v2 is still beingrolled out, v3 is in development On a side note, I do have to wonderwhy the government isn’t using more capable tools like NetWitness orSolera in conjunction with NSA tools and building a META SIEM toincorporate Intelligence feeds, but that’s a topic for a later postMy biggest question is this… I wonder how US-CERT and NSA are goingto collaborate more effectively - Is Einstein raw data going to behandled by NSA, if so what’s the point of US-CERT in the futureShould be interesting to see what happens once the cyber czar isappointed, from what I can tell his/her kingdom has already layed avery clear path forward, the czar may simply be along for the ridewhile NSA drives over everyone elsehttp://www.secuobs.com/revue/news/116595.shtmlhttp://www.secuobs.com/revue/news/116595.shtml 2009-07-03 03:15:32 - Hack In The Box : The Obama administration is moving cautiously on a new pilot program thatwould both detect and stop cyber attacks against government computers,while trying to ensure citizen privacy protections The pilot program,known as Einstein 3, was supposed to launch in February But theDepartment of Homeland Security is still pulling the plan together,according to senior administration officials Einstein 3 has triggereddebate and privacy concerns because the program will use NationalSecurity Agency technology, which is already being employed onmilitary networks Any involvement of the NSA - the agency overseeselectronic intelligence-gathering - in protecting domestic computernetworks worries privacy and civil liberties groups who oppose givingsuch control to US spy agencieshttp://www.secuobs.com/revue/news/116571.shtmlhttp://www.secuobs.com/revue/news/116571.shtml 2009-07-03 03:15:32 - Hack In The Box : Frost et Sullivan is out with a piece praising the potential of wirelesstechnologies in health IT, but warning of security concernsYesterday’s piece about WellAWARE is a good example of what’spossible Short-haul wireless links monitor patients without theirhaving to wear anything Cellular phone calls can alert caregivers toproblems, and wireless data links can offer specifics Withoutwireless technologies such miracles would not be possible Butparanoia over security could kill such applications in the crib Frostet Sullivan’s wireless analysts can come up with all the scaryscenarios they want, but where is the real dangerhttp://www.secuobs.com/revue/news/116566.shtmlhttp://www.secuobs.com/revue/news/116566.shtml 2009-07-03 03:15:32 - Hack In The Box : Data visualization has been around for decades, but modern desktopcomputers finally possess the power to turn raw data into interactivedisplays for analysis, enabling computer security analysts to usevisual analytics techniques to solve daily problems Although manyother tools exist to assist organizations with computersecurity—from intrusion detection and prevention systems tofirewalls and anti-virus applications—none of these solve the dataoverload problem as effectively as visual analytic software This isbecause the problem central to data analysis is an effective reductionof false positives and superfluous data, while preserving importantinformation sometimes called "improving the signal-to-noise ratio"Visual analytics allows analysts to interactively apply a wide varietyof tools to make important data pop out of the abyss and becomeinstantly understandable In essence, visual analytics reduces thetime taken to convert information to knowledge by an order ofmagnitude or betterhttp://www.secuobs.com/revue/news/116565.shtmlhttp://www.secuobs.com/revue/news/116565.shtml 2009-07-03 02:42:58 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/116547.shtmlhttp://www.secuobs.com/revue/news/116547.shtml 2009-07-03 02:17:35 - Security Bloggers Network : Morning all Hope you are all recovering from your *wild* Canada Dayparties I’m sleepy I had some dream about Scarlett Johansson lastnight, hmmm I wonder why Thanks for reading Signed, Matt Click hereto subscribe to Liquidmatrix Security Digest And now, the news…Facebook URLs Reveal Browsing History – fbhive Kremlin may tighten upinternet use in Russia – Guardian GhostExodus, the http://www.secuobs.com/revue/news/116537.shtmlhttp://www.secuobs.com/revue/news/116537.shtml 2009-07-03 02:05:22 - The Guerilla CISO : Eh What’s that mean Developer Days is a weeklong conference where theyget down into the weeds about the various SCAP schemas and how theyfit into the overall program of security automation Highlights andnew ideas: Remedial Markup Language: Fledgeling schema to describe howto remediate a vulnerability A fully automated security system wouldscan and http://www.secuobs.com/revue/news/116523.shtmlhttp://www.secuobs.com/revue/news/116523.shtml 2009-07-02 22:39:17 - 411 on Spyware : System Security 452 screenshot System Security 452 is the latest anddirtiest spawn of scareware System Security Like earlier versions,System Security 451, System Security 452 effs up your web browserand Task Manager, and blocks your legit antivirus apps and any freshdownloads of security software System Security 452 gets worse: likeother scamware, System Security 452 launches loads of System Security452 popups, spoofs system alerts, and hijacks your desktop with afake security warning Let me show you how to uninstall SystemSecurity 452, before System Security 452 popups make you set fire toyour computerhttp://www.secuobs.com/revue/news/116479.shtmlhttp://www.secuobs.com/revue/news/116479.shtml 2009-07-02 22:11:17 - Infosecurity.US : Novell INC’s NasdaqGS: NOVL SuSE Linux unit has announced a mid-weeksecurity update focusing on the acroread PDF reader applicationSpecifically, the implementation of acroread is vulnerable to securityissues leading to remote code execution More information, includingthe full text announcement, MITRE CVE enumerated vulnerabilitylistings specifically CVE-2009-0198, CVE-2009-0509, CVE-2009-0510,CVE-2009-0511, CVE-2009-0512, CVE-2009-1855, http://www.secuobs.com/revue/news/116448.shtmlhttp://www.secuobs.com/revue/news/116448.shtml 2009-07-02 22:11:17 - Infosecurity.US : News, of another DNS compromise, web defacement and subsequentre-direct, of the primary site of Mitnick Security This is now thesecond reported DNS re-direct incident of the security consultant’shost provider hostedherenet Time to move, methinks A short snippet,including linkage, appears after the jump From the original post viaThe Register’s Dan Goodin: “Mitnick http://www.secuobs.com/revue/news/116446.shtmlhttp://www.secuobs.com/revue/news/116446.shtml 2009-07-02 22:02:25 - Security Bloggers Network : You know how much I hate these thingsYou also know how much I hate it when these people sell "security"carefully wrapped in bullshit and smoke under the pretense thattheir "scan" will actually do anything to achieve some measure ofsecurityWhile looking for some new hockey pants yes, I have destroyed mycurrent ones on HockeyMonkeycom I saw this interesting sealClicking on it made me cringe even more This is a measure of PCICompliance and this is supposed to make me feel good about theactual security of the site Clicking on the damn thing brought up the"Site Certificate" which should be an immediate red light for anyonelooking to do business on this siteFirst off, this is a quarterly certification holy crap The last"Certification Date" is shown as May 14, 2009 which immediatelymakes me worry since I can't recall the last time I saw an e-commercesite that stayed static for almost 45 days but let's move past thatbecause after all, compliance is a point-in-time thing rightAlright, this next part really gets my blood pumping and feeling likea bull out of the chute read the first sentence of the text deadcenter of the Site Certificate carefully"On May 14, 2009 wwwhockeymonkeycom met the PCI dada securityrequirements by passing a Securitymetrics Site Certificationvulnerability scan"Come again Maybe I read that wrong Nope read it again and itstill sounds just as idioticSo, let me get this straight SecurityMetrics has managed to figureout how to achieve the full spectrum of PCI-DSS Security Requirementsvia a vulnerability scan How is that even possible SinceSecurityMetrics is scanning the site from the "outside" how do theyknow if the various sections are all met properly Are desktops beingequipped with properly updated anti-malware agents Are defaultpasswords not used Something smells like a steaming pile of bullshitAt least these guys don't make outrageous claims such as that they are"Hacker Proof" or "Hacker Safe" and instead do say that the scan "significantlyreduces the risk that this site will be compromised" and while Iwouldn't give them significantly, I may agree that it does reduceoverall risk but only as much as me wearing goloshes in the rainreduces my risk of catching the H1N1 Swine Flu bugSo let's investigate this genius PCI Compliance scanning service thatwill magically achieve PCI Compliance for their customers a littlefurther, shall weFrom the Site Certification Overview pageIs Site Certification Easy It is easy Site Certification doesnot require any software installation, software configuration,training or costly maintenance All your technical support isincluded and there are no hidden fees SecurityMetrics does notrequire confidential system information or access to your systemsYou simply enroll and the service is scheduled to run at yourconvenienceD'oh I'm going to ask again how do they determine any measure ofPCI-DSS compliance without access to merchant systems Are we doingScanless PCI againTheir FAQ Page has a priceless little illustration of the devilish"hacker" exploiting "security holes" in the web server which is sofunny I had to stop a minute to quit laughing Bulletpoint 3 appearsto hint that SecurityMetrics does some measure of web site securitytesting to me that means testing for things like SQL Injection,Cross-Site Scripting XSS, CSRF and other common securityvulnerabilities, yet there seems to be no mention of these commonvulnerabilities Instead the site's Product Comparison talks about howmany ports they can scan and how many "vulnerabilities" they canidentify and scan forMy absolute *favorite* page on their entire site is the Sample TestResults I love it Take a look at this for 5 seconds and tell me thisisn't a blatant rip from the Nessus results reports Take that backNessus looks much better these days than this poorly-constructed"report" My guess they're just Nessus scanning sites and callingthem PCI Compliant bangs head on keyboardOne last thing I need to point out, this page which is a List ofVulnerabilities that SecurityMetrics scans for Out of the total of5,882 checks as of today they break down to 4,486 vulnerabilities,and "if telnet or ftp is enabled the vulnerability assessment enginewill test 698 names and passwords common to these services" mouthwide open *gasp*Let me just say that I read through this list of vulnerabilities andit amounts to nothing more than some basic pattern-checking andtypical vulnerability scanner type crap There are no checks for CSRFCross-Site Request Forgery, no checks for XSS Cross-Site Scriptingthat don't involve a vulnerability in a particular application packageie Net XSS, and no checks for non-specific SQL Injectionvulnerabilities once again - a complete failure of a securityserviceThe thing I have to wonder is and I already know the sad answer whydo site owners keep using these services For example, JetBlue isapparently one of their customers not to self: avoid JetBluewebsite/services at all cost SecurityMetrics is not a known brand insecurity and they have a non-starter product so what draws people touse them Is it the prospect of having a "PCI Certification" sealsomewhere on their website causing them to lose their betterjudgementLogic fails here ladies and gentlemen Why doesn't someone from thePCI Council do something about companies like this Isn't it orshouldn't it be illegal to claim you can certify someone as PCICompliant with this rediculous service - when in actuality that's noteven close to trueSo anyone know of any fun XSS vulnerabilities in JetBlue's site, orany of the other SecurityMetrics testimonial customers they'd care toshareIMAGEIMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/116436.shtmlhttp://www.secuobs.com/revue/news/116436.shtml 2009-07-02 22:02:25 - Security Bloggers Network : The following is a guest post by Fred Langston, Sr Product Manager forVeriSign's Global Security Consulting group With the stampede to thenext big thing gaining speed, Cloud Computing and Cloud Services facethe standard, yet utterly preventable, horse-before-the-carthttp://www.secuobs.com/revue/news/116435.shtmlhttp://www.secuobs.com/revue/news/116435.shtml 2009-07-02 22:02:25 - Security Bloggers Network : This is a SecurityOrbcom News Update discussing how malware is beingpushed from the Michael Jackson death and how security are you on yoursocial networking websites For more information go to:wwwsecurityorbcomIMAGEhttp://www.secuobs.com/revue/news/116433.shtmlhttp://www.secuobs.com/revue/news/116433.shtml 2009-07-02 22:02:25 - Security Bloggers Network : I have a client looking for candidates for the below positions Let meknow your interest If you are not interested forward this position toanyone you think may be interestedClearance: TS or Secret one TS for each category personnel would bepreferablePlace of Performance: Crystal City BRAC will move them to Ft Belvoirin 2010-2011Below are two Job DescriptionsSalary Range Policy Analyst: $61K-$95K negotiableJob Description Policy: Expertise in developing Army policy andconducting studies in support of Army CAC/PKI Analysis and Studiesregarding Army’s needs as it relates to HSPD-12, DoD Policy,Certificate Management, Wireless policy, CAC issuance, Smart Cards,PKE of Applications, SIPRNET/Classified PKI policies and issuesExpertise in Army CAC/PKI objectives related to legislation, policy,procedures and programs Writing, staffing and coordinatingprogram-specific issues including plans, policies, papers, studies andstandards Build a strategic agenda for the Army to meet its CAC/PKIrequirements and objectives Provide liaison support with HumanResources Command HRC, DEERS/RAPIDS Evaluate and advist the GTL inregard to emerging developments as they relate to Defense, Nationaland International Electronic Data Interchange standards, concepts,technologies and applications Subject Matter Expertise in thefollowing standards: X509, Certificate Practice Statements, FederalInformation Processing Standard FIPS201 and 140, National Instituteof Standards and Technologies NIST Special Publications SP 800-73,800-78-1, and 