http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com Secuobs.com : 2010-03-19 02:32:57 - Security Bytes - Jaak Aaviksoo, the minister of defense of the Republic of Estonia, had the daunting and unenviable task of dealing with the massive cyberattacks that hit his country in the spring of 2007 For more than three weeks, Estonia s government agencies, banks, telecoms, and online news services suffered large-scale DDoS attacks as well as Web defacements, http://www.secuobs.com/revue/news/203233.shtmlhttp://www.secuobs.com/revue/news/203233.shtml Secuobs.com : 2010-03-19 02:31:08 - Malta Info Security - http://www.secuobs.com/revue/news/203232.shtmlhttp://www.secuobs.com/revue/news/203232.shtml Secuobs.com : 2010-03-19 02:30:58 - News - If Palm's WebOS products had gone on sale at Verizon before Motorola's Droid, Palm's fortunes today would be very different, the company's CEO said Thursday during its third-quarter earnings call IMAGE http://www.secuobs.com/revue/news/203231.shtmlhttp://www.secuobs.com/revue/news/203231.shtml Secuobs.com : 2010-03-19 02:30:58 - News - Since the dawn of Firefox time, new tabs have opened at the far right of the tab bar But with the introduction of Firefox 36, which was pushed out a few weeks ago, new tabs open to the immediate right of the current selected tab IMAGE http://www.secuobs.com/revue/news/203230.shtmlhttp://www.secuobs.com/revue/news/203230.shtml Secuobs.com : 2010-03-19 02:30:58 - News - Windows architect Dave Probert sees doing away of the OS kernel altogether, in favor of the hypervisor IMAGE http://www.secuobs.com/revue/news/203229.shtmlhttp://www.secuobs.com/revue/news/203229.shtml Secuobs.com : 2010-03-19 02:30:58 - News - AT T isn't sweating the fact that rival Verizon will be the first US carrier to offer 4G LTE services IMAGE http://www.secuobs.com/revue/news/203228.shtmlhttp://www.secuobs.com/revue/news/203228.shtml Secuobs.com : 2010-03-19 02:27:35 - PenTestIT - Oracle Updates for Multiple Vulnerabilities IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203227.shtmlhttp://www.secuobs.com/revue/news/203227.shtml Secuobs.com : 2010-03-19 02:27:18 - Jon's Network - Gartner released their 2010 Magic Quadrant for Enteprise Firewalls this week You can get a copy of the full report from Palo Alto Networks by filling out the form here http://www.secuobs.com/revue/news/203226.shtmlhttp://www.secuobs.com/revue/news/203226.shtml Secuobs.com : 2010-03-19 02:24:42 - the electric stranger - Download now or listen on posterous 6220_mysteryradio_2330_20100318wav 2662 KB Euro Pirate Mystery Radio weak but audible Penny Lane at 2330 utc Posted via email from corqspyorg http://www.secuobs.com/revue/news/203225.shtmlhttp://www.secuobs.com/revue/news/203225.shtml Secuobs.com : 2010-03-19 02:17:15 - Computer Security News - By hacking into an Austin-based car dealership's immobilization technology, used instead of repossessing cars, a disgruntled former employee of Austin-based car dealership Texas Auto Center disabled over 100 cars, sometimes setting their horns honking wildly, as well http://www.secuobs.com/revue/news/203224.shtmlhttp://www.secuobs.com/revue/news/203224.shtml Secuobs.com : 2010-03-19 02:13:35 - Reverse Engineering - submitted by gamblornator link comment http://www.secuobs.com/revue/news/203223.shtmlhttp://www.secuobs.com/revue/news/203223.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - The official website of the National Olympic Committee of Armenia NOCA wwwarmnocam is not working since Wednesday, March 17, when Turkish hackers disrupted it posting their flag and statements on denial of the Armenian Genocide 1915 there Natela Hovasapyan, NOCA spokesperson, told ArmeniaNow they are not able to recover the website yet, and they have no idea how long it will last This is not the first time when Turks or Azeris hack an Armenian website Samvel Martirosyan, a specialist in information tampering, told ArmeniaNow that the reasons for hacking the NOCA website are not clear yet, adding that the site is weak and is one of dozens hacked annually http://www.secuobs.com/revue/news/203222.shtmlhttp://www.secuobs.com/revue/news/203222.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Core Securities, a company which develops vulnerability testing software, has discovered a major flaw in Microsoft's virtualisation software which might allow hackers to exploit virtual Windows systems Interestingly, Microsoft, which was informed about the flaw 6 months ago, refuses to acknowledge the security hole as a critical one According to a report released by the company, Microsoft's Virtual PC, Virtual PC 2007 and Virtual 2005 are affected by a major security bug which might allow hackers to penetrate the security measures set-up by Microsoft including DEP data execution prevention and ASRL address space layout randomization http://www.secuobs.com/revue/news/203221.shtmlhttp://www.secuobs.com/revue/news/203221.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - European governments are not doing enough to improve online security â leaving the entire continent vulnerable to cyberattack, according to a new parliamentary investigation A report from the House of Lords suggests that officials in Brussels have failed to boost the union's internet defences â creating a yawning gap between Nato, the EU and member states that could leave the system prone European countries are increasingly reliant on the internet for a wide range of services â including information, communication and commerce â and the global nature of the online world means they are more closely linked to each other than ever before Despite this, however, the report suggests that the drastic differences between security operations in each nation leaves the entire system vulnerable http://www.secuobs.com/revue/news/203220.shtmlhttp://www.secuobs.com/revue/news/203220.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Microsoft's Internet Explorer 8, not Apple's Safari, will be the first browser to fall in next week's Pwn2Own hacking challenge, the contest organizer said today Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, also predicted that Apple's iPhone will be the only smartphone hacked during the contest, which starts March 24 Portnoy, who organized the fourth annual Pwn2Own, changed his predictions from earlier bets he made a month ago because of new information he received from researchers who have registered for the contest Previously, Portnoy said that Apple's browser would crumble before rivals from Google, Microsoft and Mozilla he had also declined to speculate on which mobile phone, if any, would collapse under attack http://www.secuobs.com/revue/news/203219.shtmlhttp://www.secuobs.com/revue/news/203219.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - After six weeks and 42,000, the UBC Alma Mater Society student union elections may become a police matter following a meeting of the council last Monday regarding the hacked election AMS president Bijan Ahmadian confirmed the student union's council asked UBC general manager Ross Horton to contact the police in hopes of identifying the hacker or hackers responsible for tampering with the election The AMS election was held entirely online An estimated 731 of the 6,900 votes cast in January's election were deemed to be fraudulent Following the discovery of the fraud, a private company was hired to investigate http://www.secuobs.com/revue/news/203218.shtmlhttp://www.secuobs.com/revue/news/203218.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Robert Maley was fired from his job as the chief information security officer for the state of Pennsylvania earlier this month after he spoke, without proper authorization, about security incidents involving the state during a panel discussion at EMC Corpâ s RSA trade show References he made to a security incident involving the online driving test system at the Pennsylvania Department of Transportation in particular were believed to have led to his termination A state spokesman has not commented, citing privacy rules, except to confirm that Maley is no longer employed by the commonwealth In this interview, Maley gives his side of the events that led to his dismissal http://www.secuobs.com/revue/news/203217.shtmlhttp://www.secuobs.com/revue/news/203217.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - A widespread phishing campaign is making the rounds that claims to be from Facebook but is meant to infect victims' PCs, researchers said The fraudulent emails arrive with a note stating that the recipient's Facebook password was changed and they can find the new one in an attached ZIP file, said Dave Marcus, security research and communications manager at McAfee Avert Labs, in a blog post The malicious attachment actually contains an assortment of malware, depending on the message, including trojans and rogue anti-virus programs, he said The scam is global in its reach and, as of Wednesday afternoon, the malware contained in the phishing run ranked as the sixth most prevalent global virus that McAfee was tracking It is possible that machines compromised with the Cutwail or Rustock botnets are delivering the spam messages, Marcus said http://www.secuobs.com/revue/news/203216.shtmlhttp://www.secuobs.com/revue/news/203216.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Want to know what expenses your boss claimed last month How much your colleague makes What the co-worker down the hall is really working on Forget about hacking their computers â you might want to hit the nearest photocopier instead Turns out the newfangled, multi-purpose copy machines in your office keep a wealth of copied data on a hard drive that anyone can hack In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about It's just making a copy of a document, right How risky could that be Very risky, as it turns out You might want to press cancel on the copy machine right about now http://www.secuobs.com/revue/news/203215.shtmlhttp://www.secuobs.com/revue/news/203215.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Much of cybersecurity is based on thinking like criminals Security consultants, pen testers and software experts make our computers safer based on their expectations of what a hacker will do One security expert, Robert Hansen, CEO of SecTheory, is bridging the gap between the blackhat and the professionals Hansen has been spending months delving into the world of the blackhat Gaining their trust, he has been able to have candid conversations about hacking and security with the experts He then blogs insights gained from these conversations Hansen is trying to better understand the tactics, mindsets and motivations of a cyber hacker In a recent post, Hansen says that most hackers do acknowledge that security features are doing well to make cyber crime harder http://www.secuobs.com/revue/news/203214.shtmlhttp://www.secuobs.com/revue/news/203214.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - A WEB security loophole allowing hackers to access the personal details of thousands of rail passengers has been closed after it was uncovered by a newspaper The SNCF has been aware of the flaw since June 2008, according to Le Canard Enchainà , which received a leaked internal memo from then warning of a possible misuse of customer data A hacker showed how easy it was to access the name, address, telephone number and date of birth of customers registered on wwwvoyages-sncfcom - all that was needed was one person's railcard number The Canard says this data is very valuable - fetching between â 8 and â 20 per person when sold on to other companies for marketing purposes http://www.secuobs.com/revue/news/203213.shtmlhttp://www.secuobs.com/revue/news/203213.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - It only took 12 hours for a hacker to run up 45,582 in telephone charges for a local furniture company More than 10,000 minutes of phone calls were made from the phones at Sherrill Furniture on Highland Ave NE from 9 pm on Friday, March 5 to 9 am the following day The company reported the security breach to police Tuesday and the preliminary investigation revealed that the phone calls originated in Somalia Investigators know that calls were made to Austria, Bulgaria, France, Korea, and the Philippines We're not sure why the calls were made, said Capt Thurman Whisnant of the Hickory Police Department http://www.secuobs.com/revue/news/203212.shtmlhttp://www.secuobs.com/revue/news/203212.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Hackers are now stealing credit-card data from hotels more often than any other industry, according to data-security companies In a recent report, SpiderLabs, a unit of data-security firm Trustwave, said 38pourcents of its data-breach investigations in 2009 occurred at hotels Financial services accounted for 19pourcents of the company's data-breach investigations Once an attack occurred, it took an average of 156 days for the business to realize it, according to the report The problem has continued into 2010, says Nicholas Percoco, senior vice president of Trustwave and head of SpiderLabs Verizon Business, another data-security firm, noticed a similar increase in attacks on hotels starting around last April, says Dave Ostertag, manager of investigative response at Verizon Business, a unit of Verizon Communication Inc http://www.secuobs.com/revue/news/203211.shtmlhttp://www.secuobs.com/revue/news/203211.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Way back in 2000, I introduced CNET's Cell Phone Radiation Chart, which let readers know how their particular model rated in terms of SAR or specific absorption rate levels, measured by the FCC as part of its cell phone certification process Today, the list is maintained by our intrepid mobile editors--Kent German, Bonnie Cha, and Nicole Lee--but in honor of the list's 10-year anniversary, we're giving it a little color and displaying the whole thing in pictures As we note in our intro to the list, for a phone to pass FCC certification and be sold in the United States, its maximum SAR level must be less than 16 watts per kilogram In Europe, the level is capped at 2 watts per kilogram, whereas Canada allows a maximum of 16 watts per kilogram The SAR level listed in our charts represents the highest SAR level measured with the phone next to the ear as tested by the FCC It's possible for the SAR level to vary between different transmission bands the same phone can use multiple bands during a call , and different testing bodies can obtain different results http://www.secuobs.com/revue/news/203210.shtmlhttp://www.secuobs.com/revue/news/203210.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Apple is on pace to potentially sell more iPads in its first three months than it sold iPhones in the three months after the touch-screen handset made its debut back in 2007, people familiar with the company's running sales totals say Since going on sale for pre-order last Friday morning, customers have purchased hundreds of thousands of the device, those same people told The Wall Street Journal By comparison, Apple sold roughly 12 million iPhones in the three months following its June 29, 2007 launch Meanwhile, the newspaper claims that Apple is 'racing' to tie up a broad number of content licensing deals before the iPad officially hits the market in under three weeks In particular, the company is trying to convince television networks to drop the price of TV shows that users would downloaded directly to the device http://www.secuobs.com/revue/news/203209.shtmlhttp://www.secuobs.com/revue/news/203209.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - A federal judge on Wednesday approved a 95 million settlement to a class action lawsuit challenging Facebookâ s program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations The case concerned allegations Facebookâ s now defunct â Beaconâ program breached federal wiretap and video-rental privacy laws Terms of the settlement, in which Facebook denied any wrongdoing, require the site to finance what the deal calls a â Digital Trust Fundâ that would issue more than 6 million in grants to organizations to study online privacy http://www.secuobs.com/revue/news/203208.shtmlhttp://www.secuobs.com/revue/news/203208.