800-79-1, and National Security Telecommunications andInformation Systems Security Policy NISTISSP No 11Salary Range RA: $50K-$85K negotiableJob Description RA/LRA: Expertise in Army PKI software-basedcertificate registration process Training for RA/LRA through DISA RATraining Verify the identity and information for each softwarecertificate subscriber; issue software certificates; revoke softwarecertificates; and add, modify or delete directory entries Provide RAsubject matter expertise for the RA Certificate Practice StatementRACPS and LRA CPS Provide operational support to users indownloading and installing certificates Manage the alternate smartcard process for both SIPRNET and NIPRNET Provide management andoversight for Army CAC PIN Reset CPR workstationsRegardsJere KeenerKeenerstaffing LLCJereKeener@KeenerStaffingcom7037326879IMAGEhttp://www.secuobs.com/revue/news/116431.shtmlhttp://www.secuobs.com/revue/news/116431.shtml 2009-07-02 21:15:29 - Channel 9 : IMAGEThe Microsoft SDL Process Template is a set of security templatesfor Visual Studio Team System These templates will give you a processto follow that reduces the number of software vulnerabilities andreduces the total cost of development by identifying and helping youeliminate vulnerabilities earlyI stopped by the Microsoft Security group and spoke with JeremyDallman about the SDL, and what it means for developers The ProcessTemplates are free and can be downloaded from wwwmicrosoftcom/SDL/http://www.secuobs.com/revue/news/116400.shtmlhttp://www.secuobs.com/revue/news/116400.shtml 2009-07-02 18:23:42 - ISN InfoSec News Mailing List : InfoSec News: Security Guard Busted For Hacking Hospital's HVAC, PatientInformation Computers:http://wwwdarkreadingcom/insiderthreat/security/attacks/showArticlejhtmlarticleID=218300006By Kelly Jackson Higgins DarkReading July 01, 2009A former security guard for a Dallas hospital has been arrested byfederal authorities for allegedly breaking into the facility's HVACand http://www.secuobs.com/revue/news/116363.shtmlhttp://www.secuobs.com/revue/news/116363.shtml 2009-07-02 18:01:42 - Threatpost Feed : From DarkReading Kelly Jackson HigginsA former security guard for a Dallas hospital has been arrested byfederal authorities for allegedly breaking into the facility's HVACand confidential patient information computer systems In a bizarretwist, he posted videos of his hacks on YouTube, and was trying torecruit other hackers to help him wage a massive DDoS attack on July 4-- one day after his planned last day on the job Read the full storyDarkReadinghttp://www.secuobs.com/revue/news/116355.shtmlhttp://www.secuobs.com/revue/news/116355.shtml 2009-07-02 18:01:42 - Threatpost Feed : In his short time in office, Barack Obama has moved swiftly to addressmany of the problems facing the country: the financial crisis, theimpending death of the auto industry and the lack of a playoff systemin college football But, despite his reassurances at a pressconference in May, Obama has been stuck in neutral on the issue ofcybersecurityhttp://www.secuobs.com/revue/news/116354.shtmlhttp://www.secuobs.com/revue/news/116354.shtml 2009-07-02 17:31:35 - Kellep Charles Information Security Blog Space : This articles originally is posted on: wwwsecurityorbcomPersonal Security on Social Networking SitesByKellep A Charles, CISA, CISSPkellep_charles@yahoocomVisits to social networking sites account for more than 10% of thetotal time people spend on the Internet, according Nielsen Online Asocial network site focuses on building online communities of peoplewho share common interests and activities, such as Linkedincom andFacebookcom Facebook is now the most visited social networking siteon the Internet, with nearly 12 billion visits in January 2009 alone,while Twitter and Linkedin are steadily gaining groundHackers have adopted the popularity of social networking sites intotheir malicious plans to compromise systems and steal personalidentifiable information Recent attacks such as the Koobface virus onFacebook and the clickjacking issues faced by Twitter are all primeexamples of the recent challenges Also, these very same hackers havethe capability to remain anonymous on these social networking sites,which enforces the notion, you really do not know who is on theInternet with youSecurity on social networking sites are at a minimal standard rightnow, they rely on usernames and passwords for authentication andsecurity, which means that anyone who finds out your username andpassword can gain access to your account Until social networking sitesecurity evolves with time and improves, users need to be very carefuland diligentHere are a few tips that should assist in making sure you are safewhen using social networking sites:1 Understand how the social networking site displays yourinformation Some sites will allow the user to control who can seeyour information, while others will allow anyone and everyone to viewpostings2 Don't click on shortened or "condensed" URL's, like those createdby TinyURL and Bitly There's no telling where these links lead to,and that makes it easy to funnel you to malicious websitesDrive-by-Download3 Be mindful of your personal information such as, don't post yourfull name, address, age, hometown or information about your familyEven your screen name can pose a lot of identifiable information4 Post appropriate information that are comfortable with othersseeing and knowing, such as your employer, co-workers and acquaintsMany people will see your page or postings, including the people whowill be interviewing you for a current position or a future job5 Remember that once you post information online, it may beimpossible to take it back This includes photos that can bemanipulated6 Be careful when it comes to online personal socializations such asflirting or disputes Some people lie about whom they are Be wary ifa new online friend wants to meet you in person7 Trust your instincts if you have suspicions If you feel threatenedby someone or uncomfortable because of something online, report it tothe police and to the operators of the social networking site Youcould end up preventing someone else from becoming a victimSocial networking sites are evolving into our personal and businesslives People from various stages and walks of life are participatingin these events with very little knowledge into the dangers of thesesocial networking sites The site owners only provide the minimalrequired security measures, while hackers are using tactics that hasshown great success in circumventing them It is up to us, to do whatis necessary to protect ourselves until better security measures areimplemented or the hackers give up Don’t hold your breath on thehacker’s giving upFor more information on this article and other informative articles goto: wwwsecurityorbcomIMAGEhttp://www.secuobs.com/revue/news/116344.shtmlhttp://www.secuobs.com/revue/news/116344.shtml 2009-07-02 17:29:58 - ITAC Blog : For those who missed the Charlie Rose Show yesterday, the top minds incyber security, including Michael McConnell, former Director ofNational Intelligence, James Lewis, Director, Technology and PublicPolicy Program, CSIS and David Sanger, Chief Washington Correspondentfor The New York Times, who addressed a topic that we have beencovering for sometime now http://www.secuobs.com/revue/news/116342.shtmlhttp://www.secuobs.com/revue/news/116342.shtml 2009-07-02 17:21:48 - Digital Soapbox Preaching Security to the Digital Masses : You know how much I hate these thingsYou also know how much I hate it when these people sell "security"carefully wrapped in bullshit and smoke under the pretense thattheir "scan" will actually do anything to achieve some measure ofsecurityWhile looking for some new hockey pants yes, I have destroyed mycurrent ones on HockeyMonkeycom I saw this interesting sealClicking on it made me cringe even more This is a measure of PCICompliance and this is supposed to make me feel good about theactual security of the site Clicking on the damn thing brought up the"Site Certificate" which should be an immediate red light for anyonelooking to do business on this siteFirst off, this is a quarterly certification holy crap The last"Certification Date" is shown as May 14, 2009 which immediatelymakes me worry since I can't recall the last time I saw an e-commercesite that stayed static for almost 45 days but let's move past thatbecause after all, compliance is a point-in-time thing rightAlright, this next part really gets my blood pumping and feeling likea bull out of the chute read the first sentence of the text deadcenter of the Site Certificate carefully"On May 14, 2009 wwwhockeymonkeycom met the PCI dada securityrequirements by passing a Securitymetrics Site Certificationvulnerability scan"Come again Maybe I read that wrong Nope read it again and itstill sounds just as idioticSo, let me get this straight SecurityMetrics has managed to figureout how to achieve the full spectrum of PCI-DSS Security Requirementsvia a vulnerability scan How is that even possible SinceSecurityMetrics is scanning the site from the "outside" how do theyknow if the various sections are all met properly Are desktops beingequipped with properly updated anti-malware agents Are defaultpasswords not used Something smells like a steaming pile of bullshitAt least these guys don't make outrageous claims such as that they are"Hacker Proof" or "Hacker Safe" and instead do say that the scan "significantlyreduces the risk that this site will be compromised" and while Iwouldn't give them significantly, I may agree that it does reduceoverall risk but only as much as me wearing goloshes in the rainreduces my risk of catching the H1N1 Swine Flu bugSo let's investigate this genius PCI Compliance scanning service thatwill magically achieve PCI Compliance for their customers a littlefurther, shall weFrom the Site Certification Overview pageIs Site Certification Easy It is easy Site Certification doesnot require any software installation, software configuration,training or costly maintenance All your technical support isincluded and there are no hidden fees SecurityMetrics does notrequire confidential system information or access to your systemsYou simply enroll and the service is scheduled to run at yourconvenienceD'oh I'm going to ask again how do they determine any measure ofPCI-DSS compliance without access to merchant systems Are we doingScanless PCI againTheir FAQ Page has a priceless little illustration of the devilish"hacker" exploiting "security holes" in the web server which is sofunny I had to stop a minute to quit laughing Bulletpoint 3 appearsto hint that SecurityMetrics does some measure of web site securitytesting to me that means testing for things like SQL Injection,Cross-Site Scripting XSS, CSRF and other common securityvulnerabilities, yet there seems to be no mention of these commonvulnerabilities Instead the site's Product Comparison talks about howmany ports they can scan and how many "vulnerabilities" they canidentify and scan forMy absolute *favorite* page on their entire site is the Sample TestResults I love it Take a look at this for 5 seconds and tell me thisisn't a blatant rip from the Nessus results reports Take that backNessus looks much better these days than this poorly-constructed"report" My guess they're just Nessus scanning sites and callingthem PCI Compliant bangs head on keyboardOne last thing I need to point out, this page which is a List ofVulnerabilities that SecurityMetrics scans for Out of the total of5,882 checks as of today they break down to 4,486 vulnerabilities,and "if telnet or ftp is enabled the vulnerability assessment enginewill test 698 names and passwords common to these services" mouthwide open *gasp*Let me just say that I read through this list of vulnerabilities andit amounts to nothing more than some basic pattern-checking andtypical vulnerability scanner type crap There are no checks for CSRFCross-Site Request Forgery, no checks for XSS Cross-Site Scriptingthat don't involve a vulnerability in a particular application packageie Net XSS, and no checks for non-specific SQL Injectionvulnerabilities once again - a complete failure of a securityserviceThe thing I have to wonder is and I already know the sad answer whydo site owners keep using these services For example, JetBlue isapparently one of their customers not to self: avoid JetBluewebsite/services at all cost SecurityMetrics is not a known brand insecurity and they have a non-starter product so what draws people touse them Is it the prospect of having a "PCI Certification" sealsomewhere on their website causing them to lose their betterjudgementLogic fails here ladies and gentlemen Why doesn't someone from thePCI Council do something about companies like this Isn't it orshouldn't it be illegal to claim you can certify someone as PCICompliant with this rediculous service - when in actuality that's noteven close to trueSo anyone know of any fun XSS vulnerabilities in JetBlue's site, orany of the other SecurityMetrics testimonial customers they'd care toshareIMAGEIMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/116337.shtmlhttp://www.secuobs.com/revue/news/116337.shtml 2009-07-02 17:19:03 - Schneier on Security : The plant caladium steudneriifolium pretends to be ill so mining mothswon't eat it She believes that the plant essentially fakes being ill,producing variegated leaves that mimic those that have already beendamaged by mining moth larvae That deters the moths from laying anyfurther larvae on the leaves, as the insects assume the previouscaterpillars have already eatenIMAGEhttp://www.secuobs.com/revue/news/116333.shtmlhttp://www.secuobs.com/revue/news/116333.shtml 2009-07-02 17:15:22 - Help Net Security News : ESORICS, the European Symposium On Research In Computer Security, is theleading research-oriented conference on the theory and practice ofcomputer se- curity in Europe The aim of ESORICS is to fhttp://www.secuobs.com/revue/news/116317.shtmlhttp://www.secuobs.com/revue/news/116317.shtml 2009-07-02 17:02:21 - MX Logic Security News : Mozilla, which just released the latest version of its Firefox browseron Tuesday, is already planning to release web security fixes for bugsin Firefox 35, according to ComputerworldcomThe company said it plans to fix at least three bugs and "topcrashes,"how the company refers to bugs that cause the most-reported crashes"The goal of this release should be a quick turnaround that fixestopcrashes and bugs we almost held ship for," Mozilla said, accordingto ComputerworldcomMozilla reports in its Firefox 35 release notes that several flawsfor Windows, Mac OS X and Linux operating systems include a flaw inthe browser's Java to Javascript communication, which may not workproperly Some sites with Flash can cause problems with the CookiesdialogUsers who encounter strange problems relating to bookmarks, downloads,window placement, toolbars, history or other settings are advised totry creating a new profile and attempting to reproduce the problembefore filing bugsSome of the browser's new features include improved tools forcontrolling private data, including a private browsing modeConversely, the browser also has location aware browsing to allowusers to identify their location on certain sitesFirefox 35 has been downloaded more than 65 million times in thefirst 36 hours of its releaseADNFCR-1765-ID-19247555-ADNFCRhttp://www.secuobs.com/revue/news/116309.shtmlhttp://www.secuobs.com/revue/news/116309.shtml 2009-07-02 14:20:58 - InfoSanity : I've been meaning to post a quick review of this for a while, but betterlate than neverRecorded at Notacon '09 CG and g0ne gave a great presentation onclient side attacks, video here The talk starts of with explainingwhat client side exploits are, and more importantly why we shouldcare And finished off with some quick and dirty client side attackexamples using MetasploitI've found this talk really useful and have listened through it onseveral occassions to get a better feel for the client side aspect ofpenetration testing Client side is an area that has been targettedquite extensively by the 'bad guys' and is just starting to get wideranging attention from the security industry as a wholeThroughout the slides, and at the end of the presentation, there areseveral links to additional reading and sources used for thepresentation Like the presentation itself I've found these to be veryinformative and provide useful info and techniques with genuinereal-world application Highlights of these links come from LennyZeltser and two post from Carnal 0wnageI definitely agree with all those that believe that client side is thenext or current source of pain for the security industry and thattraditional security architecture and tools aren't currently up to thejob of protecting against the threatAs though client-side attacks weren't easy enough thanks to the powerof Metasploit as demonstrated, I recieved a link to a blog postpriming the world for the release of Assagai, a new phishingframework If it can live up to the billing, then I can't wait to getmy hands on the framework at release--Andrew WaiteIMAGEhttp://www.secuobs.com/revue/news/116275.shtmlhttp://www.secuobs.com/revue/news/116275.shtml 2009-07-02 14:01:58 - Network World on Security : In the past week, Microsoft has launched five service packs for itsenterprise security wares including Geneva, Forefront, Antigenhttp://www.secuobs.com/revue/news/116261.shtmlhttp://www.secuobs.com/revue/news/116261.shtml 2009-07-02 14:01:58 - Network World on Security : The grainy video shows a bleary-eyed young man in a hoodie inside theCarrell Clinic in Dallas, Texas As he hits the elevator button, thetheme music from Mission Impossible plays in the background "You'reon a mission with me: Infiltration," he tells the camerahttp://www.secuobs.com/revue/news/116259.shtmlhttp://www.secuobs.com/revue/news/116259.shtml 2009-07-02 14:01:58 - Network World on Security : A Chinese company that has created a massive database of malware found onChinese Web sites opened up the information to other securityorganizations on Thursdayhttp://www.secuobs.com/revue/news/116258.shtmlhttp://www.secuobs.com/revue/news/116258.shtml 2009-07-02 12:54:32 - Raymond.CC Blog : Whenever all these giant companies comes out with something new, you canfind it written all over the Internet Remember Bing, the new searchengine by Microsoft Well me and many others still think Google searchresults are way better Then few days ago I heard about the upcomingfree antivirus software called Microsoft http://www.secuobs.com/revue/news/116237.shtmlhttp://www.secuobs.com/revue/news/116237.shtml 2009-07-02 08:07:24 - Security Justice : This is the 14th episode of the Security Justice podcast recorded June17th 2009 live at Mavis Winkle’s Irish Pub This episode was hosted byTom, Matt, Dave and Chris with special guests dotzero and much0masMusic provided by dualCORE Thanks to everyone listening to the livestream and for participating in the chat http://www.secuobs.com/revue/news/116186.shtmlhttp://www.secuobs.com/revue/news/116186.shtml 2009-07-02 07:37:27 - The FYRM Blog : On April 21, 2009, the Bluetooth 30 specification was adopted by theBluetooth Special Interest Group SIG This new specificationincludes new attributes such as: High speed data transfer of largefiles ~24 Mbps Bluetooth low energy The new specification achievesthese new attributes by including an 80211 radio, aka Wi-Fi, thatallows lower energy usage when attempting http://www.secuobs.com/revue/news/116185.shtmlhttp://www.secuobs.com/revue/news/116185.shtml 2009-07-02 04:50:16 - Security Bytes : Aite Group, a Boston-based research and advisory firm, on Wednesdayissued a report with some interesting findings on what folks in theindustry think it will take to secure payment cards Respondents to asurvey the firm conducted at the MasterCard Risk Symposium in Miamilast month expect it will cost around $100 billion to http://www.secuobs.com/revue/news/116115.shtmlhttp://www.secuobs.com/revue/news/116115.shtml 2009-07-02 01:14:15 - Rootsecure.net : hackers: Mozilla's Content Security Policyhttp://www.secuobs.com/revue/news/116066.shtmlhttp://www.secuobs.com/revue/news/116066.shtml 2009-07-02 01:14:15 - Rootsecure.net : Wired: ATM Vendor Halts Researchers Talk on Vulnerability "An ATM vendorhas succeeded in getting a security talk pulled from the upcomingBlack Hat conference after a researcher announced he would demonstratea vulnerability in the system"http://www.secuobs.com/revue/news/116065.shtmlhttp://www.secuobs.com/revue/news/116065.shtml 2009-07-02 00:23:29 - milw0rm.com : http://www.secuobs.com/revue/news/116059.shtmlhttp://www.secuobs.com/revue/news/116059.shtml 2009-07-02 00:18:13 - Security Wire Weekly : Like it or not Web-based social networking services are here to stayAmit Klein, founder and chief technology officer of Trusteer talksabout the latest Twitter threats, how browser makers are responding tophishing and other attacks and the adoption of DNSSEChttp://www.secuobs.com/revue/news/116054.shtmlhttp://www.secuobs.com/revue/news/116054.shtml 2009-07-02 00:13:37 - Security Bloggers Network : OK, we're in the home stretch - this is the final entry in my'Security and Disaster Recovery' series So far we've covered securityincidents as disasters, DR for security controls and the security ofyour DR environment The last area of consideration is what happenswhen you need to return to normal operations The disaster hasoccurred, you've successfully moved to your DR environment, and thingshave been humming along Now the damage to your primary site has beenrepaired and you're ready to move back - how does this impactsecurityhttp://www.secuobs.com/revue/news/116046.shtmlhttp://www.secuobs.com/revue/news/116046.shtml 2009-07-02 00:13:37 - Security Bloggers Network : Good afternoon everybody I hope your day is going well Here are today’sInteresting Information Security Bits from around the web Hmmm Dataleakage anybody Didier is at it again Embedding and Hiding Files inPDF Documents Didier Stevens Tags: pdf Looks like we need totighten our belts when thinking about DR Symantec has released theirhttp://www.secuobs.com/revue/news/116043.shtmlhttp://www.secuobs.com/revue/news/116043.shtml 2009-07-02 00:09:03 - Voice of VOIPSA : This is a guest post from Andy Zmolek, Senior Manager, Security Planningand Strategy at Avaya, and past participant in VOIPSEC mailing listdiscussions and other VOIPSA activities Andy asked if I couldpublicize this because he believes it is a discussion which we in thesecurity community need to have Text by Andy Zmolek of http://www.secuobs.com/revue/news/116030.shtmlhttp://www.secuobs.com/revue/news/116030.shtml 2009-07-02 00:07:06 - Information Security Short Takes : Evaluating Security Information Event Management SIEM solutions come ina lot of different flavours The industry is not yet mature, and thecompetitors are pushing their own solutions, based on their backgroundand capabilities In general, they will all present more or less thefollowing configuration model for the SIEM implementationBut other then the generic model, a lot of things are different So,in order to sift through the multitude of solutions, the buyer needsto ask the real questions Here are some of the key questions thatneed to be taken into consideration:* Is it possible to place an agent on the server machines - CertainSIEM solutions do not properly support remote collection of OS orapplication logs so they need a server side agent to do the jobOn the other hand, most business critical systems are tightlycontrolled and do not allow for additional resident programs to beinstalled on the system for the risk of possible performance orreliability issues* Are there any custom applications that generate logs that needs tobe collected by the SIEM - The organization may require that theSIEM also collects and parses such logs, but proper parsingability needs to be verified with a large sample of logs during aproof of concept run* Is there any international standard or regulation that ismandating the SIEM solution - whatever standard needs to be methas a set of predefined controlling reports that confirmcompliance to the standard You need to confirm that the SIEMsolution can produce the needed reports* How long will you need to keep logs and conclusions online andoffline - data retention is key to such a massive collection ofinformation Typically, a SIEM system needs to be able to archiveall historical events to external data storage, and preferably,the archival process should include an integrity control MD5 orSHA1 hash that guarantee that the logs haven't been tampered withwhile in archive* What type of processing and alerting is required-Proper answers to these questions will most likely eliminate thenon-acceptable solutions, and will ease the evaluation process of thequalifying shortlistTalkback and comments are most welcomeRelated postsReal Benefit of Security Information Event ManagementIMAGEIMAGEhttp://www.secuobs.com/revue/news/116026.shtmlhttp://www.secuobs.com/revue/news/116026.shtml 2009-07-01 23:57:18 - Governmentsecurity.org : I will be posting interesting video on SecurityTube in this thread Itis important to note that these are videos which people have submitted/ referred to SecurityTube and have not been made by meIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/116018.shtmlhttp://www.secuobs.com/revue/news/116018.shtml 2009-07-01 23:38:43 - 1 Raindrop : In my experience the concept of "policy" is a hard one for manydevelopers to get their heads around, they don't immediately grok what"policy" is or what its supposed to do and it conjures up easterneuropean cold war regimes Unfortunately policy is a central conceptthroughout information security I have been thinking that we needanother way to express the same concept to developers What developersreally interact with are Policy Enforcement Points, Policy DecisionPoints, and Policieshttp://www.secuobs.com/revue/news/116013.shtmlhttp://www.secuobs.com/revue/news/116013.shtml 2009-07-01 21:20:48 - Speaking of Security, the RSA Blog and Podcast : OK, we're in the home stretch - this is the final entry in my'Security and Disaster Recovery' series So far we've covered securityincidents as disasters, DR for security controls and the security ofyour DR environment The last area of consideration is what happenswhen you need to return to normal operations The disaster hasoccurred, you've successfully moved to your DR environment, and thingshave been humming along Now the damage to your primary site has beenrepaired and you're ready to move back - how does this impactsecurityhttp://www.secuobs.com/revue/news/116003.shtmlhttp://www.secuobs.com/revue/news/116003.shtml 2009-07-01 20:29:02 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/115968.shtmlhttp://www.secuobs.com/revue/news/115968.shtml 2009-07-01 20:23:05 - milw0rm.com : http://www.secuobs.com/revue/news/115948.shtmlhttp://www.secuobs.com/revue/news/115948.shtml 2009-07-01 20:11:03 - Infosecurity.US : VMWare INC NYSE: VMW has announced a security update targeting thevirtualization company’s ESX platform The announcement, focused onMITRE CVE 2009-0846 - a resident vulnerability in VMware ESX 350,and specifically related to Kerberos on the console, appears after thejump, along with linkage VMware Security Advisory Advisory ID:VMSA-2009-0008 Synopsis: http://www.secuobs.com/revue/news/115946.shtmlhttp://www.secuobs.com/revue/news/115946.shtml 2009-07-01 20:09:09 - ha.ckers.org web application security lab : Some of you who have been following my blog over the last 3+ years mayrecall me talking about Content Restrictions - a way for websites totell the browser to raise their security on pages where the site knowsthe content is user submitted and therefore potentially dangerous Inreality I’ve been talking http://www.secuobs.com/revue/news/115943.shtmlhttp://www.secuobs.com/revue/news/115943.shtml 2009-07-01 20:05:36 - Sophos security news : Reflecting on data security in 2008, Utimaco shares the top economic,legislative, and technical trends that it believes will drive themarket in 2009http://www.secuobs.com/revue/news/115937.shtmlhttp://www.secuobs.com/revue/news/115937.shtml 2009-07-01 19:59:27 - Security Bloggers Network : Morning all Happy Canada Day to all of our Canadian readers andwriters Happy July to everybody else Busy week for me, and by busyI of course mean busy waiting for the nice weather to show up WTHNew York Thanks for reading Signed, Matt Click here to subscribeto Liquidmatrix Security Digest And now, the news… ATM Vendor http://www.secuobs.com/revue/news/115935.shtmlhttp://www.secuobs.com/revue/news/115935.shtml 2009-07-01 19:59:27 - Security Bloggers Network : News, yesterday, of the latest censorship actions targeting BlackHatpresenters This time, Juniper Networks has muffled the presentationslated for the hack confab by Barnaby Jack, an employee of thenetworking concern Not surprisingly, his presentation, focused onAutomated Teller Machine vulnerabilities, was seen as a threat Ashort snippet of the original news item http://www.secuobs.com/revue/news/115932.shtmlhttp://www.secuobs.com/revue/news/115932.shtml 2009-07-01 19:54:57 - News : The US White House is determined