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Sometime in the next few weeks, Microsoft will reveal features, services and shortcomings for Windows Phone 7 in the enterprise It will be one of those good news bad news moments for corporate IT departments So far, Microsoft's mobile platform executives have hammered at the consumer focus for the radically redesigned Windows Phone operating system At this week's MIX10 Web developer conference, where details of the Windows Phone platform and development tools were unveiled, executives sidestepped, minimized or deflected nearly every question about how and how well the operating system will play in business mobility Not all the enterprise elements are being disclosed here, says Todd Brix, senior director, product management, for Microsoft's mobile communications business More will be coming up later in the spring http://www.secuobs.com/revue/news/203207.shtmlhttp://www.secuobs.com/revue/news/203207.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Cloud computing, a method of delivering resources such as applications through the internet is still not universal, but it is gradually gaining momentum Rob Lovell, chief executive at ThinkGrid, has claimed that the growing awareness of how this technology works is leading more companies to roll out applications based on this model Mr Lovell suggested that key ways of increasing interest are by ensuring it is not built up as an intimidating project, that it is not allowed to become disruptive and is easy to understand, Broadband Choice states He said People will flock to get it because it offers so many more benefits than having your computers and your net servers in your office http://www.secuobs.com/revue/news/203206.shtmlhttp://www.secuobs.com/revue/news/203206.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Researchers in EMCâ s RSA security division have uncovered an extensive infrastructure propping up the attackers behind the Zeus Trojan The findings reflect part of the reason the disruption of Troyak-AS on 9 March only caused Zeus traffic to slow, as opposed to stopping it in its tracks Troyak is just one part of a larger cyber-crime infrastructure helping to provide â bulletproofâ hosting to attackers â In light of our findings, AS-Troyak appears to be a piece in an intricate puzzle of networks that are used for malicious purposes,â RSA said yesterday â We suspect that the purpose of these networks is to connect an armada of eight malicious, bulletproof malware-hosting facilities to the internet, assuring their constant online presenceâ http://www.secuobs.com/revue/news/203205.shtmlhttp://www.secuobs.com/revue/news/203205.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Quick - which Silicon Valley icon creates the computers that creative professionals love And what SV company creates the software that creative professionals crave Right Apple and Adobe So why are they 2 separate companies Thereâ s no good reason, especially now that Adobeâ s management canâ t figure out how to grow the company Apple, with over 30 billion in cash, could buy Adobe outright, whose market cap is about 18 billion A cash and stock offer would also make Adobe shareholders happy Apple prefers small, bite size acquisitions But Apple is a big company their market cap is 10x Adobeâ s Integration wouldnâ t be hard the 2 companyâ s headquarters are a 15 minute drive down I-280 Steve could oversee both A quicker drive than to Pixar up in E-ville http://www.secuobs.com/revue/news/203204.shtmlhttp://www.secuobs.com/revue/news/203204.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Two former computer administrators who worked for convicted financial fraudster Bernard Madoff's investment firm were indicted this week on charges of conspiracy and falsifying financial records Jerome O'Hara, 47, of Malverne, NY, and George Perez , 44, of East Brunswick, NJ, each face a maximum of 30 years in prison if convicted on all charges A statement released yesterday by the US Attorney's office for the Southern District of New York said the two men started working for Bernard L Madoff Investment Securities, LLC BLMIS in the early 1990s Both O'Hara and Perez were responsible for maintaining computer programs that supported Madoff's investment advisory business http://www.secuobs.com/revue/news/203203.shtmlhttp://www.secuobs.com/revue/news/203203.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - The number of types of attack on mobile devices may not be growing, but circumstances are conspiring to create a genuine threat, says Rik Ferguson The rise in threats to mobile devices is definitely real, although still a long way from reaching epidemic proportions The real message for the coming months is about preparedness There were a limited number of new threats in 2009, but a significant increase in their complexity and criminal intent Signs are that consumer acceptance of mobile phone-based financial activity is now mainstream, with handset banking applications even being advertised on primetime television http://www.secuobs.com/revue/news/203202.shtmlhttp://www.secuobs.com/revue/news/203202.shtml Secuobs.com : 2010-03-19 01:55:46 - Hack In The Box - Two recent unrelated news stories struck me as indicative of a fundamental problem with IT security We seem to favor looking at symptoms over finding the root cause of problems The first story was nearly comical for the effort that was expended to pin blame Back in December, the Conficker virus infected 3,000 computers on the network of the Waikato District Health Board , which encompasses all of the hospitals in a district that accounts for 10pourcents of New Zealand's population Officials claimed that emergency operations were not affected, but the district hospitals requested that only true emergencies be referred to them Certainly, it is critical that steps be taken to assure that nothing like this ever happens again I just don't agree that an effective response would include a three-month investigation into the incident The report came in this month, and, believe it or not, they say they found the source of the infection According to the report, someone plugged an infected USB drive into a computer in a parking garage tollbooth, bringing multiple hospitals to a near standstill for three days http://www.secuobs.com/revue/news/203201.shtmlhttp://www.secuobs.com/revue/news/203201.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203200.shtmlhttp://www.secuobs.com/revue/news/203200.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203199.shtmlhttp://www.secuobs.com/revue/news/203199.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203198.shtmlhttp://www.secuobs.com/revue/news/203198.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203197.shtmlhttp://www.secuobs.com/revue/news/203197.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203196.shtmlhttp://www.secuobs.com/revue/news/203196.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203195.shtmlhttp://www.secuobs.com/revue/news/203195.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203194.shtmlhttp://www.secuobs.com/revue/news/203194.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203193.shtmlhttp://www.secuobs.com/revue/news/203193.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203192.shtmlhttp://www.secuobs.com/revue/news/203192.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203191.shtmlhttp://www.secuobs.com/revue/news/203191.shtml Secuobs.com : 2010-03-19 01:53:39 - Exploit DB updates - http://www.secuobs.com/revue/news/203190.shtmlhttp://www.secuobs.com/revue/news/203190.shtml Secuobs.com : 2010-03-19 01:50:43 - EFF.org Updates - Today, EFF Senior Counsel David Sobel testified in a congressional hearing on the Freedom of Information Act FOIA and the Obama administration David's testimony outlined the disconnect between the White House's strong message on open government and the bureaucratic resistance to transparency in general The Obama administration marked a sea-change in official statements of policy about the FOIA, with the president directing agencies to have a presumption of openness But while the president and other top officials have said the right things, government agencies are still withholding wide swaths of information, and government attorneys are reflexively defending the practice when we are forced to take our FOIA cases to court Obama's Attorney General, Eric Holder, specifically told agencies that the Department of Justice would only defend FOIA denials under very narrow circumstances However, EFF and other transparency groups have not noticed any substantial change So we joined these other organizations in asking the DOJ to periodically publish a list of FOIA lawsuits it has declined to defend under Holder's new guidelines The DOJ rejected this suggestion, but in EFF's testimony today, David urged lawmakers to request this information themselves and to make it publicly available This could be, of course, yet another example of how transparency forces accountability Today's hearing comes during Sunshine Week, the annual celebration of America's open government laws and the better government that they help encourage Just this week, the media widely reported the information EFF received on how law enforcement agencies use social networking sites to gather information in investigations We are very proud of the breadth of information EFF's FOIA work has brought to light -- information that would have remained out of the public eye without the Freedom of Information Act and our litigation For FOIA to do the work the law is meant to do -- foster transparency, force accountability, and fight needless secrecy -- we need to keep fighting for honest disclosure Read David's full testimony for all of EFF's suggestions to Congress We hope lawmakers soon do good work on this important issue http://www.secuobs.com/revue/news/203189.shtmlhttp://www.secuobs.com/revue/news/203189.shtml Secuobs.com : 2010-03-19 01:49:48 - Crash Dump Analysis - Book covers and interior for hardcover versions of MDAAV3 and WDPFx64 titles are accepted for printing Both titles are on sale next week Listening to German verbs reading Economics The Basics and The Third Reich in Power while commuting home to read Advanced NET Debugging Software trace analysis while listening to Mozart Piano Concertos 22 http://www.secuobs.com/revue/news/203188.shtmlhttp://www.secuobs.com/revue/news/203188.shtml Secuobs.com : 2010-03-19 01:41:48 - 411 on Spyware - Security Guard screenshotThe Security Guard virus employs all the latest badware tools to wreak havoc on your computer and ruin your day This fake antispyware from the crooks who made CleanUp Antivirus and Security Antivirus fills your computer with a bunch of useless junk and then tries to get you to pay to remove this same useless junk To make things worse, it shows endless Security Guard pop-ups and tries to scare you with phony system scans that detect a long list of mean-sounding viruses with names like VirusWin32Fakera Most of these are just recycled names from years-old viruses, and they probably haven't been anywhere near your computer Ready to restore sanity to your hard drive Here's how to get rid of Security Guard for free http://www.secuobs.com/revue/news/203187.shtmlhttp://www.secuobs.com/revue/news/203187.shtml Secuobs.com : 2010-03-19 01:29:39 - securitystream.info - Sanity enters 'sexting' crusade A federal appeals court rebuked a Pennsylvania district attorney who threatened to file felony child pornography charges against teens who were photographed semi-nude unless they attended an education program Related posts 1 Man gets 30 months in prison for taping nude sportscaster 2 News FTC persuades court to shutter rogue ISP 3 News MS uses court order to take out Waledac botnet http://www.secuobs.com/revue/news/203186.shtmlhttp://www.secuobs.com/revue/news/203186.shtml Secuobs.com : 2010-03-19 01:27:54 - Slashdot Your Rights Online - wwwsorehandscom writes In the first case brought by a spam recipient to actually go to trial in California, the Superior Court of California held that people who receive false and deceptive spam emails are entitled to liquidated damages of 1,000 per email under California Business Professions Code Section 175295 In the California Superior Court ruling PDF , Judge Marie S Weiner made many references to the fact that Defendants used anonymous domain name registration and used unregistered business names in her ruling This is different from the Gordon case, where one only had to perform a simple whois lookup to identify the sender here, Defendants used 'from' lines of 'Paid Survey' and 'Your Promotion' with anonymously registered domain namesJudge Weiner's decision makes it clear that the California law is not preempted by the I CAN-SPAM Act This has been determined in a few prior cases, including my own See http wwwbarbieslappcom spam for some of those cases IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203185.shtmlhttp://www.secuobs.com/revue/news/203185.shtml Secuobs.com : 2010-03-19 01:26:28 - Philippe Langlois weblog - il n y avait pas de failles dans le modem-routeur Bbox2 de Belgacom Bien sur, on y croit C'est incroyable de voir ce genre de propagande http://www.secuobs.com/revue/news/203184.shtmlhttp://www.secuobs.com/revue/news/203184.shtml Secuobs.com : 2010-03-19 01:25:59 - PaulDotCom Security Weekly Recent changes en - New user account New page http://www.secuobs.com/revue/news/203183.shtmlhttp://www.secuobs.com/revue/news/203183.shtml Secuobs.com : 2010-03-19 01:21:07 - LiquidWorm's Blog - http://www.secuobs.com/revue/news/203182.shtmlhttp://www.secuobs.com/revue/news/203182.shtml Secuobs.com : 2010-03-19 01:12:35 - Security Bloggers Network - We hear so much about stealth tactics, data theft and covert ops where malware is concerned these days that we often forget about the time when it was more about how many popup windows the attacker could throw onto the screen along with a couple of dan http://www.secuobs.com/revue/news/203181.shtmlhttp://www.secuobs.com/revue/news/203181.shtml Secuobs.com : 2010-03-19 01:12:35 - Security Bloggers Network - Or is it at the saturation point The SANS Institute acronym SysAdmin, Audit, Network, Security web site carried a blog piece that gives a good snapshot of the horrible ongoing plague of spam email that IT folks all over the globe must deal with Th http://www.secuobs.com/revue/news/203180.shtmlhttp://www.secuobs.com/revue/news/203180.shtml Secuobs.com : 2010-03-19 01:12:35 - Security Bloggers Network - Hacker Disables More Than 100 Cars Remotely wiredcom This story circulated a lot on different websites and on Twitter today and is the reason for this rant Normally I have high regards for wiredcom for the articles they write, including the series they did on hackerspaces But with this article, they really disappointed me I'm used that the main media makes this mistake but not Wired How would you define an ex-employee, guessing or stealing a former co-worker's password to access the system and screwing with it out of revenge A cybercriminal A hacker Wrong and wrong It's an insider threat He really must had mad 1337 skills to pull this one off I know that the word hacker is a confusing term meaning a lot of different things to different people, including the media's insistent wish to use it to describe cybercriminals Hint use a dictionary But this all leads to so many misunderstanding Hardware hacker, blackhat hackers, whitehat hackers, greyhat hackers, software hackers, kernel hackers, lifehackers, script kiddies, etc etc there are so many different dimensions to the word hacker that it leaves the average outsider confused But I have to be honest, I sometimes catch even myself using the word hacker in the context of 'cybercriminal' Even if I know better, it's a bad habit I often try to correct myself and others but it's an uphill battle Let's use more specific terms But a lot of the above variations have a common element taking things apart and learning how they work and improve on them It's this sharing and curiosity of how things work that is at the core of the original meaning of 'hacking' and involve non-computer related domains as well I'm a big supporter of the rise of the current flood of hackerspaces around the world and also in Belgium As these spaces embody the original meaning of hacking and enables users to learn and share knowledge Sometimes compared to Do-it-yourself labs or workplaces Frank Rieger, part of the Chaos Computer Club couldn't have said it better in this BBC article today For CCC member Frank Rieger, the word hacking - the process of reconfiguring or reprogramming a system to do things that its inventor never intended - needs to be reclaimed, and stripped of negative connotations We are trying to show people the beauty of technology, and how exciting it can be to find out new stuff and then do good things with that, he says Source BBC news Emphasis added by me So is it time to educate the media and others to reclaim the word hacker for what it really means It might be I have no special