to follow through on its efforts tomake cybersecurity a top priority, despite earlier government effortsthat have fallen flat, a top official said Wednesdayread morehttp://www.secuobs.com/revue/news/115927.shtmlhttp://www.secuobs.com/revue/news/115927.shtml 2009-07-01 19:53:57 - Help Net Security News : Webroot announced new releases of Webroot Web Security SaaS and WebrootEmail Security SaaS with essential enhancements including web browsingquotas to enforce Internet use policies and a new Webroohttp://www.secuobs.com/revue/news/115916.shtmlhttp://www.secuobs.com/revue/news/115916.shtml 2009-07-01 19:46:42 - The Guerilla CISO : Face it, your security requirements suck I’ll tell you why You writedown controls verbatim from your catalog of controls 800-53, SoX,PCI, 27001, etc, put it into a contract, and wonder how come when itcomes time for security testing, we just aren’t talking the samelanguage Even worse, you put in the cr*ptastic http://www.secuobs.com/revue/news/115906.shtmlhttp://www.secuobs.com/revue/news/115906.shtml 2009-07-01 19:37:09 - MX Logic Security News : Seventy-two percent of consumers said the economy has not changed theway they shop online, but nearly half of consumers have terminated anonline order due to security fears, according to a new survey by websecurity vendor McAfeeTim Dowling, vice president of McAfee's web security group, saidsecurity concerns are the driving force behind whether an onlinetransaction is completed or terminatedAccording to the survey, 63 percent of online consumers won't purchasefrom a website that does not display a trustmark or security policyA trustmark is a seal, logo or icon displayed on e-commerce websitesto show that merchants are making an effort to protect theircustomersThe Harris Interactive study also showed that 90 percent of consumersare concerned about their security when shopping on new or unknownsites and 47 percent of consumers look for trustmarks to feel safewhen shopping on a lesser known siteBy displaying a trustmark, the lesser known site can prove credibilityto potential customers and gain market share from larger sites, McAfeesaidADNFCR-1765-ID-19245695-ADNFCRhttp://www.secuobs.com/revue/news/115890.shtmlhttp://www.secuobs.com/revue/news/115890.shtml 2009-07-01 19:11:53 - Global Security Mag Online : Contact : Olivier Arous, Directeur MarketingAnnée de création : 2000Activités : Editeur français de solutions de sécurité informatiquepour les entreprises et pionnier reconnu de la protection desinfrastructures IT, ARKOON Network Security protège l'information, lescommunications et l'infrastructure au travers de solutionscomplémentairesDescription du produit phare pour 2009/2010 :La suite logicielle Security BOXElle répond aux besoins de confidentialité, d'intégrité etd'authenticité des - FIREWALLhttp://www.secuobs.com/revue/news/115875.shtmlhttp://www.secuobs.com/revue/news/115875.shtml 2009-07-01 15:48:41 - Schneier on Security : If the size of your company grows past 150 people, it's time to get namebadges It's not that larger groups are somehow less secure, it's justthat 150 is the cognitive limit to the number of people a human braincan maintain a coherent social relationship with Primatologist RobinDunbar derived this number by comparing neocortex -- the "thinking"IMAGEhttp://www.secuobs.com/revue/news/115836.shtmlhttp://www.secuobs.com/revue/news/115836.shtml 2009-07-01 15:45:12 - Help Net Security News : The main goal of this conference is to promote research on all aspects ofnetwork security, as well as to build a bridge between research oncryptography and on network security We therefore welcome http://www.secuobs.com/revue/news/115829.shtmlhttp://www.secuobs.com/revue/news/115829.shtml 2009-07-01 12:47:32 - Rootsecure.net : Security Fix: FFSearcher - A Stealthy Evolution in Click Fraudhttp://www.secuobs.com/revue/news/115792.shtmlhttp://www.secuobs.com/revue/news/115792.shtml 2009-07-01 12:16:13 - Latest Security Products entries at ESecurity Planet Product Guide : PC security tweaking software you can use to tweak Windows-basedcomputers Jun 30, 2009http://www.secuobs.com/revue/news/115779.shtmlhttp://www.secuobs.com/revue/news/115779.shtml 2009-07-01 12:16:13 - Latest Security Products entries at ESecurity Planet Product Guide : Desktop security solution for personal or publicly accessible computersJun 30, 2009http://www.secuobs.com/revue/news/115772.shtmlhttp://www.secuobs.com/revue/news/115772.shtml 2009-07-01 12:01:20 - SANS Internet Storm Center, InfoCON green : VMWare released a new security advisory about a vulnerability in the krb5Kerberos package The vu morehttp://www.secuobs.com/revue/news/115767.shtmlhttp://www.secuobs.com/revue/news/115767.shtml 2009-07-01 09:51:47 - DarkReading All Stories : Notorious convicted hacker warns that cloud-based computing will be"extremely dangerous," and explains how he got into hacking at age 15IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/115739.shtmlhttp://www.secuobs.com/revue/news/115739.shtml 2009-07-01 09:22:54 - Security Bloggers Network : The New York Times reported on the developing challenges in confrontingcybersecurity challenges with government bodies in an article aboutthe differing approaches between Russia and the US: "The UnitedStates and Russia are locked in a fundamental http://www.secuobs.com/revue/news/115726.shtmlhttp://www.secuobs.com/revue/news/115726.shtml 2009-07-01 09:22:54 - Security Bloggers Network : Notorious convicted hacker warns that cloud-based computing will be"extremely dangerous," and explains how he got into hacking at age 15= 8 { ShockMode = 1; } else if navigatoruserAgent etetnavigatoruserAgentindexOf"MSIE"=0 etetnavigatoruserAgentindexOf"Windows 95"=0 ||navigatoruserAgentindexOf"Windows 98"=0 ||navigatoruserAgentindexOf"Windows NT"=0 { documentwrite''; documentwrite'on error resume next ';documentwrite'ShockMode =IsObjectCreateObject"ShockwaveFlashShockwaveFlash8"';documentwrite' '; } if ShockMode { documentwrite'';documentwrite' '; documentwrite' '; documentwrite' ';documentwrite' '; documentwrite''; documentwrite''; } else ifnavigatorappName etet navigatorappNameindexOf"Netscape"=0 etetnavigatorappVersionindexOf"2"=0{ documentwrite'IMAGE'; }//-- IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/115725.shtmlhttp://www.secuobs.com/revue/news/115725.shtml 2009-07-01 06:26:33 - Homeland Security News : The National Business Aviation Association NBAA recently welcomed aconclusion in a recent report conducted by the Department of HomelandSecurity’s Office of Inspector General DHS-0IG that “generalaviation presents only limited and mostly hypothetical threats tosecurity” “This report validates what we in the general aviationcommunity have said before: http://www.secuobs.com/revue/news/115705.shtmlhttp://www.secuobs.com/revue/news/115705.shtml 2009-07-01 05:53:36 - New RFCs : 60KB This memo describes a Transport Security Model for the SimpleNetwork Management Protocol SNMPhttp://www.secuobs.com/revue/news/115688.shtmlhttp://www.secuobs.com/revue/news/115688.shtml 2009-07-01 05:28:22 - Packet Storm Security Last Files : Whitepaper called Web Vulnerabilities and Security Written in Romanianhttp://www.secuobs.com/revue/news/115679.shtmlhttp://www.secuobs.com/revue/news/115679.shtml 2009-07-01 05:04:53 - Security Bloggers Network : Good afternoon everybody I hope your day is going well Here are today’sInteresting Information Security Bits from around the web Thesolution to the latest packet challenge from I Smell Packets Solutionto the Name That Exploit Packet Challenge I Smell Packets Tags: challenge packet Rich is tackling costs associated with a databreach He is http://www.secuobs.com/revue/news/115656.shtmlhttp://www.secuobs.com/revue/news/115656.shtml 2009-07-01 05:02:11 - News : Cloud-based disaster recovery has become a viable option forsafeguarding e-mail, but IT shops need to ask tough questions aboutdata security and resiliency before committing to a vendor, analystssayread moreIMAGEhttp://www.secuobs.com/revue/news/115649.shtmlhttp://www.secuobs.com/revue/news/115649.shtml 2009-07-01 04:50:01 - Office of Inadequate Security : Jesse William McGraw of Arlington, Texas, a/k/a “GhostExodus,”“PhantomExodizzmo,” “Howard Daniel Bertin,” “Howard William McGraw,”and “Howard Rogers,” was arrested by FBI agents last Friday on federalfelony charges related to hacking into a hospital’s computer systemAccording to a statement by James T Jacks, Acting United StatesAttorney for the Northern District of Texas, http://www.secuobs.com/revue/news/115641.shtmlhttp://www.secuobs.com/revue/news/115641.shtml 2009-07-01 04:49:07 - Network Security Blog : Martin is off in Japan this week, so I’m joined by our good friend AmritWilliams from BigFix and the Techbuddha blog Amrit and I start off bytalking about the rolling blackouts in California and disasterpreparedness, before jumping into the week’s security news I’m off in Japan, but not forgotten I’m almost http://www.secuobs.com/revue/news/115640.shtmlhttp://www.secuobs.com/revue/news/115640.shtml 2009-07-01 04:19:35 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/115631.shtmlhttp://www.secuobs.com/revue/news/115631.shtml 2009-07-01 04:19:35 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/115630.shtmlhttp://www.secuobs.com/revue/news/115630.shtml 2009-07-01 02:03:00 - Security Park : Clavister has announced the launch of the Clavister Security GatewaySG4300 Series, a high performance UTM security solution capable ofhandling a large number of connections with super fast throughputBased on the same technology found in all Clavister products, theClavister Security Gateway 4300 Series has been designed to maximizehigh performance of plaintext and encrypted traffic The morehttp://www.secuobs.com/revue/news/115607.shtmlhttp://www.secuobs.com/revue/news/115607.shtml 2009-07-01 02:03:00 - Security Park : Ultra-portable laptops, designed primarily to provide access to theInternet and simple office applications, are gaining in popularitybecause they are compact, lightweight, easy to use, energy efficientand relatively cheap However, ultra-portables tend to be lesspowerful, which means resource-intensive IT security solutions cannotbe launched on them Kaspersky Lab has addressed this with themorehttp://www.secuobs.com/revue/news/115606.shtmlhttp://www.secuobs.com/revue/news/115606.shtml 2009-07-01 01:53:19 - Hack In The Box : Reformed convicted hacker Michael Calce, better known as 15-year-old"mafiaboy" who in 2000 took down Websites at CNN, Yahoo, E*Trade,Dell, Amazon, and eBay, says widespread adoption of cloud computing isonly going to make the Internet more of a hacker haven "It will bethe fall of the Internet as we know it," Calce said today in aLumension Security-sponsored Webcast event "You're basically puttingeverything in one little sandbox it's going to be a lot more easyto access," he said, noting that cloud computing will be "extremelydangerous" "This is not the last you're going to hear of this," hesaidhttp://www.secuobs.com/revue/news/115601.shtmlhttp://www.secuobs.com/revue/news/115601.shtml 2009-07-01 01:53:19 - Hack In The Box : To improve matters, Damiano Bolzoni of the University of Twente, TheNetherlands, has developed a system which paves the way for a newgeneration of network security This forms the subject of hisdoctorate, awarded by the Faculty of Electrical Engineering,Mathematics and Computer Science on 25 June A network intrusiondetection system NIDS is like a kind of virus scanner, but for anentire network rather than a single computer There are two types Thefirst draws upon a database of all known attacks, such as thoseattempted by computer hackers It works by recognizing the‘signatures’ of methods previously used But this means that itwill not at first spot a new and as yet unknown methodhttp://www.secuobs.com/revue/news/115598.shtmlhttp://www.secuobs.com/revue/news/115598.shtml 2009-07-01 01:53:19 - Hack In The Box : Admit it: You are currently addicted to social networking Your drug ofchoice might be Facebook or Twitter, or maybe Myspace or LinkedInSome of you are using all of the above, and using them hard, even ITsecurity practitioners who know better While it's impossible toescape every social networking threat out there, there are steps onecan take to significantly reduce the risks CSOonline recently checkedin with dozens of IT security professionals ironically, using morethan one social networking platform to do so to pinpoint seventypical security mistakes people make; and how to avoid themOver-sharing company activitiesThis is a sin of pride, when someonegets excited about something their company is working on and simplymust tell everyone about it Maybe you work for a drug company that ison the verge of developing the cure for cancer Maybe the company isdeveloping a new car that runs on curbside trash -- in other words,something everyone will wanthttp://www.secuobs.com/revue/news/115597.shtmlhttp://www.secuobs.com/revue/news/115597.shtml 2009-07-01 01:35:02 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Septemb0x a découvert une vulnérabilité dans DM FileManager, qui pourraitêtre exploitée par des personnes malintentionnées afin de compromettreun système vulnérablehttp://www.secuobs.com/revue/news/115573.shtmlhttp://www.secuobs.com/revue/news/115573.shtml 2009-07-01 01:35:02 - Bulletins et Alertes de Sécurité SECURINFOS.INFO : Septemb0x a découvert une vulnérabilité dans le plugin DM Albums pourWordPress, qui pourrait être exploitée par des personnesmalintentionnées afin de compromettre un système vulnérablehttp://www.secuobs.com/revue/news/115572.shtmlhttp://www.secuobs.com/revue/news/115572.shtml 2009-07-01 01:02:37 - Security Bloggers Network : "A talk demonstrating security weaknesses in a widely used automaticteller machine has been pulled from next month's Black Hat conferenceafter the machine vendor placed pressure on the speaker's employerJuniper Networks, a provider of network devices and security services,said it delayed the talk by its employee Barnaby Jackhttp://www.secuobs.com/revue/news/115528.shtmlhttp://www.secuobs.com/revue/news/115528.shtml 2009-07-01 00:58:36 - News : Router maker Juniper Networks has barred one of the company's securityresearchers from discussing security flaws in Automated TellerMachines after an ATM maker threatened legal actionread moreIMAGEhttp://www.secuobs.com/revue/news/115521.shtmlhttp://www.secuobs.com/revue/news/115521.shtml 2009-07-01 00:21:31 - Cryptome : June 30, 2009http://www.secuobs.com/revue/news/115499.shtmlhttp://www.secuobs.com/revue/news/115499.shtml 2009-06-30 22:06:56 - Rootsecure.net : H