talent, I am only passionately curious -- Albert Einstein Related posts Hackerspace Ghent Whitespace or 0x20 will have their Open weekend on 19 - 21 March Hackerspace Antwerp in bootstrap mode The date for the Hackerspace Antwerp Startup Meeting Discussing about Hackerspace Antwerp What is a hackerspace What does a hackerspace look like And the next Hackerspace Brussels meetup IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203179.shtmlhttp://www.secuobs.com/revue/news/203179.shtml Secuobs.com : 2010-03-19 01:12:35 - Security Bloggers Network - Posted by Joe Franscella, 3-17-2010 Trainer Communications PR and marketing professionals were, again, all over the RSA Conference, myself included This year was especially exciting as the amount of client s we were representing there increased 300 percent over 2009 and this year we conducted two surveys for our clients PacketMotion and Brocade and helped our client http://www.secuobs.com/revue/news/203178.shtmlhttp://www.secuobs.com/revue/news/203178.shtml Secuobs.com : 2010-03-19 01:11:38 - SearchSecurity.com.au Analysis Commentary - Microsoft says it has no plans to patch the Windows Virtual PC environment, as it does not consider a recently-identified flaw to be a vulnerability IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203177.shtmlhttp://www.secuobs.com/revue/news/203177.shtml Secuobs.com : 2010-03-19 01:11:38 - SearchSecurity.com.au Analysis Commentary - You've lost some data and its time to explain the incident to your bosses Learn how to talk to executives about a breach with this Q A IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203176.shtmlhttp://www.secuobs.com/revue/news/203176.shtml Secuobs.com : 2010-03-19 01:10:51 - News - Plans are afoot to require that microchips be implanted in dogs to curb a rash of dogfights and attack dogs trained by street gangs and trash cans to monitor and perhaps charge for excessive waste disposal IMAGE http://www.secuobs.com/revue/news/203175.shtmlhttp://www.secuobs.com/revue/news/203175.shtml Secuobs.com : 2010-03-19 01:10:51 - News - Growing confidence has pushed the value of IT company shares up to levels not seen since late 2008, when the implosion of Wall Street sucked the air out of credit markets and dried up technology sales IMAGE http://www.secuobs.com/revue/news/203174.shtmlhttp://www.secuobs.com/revue/news/203174.shtml Secuobs.com : 2010-03-19 01:03:02 - PenTestIT - Adobe Reader and Acrobat Vulnerabilities IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203173.shtmlhttp://www.secuobs.com/revue/news/203173.shtml Secuobs.com : 2010-03-19 01:03:02 - PenTestIT - Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203172.shtmlhttp://www.secuobs.com/revue/news/203172.shtml Secuobs.com : 2010-03-19 01:03:02 - PenTestIT - Okay So, some people were not able to add the older add-on s using the trick we discussed here Worry not We have a few more tricks up our sleeves Here are two more 1 about config If you customize FireFox, you should know about what about config really is It is a quick interface to spice up your FireFox IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203171.shtmlhttp://www.secuobs.com/revue/news/203171.shtml Secuobs.com : 2010-03-19 00:57:15 - Rapid7 Network Security Blog - The new PCI ASV Program Guide is out, and the updates are much more significant than they appear I had the pleasure of working on the ASV Task Force last year, pulled together by the PCI SSC to revamp the rules of engagement for ASV Services The experience was fantastic, working directly with the http://www.secuobs.com/revue/news/203170.shtmlhttp://www.secuobs.com/revue/news/203170.shtml Secuobs.com : 2010-03-19 00:56:29 - The Honeynet Project - Much to the excitement of students all around the world, tonight Google officially announced which mentor organisations have been accepted for Google Summer of Code GSoC 2010, and the Honeynet Project are delighted to have been selected as one of 151 such mentoring organisations You can view the full list here http socghopappspotcom gsoc program accepted_orgs google gsoc2010 read more http://www.secuobs.com/revue/news/203169.shtmlhttp://www.secuobs.com/revue/news/203169.shtml Secuobs.com : 2010-03-19 00:49:27 - Rootsecure.net - Wired Judge Approves 95 Million Facebook Beacon Accord http://www.secuobs.com/revue/news/203168.shtmlhttp://www.secuobs.com/revue/news/203168.shtml Secuobs.com : 2010-03-19 00:49:27 - Rootsecure.net - H Security Dispute about Virtual PC security holes http://www.secuobs.com/revue/news/203167.shtmlhttp://www.secuobs.com/revue/news/203167.shtml Secuobs.com : 2010-03-19 00:48:00 - Reverse Engineering - submitted by rolfr link comment http://www.secuobs.com/revue/news/203166.shtmlhttp://www.secuobs.com/revue/news/203166.shtml Secuobs.com : 2010-03-19 00:30:53 - Global Security Mag Online - Synology Inc lance le produit DiskStation DS410, une solution NAS stockage en réseau spécifiquement conçue pour une utilisation personnelle ou les groupes de travail professionnels, et qui permet un partage et une protection des données Le Synology DS410 est la solution pour les utilisateurs qui ont besoin de partager et de stocker des données dans la mesure où il offre une vitesse de lecture moyenne de 115 Mo s dans une configuration RAID 5 et un environnement Windows, et de 54 Mo s en - Produits http://www.secuobs.com/revue/news/203165.shtmlhttp://www.secuobs.com/revue/news/203165.shtml Secuobs.com : 2010-03-19 00:28:30 - eSecurity Planet Features - Taking down a botnet, especially one of the biggest, is a daunting task that needs to be done in 'layers' and severing the creature's connections to the outside world doesn't get rid of the beast http://www.secuobs.com/revue/news/203164.shtmlhttp://www.secuobs.com/revue/news/203164.shtml Secuobs.com : 2010-03-19 00:27:46 - EFF.org Updates - Today, the Kentucky Supreme Court reversed a state court of appeals ruling blocking an attempt by the Commonwealth of Kentucky to seize 141 domain names allegedly tied to illegal gambling The Kentucky Supreme Court held that while many of the arguments presented in opposition to the seizure order were compelling and that they may have merit, the Interactive Media Entertainment Gaming Association iMEGA and the Interactive Gaming Council IGC lacked standing to bring the challenge because it was not clear that they represented any party actually affected by the order The Supreme Court explicitly noted that i f a party that can properly establish standing comes forward, the writ petition giving rise to these proceedings could be re-filed with the Court of Appeals The case began in late 2008 when, in a move to combat what it viewed as illegal online gambling, the Commonwealth of Kentucky convinced a state court to order the seizure of 141 domain names because the names allegedly constituted gambling devices that are banned under Kentucky law -- even though the sites were owned and operated by individuals outside of the state, and in many cases even outside of the country Unless the sites screened out Kentucky users, the court held, the seizure order was proper Despite the lack of extra-territorial authority of Kentucky state courts, some out-of-state registrars complied with the order and froze users' domain names In amicus briefs filed with the Court of Appeals and the Kentucky Supreme Court in support of a writ vacating the trial court's order, EFF, Center for Democracy and Technology CDT , and the American Civil Liberties Union ACLU argued that the First Amendment, the Commerce Clause, and the Due Process Clause of the Constitution prohibit state courts from interfering with Internet domain names that were registered and maintained outside the state EFF expects to participate as amicus in future proceedings if and when the affected domain name registrants continue their challenge to the trial court's ruling http://www.secuobs.com/revue/news/203163.shtmlhttp://www.secuobs.com/revue/news/203163.shtml Secuobs.com : 2010-03-19 00:21:34 - Stoned Bootkit - It feels like a déjà-vu - seems like Ikarus Security Software cares a fuck about my intellectual property They passed further my Stoned Bootkit 2 Alpha 4, and the license of it clearly states ANY FILE HERE MAY NOT BE USED ANYHOW BY IKARUS SECURITY SOFTWARE, their lawyers, Josef Pichlmayr or any person in contact with Ikarus, Kaspersky or Avira, including Franz Lehner, Fabasoft Distribution GmbH and partners of mentioned companies or any AV company without explicit permission of Peter Kleissner But Ikarus cares a fuck about it, ain't they http://www.secuobs.com/revue/news/203162.shtmlhttp://www.secuobs.com/revue/news/203162.shtml Secuobs.com : 2010-03-19 00:13:53 - Dominic White - http://www.secuobs.com/revue/news/203161.shtmlhttp://www.secuobs.com/revue/news/203161.shtml Secuobs.com : 2010-03-19 00:13:24 - securitystream.info - Robert Maley was fired from his job as the chief information security officer for the state of Pennsylvania earlier this month after he spoke, without proper authorization, about security incidents involving the state during a panel discussion at the RSA trade show In this interview, Maley gives his side of the events that led to his dismissal Read the full article Computerworld Shorten URL http threatpostcom en_us Olk Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us Olk' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Why Bob Maley s Firing is Bad for All of Us 2 State CSO Fired for Talking Openly at RSA 3 Pennsylvania s Web security officer leaves post a week after talking about PennDOT hacking incident http://www.secuobs.com/revue/news/203160.shtmlhttp://www.secuobs.com/revue/news/203160.shtml Secuobs.com : 2010-03-19 00:11:51 - Slashdot Your Rights Online - An anonymous reader writes with this excerpt from Reuters Google, Inc accused Viacom, Inc of secretly uploading its videos to YouTube even as the media conglomerate publicly denounced the online video site for copyright infringement, according to court documents made public on Thursday As statements from the corporate counsel's office go, this post on the YouTube blog is pretty hot reading IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203159.shtmlhttp://www.secuobs.com/revue/news/203159.shtml Secuobs.com : 2010-03-18 23:59:00 - SANS Internet Storm Center InfoCON green - more http://www.secuobs.com/revue/news/203158.shtmlhttp://www.secuobs.com/revue/news/203158.shtml Secuobs.com : 2010-03-18 23:56:41 - Zero Day - Facebook is warning its users on an ongoing BredoLab malware serving campaign using the well known Facebook Password Reset Confirmation Customer Support social engineering theme IMAGE http://www.secuobs.com/revue/news/203157.shtmlhttp://www.secuobs.com/revue/news/203157.shtml Secuobs.com : 2010-03-18 23:55:38 - Security Bloggers Network - DistribuTech Conference and Exhibition Tampa Convention Center Tampa, FLA Booth 139 More Information http://www.secuobs.com/revue/news/203156.shtmlhttp://www.secuobs.com/revue/news/203156.shtml Secuobs.com : 2010-03-18 23:54:35 - News - The vintage Commodore 64 personal computer is getting a makeover, with a new design and some of the latest computing technologies, as the brand gets primed for a comeback IMAGE http://www.secuobs.com/revue/news/203155.shtmlhttp://www.secuobs.com/revue/news/203155.shtml Secuobs.com : 2010-03-18 23:54:35 - News - A knock-off MacBook Air running Windows, a tablet computer shaped like a big iPhone and another tablet meant to rival Apple's iPad were all among the devices shown off by a small Chinese gadget maker on Thursday IMAGE http://www.secuobs.com/revue/news/203154.shtmlhttp://www.secuobs.com/revue/news/203154.shtml Secuobs.com : 2010-03-18 23:54:35 - News - Google and Viacom exchanged corporate unpleasantries on Thursday after the release of previously sealed documents in Viacom's three-year-old lawsuit against Google alleging copyright infringement on YouTube IMAGE http://www.secuobs.com/revue/news/203153.shtmlhttp://www.secuobs.com/revue/news/203153.shtml Secuobs.com : 2010-03-18 23:52:49 - 4sysops - Total Network Monitor 113 with some improvements is released Now the program is absolutely free Microsoft removes hardware virtualization barrier to running XP Mode Windows XP No IE9 for You Now you understand what supported until 2014 means Microsoft Windows blog Talking About Service Pack 1 for Windows 7 and Windows http://www.secuobs.com/revue/news/203152.shtmlhttp://www.secuobs.com/revue/news/203152.shtml Secuobs.com : 2010-03-18 23:51:43 - Office of Inadequate Security - City News Service reports Sheriff s detectives investigating an identity theft case involving a Valencia laboratory publicized the crime Wednesday in the hope of finding other victims and suspects All of the victims identified so far had done business with Specialty Laboratories at 27027 Tourney Road, according to Sgt Darren Harris of the sheriff s Santa Clarita Valley Station Molly http://www.secuobs.com/revue/news/203151.shtmlhttp://www.secuobs.com/revue/news/203151.shtml Secuobs.com : 2010-03-18 23:49:06 - Cryptome - March 18, 2010 http://www.secuobs.com/revue/news/203150.shtmlhttp://www.secuobs.com/revue/news/203150.shtml Secuobs.com : 2010-03-18 23:42:12 - Threat Level - Google deliberately weakened its copyright compliance standards after it acquired YouTube in 2006 so it would profit from illegal downloads, Google co-founder Sergey Brin once said, according to a Friday filing by Viacom in its infringement suit against the company YouTube, in its own Friday filing and in a blog post, said it was legally immune http://www.secuobs.com/revue/news/203149.shtmlhttp://www.secuobs.com/revue/news/203149.shtml Secuobs.com : 2010-03-18 23:27:25 - Infosecurity USA Latest News - ISO has published two new documents outlining principles and guidelines for secure archiving of electronic medical record data http://www.secuobs.com/revue/news/203148.shtmlhttp://www.secuobs.com/revue/news/203148.shtml Secuobs.com : 2010-03-18 23:25:03 - Global Security Mag Online - Websense a organisé une conférence pour pré-annoncer la sortie de Triton sa plate-forme unifiée pour protéger contre les attaques du Web 20 ce séminaire a regroupé une centaine de RSSI était animé par Frédéric Brault le DG de Websense France Eric Domage Après le message de bienvenue, Frédéric Braut a cédé la parole à Eric Domage, Directeur Etudes et Conseils, IDC Europe a dressé un panorama du marché de la sécurité français et donner les principales tendances pour la période de 2010 Selon lui, le - Investigations affiche_gauche http://www.secuobs.com/revue/news/203147.shtmlhttp://www.secuobs.com/revue/news/203147.shtml Secuobs.com : 2010-03-18 23:21:52 - EFF.org Updates - Worried about plans for California's smart grid We are too Energy usage data, with new hyper-close monitoring provided by the smart grid , allows intimate reconstruction of your household activities -- like when you wake up, when you come home, and when you go on vacation These concerns sparked our comments to the state's Public Utilities Commission last week, calling on the agency to consider critical privacy questions as it rolls out its smart meters across California Now there's a chance for you to learn more and weigh in This Friday, the California PUC is hosting a public hearing in San Francisco from 9 30 am to 4 30 pm at its headquarters at 505 Van Ness Ave A panel on ensuring public privacy runs from 10 30 am to noon We hope to see you there http://www.secuobs.com/revue/news/203146.shtmlhttp://www.secuobs.com/revue/news/203146.shtml Secuobs.com : 2010-03-18 23:21:52 - EFF.org Updates - HTTPS is the backbone of web security The protocol, which is also commonly known as the Secure Sockets Layer SSL , is what guarantees we can use the web to transmit sensitive information financial, medical, or other with relative confidence that it won't be intercepted or stolen EFF has been arguing for years that best practices demand that all sensitive data be sent exclusively over SSL Unfortunately, most major providers of web-based email and other sensitive web-based services do not even give their users the option of using SSL, let alone turn it on by default As a result, countless terabytes of sensitive data are transmitted over the Internet insecurely every day, greatly contributing to online fraud, data-theft and surveillance by authoritarian regimes Now, the Federal Trade Commission has officially put these companies on-notice In a speech before an FTC roundtable yesterday, outgoing FTC Commissioner Pamela Jones Harbour called on Web services services like Yahoo , Facebook and Hotmail to start using HTTPS SSL encryption Google has recently shown leadership in this space, by enabling HTTPS for Gmail, as well as making it the default behavior so that even users who don't understand security will be protected It's time for other services including Google Search to catch up with Gmail As Commissioner Harbour put it These vulnerabilities are easily preventable Security needs to be a default in the cloud We couldn't agree with her more http://www.secuobs.com/revue/news/203145.shtmlhttp://www.secuobs.com/revue/news/203145.shtml Secuobs.com : 2010-03-18 23:17:57 - 2600 The Hacker Quarterly - We're happy to announce discounted hotel rates for The Next HOPE at the Hotel Pennsylvania in New York City from July 16th through the 18th What's particularly amazing about this is that the price has actually gone down from past rates http://www.secuobs.com/revue/news/203144.shtmlhttp://www.secuobs.com/revue/news/203144.shtml Secuobs.com : 2010-03-18 23:08:22 - Silver Tail Blog - For those of you who were not able to attend our webinar Screen Injection - All your users credentials belong to Zeus, I have good news We are holding an encore presentation of the webinar In this webinar we explain screen injection, how it is perpetrated, and the benefit gained by the criminal We also show live http://www.secuobs.com/revue/news/203143.shtmlhttp://www.secuobs.com/revue/news/203143.shtml Secuobs.com : 2010-03-18 23:06:19 - The SDR Blog - The High-Performance SDR http://www.secuobs.com/revue/news/203142.shtmlhttp://www.secuobs.com/revue/news/203142.shtml Secuobs.com : 2010-03-18 23:05:26 - Browse Privacy Security Add ons for Firefox - CsFire autonomously protects you against dangerous or malicious cross-domain requests, such as Cross-Site Request Forgery CSRF CSRF is very prevalent and dangerous, as stated by the OWASP top 10, as well as the CWE SANS top 25 programming errors http://www.secuobs.com/revue/news/203141.shtmlhttp://www.secuobs.com/revue/news/203141.shtml Secuobs.com : 2010-03-18 23:05:06 - Slashdot Your Rights Online - bonch writes Agencies under the Obama administration cite security provisions to withhold information more often than they did under the Bush administration For example, the 'deliberative process' exemption of the Freedom of Information Act was used 70,779 times in 2009, up from the 47,395 of 2008 Amusingly, the Associated Press has been waiting three months for the government to deliver records on its own Open Government Directive IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203140.shtmlhttp://www.secuobs.com/revue/news/203140.shtml Secuobs.com : 2010-03-18 22:59:47 - No Tricks - Last week I was reading a document published by my company called Dealing with the Unexpected, which gives some lessons learnt from the recent credit crisis Early in the paper the authors speak about a 10 sigma event, or an event that we only expect to see once in 10,000 years This piqued my interest because I remembered an infamous statement made by some financial leader during the onset of the financial crisis to the effect that we are now experiencing repeated 25 sigma events Already a 10 sigma event is quite unlikely, but a 25 sigma event is just absurd exponentially smaller, but just exactly how much A one in a million year event One in a billion years First, what is sigma In statistics and probability, lower case sigma is used to denote the standard deviation of a distribution, which as the name implies, is the accepted unit to measure how much an outcome can vary from its mean or average A Wikipedia article lists the following table for the likelihood of sigma deviations for the standard normal distribution image So at 6 sigma deviations we are already talking about events that occur once every 15 million years Note that the scale is not linear, and the difference between an 2 and 3 sigma events is less than the difference between 3 and 4 sigma events That is, the likelihood of increasing sigma events is decreasing at a decreasing rate So a 25 sigma event must be very unlikely indeed so unlikely that the standard references I searched don t even bother listing this value, including the news articles that carried the original quote But after searching directly for sigma events I found a wonderful paper from researchers at the business school of the University College Dublin The researchers are a little more pessimistic by a factor of 2 in their calculations since they are only concerned with positive deviations away from the mean, as shown in the diagram for the the 2 sigma case image The paper reminds us that the 25 sigma quote came from David Viniar, CFO of Goldman Sachs, who actually said We were seeing things that were 25-standard deviation moves, several days in a row Not just one 25 sigma event, but several So the likelihood of those higher deviations was calculated to be image or 1-in-10 135 years for a 25 sigma event For example, this is much less likely than guessing an AES-256 key in one attempt The researchers offer the following comparison as to how unlikely such an event is To give a more down to earth comparison, on February 29 2008, the UK National Lottery is currently was offering a prize of 25m for a ticket costing 1 Assuming it to be a fair bet, the probability of winning the lottery on any given attempt is therefore 00000004 The probability of winning the lottery n times in a row is therefore 00000004 n , and the probability of a 25 sigma event is comparable to the probability of winning the lottery 21 or 22 times in a row Either Mr Viniar was very confused or his models were very confused Or potentially both A final quote from the paper However low the probabilities, and however frequently 25-sigma or similar events actually occur, it is always possible that Goldman s and other institutions that experienced such losses were just unlucky albeit to an extent that strains credibility But if these institutions are really that unlucky, then perhaps they shouldn t be in the business of minding other people s money Of course, those who are more cynical than us might suggest an alternative explanation namely, that Goldmans and their Ilk are simply not competent at their job Heaven forbid Yes Heaven forbid http://www.secuobs.com/revue/news/203139.shtmlhttp://www.secuobs.com/revue/news/203139.shtml Secuobs.com : 2010-03-18 22:57:35 - Security Wire Weekly - From buffer overflows to SQL injection, hackers have many techniques at their disposal to attack Web applications, and new methods constantly emerge This week s podcast edition of Threat Monitor highlights one of the tips from this special Web application attack security guide, entitled Prevent cross-site scripting hacks with tools, testing http://www.secuobs.com/revue/news/203138.shtmlhttp://www.secuobs.com/revue/news/203138.shtml Secuobs.com : 2010-03-18 22:54:49 - Wired Danger Room - The US military is bankrolling all kinds of projects to harness the power of directed energy, from laser-equipped aircraft that can shoot down ballistic missiles to smaller beam weapons mounted on Humvees that could zap mortars or artillery shells The Navy is no exception It wants a shipboard laser that is powerful enough to destroy http://www.secuobs.com/revue/news/203137.shtmlhttp://www.secuobs.com/revue/news/203137.shtml Secuobs.com : 2010-03-18 22:49:41 - Security Database Tools Watch - w3af, is a Web Application Attack and Audit Framework The w3af core and it's plugins are fully written in python The project has more than 130 plugins, which check for SQL injection, cross site scripting xss , local and remote file inclusion and much Sofian Brabez, our FreeBSD expert, has updated the FreeBSD port of w3af to the 10-rc2 version and commited it to FreeBSD ports sources tree If you're using FreeBSD, now you have one more reason to use w3af and make your life easier when - Security Tools Penetration testing Ethical Hacking, Application Scanner, w3af IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203136.shtmlhttp://www.secuobs.com/revue/news/203136.shtml Secuobs.com : 2010-03-18 22:49:17 - Security Bloggers Network - Big Brother is alive and well -- http wwwnewsweekcom id 233916 I know geo-location tracking technology is not new hell, I watch CSI What I don't know is how sophisticated it is and who besides cops and spooks have knowledge, skills and http://www.secuobs.com/revue/news/203135.shtmlhttp://www.secuobs.com/revue/news/203135.shtml Secuobs.com : 2010-03-18 22:49:17 - Security Bloggers Network - Dear Diary, Back from another trip to New Zealand Wellington on Tuesday and Auckland on Wednesday Probably should have arranged to stay over Wednesday evening, as it was St Patrick's Day Thanks to timezone magic, Auckland is almost the first place in the world which gets to celebrate St Pat's the Eastern islands of Kiribati, at http://www.secuobs.com/revue/news/203134.shtmlhttp://www.secuobs.com/revue/news/203134.shtml Secuobs.com : 2010-03-18 22:49:17 - Security Bloggers Network - Years ago, I bought a copy of the Style Guide for The Economist magazine I can't find my copy of this book, so I'll probably get the exact wording a bit wrong, but according to the far-from-modest Style Guide, there http://www.secuobs.com/revue/news/203133.shtmlhttp://www.secuobs.com/revue/news/203133.shtml Secuobs.com : 2010-03-18 22:49:17 - Security Bloggers Network - The internet is ablaze with gossip about the state of Sandra Bullock's marriage to Jesse James, after it was alleged that the Oscar winner's husband was having an affair with tattoo model Michelle Bombshell McGee With such a hot trending story, it's no surprise that hackers have not been slowcoaches in exploiting the interest to their http://www.secuobs.com/revue/news/203132.shtmlhttp://www.secuobs.com/revue/news/203132.shtml Secuobs.com : 2010-03-18 22:49:17 - Security Bloggers Network - Cybersecurity Bill Trims Presidents Power Cybersecurity InformationWeek The Senate Wednesday re-introduced a cybersecurity bill it considered last year, minus a provision that would have allowed the president to shut down the Internet in the event of a major cyber attack The Cybersecurity Act, S 773, co-sponsored by Senators Jay Rockefeller D-WVa and Olympia Snowe R-Maine , http://www.secuobs.com/revue/news/203131.shtmlhttp://www.secuobs.com/revue/news/203131.shtml Secuobs.com : 2010-03-18 22:48:22 - NovaInfosecPortal.com - It took a month but we ve done it after ShmooCon 2010, we decided to pay homage to our local speakers at the conference We had Doug Wilson speaking on Friday Trevor Hawthorn and Eric M Fiterman on Saturday and last but not forgotten Jim Manley on Sunday All four speakers are respected in their fields http://www.secuobs.com/revue/news/203130.shtmlhttp://www.secuobs.com/revue/news/203130.shtml Secuobs.com : 2010-03-18 22:47:41 - News - The Sunlight Foundation has launched a campaign to pressure all levels of government in the US to put more information online IMAGE http://www.secuobs.com/revue/news/203129.shtmlhttp://www.secuobs.com/revue/news/203129.shtml Secuobs.com : 2010-03-18 22:47:41 - News - Google is now publicly testing a new feature for its Calendar application that auto-suggests a new time and date for a meeting that needs to be rescheduled IMAGE http://www.secuobs.com/revue/news/203128.shtmlhttp://www.secuobs.com/revue/news/203128.shtml Secuobs.com : 2010-03-18 22:44:44 - 4sysops - I somehow forgot my poll about cloud computing which I started last year I wanted to know how many Windows admins are already involved in cloud computing and how interested 4sysops readers are in this new technology The result is quite interesting At time of this writing, 17pourcents are already using cloud technology, 11pourcents are planning http://www.secuobs.com/revue/news/203127.shtmlhttp://www.secuobs.com/revue/news/203127.shtml Secuobs.com : 2010-03-18 22:42:47 - Office of Inadequate Security - Ieva M Augstums reports PNC Financial Services Group is investigating a systemwide account breach that affects former National City Bank customers and their debit card accounts Bank officials were made aware of the data breach earlier this week, but Solomon would not say how many customers accounts have been compromised or how much money was stolen Read more http://www.secuobs.com/revue/news/203126.shtmlhttp://www.secuobs.com/revue/news/203126.shtml Secuobs.com : 2010-03-18 22:42:28 - MX Logic Security News - McAfee advises all users of Facebook to carefully analyze any email received from the social networking giant in the next few weeks as several users have reported receiving emails requesting they change their password Phishing scams related to social networking sites like Facebook and Twitter have become one of the best methods for cyber criminals to compromise web security It's especially bad if a cyber criminals gain access to a Facebook user's account because people frequently use the same password for multiple websites and accounts Any email received ostensibly sent by Facebook that says a new password is available in an attachment should be discarded and reported to the company Facebook does not reset passwords in this fashion This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam, McAfee wrote on its blog This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs In recent months, Facebook has been the target of criticism for its lack of action against the spread of malware Ira Winkler, a Candian web security professional, sent an email to the company demanding that it remove an ad spreading scareware from the site last monthADNFCR-1765-ID-19677716-ADNFCR http://www.secuobs.com/revue/news/203125.shtmlhttp://www.secuobs.com/revue/news/203125.shtml Secuobs.com : 2010-03-18 22:42:28 - MX Logic Security News - Despite the recent success authorities have enjoyed in shutting down certain major botnets such as Waledac and Mariposa, the BBC recently reported that spam levels have not faltered greatly and the threat of infection from the tainted messages is still very real Cyber criminals have become increasingly adept at spreading their botnets to several different sources, so when an ISP or server is neutralized, the threat still exists The threat of spam in the US and Europe has been limited to an extent with email filtering and increased vigilance In other parts of the world, the threats continue to grow It is true that over the years spam campaigns have become less successful for certain age demographics in the USA and most of Europe, but not so much in Asia and developing countries Paul Sop, chief technology officer at security firm Prolexic, told the BBC Microsoft recently acquired a court order to shut down the Waledac botnet The measure proved successful, but web security experts noticed very little drop off in spam activity in the hours following the botnet's removal ADNFCR-1765-ID-19677718-ADNFCR http://www.secuobs.com/revue/news/203124.shtmlhttp://www.secuobs.com/revue/news/203124.shtml Secuobs.com : 2010-03-18 22:42:28 - MX Logic Security News - In an effort to attack malware at the root of the problem, the Federal Bureau of Investigation and the UK's Serious Organised Crime Agency submitted a new list of recommendations to the Internet Corporation for Assigned Names and Numbers that would make it more difficult to register a domain on the web, according to IT World Canada The agencies did not make their recommendations public, but they reportedly believe that registering a domain should require further identity verification The identification measures used by online banking institutions require several steps, while domain registration only requires basic identification information Ecommerce companies use similar steps, so the infrastructure required to make these checks is available to domain registrars There's no reason why the registries and domain registrars can't do the same thing, Paul Hoare, senior manager of the SOCA, told IT World It means criminals have to do some more work to register Similar regulations were recently announced by the Public Interest Registry, which make it more difficult to register org websites PIR made the move due to an increase in cache poisoning attacks, which redirect traffic from legitimate nonprofit organizations to URLs that are very similarADNFCR-1765-ID-19677720-ADNFCR http://www.secuobs.com/revue/news/203123.shtmlhttp://www.secuobs.com/revue/news/203123.shtml Secuobs.com : 2010-03-18 22:42:28 - MX Logic Security News - The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm The patch for the hole that the program exploited hit the web in 2008 thanks to Microsoft, but Conficker continues to find its way onto the hard drives of computer users Microsoft recently announced a 250,000 reward for any information that leads to the arrest of the cyber criminal who created the strain Conficker's primary