Security: Swatting phreaker swatted and heading to jailhttp://www.secuobs.com/revue/news/115477.shtmlhttp://www.secuobs.com/revue/news/115477.shtml 2009-06-30 21:18:24 - Tom Olzak on Security : Sitting back, looking at his security controls matrix, George feltcomfortable with the trustworthiness of systems on which he expectssensitive information to reside His database servers are located onsegments locked down and monitored by unified threat management UTMdevices The NAS where he expects unstructured data eg, Word andExcel files is encrypted http://www.secuobs.com/revue/news/115448.shtmlhttp://www.secuobs.com/revue/news/115448.shtml 2009-06-30 21:01:04 - TrendLabs Malware Blog by Trend Micro : On June 23, Jakob Nielsen posted an article declaring that passwordmasking on the user interface is more harmful in terms of usabilitythan helpful to the security of an application to which BruceSchneier, in a June 26 blog post agreed Both argued that masking thecharacters when a user enters a password is Post from: TrendLabs | Malware Blog - by Trend MicroTo *** or Not to Mask: Usability Versus Security in Password Maskinghttp://www.secuobs.com/revue/news/115429.shtmlhttp://www.secuobs.com/revue/news/115429.shtml 2009-06-30 20:55:42 - Security Bloggers Network : /me sighs happily I have a mad crush on Scarlett Johansson I’ve alwayswanted to do that I’ve accomplished everything I ever wanted in thisjob Whatever shall I do next Have a great day Signed, The InternClick here to subscribe to Liquidmatrix Security Digest And now, thenews… Juniper Networks Gags “ATM Jackpot” Researcher – Risky BizMitnick http://www.secuobs.com/revue/news/115420.shtmlhttp://www.secuobs.com/revue/news/115420.shtml 2009-06-30 20:50:36 - Help Net Security News : Web security: Analysis of web security activity shows that 588 percentof all web-based malware intercepted was new in June MessageLabsIntelligence also identified an average of 1,919 new websites http://www.secuobs.com/revue/news/115394.shtmlhttp://www.secuobs.com/revue/news/115394.shtml 2009-06-30 19:56:15 - Global Security Mag Online : - Vulnérabilitéshttp://www.secuobs.com/revue/news/115353.shtmlhttp://www.secuobs.com/revue/news/115353.shtml 2009-06-30 18:06:16 - Zero in a bit : The “Mobius Defense” is a somewhat novel defense model proposed by PeteHerzog, founder of ISECOM and lead author of the Open Source SecurityTesting Methodology Manual OSSTMM Before continuing to read thefollowing post I suggest you take a few minutes and breeze through theslide deck linked here It’s an easy and http://www.secuobs.com/revue/news/115329.shtmlhttp://www.secuobs.com/revue/news/115329.shtml 2009-06-30 17:39:25 - FSecure Antivirus Research Weblog : Our Q2 Security Threat Summary is available from:http://wwwf-securecom/2009/Q2 SummaryVideo is available via our Video Channel, and also the Lab's YouTubeChannelOn 30/06/09 At 11:57 AMhttp://www.secuobs.com/revue/news/115322.shtmlhttp://www.secuobs.com/revue/news/115322.shtml 2009-06-30 17:27:05 - Les derniers documents du CERTA. : Plusieurs vulnérabilités affectant Cisco ASA software permettent à unepersonne malintentionnée de porter atteinte à la confidentialité desdonnées et d'effectuer une injection de code indirectehttp://www.secuobs.com/revue/news/115310.shtmlhttp://www.secuobs.com/revue/news/115310.shtml 2009-06-30 16:25:00 - Office of Inadequate Security : The US Commodity Futures Trading Commission today simultaneously filedand settled charges against Interbank FX, LLC Interbank, orderingInterbank to pay a $200,000 civil monetary penalty for violating rulesdesigned to protect the confidential personal information ofconsumers The CFTC order also requires Interbank to establish acomprehensive security program that provides administrative,technical, and http://www.secuobs.com/revue/news/115267.shtmlhttp://www.secuobs.com/revue/news/115267.shtml 2009-06-30 16:21:56 - Advanced Password Cracking Insight : Most laws define security obligations as reasonable, appropriate,suitable, necessary, adequate etc without giving more precisedirectives to follow Is it good or bad And what should be knownabout these standards Let’s see what major security standards sayabout recommended security measures Data Protection Directive inEurope …implement appropriate technical and organizational measures toprotect personal data http://www.secuobs.com/revue/news/115265.shtmlhttp://www.secuobs.com/revue/news/115265.shtml 2009-06-30 16:18:58 - Governmentsecurity.org : So it looks like Google Voice has finally begun to send out invites,and I admit that I have been waiting for mine for a while and can'twait to use it For those that don't know what Google Voice is:You get a single Google provided phone number that you can use Itwill then handle all of your voice mail and other text messages Youcan also change how your phones ring Which is all really useful forpeople that have a huge amount of phonesWill you guys use it Do you have concerns about the security and theprivacy of Google VoiceIMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/115261.shtmlhttp://www.secuobs.com/revue/news/115261.shtml 2009-06-30 16:00:05 - Global Security Mag Online : VUPEN Security, société de recherche en vulnérabilités, annonce ladisponibilité du service VUPEN Exploits et PoCs pour les éditeurs desolutions de sécurité offensive ou défensive, et pour lesprofessionnels du test d'intrusionVérifier que les mesures de sécurité mises en place pour protéger lesréseaux et les systèmes d'informations sont réellement efficaces estune tâche complexe et indispensable que doivent exécuter lesprofessionnels de la sécurité en réalisant, de manière régulière, destests de - Produitshttp://www.secuobs.com/revue/news/115257.shtmlhttp://www.secuobs.com/revue/news/115257.shtml 2009-06-30 16:00:05 - Global Security Mag Online : Contact : contact@vupencomAnnée de création : 2004Activités :VUPEN Security est une société de recherche en sécurité informatiquespécialisée dans l'analyse et l'exploitation avancée desvulnérabilités Elle commercialise des solutions de veille envulnérabilités et des outils de test de sécurité permettant auxprofessionnels RSSI, DSI, consultants et ingénieurs d'évaluer lafaiblesse de leurs systèmes en simulant des attaques dans le cadre detests de sécurité ou d'intrusion réguliers La société -CONSULTANTShttp://www.secuobs.com/revue/news/115255.shtmlhttp://www.secuobs.com/revue/news/115255.shtml 2009-06-30 13:56:35 - Security Onion : I'm currently working on the next version of the Security Onion LiveCDWhat specific packages/features would you like to see added to theSecurity Onion LiveCD Post a comment here or contact me on TwitterThanksIMAGEhttp://www.secuobs.com/revue/news/115250.shtmlhttp://www.secuobs.com/revue/news/115250.shtml 2009-06-30 13:48:42 - Rootsecure.net : Out Law: Usability and security gurus agree that masked passwords shouldgo "Websites should stop masking passwords as users type because itdoes not improve security and makes websites harder to use, accordingto two of the technology world's leading thinkers"http://www.secuobs.com/revue/news/115240.shtmlhttp://www.secuobs.com/revue/news/115240.shtml 2009-06-30 13:45:00 - Network World on Security : Robert Russo, the general manager of the Payment Card Industry SecurityStandards Council, fires back at critics of the PCI data securitystandardhttp://www.secuobs.com/revue/news/115236.shtmlhttp://www.secuobs.com/revue/news/115236.shtml 2009-06-30 13:44:04 - Matthieu Suiche's blog ! : Yesterday, I wrote a post about TwitPic and Twitter According to theblog of TwitPic, we can read this: Yesterday we were made aware of avulnerability with our email posting system that would allow someoneto brute force someone’s Twitpic email PIN by trying every combinationuntil one worked A fix has been put in http://www.secuobs.com/revue/news/115233.shtmlhttp://www.secuobs.com/revue/news/115233.shtml 2009-06-30 12:30:37 - Roer.Com Information Security Blog Information security for entrepreneurs : I will be giving a speak at the Security 2009 even in Oslo, October1st 2009My topic is strategic use of information security from a top levelexecutive point of view I will post link etc as soon as it isavailableIMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/115216.shtmlhttp://www.secuobs.com/revue/news/115216.shtml 2009-06-30 12:29:16 - Help Net Security News : Oracle today announced that Oracle Advanced Security, an option to OracleDatabase 11g Enterprise Edition, transparently encrypts allapplication data stored in an Oracle Database tablespace Customerhttp://www.secuobs.com/revue/news/115213.shtmlhttp://www.secuobs.com/revue/news/115213.shtml 2009-06-30 09:34:53 - ISN InfoSec News Mailing List : InfoSec News: Improved FISMA scores don't add up to better security,auditor says:http://fcwcom/articles/2009/06/29/fcw-fisma-metric-changeaspxBy Ben Bain FCWcom June 29, 2009The government’s current choice of metrics is partly to blame for thefact that agencies are reporting improved compliance with securityrequirements even while government investigators continue to findsecurity gaps, auditors sayPart of the problem is that although the Office of Management andBudget requires agencies to establish information technology securitycontrols, the metrics generally do not measure how well those controlsare implemented, according to the Government Accountability Office“Developing and using metrics that measure how well agencies implementimportant controls can contribute to increased focus on the effectiveimplementation of federal information security,” said GregoryWilshusen, director of information security issues at GAO, testifyingJune 25 before the House Science and Technology Committee’s Technologyand Innovation SubcommitteeWilshusen said the current metrics probably served a useful purposewhen they were developed because, at that time, many agencies weren’tperforming basic security controls However, he said, it’s time toexamine how agencies implement the controls and consider other typesof metricshttp://www.secuobs.com/revue/news/115192.shtmlhttp://www.secuobs.com/revue/news/115192.shtml 2009-06-30 09:34:53 - ISN InfoSec News Mailing List : InfoSec News: USENIX Security '09: Program Available: Forwarded from:Lionel Garth Jones I'm writing to remind you that the 18th USENIX Security Symposium willtake place August 10-14, 2009, in Montreal, Canada The Early BirdRegistration Deadline is July 20, 2009 Register now to savehttp://wwwusenix http://www.secuobs.com/revue/news/115191.shtmlhttp://www.secuobs.com/revue/news/115191.shtml 2009-06-30 09:23:46 - DarkReading All Stories : Infonetics expects a struggling NAC appliance market to rebound big-timeby 2013, to nearly $700 millionhttp://www.secuobs.com/revue/news/115189.shtmlhttp://www.secuobs.com/revue/news/115189.shtml 2009-06-30 08:21:50 - Security Bloggers Network : Good afternoon everybody I hope your day is going well Here are today’sInteresting Information Security Bits from around the web Ryan hasput together a very nice article about KisMAC Now I just need to buya Mac so I can try it out The definitive KisMAC article Tags: wireless hacking I saw this when Justin http://www.secuobs.com/revue/news/115184.shtmlhttp://www.secuobs.com/revue/news/115184.shtml 2009-06-30 05:53:34 - spamcleaner.org articles divers antispam, sécurité... : iptables et mod_security sont deux applications très utiles pour protégerun serveur mais malheureusement ne peuvent pas communiquer ensembles,mod_security étant un module d'apache il hérite bien entendu desprivilèges de celui-ci Il est cependant très facile de pallier à ceproblème avec un simple petit client/serveur en Perlhttp://www.secuobs.com/revue/news/115163.shtmlhttp://www.secuobs.com/revue/news/115163.shtml 2009-06-30 05:53:34 - spamcleaner.org articles divers antispam, sécurité... : ModSecurity est un module souvent utilisé uniquement pour filtrer/rejeterdes chaînes de caractères Nous allons voir qu'il est capable de fairebien plus que cela, notamment de pouvoir bloquer des floods HTTP d'unemanière plus efficace que des modules comme mod_evasivehttp://www.secuobs.com/revue/news/115159.shtmlhttp://www.secuobs.com/revue/news/115159.shtml 2009-06-30 05:27:41 - Hack In The Box : Happy Birthday, America We're not as safe as we think From theelectricity grid to the banking system to the defense contractorsbuilding our most sophisticated weapons, computers running thenation's critical infrastructure see relentless attacks from criminalsand countries alike Sometimes we hear about it, sometimes we don'tIn the last year, the Federal Aviation Administration FAA, theDepartment of Defense DoD and the ATM banking system have all beenattacked in concerted, organized ways by people who have yet to beapprehended Hardening critical infrastructure systems in industriesas diverse as defense, electricity, financial services andtelecommunications will take millions of dollars, perhaps many yearsand massive political clout President Barack Obama says he wants todo it IT leaders want to know howhttp://www.secuobs.com/revue/news/115141.shtmlhttp://www.secuobs.com/revue/news/115141.shtml 2009-06-30 05:27:41 - Hack In The Box : As the growth of ATM fraud increases around the world exponentially inrecent times, anti-malware researchers are keen to solve a crisis inthe making The bad guys are getting smarter, they're growingdistinctively more sophisticated , warns Sergey Golovanov, seniormalware Analyst for Kaspersky Lab in Moscow, who is speaking at the10th Virus Analyst summit in Croatia Golovanov is an expert on thecyber criminal groups who utilise ATM fraud And in his work, he'sseen some interesting trends pop up The problem says Golovanov, isnot that security experts aren't looking for a way to solve themultitude of ATM security flaws; it's that their hands are tied Andthen placed in a trench of concrete, so to speakhttp://www.secuobs.com/revue/news/115122.shtmlhttp://www.secuobs.com/revue/news/115122.shtml 2009-06-30 05:27:41 - Hack In The Box : Security experts have strongly criticised suggestions by a governmentminister that former hackers might play a key role in Britain's newlyannounced cybersecurity strategy Lord West, the Home Office securityminster, made the controversial suggestion that the government hadrecruited former hackers to work in its new Cyber Security OperationsCentre, a key components of the UK government’s cybersecuritystrategy announced last week West told the BBC that the governmenthad avoided employing "ultra, ultra criminals" but needed the madskillz expertise of former miscreants "You need youngsters who aredeep into this stuff… If they have been slightly naughty boys, veryoften they really enjoy stopping other naughty boys," he saidhttp://www.secuobs.com/revue/news/115121.shtmlhttp://www.secuobs.com/revue/news/115121.shtml 2009-06-30 05:07:30 - ThreatChaos : Once again I am covering a Gartner Security Summit This is my ninth Ibelieve Watch this space for my thoughts on various announcementsfrom the vendors and prognostications from the analysts The firstvendor announcement worth thinking about is Tufin’s Automatic PolicyGeneration tool that is part of their complete firewall policy http://www.secuobs.com/revue/news/115114.shtmlhttp://www.secuobs.com/revue/news/115114.shtml 2009-06-30 04:51:28 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/115104.shtmlhttp://www.secuobs.com/revue/news/115104.shtml 2009-06-30 04:06:28 - Room362.com : Looking for local events I’ve gotten a lot of people asking me recentlywhere the local events are in DC, and I almost every time turn them tothe awesome http://wwwnovainfosecportalcom/ which is hands down thebest source for local events for the DC-NoVA-MD area, not just NoVAGrecs follow him on twitter does an amazing job at Relatedposts:1 Full Disclosure gets dusted off The Full D2 Getting your fill of Security I recently3 Offensive Security Certified Professional I recentlyhttp://www.secuobs.com/revue/news/115071.shtmlhttp://www.secuobs.com/revue/news/115071.shtml 2009-06-30 04:04:34 - MX Logic Security News : Spam levels for Q2 2009 averaged 887 percent compared with 745 percentfor Q1 2009, according to the June 2009 MessageLabs IntelligenceReport from security vendor Symantec The global ratio of spam was904 percent in June, reflecting no change since MaySpam from compromised PCs, known as botnets, accounted for 832percent of all spam in June One of the largest botnets, Cutwail alsoknown as Pushdo, had resumed spamming just hours after the shut-downof the botnet's command-and-control server Pricewert/3FN by theFederal Trade Commission"Cutwail's recovery to one-third of its original levels, after only afew hours, highlights the progress spammers have made since the McColoshutdown in November," said Paul Wood, MessageLabs Intelligence SeniorAnalyst "Spammers have learned the importance of having a backup forcommand and control channels"The report also identified a rise in the threat of malicious links ininstant messages, to 1 in 78 IMs containing links, an increase of 78percent over the past six months At the current rate, 1 in 80 IMusers may expect to receive a malicious instant message each monthMessageLabs Intelligence said a growing number of threats target thehealthcare sector Email-borne malware attacks targeting thehealthcare sector have more than doubled since the start of 2009ADNFCR-1765-ID-19241140-ADNFCRhttp://www.secuobs.com/revue/news/115069.shtmlhttp://www.secuobs.com/revue/news/115069.shtml 2009-06-30 03:46:17 - Vibro.NET : in case Internet memes are not your thing: before you flame me forpoor grammar, know that the “I eated it” is intentional: seehttp://icanhascheezburgercom/2007/01/15/i-made-you-a-cookie/Another week, another sample ASPNET control for identityThere are moments in the development of claims-based websites in whichyou want to take a good look at the token that you are getting fromthe STS: if your pages are not behaving in the way you’d expect, younever really know if that’s because you are not getting the claims youwere expecting or if you are not processing them in the right wayThat’s just one example of why you’d want to inspect the identity infoin the current contextNormally you have two strategies for inspecting the content of thecurrent context:1 You write some debugging/tracing code You know, the classicforeach on all the claims in the current IClaimsIdentity that yousee so often in the samples The approach works, but it is prettyrepetitive it’s code that you rewrite almost verbatim acrossdifferent projects and it’s usually not very exhaustive maybeyou print the claim values but it turns out that the issue was inthe IntendedAudience2 You attach a debugger to the web app This works very well,however it implies that the system allows you to do so and that’snot always the caseToday’s sample control provides you with a third way Just drag theSecurityTokenVisualizerControl STVC on your page, you’ll obtain afairly comprehensive view of what’s going on in your identity contextin nice tabular format, collapsible in a tiny icon so that it does notinterfere too much with the rest of the page The STVC contains codethat you would otherwise write yourself in 1, and at the same time italmost as exhaustive as if you’d explore the current context using 2:all this without leaving the browserBelow there’s a copy of the documentation accompanying the samplepackage The control is extremely easy to use: as usual, remember thatthis is just sample code and you should be careful in using it Thistime there are some issues that we felt we should highlight: you willfind them in the summary section That said, have funKudos to the Southworks team Ariel, Matias, Tim, Diego, Fernando whohelped us on this, whipping the entire thing in just a weekOverview========The Security Token Visualizer control STVC is a simple ASPNETserver control which displays in a compact layout useful informationabout claims-based identity in a web site secured with the GenevaFramework8de75977-9c90-4df4-b0c1-5daa603e3d38Once expanded, the STVC displays information about the currentidentity contextThe STVC is intended to be a debugging aid, which helps you to inspectwhat identity info you are receiving from the STS without the need forattaching a debugger to your website Furthermore, STVC spares you therepetitive task of writing code that retrieves and render claim valuesor other info about the incoming security token that are typicallyneeded in the development et testing phases of your application lifecycleThe Control in Action in the Sample Website===========================================779d5053-f24d-4a79-915e-161317fc6964The STVC in Visual Studio’s toolboxThe sample package installs the STVC in your Visual Studio toolbox,under the DPE Identity Samples tab44d23289-9242-4928-b2aa-b0ef3c00520cThe Defaultaspx and Publicaspx pages in the sample solutionThe package includes a sample solution which is used for demonstratinghow the control works, however its usage is so simple that you can tryit on any web page from a web site protected with the GenevaFramework: just drag it on the page and you are good to go At designtime the control appears as a red token: at run time the control willmaintain its design appearance, however it will also display a “+”sing on its left that, when clicked, will expand the control in orderto show various tables containing the identity information beingtracked The only property exposed by the control, Font, influenceswhich font settings will be used for displaying information whenexpandedFigure 3 shows a couple of simple pages from the sample solutionDefaultaspx can be reached only by users who successfullyauthenticated with a certain STS included in the solutionPublicaspx can instead be reached by unauthenticated users Bothpages carry an instance of STVCLet us start with Publicaspx: open a browser and navigate tohttps://localhost/FabrikamAirlinesWebSite/Publicaspxf7434e57-2eb1-410f-8eb2-50870b5e1213STVC on a page displayed by an unauthenticated userOnce expanded, the control will simply display a warning that thecurrent user is not authenticated, or his or her identity is not basedon claimsLet us now try with Defaultaspx: navigate tohttps://localhost/FabrikamAirlinesWebSite You will be immediatelyredirected to a development STS, as shown below1bd8c110-210d-4633-9758-069320386c94The credential gathering page at the local development STSJust hit submit, you will land on Defaultaspx If you expand thecontrol, you will now see the list of identity properties in thecurrent context6bb89a66-6a8f-4bbe-8ea5-a5a95f8a30b7STVC fully populated et expandedFigure 6 shows the kind of information STVC shows Namely:* Issued Identity – this section shows the content of the Claimscollection in the first IClaimsIdentity in the currentIClaimsPrincipal For every claim we display:* Type* Value* Issuer* Original issuer* Delegated Identity – shows claims in the delegate member of theIClaimsIdentity instance mentioned above* Raw SAML – shows the XML of the SAML received* SAML Properties – contains SAML-specific properties such asIntended Audience, ValidTo, certificates used to sign from thetoken and to encrypt from the web site configuration, etc* The signing certificate bits can be downloaded directly via thecontrolIt’s as simple as thatSummary=======The Security Token Visualizer Control is a rudimentary but, we hope,useful tool that can help you to troubleshoot certain identity-relatedissues on your web pages by saving you the hassle to write repetitivedebug et tracing codeIt is important to keep in mind that this is just a very simplesample, offered as a didactic tool: STVC does not pretend to becomplete, should not be used in production and has various well-knownshortcomings:* Often the issues you need to solve prevent your web site fromobtaining a token, or the token may be invalid and throw: in thatcase, STVC is not useful since the execution will halt beforehitting its code* While we made efforts for maintaining a pluggable architecture,the current release is strongly biased toward SAML: we wanted tomake sure we covered the most common case, if you need to supportdifferent token types you can write your own handler and plug itin STVC* Since STVC is very handy for situations in which you can’t attacha debugger, the risk is that you will use liberally and end upforgetting it on live pages: that may have unintendedconsequences, as STVC would show info that would not be normallyavailable We made the icon bright red in the hope of making thecontrol very visible and minimize the chances you will forget itonAs usual, we hope that our sample will make your life easier as youtake advantage of claims based identity and the Geneva Framework Ifyou have feedback, we will be glad to do our best for incorporating itin the next deliverablesIMAGEhttp://www.secuobs.com/revue/news/115065.shtmlhttp://www.secuobs.com/revue/news/115065.shtml 2009-06-30 03:43:22 - Optimal Security : Miscellaneous interesting news/tidbits I’ve run across whilst trying tokeep up with/clean out my inbox … Twitter Propaganda Posters Thanksto the good folks at bOING bOING, I learned about these posters Verycool, very funny … but there’s also a serious side to it: if yourorganization is going to take advantage of new social http://www.secuobs.com/revue/news/115062.shtmlhttp://www.secuobs.com/revue/news/115062.shtml 2009-06-30 01:00:37 - Security Park : Music enthusiasts, theatregoers and sports fans are risking their safetyand security, by purchasing black market tickets as well as payinghighly inflated prices G4S Events' annual Ticket Tout Index revealsevent tickets purchased via unauthorised websites cost on average 64%more than the original face value Sports fans are prepared to pay thehighest premium for black market tickets, pay morehttp://www.secuobs.com/revue/news/115049.shtmlhttp://www.secuobs.com/revue/news/115049.shtml 2009-06-30 00:18:05 - philosecurity : The illustrious John Strand has an update for us regarding Verizon’s demoEVDO system security This summer John is launching his new SANSclass, Security Architecture for Systems Administrators Shortly afterwe posted the article about the openness of the Verizon EVDOdemonstration terminals, we were contacted by Verizon Afterdiscussing the issue at length http://www.secuobs.com/revue/news/115025.shtmlhttp://www.secuobs.com/revue/news/115025.shtml 2009-06-29 23:51:13 - Security Bloggers Network : A while back Jim Manico @manicode of the OWASP Podcast series emailedme and aske me if I'd be willing to do an interview for OWASPYou readers know I tend to be a bit opinionated, so doing this podcastinterview and not offending everyone was front-of-mind I hope Iaccomplished my goal and only a few of you end up thinking I'm nutsafter listeningI hope you enjoy the podcast, I tried to be open, honest, and eveninformativeIMAGEMaybe Jim Manico himself will be kind enough to explain the SkeletorreferenceOWASP Podcast #27 - Interview with Rafal Los meListen to the OWASP Podcast series regularly and go follow@OWASP_podcast on TwitterIMAGEIMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/115002.shtmlhttp://www.secuobs.com/revue/news/115002.shtml 2009-06-29 23:51:13 - Security Bloggers Network : Your Gmail account could be hijacked or viewed by someone else So it’snice to know from where it’s being accessedYou can do this with ahandy-dandy feature in Gmail, located at the bottom of the Gmail page:Click “Detailhttp://www.secuobs.com/revue/news/115000.shtmlhttp://www.secuobs.com/revue/news/115000.shtml 2009-06-29 23:51:13 - Security Bloggers Network : On this episode of the Imperva Security Podcast Paul Reymann, Co-authorof the Gramm-Leach-Bliley Act GLBA discusses GLBA, compliance, andsecurity within the financial industryHe also touches on financialmodernization, the convergence of NIST and ISO, and the riskmanagement continuumMr Reymann is one of the nation's leading regulatory experts andco-author of Section 501 of the Gramm-Leach-Bliley Act Security ruleFortune 500 companies have leveraged Mr Reymann's subject matterexpertise to develop successful go-to-market strategies forinformation security and technology products and services within keyvertical marketsHe has more than twenty years experience in the financial servicesindustry, including thirteen years with the Department of Treasury'sOffice of Thrift Supervision OTS in Washington DC There he guidedthe regulatory agency's Technology Risk management activities andauthored several key regulatory directives and advisories on emergingrisk management issues, including the industry's first regulatorydirective on "Transactional Internet Banking"Listen to the podcast herehttp://www.secuobs.com/revue/news/114999.shtmlhttp://www.secuobs.com/revue/news/114999.shtml 2009-06-29 23:21:46 - Channel 9 : IMAGEThe boys took over this week and it's clear we have a bro-mance inthe making If you've ever wondered what guys talk about when they'realonenow you know:Paul Allen makes it bigBallmer makes a boo booSurface gets even coolerReal DaVinci footageSecurity Betahttp://www.secuobs.com/revue/news/114979.shtmlhttp://www.secuobs.com/revue/news/114979.shtml 2009-06-29 21:03:19 - Steve on Security : http://www.secuobs.com/revue/news/114969.shtmlhttp://www.secuobs.com/revue/news/114969.shtml 2009-06-29 