motive is stealing password information for social networking sites, online banking institutions and other sensitive material Katonda reports that USB drives are among the primary vectors for the virus' continued spread The malware finds its way onto USB drives when inserted into an infected computer From there, it is spread onto other drives it comes into contact with Conficker is the largest worm on the web since the SQL Slammer, which attacked computers in 2003, according to the New York TimesADNFCR-1765-ID-19677725-ADNFCR http://www.secuobs.com/revue/news/203122.shtmlhttp://www.secuobs.com/revue/news/203122.shtml Secuobs.com : 2010-03-18 22:42:28 - MX Logic Security News - Leading web security experts believe that the recently released National Broadband Program is potentially a major risk to national web security As more people move from dial-up and other slower forms of internet access, they will be exposed to malware and be unable to handle it The dangers are especially damning for users who did not have internet access before their adoption of broadband When most Americans first started using the web, malware was minimal Cyber criminals will learn the best ways to target new users as more of them begin using broadband Younger broadband users are especially suceptible to malware infection as they're more likely to download programs laced with malicious software These 100 million newbies don t stand a chance They've effectively been shielded by one of the best anti-spyware and anti-malware systems ever invented - dial-up If we bring these people into the broadband world, we're going to need to beef up our security across the board ZDNet blogger David Gerwitz writes Kaspersky reported in February that while new malware strains remained flat in 2009, the programs have become increasingly sophisticated If experienced computer users are struggling with viruses, new users must be alerted to potential risksADNFCR-1765-ID-19677810-ADNFCR http://www.secuobs.com/revue/news/203121.shtmlhttp://www.secuobs.com/revue/news/203121.shtml Secuobs.com : 2010-03-18 22:38:48 - Cryptome - March 18, 2010 http://www.secuobs.com/revue/news/203120.shtmlhttp://www.secuobs.com/revue/news/203120.shtml Secuobs.com : 2010-03-18 22:37:58 - Channel 9 - IMAGE In February, while up on campus for the MVP summit, I snuck over to the Expression side of building 41 and met with Pete Blois Pete Blois is a Senior Program Manager Lead on the Expression Blend team He's responsible for tooling for Silverlight, WPF, and now Silverlight for Windows Phone 7 Series Blend 4 supports not only Silverlight, WPF, and Windows Phone, it now includes multi-targeting support for the NET framework 35sp1 and 4, Silverlight 3 and 4, and Silverlight for Windows Phone, just like Visual Studio 2010 In this video, Pete goes into some detail about how they have accomplished multi targeting in Blend 4 Pete also talks about Rooler, the screen measurement and sampling tool he created for designers and developers Written in WPF, this has become one of my go-to tools whenever I'm working with an existing design Finally, we get into the new Blend tooling for Windows Phone Series 7 development As expected, the Expression team delivers with an awesome design and development experience for a new platform Pete Blois's site and blog Pete Blois on twitter peteblois Pete Brown's site and blog 10remnet Pete Brown on twitter pete_brown http://www.secuobs.com/revue/news/203119.shtmlhttp://www.secuobs.com/revue/news/203119.shtml Secuobs.com : 2010-03-18 22:30:35 - Arduino Blog - Today we are working at ITP, New York University, Shigeru Kobayashi from IAMAS, presented his Arduino FIO board that he developed together with Sparkfun http://www.secuobs.com/revue/news/203118.shtmlhttp://www.secuobs.com/revue/news/203118.shtml Secuobs.com : 2010-03-18 22:28:06 - Threat Level - A Pennsylvania appellate court upheld a preliminary injunction on Wednesday barring local prosecutors from filing felony child-porn charges against a teenage girl who took a partially nude photo of herself with her cellphone The court said prosecutors were using the threat of charges as retaliation against the teen for exercising her constitutional right to refuse a http://www.secuobs.com/revue/news/203117.shtmlhttp://www.secuobs.com/revue/news/203117.shtml Secuobs.com : 2010-03-18 22:28:06 - Threat Level - A California appeals court ruled this week that threatening posts made by readers of a website are not protected free speech, allowing a case charging the posters with hate crimes and defamation to proceed The case raises fundamental questions about cyberbullying and the line between online speech and hate crimes In her dissenting opinion, Judge Frances Rothschild http://www.secuobs.com/revue/news/203116.shtmlhttp://www.secuobs.com/revue/news/203116.shtml Secuobs.com : 2010-03-18 22:16:22 - LinuxSecurity.com Latest News - LinuxSecuritycom Microsoft's Internet Explorer 9 is now out for developers to try out and test -- well kinda sorta You see the IE9 Test Drive Platform Preview isn't really a browser is it IE9 as it is currently available lacks tabs It lacks a back button and it lacks an address bar http://www.secuobs.com/revue/news/203115.shtmlhttp://www.secuobs.com/revue/news/203115.shtml Secuobs.com : 2010-03-18 22:16:22 - LinuxSecurity.com Latest News - LinuxSecuritycom If you have read any of the Samba content here on Ghacks you probably will have noticed that within the smbconf configuration file a line that begins with security This is a very important part of Samba setup and generally the section that gives users the most problems Although the security mode would seem fairly straight-forward, it is certainly worth explaining http://www.secuobs.com/revue/news/203114.shtmlhttp://www.secuobs.com/revue/news/203114.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - Everial, expert en gestion de flux documentaires, a été choisi par Merial, un leader mondial en santé animale, pour assurer la dématérialisation d'un fonds documentaire équivalant à 200 mètres linéaires d'archives Réalisé en moins de six semaines, le projet a permis de numériser l'intégralité des documents au format PDF A, garantissant ainsi la sécurisation et l'optimisation de leur conservation et de leur consultation Merial a souhaité mettre en place un système de numérisation d'une partie de son fonds - Marchés http://www.secuobs.com/revue/news/203113.shtmlhttp://www.secuobs.com/revue/news/203113.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - La technique les pirates envoient des emails semblant provenir de Facebook et informant les destinataires que leur mot de passe à été réinitialisé Ceux-ci doivent cliquer sur une pièce jointe pour récupérer leur nouveau mot de passe Attention la pièce jointe est un voleur de mot de passe qui s'installe au moment où l'utilisateur clique dessus Le risque une fois installé ce programme malveillant pourra accéder à toutes les combinaisons de noms d'utilisateur et mot de passe que les internautes - Info Malwares http://www.secuobs.com/revue/news/203112.shtmlhttp://www.secuobs.com/revue/news/203112.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - Longtemps considéré comme lourd et coûteux, le plan de continuité d'activité PCA doit aujourd'hui se transformer, sous peine de marginalisation et de devenir un outil d'usage courant pour l'organisation Comment engager cette r évolution Nombre de décideurs perçoivent aujourd'hui leur PCA comme un ensemble complexe de documents éloignés de la réalité opérationnelle, plus destinés à se rassurer qu'à servir concrètement le jour J Vu comme une assurance destinée à couvrir un risque extrêmement - Risk Management affiche_droite http://www.secuobs.com/revue/news/203111.shtmlhttp://www.secuobs.com/revue/news/203111.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - Equinix, Inc, fournisseur de services de datacentres dans le monde, annonce l'inauguration de son deuxième datacentre International Business Exchange IBX GV2 à Genève Ce datacentre, le cinquième géré par Equinix sur la Suisse, répond à une demande dynamique pour de tels services, émanant d'entreprises locales, de multinationales et de banques Cette première phase rajoute 380 baies à la capacité d'Equinix sur Genève, et portera, à terme, sur 760 baies couvrant 4 500 m2 Equinix double ainsi son - Produits http://www.secuobs.com/revue/news/203110.shtmlhttp://www.secuobs.com/revue/news/203110.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - Acronis lance un nouveau programme de formation et de certification pour accompagner le lancement de sa dernière gamme de produits de reprise d'activité après sinistre Acronis Academy est un programme professionnel de formation qui permet aux Partenaires et aux utilisateurs finaux de recevoir une formation technique et commerciale poussée Acronis Academy remplace le programme de certification Acronis existant Plus complet, ce nouveau programme propose plusieurs niveaux de cours techniques et - Business http://www.secuobs.com/revue/news/203109.shtmlhttp://www.secuobs.com/revue/news/203109.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - Intego, le spécialiste de la sécurité pour Mac, a annoncé le lancement de Washing Machine 2, un programme qui nettoie les fichiers générés par les navigateurs web et d'autres programmes Internet Washing Machine 2, optimisé pour Snow Leopard, aide les utilisateurs Mac à supprimer les fichiers créés par un grand nombre de programmes qui accèdent à Internet car ils occupent de l'espace ou présentent des risques liés à votre vie privée Les utilisateurs peuvent nettoyer rapidement ces fichiers, de façon - Produits http://www.secuobs.com/revue/news/203108.shtmlhttp://www.secuobs.com/revue/news/203108.shtml Secuobs.com : 2010-03-18 22:03:54 - Global Security Mag Online - Enterasys, la division Infrastructure Réseau Sécurité du groupe Siemens Enterprise Communications, dévoile les nouvelles améliorations apportées à sa gamme HiPath Wireless Les solutions réseaux HiPath Wireless comprennent une large gamme de points d'accès, de contrôleurs, de fonctionnalités d'administration ainsi que de logiciels de sécurité et de planification, ainsi qu'une plate-forme ouverte unique pour l'intégration des applications Les améliorations de la version 7 d'HiPath Wireless - Produits http://www.secuobs.com/revue/news/203107.shtmlhttp://www.secuobs.com/revue/news/203107.shtml Secuobs.com : 2010-03-18 21:59:54 - eSecurity Planet Features - The FBI said losses from cyber criminal activities more than doubled in 2009 and that men were more likely than women to be scammed for larger sums http://www.secuobs.com/revue/news/203106.shtmlhttp://www.secuobs.com/revue/news/203106.shtml Secuobs.com : 2010-03-18 21:59:54 - eSecurity Planet Features - Core Security Technologies said it's found a nasty bug in Windows Virtual PC that could let an attacker bypass important security protections But what does Microsoft think http://www.secuobs.com/revue/news/203105.shtmlhttp://www.secuobs.com/revue/news/203105.shtml Secuobs.com : 2010-03-18 21:59:54 - eSecurity Planet Features - The social networking site is dealing with yet another malware scam that attempts to steal users' usernames and passwords to access Facebook users' online banking accounts http://www.secuobs.com/revue/news/203104.shtmlhttp://www.secuobs.com/revue/news/203104.shtml Secuobs.com : 2010-03-18 21:51:58 - adafruit industries blog - Arduino FIO presented at Uno Punto Zero dcuartielles writes - Sneak preview of the Arduino FIO at the Uno Punto Zero meeting Today we are working at ITP, New York University, Shigeru Kobayashi from IAMAS, presented his Arduino FIO board that he developed together with Sparkfun http://www.secuobs.com/revue/news/203103.shtmlhttp://www.secuobs.com/revue/news/203103.shtml Secuobs.com : 2010-03-18 21:49:41 - threatpost The First Stop for Security News - Here are four techniques and related technologies several cited as underrated in today's security fight Since one security pro's miracle tool is another's waste of budget, it's no surprise that a couple of the technologies panned earlier are praised here Read the full article CSO Shorten URL http threatpostcom en_us OlD Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/203102.shtmlhttp://www.secuobs.com/revue/news/203102.shtml Secuobs.com : 2010-03-18 21:29:41 - securitystream.info - MIT researchers funded by DARPA US Defense Department s Defense Advanced Research Projects Agency have developed a system to keep web servers or, for that matter, any Internet-connected computers running even when they re under attack Read the full article MIT News Shorten URL http threatpostcom en_us Ol2 Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us Ol2' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 What Researchers Are Gaining from Troyak s De-Peering 2 What Researchers Are Gaining from Troyak s De-Peering 3 What Researchers Are Gaining from Troyak s De-Peering http://www.secuobs.com/revue/news/203101.shtmlhttp://www.secuobs.com/revue/news/203101.shtml Secuobs.com : 2010-03-18 21:26:39 - Slashdot Your Rights Online - mikesd81 writes In the first federal appeals court opinion dealing with 'sexting,' a three-judge panel of the United States Court of Appeals for the Third Circuit ruled Wednesday that parents could block the prosecution of their children on child pornography charges for appearing in photographs found on some classmates' cellphones Miller vs Mitchell PDF began in 2008 when school officials in Tunkhannock, Pa, discovered seminude and nude photographs of some female students on other student's phones George Skumanick Jr, the DA at the time, said the students and their parents could be prosecuted if they did not participate in an after-school 'education program' The unanimous ruling of the judges, Thomas L Ambro, Michael A Chagares and Walter K Stapleton, criticized the district attorney's reliance on the girls' presence in the photographs as a basis for the potential charges 'Appearing in a photograph provides no evidence as to whether that person possessed or transmitted the photo,' said the opinion, by Judge Ambro IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203100.shtmlhttp://www.secuobs.com/revue/news/203100.shtml Secuobs.com : 2010-03-18 21:26:39 - Slashdot Your Rights Online - lee1 writes It turns out that the UK has a DNA database for dogs And this database was recently used to apprehend a South London gang member who used his dog to catch a 16-year-old rival and hold him while he stabbed him to death The dog was also accidentally stabbed, and left blood at the scene The creation of human DNA databases has led to widespread debates on privacy but what about the collation of DNA from dogs or other animals IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203099.shtmlhttp://www.secuobs.com/revue/news/203099.shtml Secuobs.com : 2010-03-18 21:18:54 - OVAL News - OVAL Team Member and CWE CAPEC Program Manager Robert A Martin presented a briefing about OVAL Making Security Measurable to the DHS DoD NIST SwA Forum on March 9-12, 2010 http://www.secuobs.com/revue/news/203098.shtmlhttp://www.secuobs.com/revue/news/203098.shtml Secuobs.com : 2010-03-18 21:02:40 - Hack a Day - Steve wanted to do some ARM development and set his sights on the Game Boy Advance as a development package In order to get his code onto the device he build an Arduino-based communications cable It is necessary to have a microcontroller involved because the GBA uses a peculiar 16-bit serial communications protocol This cable http://www.secuobs.com/revue/news/203097.shtmlhttp://www.secuobs.com/revue/news/203097.shtml Secuobs.com : 2010-03-18 20:57:59 - SearchSecurity Security Wire Daily News - Internet attribution would help fight cybercrime but poses privacy and technical problems IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203096.shtmlhttp://www.secuobs.com/revue/news/203096.shtml Secuobs.com : 2010-03-18 20:56:37 - Security Musings - As I mentioned in an earlier post, the 2010 RSA Conference Keynote addresses have been posted online and I m linking some of my favorites from the 2010 conference You can view an interactive webcast, view the video, or even listen download audio-only podcasts of the keynote presentations It is often hard to follow the keynotes in http://www.secuobs.com/revue/news/203095.shtmlhttp://www.secuobs.com/revue/news/203095.shtml Secuobs.com : 2010-03-18 20:55:26 - Security Bloggers Network - free-lunchjpgWhen I think UTM, I think Fortinet, SonicWall and WatchGuard - especially in the wake of McAfee s recent decision to discontinue its SnapGear line Each of these vendors gives strong support to managed service providers who support UTM technologies But these models are predominantly based on a product sale and recurring services Network Box USA thinks it can break that model and capture market share by giving away UTM appliances -- hardware that typically includes a firewall, VPN, IDS, antivirus and Web and content filtering -- as long as the customer buys extended managed services contracts Many of the companies we serve have told us that paying a higher price up front and a lower recurring price is not in their best interest - that they d prefer to pay a flat fee over the contract period, including the first year, said Randy Hays, Network Box USA s director of sales With our new pricing model, as long as they re under contract, they won t have to pay for new hardware when the current one needs replacing If this model sounds familiar, it should It s pretty much the cellular carrier model Network Box, which sells through security partners, will charge a higher monthly service rate in exchange for free equipment - both new and upgrade replacements Of course, one of the caveats is an early termination fee Most of the other security hardware vendors that support the managed services model are more focused on discounting and price protection programs that allow MSPs to continue buying appliances as their capacity needs increase This conventional model isn t bad considering that once an MSP standardizes on a particular model and software build, it s easy to replicate images and deployments as business scales What s unclear from the Network Box announcement is how this will benefit its channel partners While hardware prices and margins are pretty much commoditized, the sale of product remains an important revenue source for many VARs and MSPs In fact, the money earned from product sales is often what underwrites the services business that produces revenue at a trickle at first Many security vendors - including Sophos, Panda and McAfee - are using free product as a carrot for capturing net-new customers and market share While we d like to believe that free is often hard to argue with, customers don t blindly base adoption decisions because something is perceivably free Many customers will look at the total cost of ownership and compare that cost against the acquisition and TCO cost of a rival product http://www.secuobs.com/revue/news/203094.shtmlhttp://www.secuobs.com/revue/news/203094.shtml Secuobs.com : 2010-03-18 20:55:26 - Security Bloggers Network - 这样的漏洞应该很多, 说不定有wormable的, 大家挖挖 类别 微博 查看评论 http://www.secuobs.com/revue/news/203093.shtmlhttp://www.secuobs.com/revue/news/203093.shtml Secuobs.com : 2010-03-18 20:53:52 - How to remove - The file name swiftkitexe has appeared in an virus analysis report You can see it on this linkThe installer is about 290 kb It may download more harmful files from the internet A good firewall can detect harmful activities and prevent them Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203092.shtmlhttp://www.secuobs.com/revue/news/203092.shtml Secuobs.com : 2010-03-18 20:52:27 - News - Businesses are finally prying their hands from Windows XP as they warm to Windows 7, a research company said today http://www.secuobs.com/revue/news/203091.shtmlhttp://www.secuobs.com/revue/news/203091.shtml Secuobs.com : 2010-03-18 20:52:27 - News - Developers can implement their own clipboards within apps, but Microsoft is favoring contextual tapping instead http://www.secuobs.com/revue/news/203090.shtmlhttp://www.secuobs.com/revue/news/203090.shtml Secuobs.com : 2010-03-18 20:52:27 - News - Sprint Nextel announced that it plans to offer Google's Nexus One smartphone on its network for an as-yet undisclosed price http://www.secuobs.com/revue/news/203089.shtmlhttp://www.secuobs.com/revue/news/203089.shtml Secuobs.com : 2010-03-18 20:52:27 - News - Color e-reader screens that can imitate video playback were on show Thursday from the company that makes the Kindle for Amazoncom, as similar technologies move closer to debuting in finished products http://www.secuobs.com/revue/news/203088.shtmlhttp://www.secuobs.com/revue/news/203088.shtml Secuobs.com : 2010-03-18 20:52:27 - News - A bug in Microsoft's software gives hackers a way to exploit virtual Windows machines which would be attack-proof if they were running on real hardware, a researcher said today http://www.secuobs.com/revue/news/203087.shtmlhttp://www.secuobs.com/revue/news/203087.shtml Secuobs.com : 2010-03-18 20:52:27 - News - Microsoft today announced service packs for both Windows 7 and Windows Server 2008 R2, but declined to set a release date or a schedule for getting a beta in users' hands http://www.secuobs.com/revue/news/203086.shtmlhttp://www.secuobs.com/revue/news/203086.shtml Secuobs.com : 2010-03-18 20:52:27 - News - If you weren't quick enough to already order your iPad accessories, you might be wondering What's up, dock http://www.secuobs.com/revue/news/203085.shtmlhttp://www.secuobs.com/revue/news/203085.shtml Secuobs.com : 2010-03-18 20:52:27 - News - James Gosling, formerly of Sun, also touts latest version of Java Enterprise Edition http://www.secuobs.com/revue/news/203084.shtmlhttp://www.secuobs.com/revue/news/203084.shtml Secuobs.com : 2010-03-18 20:52:27 - News - Fine-grained network controls that are coming with next-generation mobile technology could make some demanding mobile applications such as video perform better but may also raise net neutrality concerns http://www.secuobs.com/revue/news/203083.shtmlhttp://www.secuobs.com/revue/news/203083.shtml Secuobs.com : 2010-03-18 20:43:35 - TorrentFreak - Russian police have raided a datacenter hosting iFolderru, a huge Rapidshare-like site Their paperwork allowed them to search and gather evidence against a user who uploaded illegal material to the site Although staff offered 100pourcents co-operation, the police cut the power and sealed the servers in the datacenter, putting iFolder completely out of operation http://www.secuobs.com/revue/news/203082.shtmlhttp://www.secuobs.com/revue/news/203082.shtml Secuobs.com : 2010-03-18 20:43:14 - The Tech Herald Security News - Amichai Shulman, chief technology officer with security firm Imperva, takes a harsh stance on a recent SXSW panel talk and says that social networking sites need to mandate the use of strong passwords, instead of blaming the weak passwords chosen by users for many of the problems the social portals face http://www.secuobs.com/revue/news/203081.shtmlhttp://www.secuobs.com/revue/news/203081.shtml Secuobs.com : 2010-03-18 20:42:03 - PenTestIT - Today, we have this post from the sigkill Blog by Mr Troels Henriksen LinkedIn phishing vulnerability is a post by the author that lets us know about a new, unpatched phishing in a popular networking site LinkedIn This vulnerability makes it possible for you to take control of another persons account The author has done an IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203080.shtmlhttp://www.secuobs.com/revue/news/203080.shtml Secuobs.com : 2010-03-18 20:41:16 - MX Logic Security News - The Federal Bureau of Investigation recently announced a plan to use social networks to target criminal activites that happen online, according to Information Week The bureau will mostly seek information made public by account holders, but it did say that it will consider undercover work when necessary Of the three most widely used networks, Facebook, MySpace and Twitter, Facebook is the most helpful as it will often grant FBI agents accounts to investigate potential threats on its network MySpace requires search warrants for any message older than 181 days, writes Information Week Twitter remains the least useful as it provides no contact information for law enforcement The bureau's presentation made no specific mentions of crime It appears that they will target any crimes they encounter, whether it be inappropriate conversations between a minor and an adult or the use of malware The federal government has addressed the issue of cyber bullying in recent months, however, in response to the suicude of Missouri teen Megan Meier in 2006 Meier hanged herself shortly before her 14th birthday that year after bullying took place on MySpace The mother of another local teen was charged with her death after investigators found that she had bullied MeierADNFCR-1765-ID-19677709-ADNFCR http://www.secuobs.com/revue/news/203079.shtmlhttp://www.secuobs.com/revue/news/203079.shtml Secuobs.com : 2010-03-18 20:34:19 - Microsoft BlueHat Blog - It was pretty fun sitting in the panel that kicked-off the first BlueHat Security Forum in Latin America and we are almost half-way through our day here in Buenos Aires Check out Mike Reavey s EcoStrat Blog post for details about the panel It is always great to see old friends from the ecosystem and meet some new people from all over Latin America Everyone seems to be having a great time and enjoying the really good and diverse line-up of interesting talks Anchises de Paula and Kristen Dennesen from iDefense covered the international landscape vulnerability market with a focus on Latin America Their talk covered international laws, how the lack of some cybercrime laws impact various Latin America countries, and how the bureaucracy of the legal system gets in the way of investigations concluding in an effective timeframe Pedro Varangot, from Core Security Technologies, covered the new trends in attacks to and using social networks, not only from an impersonation perspective, but also the availability of tools to automate the process Looking forward to the afternoon talks and really hope this is the first of many BlueHat events in Latin America -Luiz Eduardo IMAGE http://www.secuobs.com/revue/news/203078.shtmlhttp://www.secuobs.com/revue/news/203078.shtml Secuobs.com : 2010-03-18 20:33:38 - The Old New Thing - Last time, we saw how hinting is used to speed up the resolving of imported functions Today, we'll look at binding Recall that the module loader resolves imports by locating the function in the export table of the linked-to DLL and recording the results in the loaded module's table of imported function addresses so that code from the module can jump indirectly through the table and reach the target function One of the consequences of this basic idea is that the table of imported function addresses is written to at module load time Writeable data in a module is stored in the form of copy-on-write pages Copy-on-write pages are a form of computer optimism I'm going to assume that nobody writes to this page, so that I can share it among all copies of the DLL loaded into different processes assuming other conditions are met, not important to this discussion don't make me bring back the nitpicker's corner In this way, I can conserve memory, leaving more memory available for other things But once you write to the page, that assumption is proven false, and the memory manager needs to make a private copy of the page for your process If two processes load your DLL, they each get their own copy of the memory once they write to it, and the opportunity to share the memory between the two DLLs is lost What is particularly sad is when the copy-on-write page is forced to be copied because two processes wrote to the pages, even if the processes wrote the same value Since the two pages are now once again identical, they could in principle be shared again The memory manager doesn't do memcmps of every potentially-shared page each time you write to it, on the off chance that you happened to make two pages coincidentally identical Once a copy-on-write page is written to, the memory manager makes the copy and says, Oh well, it was good while it lasted One of the cases where two processes both write to the page and write the same value is when they are resolving imports to the same DLL In that case, the call to GetProcAddress will return the same value in both processes assuming the target DLL is loaded at the same base address in both processes , and you are in the sad case where two processes dirty the page by writing the same value To make this sad case happy again, the module loader has an optimization to avoid writing to pages it doesn't have to We pre-initialize the values in the table of imported function addresses to a prediction as to what the actual address of the function will be Then we can have the module loader compare the return value of GetProcAddress against the predicted value, and if they are the same, it skips the write In context diff format error checking deleted since it's not relevant to the discussion for Index 0 Index NumberOfImportedFunctions Index FunctionPointer GetProcAddress hinst, ImportEntry Index - TableEntry Index FunctionPointer if TableEntry Index FunctionPointer TableEntry Index FunctionPointer But wait, we can optimize this even more How about avoiding the entire loop This saves us the trouble of having to call GetProcAddress in the first place There is an extra field in the import descriptor table entry called TimeDateStamp which records the timestamp of the DLL from which the precomputed function pointer values were obtained Every DLL has a timestamp, recorded in the module header information The format of this timestamp is in seconds since January 1, 1970, commonly known as unix time format Before the module loader resolves imported functions, it compares the timestamp in the import descriptor table entry against the timestamp in the actual DLL that got loaded If they match and if the actual DLL was loaded at its preferred base address , then the module loader skips the loop entirely All the precomputed values are correct That's the classical model for binding There have been some changes since the original implementation, but they don't change the underlying principle Precompute the answers and associate them with a key which lets you determine whether the information against which the values were precomputed matches the information that you actually have Binding therefore is a performance optimization to address both wall-clock running time by reducing the amount of computation performed at module load time and memory consumption by reducing the number of copy-on-write pages actually written to Exercise Why is the timestamp stored in the module header Why not just use the actual file last-modified time Exercise When you rebase a DLL, does it update the timestamp IMAGE http://www.secuobs.com/revue/news/203077.shtmlhttp://www.secuobs.com/revue/news/203077.shtml Secuobs.com : 2010-03-18 20:32:03 - Rapid7 Network Security Blog - Organizations nationwide are taking note of the newest state privacy law aimed at attacking the issue of identity theft head on The new Massachusetts data privacy law, also known as MA 201 CMR 17, applies to any organization anywhere in the world that owns or licenses personal information whether stored in electronic or paper form about http://www.secuobs.com/revue/news/203076.shtmlhttp://www.secuobs.com/revue/news/203076.shtml Secuobs.com : 2010-03-18 20:17:21 - Rootsecure.net - SANS Dangers of copy paste http://www.secuobs.com/revue/news/203075.shtmlhttp://www.secuobs.com/revue/news/203075.shtml Secuobs.com : 2010-03-18 20:17:21 - Rootsecure.net - Wired Hacker Disables More Than 100 Cars Remotely http://www.secuobs.com/revue/news/203074.shtmlhttp://www.secuobs.com/revue/news/203074.shtml Secuobs.com : 2010-03-18 20:17:21 - Rootsecure.net - The Register One in four UK schoolkids admits hacking One in four UK youngsters have tried hacking into Facebook or webmail accounts, according to a new survey http://www.secuobs.com/revue/news/203073.shtmlhttp://www.secuobs.com/revue/news/203073.shtml Secuobs.com : 2010-03-18 20:17:21 - Rootsecure.net - Tech World Hackers offered 100,000 for browser and phone exploits http://www.secuobs.com/revue/news/203072.shtmlhttp://www.secuobs.com/revue/news/203072.shtml Secuobs.com : 2010-03-18 20:17:21 - Rootsecure.net - cnet How to get DRM-free PC games - Just wait http://www.secuobs.com/revue/news/203071.shtmlhttp://www.secuobs.com/revue/news/203071.shtml Secuobs.com : 2010-03-18 20:17:21 - Rootsecure.net - BBC News UK can cope with cyber attack, says Lords committee The UK is reasonably well placed to cope with a large-scale cyber attack, a report by a group of peers has said http://www.secuobs.com/revue/news/203070.shtmlhttp://www.secuobs.com/revue/news/203070.shtml Secuobs.com : 2010-03-18 20:07:18 - Global Security Mag Online - BitDefender ,éditeur de solutions de sécurité antimalwares, annonce aujourd'hui qu'une vague de diffusion de malware utilisant Facebook comme appât a débuté hier soir Sous l'apparence d'un email officiel émanant de Facebook , les utilisateurs sont prévenus du fait qu'ils doivent modifier leurs mots de passe