21:03:19 - Steve on Security : http://www.secuobs.com/revue/news/114968.shtmlhttp://www.secuobs.com/revue/news/114968.shtml 2009-06-29 20:41:19 - Matthieu Suiche's blog ! : Web vulnerabilities are lame and web developpers too We all know thisAnd here is what you can read on @britneyspears twitter Basically,TwitPic allows Twitter users to upload + post pictures on theirTwitter status How You have to login on the TwitPic website withyour login+password, then upload your picture and that’s it Accordingto http://www.secuobs.com/revue/news/114958.shtmlhttp://www.secuobs.com/revue/news/114958.shtml 2009-06-29 20:26:40 - eSecurity Planet News : A conference hosted by research firm Gartner suggests that cybersecuritytasks will be so integrated into the tech infrastructure that it willrequire less human interventionhttp://www.secuobs.com/revue/news/114954.shtmlhttp://www.secuobs.com/revue/news/114954.shtml 2009-06-29 20:11:44 - 411 on Spyware : Antivirus Security screenshot Antivirus Security is more fakeantivirus/anti-spyware software; Antivirus Security is a clone ofInternet Antivirus You can thank a Trojan or scam website -- maybewwwAntivirusSecurity-Solutioncom -- for installing AntivirusSecurity onto your computer Once Antivirus Security is in, AntivirusSecurity tries to trick you into buying the "full" version ofAntivirus Security with fake system warnings, and by noting harmlessfiles as dangerous Before you set fire to your PC to stop AntivirusSecurity popups, I'll show you how to get rid of Antivirus Securityfor freehttp://www.secuobs.com/revue/news/114951.shtmlhttp://www.secuobs.com/revue/news/114951.shtml 2009-06-29 19:52:05 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114938.shtmlhttp://www.secuobs.com/revue/news/114938.shtml 2009-06-29 19:50:10 - Tom Olzak on Security : It’s easy to blame business users and management for data breaches,by-passed security controls, or other risky behavior Often the blameis properly directed, but most employees want to do the right thingOften doing the right thing isn’t easy, because security controls aretoo restrictive, preventing users from doing their jobs In thesecases, http://www.secuobs.com/revue/news/114929.shtmlhttp://www.secuobs.com/revue/news/114929.shtml 2009-06-29 19:33:56 - gHacks technology news : You might have been one of the lucky ones who was able to download thebeta of Microsoft antivirus software program Security EssentialsChance is you missed the opportunity as Microsoft has limited the betadownloads to 75000 Users who want to download Microsoft SecurityEssentials today are notified that downloads are not available athttp://www.secuobs.com/revue/news/114909.shtmlhttp://www.secuobs.com/revue/news/114909.shtml 2009-06-29 19:31:58 - Digital Soapbox Preaching Security to the Digital Masses : A while back Jim Manico @manicode of the OWASP Podcast series emailedme and aske me if I'd be willing to do an interview for OWASPYou readers know I tend to be a bit opinionated, so doing this podcastinterview and not offending everyone was front-of-mind I hope Iaccomplished my goal and only a few of you end up thinking I'm nutsafter listeningI hope you enjoy the podcast, I tried to be open, honest, and eveninformativeIMAGEMaybe Jim Manico himself will be kind enough to explain the SkeletorreferenceOWASP Podcast #27 - Interview with Rafal Los meListen to the OWASP Podcast series regularly and go follow@OWASP_podcast on TwitterIMAGEIMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/114907.shtmlhttp://www.secuobs.com/revue/news/114907.shtml 2009-06-29 19:30:37 - Security Bloggers Network : Hello folks Had a great weekend, somewhat productive with enoughrelaxation thrown in to feel ready to conquer another week andwhatever it throws my way Thanks for joining us, see you tomorrowSigned, The Intern Click here to subscribe to Liquidmatrix SecurityDigest And now, the news… Watch what Microsoft’s new security appcan do – C|NET Titsup http://www.secuobs.com/revue/news/114905.shtmlhttp://www.secuobs.com/revue/news/114905.shtml 2009-06-29 19:23:57 - ContactlessNews Contactless Smart Cards, RFID, Payment, Transit and Security : endhttp://www.secuobs.com/revue/news/114883.shtmlhttp://www.secuobs.com/revue/news/114883.shtml 2009-06-29 19:20:48 - The Tech Herald Security News : As you enter your password into a form online or a dialog box in anapplication, more often than not you see asterisks instead of a cleartext password entry This basic level of security design is a featureeveryone has gotten used to using Be that as it may, one expert onusability thinks it's time to let go of the past and move topresenting passwords in clear text for the sake of making thingseasier for usershttp://www.secuobs.com/revue/news/114879.shtmlhttp://www.secuobs.com/revue/news/114879.shtml 2009-06-29 19:15:08 - SecurityTube.Net : BBC Reporter Ties UK security Minister in Knots over Cyberwarfare VideoTutorialIMAGEhttp://www.secuobs.com/revue/news/114873.shtmlhttp://www.secuobs.com/revue/news/114873.shtml 2009-06-29 18:43:07 - Global Security Mag Online : L'EPITECH, école des experts en informatique, propose aux entreprises departiciper au concours Security Quest, une occasion pour elles detester leurs infrastructures lors d'attaques ciblées réalisées par desétudiants de 4ème année de l'école Objectifs de ce concours : pourles étudiants, savoir pirater pour mieux sécuriser et, pour lesentreprises, bénéficier d'un audit sécurité gratuit de l'ensemble deleur système d'informations et pour ainsi, mieux se prémunir en cas devéritables attaques C'est ce - Businesshttp://www.secuobs.com/revue/news/114857.shtmlhttp://www.secuobs.com/revue/news/114857.shtml 2009-06-29 18:43:07 - Global Security Mag Online : Arkoon Network Security renforce ses équipes, notamment son équipecommerciale Channel, en recrutant trois ingénieurs commerciauxAvec la nomination de trois nouveaux ingénieurs commerciaux amenés àcouvrir les régions Sud, Rhône-Alpes, Ouest, Ile de France et Est,Arkoon confirme la présence d'une équipe forte et efficace auprès deses partenaires distributeurs, revendeurs, opérateurs, Ces nouvelles forces apportent une dynamique supplémentaire à ArkoonNetwork Security, notamment grâce à - Businesshttp://www.secuobs.com/revue/news/114848.shtmlhttp://www.secuobs.com/revue/news/114848.shtml 2009-06-29 15:17:27 - ITAC Blog : As many of our readers know, we have been covering cyber security forsome time now, and we have - hopefully - helped shine a light on oneof the major issues: organized groups of hackers from Russia andEastern Europe who are very motivated to bring down our cyberinfrastructure Well, it seems that http://www.secuobs.com/revue/news/114822.shtmlhttp://www.secuobs.com/revue/news/114822.shtml 2009-06-29 15:01:57 - Help Net Security News : Internet founders and leaders are joining industry executives andgovernment officials in praising the selection of Rod Beckstrom as thenew Chief Executive Officer and President of the Internet Corpohttp://www.secuobs.com/revue/news/114806.shtmlhttp://www.secuobs.com/revue/news/114806.shtml 2009-06-29 15:01:57 - Help Net Security News : F-Secure today released its IT Security Wrap-Up Report for the secondquarter of 2009 Key highlights include: President Obama putsspotlight on cybersecurity “So cyberspace is real And so are http://www.secuobs.com/revue/news/114803.shtmlhttp://www.secuobs.com/revue/news/114803.shtml 2009-06-29 14:28:33 - Cryptome : June 26, 2009http://www.secuobs.com/revue/news/114790.shtmlhttp://www.secuobs.com/revue/news/114790.shtml 2009-06-29 07:46:00 - Security Park : The Royal College of Physicians of Edinburgh RCPE is a professionalmembership organisation representing over 10,000 medical professionalsworldwide, and uses email as a core communication channel withmembers The College had relied on its ISP to manage its anti-spam andanti-virus solutions but found that the security system in place wasalso impacting the delivery of legitimate traffic A morehttp://www.secuobs.com/revue/news/114743.shtmlhttp://www.secuobs.com/revue/news/114743.shtml 2009-06-29 07:46:00 - Security Park : March Networks has announced that it will provide its VideoSphereIntelligent Video Management solution for two significanttransportation projects in South Africa, working in conjunction withexperienced security systems integrator Basix Technologies Pty LtdBoth projects are slated for completion in advance of the 2010 FIFAWorld Cup, during which South Africa will play host to thousands ofmorehttp://www.secuobs.com/revue/news/114741.shtmlhttp://www.secuobs.com/revue/news/114741.shtml 2009-06-29 07:38:29 - McGrew Security Blog : Just a little noodling around, followed by fun facts: HacBook:~ wesley$nslookup coresecuritycom Server: 10001 Address: 10001#53Non-authoritative answer: Name: coresecuritycom Address:2082534570 HacBook:~ wesley$ whois 2082534570 MCI CommunicationsServices, Inc d/b/a Verizon Business UUNET1996B NET-208-192-0-0-120819200 - 208255255255 CORE SECURITY TECHNOLOGIESUU-208-253-45-64-D9 NET-208-253-45-64-1 2082534564 -20825345127 # ARIN WHOIS database, last updated 2009-06-28 19:10 #Enter for additional hints on searching ARIN's WHOIS databaseHacBook:~ wesley$ grep 20825345 *log http://www.secuobs.com/revue/news/114740.shtmlhttp://www.secuobs.com/revue/news/114740.shtml 2009-06-29 07:33:44 - Hack In The Box : Police are reassuring the public measures will be in place to minimisethe risk of hackers breaching a new computer system The new system isbeing designed by American company Taser International to manage,store and secure footage taken by tasers used by the New Zealandpolice Tasers being issued to police start recording when the safetyis off and can capture up to 90 minutes of video and audio Thecompany will maintain access to its system, inside the police computernetwork, so it can provide upgrades when required Inspector JasonRoss, based in National Headquarters in Wellington, said the mainpolice computer and taser software would not be linkedhttp://www.secuobs.com/revue/news/114737.shtmlhttp://www.secuobs.com/revue/news/114737.shtml 2009-06-29 07:33:44 - Hack In The Box : Not all botnets are organized in the same way That's the conclusion of areport from Damballa which seeks to categorize the dominatestructures It attempts to explain why certain types of blocking andfiltering will work against some botnets, and not for others "The'hybrid' threat banner is often cast about," says Gunter Ollmann, VPof Research, Damballa, an enterprise security company specializing inbotnet mitigation "But that label means nothing to teams tasked withdefending the enterprise By explaining the topologies and theirstrengths and weaknesses these teams can better visualize thethreat" The Star structure is the most basic and offers individualbots a direct communication with the Command and Control CnC serverIt can be visualized in a star-like pattern However, by providingdirect communications with one CnC server the botnet creates a singlepoint of failure Take out the CnC server and the botnet expiresOllmann says the Zeus DIY botnet kit, out of the box, is a starpattern, but that botmasters often upgrade, making it multiserverhttp://www.secuobs.com/revue/news/114729.shtmlhttp://www.secuobs.com/revue/news/114729.shtml 2009-06-29 06:28:12 - Security Bloggers Network : A guide to locating sensitive data in databases -- and finding a strategyto protect ithttp://www.secuobs.com/revue/news/114710.shtmlhttp://www.secuobs.com/revue/news/114710.shtml 2009-06-29 03:33:14 - Megapanzer : As my old TV broke down I refused to buy a new one and because I movedinto a new flat, beside my new environment, it was just another ofmany things I had to get used to My life without a TV The temptationof watching streams was big but I resisted but soon http://www.secuobs.com/revue/news/114702.shtmlhttp://www.secuobs.com/revue/news/114702.shtml 2009-06-29 03:22:02 - Computer Security News : As mobile users are more frequently pestered by SMS spam, one securityvendor is applying its experience in stopping e-mail spam for mobilenetworkshttp://www.secuobs.com/revue/news/114692.shtmlhttp://www.secuobs.com/revue/news/114692.shtml 2009-06-29 01:56:30 - Hot Security News : Panda Security, the Cloud Security Company, launched its new, ultra-light2010 consumer solutions, which include Panda Antivirus for Netbooks,Panda Antivirus Pro 2010, Panda Internet Security 2010 and PandaGlobal Protection 2010 All of these products will be available onJune 25IMAGEIMAGEIMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/114678.shtmlhttp://www.secuobs.com/revue/news/114678.shtml 2009-06-28 22:46:26 - Cheer10s Underground Syndicate : By William PetroskiSource:http://wwwdesmoinesregistercom/article/20090628/NEWS10/906280337Don't try tweeting if you work for the Iowa Department ofTransportationThe state agency is blocking the use of Twitter, Facebook, MySpace andother online social media applications for its 3,000 employees whilethey're on the job because of worries about computer security"There are vulnerabilities in there, and we are not going to take thatkind of risk on our system," said DOT spokeswoman Dena Gray-FisherThe state agency keeps personal data, including Social Securitynumbers, on 21 million licensed Iowa motorists and it can't permitintrusions by computer hackers, she added She said she isn't aware ofany complaints from transportation employees because of therestrictionsOAS_AD'300x250_1';Computer use policies regarding online social media vary widely amongother large Iowa public and private employers, officials saidhttp://www.secuobs.com/revue/news/114664.shtmlhttp://www.secuobs.com/revue/news/114664.shtml 2009-06-28 14:28:25 - Steve on Security : http://www.secuobs.com/revue/news/114608.shtmlhttp://www.secuobs.com/revue/news/114608.shtml 2009-06-28 14:28:25 - Steve on Security : http://www.secuobs.com/revue/news/114607.shtmlhttp://www.secuobs.com/revue/news/114607.shtml 2009-06-28 14:27:26 - Harmony Security Blog : http://www.secuobs.com/revue/news/114591.shtmlhttp://www.secuobs.com/revue/news/114591.shtml 2009-06-28 12:25:48 - Data Auditing Blog : I did an article that just appeared in SC Magazine It is relevant toour recent thread of data security and compliance for two key reasonsFirst, I have seen an increase in media inquiries around security ofSaaS This might be a good time for a discussion of this topicSecond, there has been a general confusion of what's a good securitymodel for securing outsourcing activity The notion that onlynon-critical data should be outsourced has clearly been thrown outLook at the practical success of salesforcecom Consider how many BPOoutsourcers have access to your critical financial and credit datatodayMy SC article introduces two observations that are based on analogies:* Access control vs access auditing: illusion of control vs realcontrol that comes from knowledge* Outside-in security vs inside-out security: security vs riskmanagementI could describe these in detail, but for now a quick example fromreal-life should drive the point home Recently I was visiting anenterprise customer who had deployed Mantra DAM to audit theirprivileged users on Oracle I was interested in understanding if theywould be interested in extending their use to incorporate automatedsecurity capabilities such as terminating users, etc I expectedthe customer to be a whole-hearted fan of this But the customer shookhis head vigorously and said, "Wait a minute - stop" What I heardfrom him was very interesting The fundamental problem of users andhow and what they access goes to guts of understanding business et ITactivity This requires some on-going interaction and periodicreviews The moment the product becomes a self-healing applicationfirewall, this stops happening At this point, the customer wasconcerned that they would stop gaining further insight into risks,because the deployment of a system would be perceived as a firewall -eventually making it a black-box with false sense of security andinsight The beauty of a DAM solution is that it gives you insightinto what makes sense and what does not - this is the definition ofreal control provided you use it as such Access control on the otherhand might give you a sense of hard control, but is illusoryUltimately protecting data while maintaining seamless businesstransactions is about risk management Security becomes a by-product,not the meansI meant to educate the customer, but he ended up educating mehttp://www.secuobs.com/revue/news/114538.shtmlhttp://www.secuobs.com/revue/news/114538.shtml 2009-06-28 12:25:48 - Data Auditing Blog : I have been tracking the RSA Show for a few years, and each time Ireturn the question always is what is the show theme for the yearThis theme is usually the viral outcome of collective water-coolerconversations by the RSA show attendees – it is not the officialmandate of the RSA program committee For example, last year’s themeended up being about governance The year before that was data et DLP2009 RSA show didn’t seem to have such a theme This year thetechnology talk was more of the same – compliance, log management,DLP, encryption, … I am ignoring all talk about cloud security –while some vendors made an effort to call out cloud security, this isstill too early to matter Under the surface though, I noticed thatthe leaders and visionaries were busy retooling and hard at work withtheir products The theme if any was to make technologies work indriving security and compliance into a large-scale enterprise Drivinginitiatives into deployment Driving them into scale Driving them tomanageability While these drives are not sexy, they can lead tomeaningful value for enterprises They are sometimes the source ofvery interesting innovationOne example at home, was Tizor’s announcement of Mantra 70 Thisrelease extends the scale of data auditing significantly beyond whathas been available in the market For our press release – see http://wwwtizorcom/News-And-Events/Press-Releases/4-07-09Since this is my first post since Tizor's acquisition by NetezzaNYSE: NZ, I am also reminded of an interesting anecdote I heardrecently from Ray Tacoma, the VP Sales at Netezza Ray's grandfather,a farmer, taught him the lesson that winters were the best time tosharpen tools This RSA show was about showing off meaningful andsharpened tools in the winter of 2009http://www.secuobs.com/revue/news/114527.shtmlhttp://www.secuobs.com/revue/news/114527.shtml 2009-06-28 04:10:48 - Security Bloggers Network : IMAGEIf you are headed to Las Vegas for Black Hat and/or DefCon, check outSecurity B-Sides If you wanted to talk at Black Hat or DefCon, butdidn't get the chance, then sign up to talk at Security B-SidesWhat is this Security B-Sides thing I'm glad you asked-BSides is an ad-hoc gathering of information security types bornfrom the desire for people to share and learn in an openenvironment It is an intense event with discussions, demos andinteraction from participants We've followed the BarCamp formatbecause it worksThis is a work in progress, so if you have a brilliant idea, pleaseshare it, and please participateFull Disclosure bit: the nice folks at Astaro are likely to helpsponsor the event, they also "sponsor" me by providing gainfulemployment Both Astaro and I think this is a great idea and want tohelp it develop and growJackIMAGEhttp://www.secuobs.com/revue/news/114487.shtmlhttp://www.secuobs.com/revue/news/114487.shtml 2009-06-27 23:35:53 - Information Security Resources : From The Internet Security Alliance and Information Security ResourcesExploits of unpatched Windows bug will jump, says Symantec; Mozillatackles XSS vulnerabilities with new technology; New Facebook blog: Wecan hack into your profile; Red Condor’s Spam Trip Wire detects newvirus; Adobe Releases Update for Shockwave Player; Gates CreatesCyber-Defense Command; Google clamps down on ‘malvertising'; Hackedhigh-profile Twitter accounts still spreading malicious links; Spam,Phishing, and Malicious Code Related to Recent Celebrity Deathshttp://www.secuobs.com/revue/news/114476.shtmlhttp://www.secuobs.com/revue/news/114476.shtml 2009-06-27 20:28:15 - PenTestIT : Sguil is a open source Network Security Monitoring tool, Sguil can becollaborated with many open source tool as per your need Sguil’s maincomponent is an intuitive GUI that provides access to realtime events,session data, and raw packet captures Sguil facilitates the practiceof Network Security Monitoring and event driven analysis The Sguilclient http://www.secuobs.com/revue/news/114467.shtmlhttp://www.secuobs.com/revue/news/114467.shtml 2009-06-27 20:24:08 - Computer Security News : Intelligence agencies led by GCHQ, the government's electronic spycentre, are to step up operations against a growing threat ofcyber-attacks, the government announcedtoday as part of an updated"national security strategy" A new cyber-security operations centrewill be attached to GCHQ in Cheltenhamhttp://www.secuobs.com/revue/news/114465.shtmlhttp://www.secuobs.com/revue/news/114465.shtml 2009-06-27 19:03:21 - SecurityTube.Net : Security Experts Answer Key Questions at Virus Bulletin Conference VideoTutorialIMAGEhttp://www.secuobs.com/revue/news/114455.shtmlhttp://www.secuobs.com/revue/news/114455.shtml 2009-06-27 18:29:29 - Bill Mullins' Weblog Tech Thoughts : Courtesy of Panda Security This week’s PandaLabs report looks at theTerminator2009 adware, the KillRDLLA Trojan and the RimecudE wormTerminator2009 is a fake antivirus a type of adware When it runs,it simulates a scan although this is started when users click thescanner button It then claims to have detected malware If usersfollow the program’s recommendations, they are http://www.secuobs.com/revue/news/114452.shtmlhttp://www.secuobs.com/revue/news/114452.shtml 2009-06-27 16:22:30 - Rootsecure.net : H Security: ICANN security experts criticise DNS redirectionshttp://www.secuobs.com/revue/news/114447.shtmlhttp://www.secuobs.com/revue/news/114447.shtml 2009-06-27 15:05:03 - gHacks technology news : Microsoft has released a public beta of their new antivirus softwareSecurity Essentials a few days ago The beta was limited to 75000participants; A number that was reached rather quickly SecurityEssentials are at the moment not available on the Microsoft websiteanymore but it is expected that the final version of the antivirushttp://www.secuobs.com/revue/news/114440.shtmlhttp://www.secuobs.com/revue/news/114440.shtml 2009-06-27 11:57:48 - Network World on Security : Not all botnets are organized in the same way That's the conclusion of areport from Damballa which seeks to categorize the dominatestructures It attempts to explain why certain types of blocking andfiltering will work against some botnets, and not for othershttp://www.secuobs.com/revue/news/114429.shtmlhttp://www.secuobs.com/revue/news/114429.shtml 2009-06-27 07:49:12 - Computer Security News : Gordon Brown says "British people need protection" Britons face agrowing online threat from criminals, terrorists and hostile states,according to the UK's first cyber security strategyhttp://www.secuobs.com/revue/news/114416.shtmlhttp://www.secuobs.com/revue/news/114416.shtml 2009-06-27 07:40:42 - Homeland Security News : At least six men suspected or convicted of crimes that threaten nationalsecurity retained their federal aviation licenses, despiteantiterrorism laws written after the attacks of Sept 11, 2001, thatrequired license revocation Among them was a Libyan sentenced to 27years in prison by a Scottish court for the http://www.secuobs.com/revue/news/114408.shtmlhttp://www.secuobs.com/revue/news/114408.shtml 2009-06-27 07:28:18 - DarkReading All Stories : A guide to locating sensitive data in databases -- and finding a strategyto protect ithttp://www.secuobs.com/revue/news/114407.shtmlhttp://www.secuobs.com/revue/news/114407.shtml 2009-06-27 07:12:35 - Research Library : http://www.secuobs.com/revue/news/114404.shtmlhttp://www.secuobs.com/revue/news/114404.shtml 2009-06-27 06:28:46 - Security Bloggers Network : This picture has been taken in an industrial environment but could fullymatch in IT security too For those who don’t speak French nor Dutch,it says: “Your principal safety responsible is in front of you“Stickers are placed on mirrors in the toilets Let’s imagine the samesecurity awareness campaign with a message like “Basic security http://www.secuobs.com/revue/news/114381.shtmlhttp://www.secuobs.com/revue/news/114381.shtml 2009-06-27 06:28:46 - Security Bloggers Network : Earlier this year I joined Twitter to interact with fellow securityminded people Zack Lanier @quine maintains a list of SecurityTwitter users or Twits over at security-twitscom If you want tokeep pace with the security community, it's a great list of potentialusers to follow But I would be remiss if I didn't warn you, we can bean eccentric bunch As a tribute to my fellow Twits, I put out a topten list of signs you are indeed a Security Twit This started as astream of tweets, but I was encouraged to reprint it herehttp://www.secuobs.com/revue/news/114380.shtmlhttp://www.secuobs.com/revue/news/114380.shtml 2009-06-27 01:46:16 - Office of Inadequate Security : On July 1, 2009, new laws will take effect in Alaska and South Carolinathat will require entities that have experienced data securitybreaches involving personal information to notify affected individualsof the breaches With these additions, a total of 44 states, plus theDistrict of Columbia, Puerto Rico and the US Virgin Islands, http://www.secuobs.com/revue/news/114313.shtmlhttp://www.secuobs.com/revue/news/114313.shtml 2009-06-26 23:25:07 - Rootsecure.net : H Security: Free extension for secure browsinghttp://www.secuobs.com/revue/news/114297.shtmlhttp://www.secuobs.com/revue/news/114297.shtml 2009-06-26 23:25:07 - Rootsecure.net : H Security: Hole in VLC Media Playerhttp://www.secuobs.com/revue/news/114296.shtmlhttp://www.secuobs.com/revue/news/114296.shtml 2009-06-26 23:25:07 - Rootsecure.net : H Security: SquirrelMail open source project's web server hackedhttp://www.secuobs.com/revue/news/114295.shtmlhttp://www.secuobs.com/revue/news/114295.shtml 2009-06-26 23:07:39 - Silver Tail Blog : I saw a presentation earlier this week where a researcher was talkingabout consumer education with respect to security The researcher saidthat one way to make security education more consistent would be forwebsites to all have consistent requirements around passwords Forexample, all websites should require that passwords have at least 8characters and should http://www.secuobs.com/revue/news/114281.shtmlhttp://www.secuobs.com/revue/news/114281.shtml 2009-06-26 22:51:16 - Information Security Resources : From The Internet Security Alliance Government needs to work withindustry on establishing standards and practices that appreciate theevolving nature of multi-media communication technologies such as VoIPto help assure that this and other modern platforms are properlysecured For organizations that are focused on the threat, and evenmore urgently for those who have not yet come to the realization,there needs to be serious education across all sectors about thethreathttp://www.secuobs.com/revue/news/114258.shtmlhttp://www.secuobs.com/revue/news/114258.shtml 2009-06-26 22:44:45 - Security Bloggers Network : Although the managed security services MSS is a relatively wellunderstood and mature market, a few innovating startups are beginningto challenge the current structure of perimeter security Theinteresting question at hand is whether the rapid emergence ofcloudhttp://www.secuobs.com/revue/news/114247.shtmlhttp://www.secuobs.com/revue/news/114247.shtml 2009-06-26 22:44:45 - Security Bloggers Network : In addition to the audio podcast on cyber security within industrialcontrol system environments, SCADA, and NERC, the full transcript canbe found hereiStock_000007905642XSmalljpghttp://www.secuobs.com/revue/news/114243.shtmlhttp://www.secuobs.com/revue/news/114243.shtml 2009-06-26 22:40:33 - Help Net Security News : ACSAC has a tradition of bringing together security professionals fromacademia, government and industry who are interested in appliedsecurity It is an internationally recognized forum where practithttp://www.secuobs.com/revue/news/114226.shtmlhttp://www.secuobs.com/revue/news/114226.shtml 2009-06-26 22:37:29 - 4sysops : Half a year ago, Microsoft announced that they would discontinue WindowsLive One Care and instead would offer a free alternative with the codename Morro Microsoft Security Essentials is the new name and the betais now available You can’t download it anymore through Microsoft, butit is still available at Softpedia Windows Live http://www.secuobs.com/revue/news/114224.shtmlhttp://www.secuobs.com/revue/news/114224.shtml 2009-06-26 22:36:07 - The Tech Herald Security News : Panda Security recently introduced their 2010 line of security software,kicking off the 2010 product push that other vendors will be sure tofollow throughout the summer and into the fall Since The Tech Heraldhas previously reviewed Panda Internet Security 2009, we took a copyof 2010 and gave it a spin in the lab One of the first things wenoticed is that Panda Internet Security 2010 PIS 2010 looks andfeels the same as the 2009 versionhttp://www.secuobs.com/revue/news/114223.shtmlhttp://www.secuobs.com/revue/news/114223.shtml