pour des raisons de sécurité Les destinataires de cette fausse alerte sont supposés ouvrir une pièce jointe au format zip pour découvrir leurs nouveaux identifiants A la place d'un nouveau mot de - Info Malwares http://www.secuobs.com/revue/news/203069.shtmlhttp://www.secuobs.com/revue/news/203069.shtml Secuobs.com : 2010-03-18 20:07:18 - Global Security Mag Online - Orange Business Services a été sélectionné dans le Leaders Quadrant par les trois derniers rapports de Gartner Inc Sur la base de sa vision globale et de sa capacité opérationnelle, Orange Business Services a été sélectionné par Gartner pour figurer dans le Leaders Quadrant des prestataires mondiaux de services réseaux1 ainsi que dans celui des prestataires paneuropéens de services réseaux2 et enfin dans le Leaders Quadrant des prestataires de services d'externalisation des communications et - Magic Quadrant http://www.secuobs.com/revue/news/203068.shtmlhttp://www.secuobs.com/revue/news/203068.shtml Secuobs.com : 2010-03-18 20:07:18 - Global Security Mag Online - Kroll Ontrack présente trois tendances actuelles du monde du stockage de données, qui impactent sur les méthodes de récupération de données Les spécialistes Kroll Ontrack ont constaté que les volumes de données à récupérer ont été multipliés par sept depuis 2005 Ce phénomène, associé aux importants développements des architectures de stockage et aux exigences accrues sur les délais d'exécution, nécessitent des innovations majeures, pour récupérer des données, beaucoup plus complexes que pour la - Investigations http://www.secuobs.com/revue/news/203067.shtmlhttp://www.secuobs.com/revue/news/203067.shtml Secuobs.com : 2010-03-18 20:07:18 - Global Security Mag Online - Sopra Group se voit primé pour sa solution innovante De Facto Dematerisalition Factory présentée à l'occasion des E-DOC Awards sur le Salon Documentation 2010 Les E-DOC Awards récompensent des produits logiciel ou matériel , services ou procédures relatifs à la dématérialisation dans les environnements privé et public, en France et à l'étranger Pour sa première participation, Sopra Group séduit le jury par son savoir-faire en matière de traitement des identités et de dématérialisation numérisation - Business http://www.secuobs.com/revue/news/203066.shtmlhttp://www.secuobs.com/revue/news/203066.shtml Secuobs.com : 2010-03-18 20:07:18 - Global Security Mag Online - Lors d'une cérémonie qui s'est tenue le 17 mars 2010 sur le salon Pay FORUM, Keynectis s'est vu décernée le Trophée 2010 des Paiements Innovants dans la catégorie Authentification forte Publi-News, éditeur de Cartes MAG et de Systèmes de Paiement et organisateur de ces trophées, a désigné la société Keynectis, lauréate pour sa solution innovante d'authentification KAccess KAccess permet à un utilisateur de s'authentifier de façon forte en utilisant une clé USB standard ou tout autre support de masse - Business http://www.secuobs.com/revue/news/203065.shtmlhttp://www.secuobs.com/revue/news/203065.shtml Secuobs.com : 2010-03-18 20:03:26 - EFF.org Updates - Here's a movie pitch One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem There's a secret room downstairs, and ordinary employees aren't allowed to enter it Coworkers almost casually remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid Total Information Awareness logo Soon, the plot thickens Mundane technical procedures produce startling revelations He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans All this in the early 2000s, when the political atmosphere in the country after 9 11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse What happens to our hero when he finally decides to go public Even though I'd heard Mark Klein's story before, I'd never considered just how frightening and surreal his experience must have been His new memoir reads like something out of a kafka-esque sci-fi spy thriller except that it all really happened right here in the USA, just a few years ago For instance, when Klein shares his evidence with an eager reporter for the Los Angeles Times, at first he's told the story will be ground-breaking and a big front-page spread Yet, the story languishes for weeks Klein writes On Feb 11 2006 , I got a call from Joe Menn, the Los Angeles Times reporter, who told me that their top guy was going to have a meeting with the Director of National Intelligence John Negroponte himself about this story over the weekend I nearly fell down in shock they were actually negotiating with the government on whether to publish More importantly, this meant Negroponte knew about my documents and me Indeed, as ABC's Nightline revealed much later, both Negroponte and National Security Agency Director Michael Hayden pressured the LA Times to kill the story And when Klein told his story to CBS's 60 Minutes, they too eventually killed the story without explanation In the end, of course, Klein's evidence became the backbone of EFF's lawsuit against AT T for their complicity in illegal government spying Originally ignored by Senators and newspapers alike, his evidence was ultimately so damning that it could only be defeated by an unprecedented telco immunity law pushed by the Bush White House and passed by the US Congress amidst a massive public controversy EFF then relied on Klein's evidence for a case against the government, which has been met with fierce resistance by the Obama Administration Klein's journey, from quiet cubicle technician to personal enemy of the White House and Pentagon, is amazing, moving and eerie His story, Wiring Up The Big Brother Machine And Fighting It, is on sale now http://www.secuobs.com/revue/news/203064.shtmlhttp://www.secuobs.com/revue/news/203064.shtml Secuobs.com : 2010-03-18 20:03:26 - EFF.org Updates - In February, we published Digital Books and Your Rights, a checklist for readers considering buying into the digital book marketplace The folks behind the Ibis Reader ebook service have gone ahead and posted thoughtful answers to each question, inviting their users into an honest discussion about the features, policies, and practices around its software While we don't agree with all of Ibis Reader's answers, they deserve full marks for being proactive about confronting these emerging digital books issues, and for striving to be clear with its users and customers They know what's up the modern gadget hound knows to look beneath the shiny surface and ask critical questions about how open a platform is and whether or not privacy is sufficiently prioritized and protected Our Digital Books and Your Rights checklist helps guide users making that inquiry, and Ibis Reader is smart to approach current users and potential customers with openness http://www.secuobs.com/revue/news/203063.shtmlhttp://www.secuobs.com/revue/news/203063.shtml Secuobs.com : 2010-03-18 19:57:24 - Technicalinfo.net Blog - Spam takes on many different forms Sure, we're all familiar with the crap that makes it in to our inbox, but what about the other stuff - like the stuff that appears as comments in our blog entries Blog comment spam is on the rise, particularly when it's used less as a direct advertising tool and more for Search Engine Optimization SEO attacks manipulation In most cases I've observed, the SEO-orientated blog spam has been initiated by the bad guys - looking to escalate their infectious drive-by Web sites to the top of search engine results Lately though, I've noticed that a well-known security vendor - Sophos - has been employing this tactic For example, check out the following blog comment submissions pending moderation For the last few weeks there have been similarly themed comment submissions, typically initiated by the same accounts and targeting the same blog entries based upon keywords This tactic is common, and there are a number of tools designed to automated this kind of spam and SEO attack What's interesting and annoying at the same time is that this repeated spam appears to be initiated by Sophos As you'll see in the three comments above, the word malware is hyperlinked and in all cases points back to http wwwsophoscom products malware-protection I find this a pretty unsavory tactic, especially if it's initiated by a security company looking to be trusted by its customers Sophos - if you're listening - stop your comment spam campaign and end your SEO attacks It's unprofessional http://www.secuobs.com/revue/news/203062.shtmlhttp://www.secuobs.com/revue/news/203062.shtml Secuobs.com : 2010-03-18 19:43:01 - Slashdot Your Rights Online - eldavojohn writes Two months ago, Tim Berners-Lee unveiled a UK Government data project with the goal to make government data more useful for everyone Today he is calling on the rest of the world governments to become more transparent with their nonsensitive data After only a few months, his project boasts around forty applications for using government data screen shot example here The BBC article notes the interesting uses of public data in India and Brazil that are disappointingly lacking in other countries even the United States Hopefully the US's datagov will evolve to hosting apps instead of just data IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203061.shtmlhttp://www.secuobs.com/revue/news/203061.shtml Secuobs.com : 2010-03-18 19:31:53 - Hack a Day - Find yourself an old record player, a laser level, and a digital scanner and you can build a 3D scanner That s what Rob did The camera and laser level are mounted on the turntable for steady rotation The camera captures the vertical laser line traveling around the room by recording 30 fps at a resolution http://www.secuobs.com/revue/news/203060.shtmlhttp://www.secuobs.com/revue/news/203060.shtml Secuobs.com : 2010-03-18 19:29:33 - Graham Cluley's blog - The internet is ablaze with gossip about the state of Sandra Bullock's marriage to Jesse James, after it was alleged that the Oscar winner's husband was having an affair with tattoo model Michelle Bombshell McGee With such a hot trending story, it's no surprise that hackers have not been slowcoaches in exploiting the interest to their http://www.secuobs.com/revue/news/203059.shtmlhttp://www.secuobs.com/revue/news/203059.shtml Secuobs.com : 2010-03-18 19:28:17 - Security Database Tools Watch - iWep PRO is an application for the iPhone and iPod touch that allow users check if their routers are exposed to some vulnerabilities Main vulnerability is WEP WPA key calculation There are some routers that can be easily hacked just in few minutes This happens ONLY when router s factoy settings were not changed If factory settings were changed, iWep PRO is useless with your router iWep PRO is based in WEP WPA calcualtion methods found in internet You can find them on your own, and - Security Tools Vulnerability Scanner, Wireless, Configurations checks, iWep Pro IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203058.shtmlhttp://www.secuobs.com/revue/news/203058.shtml Secuobs.com : 2010-03-18 19:27:50 - Security Bloggers Network - It s not everyday that the Wyoming Highway Patrol and the NYPD get to work together, but thanks to a GPS tracking device, the two teams were able to work together to catch thieves embroiled in a major heist First the NYPD contact the Wyoming troopers to let them know to keep a watch out for http://www.secuobs.com/revue/news/203057.shtmlhttp://www.secuobs.com/revue/news/203057.shtml Secuobs.com : 2010-03-18 19:27:50 - Security Bloggers Network - Sexy headline Cool sounding story The bait is set Now just to reel me in From Wired More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto http://www.secuobs.com/revue/news/203056.shtmlhttp://www.secuobs.com/revue/news/203056.shtml Secuobs.com : 2010-03-18 19:27:50 - Security Bloggers Network - While I ve been working on Liquidmatrix now since around 98 there have been amusing moments along the way This morning I was struck with this interesting advertisement placement Apparently you can find Liquid Matrix at roughly 6500 different vendors Um, yeah http://www.secuobs.com/revue/news/203055.shtmlhttp://www.secuobs.com/revue/news/203055.shtml Secuobs.com : 2010-03-18 19:27:11 - How to remove - The file name mstime32exe has appeared in an virus analysis report You can see it on this linkThe installer is about 102 kb It may download more harmful files from the internet A good firewall can detect harmful activities and prevent them Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203054.shtmlhttp://www.secuobs.com/revue/news/203054.shtml Secuobs.com : 2010-03-18 19:27:05 - Prevx Blog - On Tuesday I went to Milan to the first day of Security Summit It is the most important Italian meeting about IT security It ends today It is always a pleasure to meet other people working in the security industry, and attend their conferences While I liked the whole organization and all the discussed topics, I'm quite perplexed about how the malware and anti-malware topics have been exposed One of the presentations in the afternoon was related to the malware evolution and new threats At the beginning the topic has been quickly moved to the uselessness of anti-virus security solutions, by explaining that they are not only unnecessary and badly written, but they actually catch only 10pourcents of malware out there I was really shocked about how a tricky and important topic like anti-malwares has been exposed The shared point of view is that anti-virus solutions are useless and they do exist only because they allow their developers to gain more money I strongly disagree with this concept and this point of view shows there is a poor knowledge about current malware panorama and how new antivirus technologies indeed work Used concept has been the following antiviruses are useless, because people must be educated before everything then to take malwares far from your PC you can just use right system policies There is an incorrect approach at the beginning of the whole concept The average user doesn't want to spend his time looking at every operating system security setting and how to set it The average user just needs to use his PC for his own job Sure, he could install a behaviour blocker software, or a pure HIPS software which would allow him to fully control what happens to his PC granted there shouldn't be any vulnerability on such softwares - not a very trivial condition Who is going to teach him what is the correct answer to every HIPS alert It's just unthinkable While I can totally agree that people must be educated about PC security, it's even true that antiviruses can see more in depth than what user eyes could see Malware is not developed with the goal to subvert the operating system and to make as much damages as possible to the system Money is the keyword People could think that it's enough to use a limited account to be safe against malware This is definitely wrong It's true running with standard limited privileges definitely helps users protecting the integrity of their systems Is this enough protection against malwares Not at all A malware executed in a standard Windows limited account can still steal information as it would have done with administrator privileges If the infected user runs a browser session, the malware can still inject its code into the browser, can still hook critical Win32 APIs inside the browser process, can still intercept what the browser is going to send out If a malware is executed inside a limited account, it can still by default steal pressed keys and logs what the user is typing If malware is run inside a limited account, it can still infect USB devices when they are plugged in the infected PC It can still run at Windows startup But would it be easier to remove Yes, true The infection would most likely stay confined to the user account and the cleanup would be almost trivial Question then become if there isn't an antivirus installed on the system, who is going to check if there's malware that is doing such stuff on the user's system Would you do that manually What happens if a user mode rootkit is running on the infected PC Sure, they can run from limited accounts too Do you think do you need to run an executable by yourself to get infected Most browsers out there Firefox and Chrome included, Internet Explorer 8 on Windows Vista 7 excluded run browser plugins using the privileges of the browser process itself This means that a flash exploit it's just an example injected in a hacked website can still drop malware in your system Is this an unlikely situation I wouldn't be so convinced about that Still, what could happen if a software developer gets infected because he was convinced his PC was protected even without using an antivirus And what happens if that malware subverts his compiler Result could be what happened to hundreds of people who got their PC infected by Win32Induc malware some months ago True, it wasn't going to damage the system, but another malware could do much more than just being a proof of concept Software is trusted, UAC permission is granted, malware is ready to hit the system With an antivirus the user could be advised about the threat Without it, surely he isn't Same thoughts are valid for file infector viruses, like Virut, Tenga, Parite They could be detected with an antivirus, otherwise they are hidden to user eyes I don't think average users are going to analyze by hand with a disassembler every file they run Antiviruses are not intended to be the all-in-one solution against malware problem Here at Prevx we are the first who are saying that the only signature-based standard approach is not anymore sufficient to fight against malware But there are even other technologies that work together with the standard detection method local heuristic techniques, intelligent behavior-based blockers, in-the-cloud technologies, all new technologies that help detecting brand new malwares and variants of already known malwares And they actually catch far more than 10pourcents of malware out there An antivirus is not the solution, but it is an important part of the security strategy that every user should have to protect his digital life http://www.secuobs.com/revue/news/203053.shtmlhttp://www.secuobs.com/revue/news/203053.shtml Secuobs.com : 2010-03-18 19:26:26 - News - Microsoft is lowering the price of licensing the Windows operating system in a virtual desktop deployment, and announcing new bundles with partner Citrix in an announcement Thursday IMAGE http://www.secuobs.com/revue/news/203052.shtmlhttp://www.secuobs.com/revue/news/203052.shtml Secuobs.com : 2010-03-18 19:26:26 - News - Alcatel-Lucent's new Ultimate Wireless Packet Core is designed to let operators get a handle on the current mobile data explosion and offer subscribers more advanced services, the company said on Thursday IMAGE http://www.secuobs.com/revue/news/203051.shtmlhttp://www.secuobs.com/revue/news/203051.shtml Secuobs.com : 2010-03-18 19:26:26 - News - Social networking sites like Facebook and Twitter are occupying more and more of users' time, according to a study released Wednesday by Retrevo Inc IMAGE http://www.secuobs.com/revue/news/203050.shtmlhttp://www.secuobs.com/revue/news/203050.shtml Secuobs.com : 2010-03-18 19:19:11 - Cryptome - March 18, 2010 http://www.secuobs.com/revue/news/203049.shtmlhttp://www.secuobs.com/revue/news/203049.shtml Secuobs.com : 2010-03-18 19:18:26 - CERT LEXSI Weblog - Nous avons décrit à plusieurs reprises sur ce blog les difficultés rencontrées par les solutions antivirales pour faire face aux infections à grande échelle, comme Conficker ou Virut Voici un autre cas, celui des doubles infections Un client nous a récemment contacté pour nous faire http://www.secuobs.com/revue/news/203048.shtmlhttp://www.secuobs.com/revue/news/203048.shtml Secuobs.com : 2010-03-18 19:17:40 - Jeff Jones Security Blog - I wasn t really planning to do a Spam of the Day every day, but this one got through all of the filters today and I found it interesting enough to share This one combines the use of E-mail spoofing the E-mail from field used my own address, read more IMAGE http://www.secuobs.com/revue/news/203047.shtmlhttp://www.secuobs.com/revue/news/203047.shtml Secuobs.com : 2010-03-18 19:14:16 - Bill Mullins' Weblog Tech Thoughts - Some Techs insist, that a fragmented Hard Drive is the primary cause of system slowdown I think the system slowdown issue is far more complex In a real sense, it is difficult to measure an increase in system performance following Hard Drive defragmentation Nevertheless, I do agree, that defragging is a positive maintenance process, and http://www.secuobs.com/revue/news/203046.shtmlhttp://www.secuobs.com/revue/news/203046.shtml Secuobs.com : 2010-03-18 19:14:16 - Bill Mullins' Weblog Tech Thoughts - Words, in good advertising, pack a punch Power words are meant to impact, to provide impetus for action, and not surprisingly, to engage your subconscious Spam, at its core is a form of advertising advertising that works Symantec Hosted Services security experts have detected patterns in spam word usage, identifying the most commonly used words Mathew Nisbet, http://www.secuobs.com/revue/news/203045.shtmlhttp://www.secuobs.com/revue/news/203045.shtml Secuobs.com : 2010-03-18 19:11:08 - Security International - The new DM8168 DaVinci video SoC offers best-in-class embedded video performance for video surveillance and video communications http://www.secuobs.com/revue/news/203044.shtmlhttp://www.secuobs.com/revue/news/203044.shtml Secuobs.com : 2010-03-18 19:06:08 - Network World on Security - Illegal file-sharers will cost the European creative industries 215bn by 2015, says Tera Consultants http://www.secuobs.com/revue/news/203043.shtmlhttp://www.secuobs.com/revue/news/203043.shtml Secuobs.com : 2010-03-18 19:06:08 - Network World on Security - O2 has slammed a UK law firm for issuing letters to web users suspected of illegal file-sharing, saying they bully or threaten consumers http://www.secuobs.com/revue/news/203042.shtmlhttp://www.secuobs.com/revue/news/203042.shtml Secuobs.com : 2010-03-18 19:06:08 - Network World on Security - A website is urging Brits to join a campaign to stop the Digital Economy Bill being rushed through parliament http://www.secuobs.com/revue/news/203041.shtmlhttp://www.secuobs.com/revue/news/203041.shtml Secuobs.com : 2010-03-18 18:50:48 - Crash Dump Analysis - Thinking again about prescriptive value-added debugging and the sin of requesting yet another memory dump from a customer for the sake of curiosity the so called further analysis Dump analysis matters, but business results matter more Aaron Erickson, The Nomadic Developer With fix-privet, Dr DebugLove - Dmitry Vostokov DumpAnalysisorg TraceAnalysisorg - Memory Dump It http://www.secuobs.com/revue/news/203040.shtmlhttp://www.secuobs.com/revue/news/203040.shtml Secuobs.com : 2010-03-18 18:50:15 - DeviceGuru - As most DeviceGuru readers are well aware, the television industry is in the midst of a major technology shift, as on-demand A V streaming from Internet sources such as Hulu and Netflix increasingly displace traditional cable and satellite entertainment services A blog post by Boxee CEO Avner Ronen published here as a guest column http://www.secuobs.com/revue/news/203039.shtmlhttp://www.secuobs.com/revue/news/203039.shtml Secuobs.com : 2010-03-18 18:43:53 - threatpost The First Stop for Security News - Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to researchers Shorten URL http threatpostes en_us Ol3 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/203038.shtmlhttp://www.secuobs.com/revue/news/203038.shtml Secuobs.com : 2010-03-18 18:25:32 - securitystream.info - Galloping Trojans ahoy Facebook has taken the unusual step of warning users about a bogus password reset scam designed to trick victims into downloading a password-stealing Trojan Related posts 1 Password reset questions dead easy to guess 2 Twitter Forces Password Reset to Protect Some Accounts 3 National Theatre hack forces password reset http://www.secuobs.com/revue/news/203037.shtmlhttp://www.secuobs.com/revue/news/203037.shtml Secuobs.com : 2010-03-18 18:25:32 - securitystream.info - The Drupal team has just released a whole heap of security advisories Drupal's Email Input Filter, Keys and Tag Order modules all contain security vulnerabilities Updated versions, in which the problems are fixed, are now available Read the full article The H Security Shorten URL http threatpostcom en_us Oqh Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us Oqh' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Cisco Patches, Updates Unified MeetingPlace 2 Mozilla Updates 3 Critical Firefox Flaws 3 Taking Vendors to Task on Security Flaws http://www.secuobs.com/revue/news/203036.shtmlhttp://www.secuobs.com/revue/news/203036.shtml Secuobs.com : 2010-03-18 18:23:46 - Seccubus Easy automated vulnerabilty scanning with Nessus and OpenVAS - I just released Seccubus version 141 on our sourceforge page The main goal of this release was to fix compatibility with Nessus 42 Thansk to Isac Balder, who provided me with a patched update-nessusrc file, Seccubus can now be used with Nessus 42, but there is a catch Nessus 42 no longer provides the port 1241 interface to users with a home license Since Seccubus uses the port 1241 interface you have to either have a professional feed license or keep using Nessus version 40 I was an unpleasant surprise to find out that Tennable pulled the port 1241 interface from the home feed version I have found a blog post on The Blog Self which explains how to automate scans with Nessus 42 so I hope to incorporate that in the near future into either Seccubus v1, v2 or both Here is the relevant portion of the change log 18-03-2010 Seccubus v141 - Nessus 42 compatibility release - Thanks Isac Balder Ticket 2954813 - Parsing of hostnames The get_hostnames routine of SeccubusWebpm does not parse the hostnames file correctly if it is a symlink to etc hosts An entry like 1234 abcmadm1 abcmadm1abclocal cvs This is a comment Returns 'abcmadm1 abcmadm1abclocal cvs This is a comment' as the hostname Ticket 2962660 - update-nessusrc not comptible with Nessus 42 Update-nessusrc did not handle Nessus 42 port 1241 connections right Thanks to Isac Balder for providing a fixes update-nessusrc file Ticket 2954186 - Still some AutoNessus references Removed last autonessus references I hope http://www.secuobs.com/revue/news/203035.shtmlhttp://www.secuobs.com/revue/news/203035.shtml Secuobs.com : 2010-03-18 18:21:51 - L'Atelier.fr Toute l'actualité - Pour éviter de recourir à la radio-fréquence dans les systèmes de captation de données vitales sur le patient, l'université de Séoul transmet les informations d'un capteur à un autre via des signaux générés sur la peau IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203034.shtmlhttp://www.secuobs.com/revue/news/203034.shtml Secuobs.com : 2010-03-18 18:21:51 - L'Atelier.fr Toute l'actualité - En identifiant les fichiers non critiques et en les déplaçant dans des serveurs de données moins énergivores, il est possible de réaliser des économies substantielles Une manière de rendre le stockage de données plus vert IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203033.shtmlhttp://www.secuobs.com/revue/news/203033.shtml Secuobs.com : 2010-03-18 18:13:16 - Hack a Day - Today s the day the Google announces this year s participant organizations in the Google Summer of Code If you re not tied down to a job this summer we hope you ll take advantage of this opportunity to learn by doing and contribute code to a great open source project all at the same time Note We re still http://www.secuobs.com/revue/news/203032.shtmlhttp://www.secuobs.com/revue/news/203032.shtml Secuobs.com : 2010-03-18 18:13:05 - On the PlayStation 3 - http://www.secuobs.com/revue/news/203031.shtmlhttp://www.secuobs.com/revue/news/203031.shtml Secuobs.com : 2010-03-18 18:12:43 - Freedom to Tinker blogs - Today, the Kentucky Supreme Court handed down an opinion in the saga of Kentucky vs 141 Domain Names described a while back here on this blog Here's the opinion This case is fascinating A quick recap Kentucky attempted a property seizure of 141 domain names allegedly involved in gambling on the theory that the domain names themselves constituted gambling devices under Kentucky law and were therefore illegal The state held a forfeiture hearing where anyone with an interest in the property could show up to defend their interest in the property otherwise, the State would order the registrars to transfer ownership of the domain names to Kentucky No individual claiming that they own one of the domain names showed up Litigation began when two industry associations iMEGA and IGC claimed to represent unnamed persons who owned these domain names and another lawyer showed up during litigation claiming representation of one specific domain name The subsequent litigation gets a bit complicated suffice it to say that the issue of standing was what got to the KY Supreme Court could an association that claimed it represented an owner of a domain name affected in this action properly represent this owner in court without identifying that owner and that the owner was indeed the owner of an affected domain name The Kentucky Supreme Court said no, that there needs to be at least one identified individual owner that will suffer harm before the association can stand in stead, ruling, Due to the incapacity of domain names to contest their own seizure and the inability of iMEGA and IGC to litigate on behalf of anonymous registrants, the Court of Appeals is reversed and its writ is vacated And on the issue of whether a piece of property can represent itself An Internet domain name does not have an interest in itself any more than a piece of land is interested in its own use Anyway, it would seem that the options for next steps include, 1 identifying at least one owner that would suffer harm, then motion back up to the Supreme Court given that merits had been argued at the Appeals level , or 2 decide that the anonymity of domain name ownership in this case is more important than the fight over this very weird seizure of domain names As a non-lawyer, I wonder if it's possible to represent an owner as a John Doe with an affidavit of ownership of an affected domain name submitted http://www.secuobs.com/revue/news/203030.shtmlhttp://www.secuobs.com/revue/news/203030.shtml Secuobs.com : 2010-03-18 18:12:09 - Wired Danger Room - The Pentagon official who allegedly boasted of running his own private team of Jason Bournes is finally speaking out Early this week, the New York Times landed a curious scoop about a freelance spy ring in Afghanistan and Pakistan that is reportedly under criminal investigation by the Defense Department Now the San Antonio Express-News has landed http://www.secuobs.com/revue/news/203029.shtmlhttp://www.secuobs.com/revue/news/203029.shtml Secuobs.com : 2010-03-18 18:11:47 - Graham Cluley's blog - A 20-year-old man has been arrested in Austin, Texas, after allegedly hacking into a computer system which caused more than 100 cars to be disabled with, in some cases, their horns blaring out repeatedly Omar Ramos-Lopez, a former employee of Texas Auto Center, a collection of 4 car dealerships in the Austin area, is suspected of http://www.secuobs.com/revue/news/203028.shtmlhttp://www.secuobs.com/revue/news/203028.shtml Secuobs.com : 2010-03-18 18:10:37 - Internet Security News - As if regular hacking wasn't bad enough, a man in Texas took it upon himself to illegally access a computer system and then go after over 100 people's cars Customers of Texas Auto Center were affected as their vehicles began to honk incessantly, or worse yet, not start Computer System Hack Leads To Disabled, Honking Cars Computer System Hack Leads To Disabled, Honking Cars IMAGE Kevin Poulsen reported, The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven't been paid for Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network The dealer can disable a car's ignition system, or trigger the horn to begin honking Only as it turns out, a dealer's ex-employee can do the same things if he gains access to the system Omar Ramos-Lopez, who was let go from Texas Auto Center last month due to his driving record, used another employee's account to wreak havoc for about five days The trouble only stopped when the dealer changed all of its Webtech Plus passwords The police then got involved prior to the password change, a malfunction of sorts had seemed possible , and they found Ramos-Lopez after sifting through IP addresses The next step involved Ramos-Lopez's arrest, and he now faces between 120 days and two years in jail if convicted on computer intrusion charges Meanwhile, it's a good bet that at least 100 Texans are reconsidering how much technology they want in their cars Maybe learning how to wield wire cutters, too Many people missed work or school due to the incident, and a fair number had their cars towed to have repairs performed This is almost enough to make you feel lucky if you lose a netbook or laptop to malware IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203027.shtmlhttp://www.secuobs.com/revue/news/203027.shtml Secuobs.com : 2010-03-18 18:10:20 - Security Bloggers Network - 看到新浪科技转译纽约时报的文章 谷歌苹果为何反目成仇 看了一眼今天早上最新的股票信息 如右图 可以看到 在当前市值方面 苹果和谷歌已经逼近他们的共同敌人和竞争对手 微软 尽管Google当前如日中天 在搜索 移动 数据 话音 能源等各个领域追逐 梦想 但苹果依靠着ipod iphone ipad的 i 字辈明星产品和乔布斯的光环 市值还是明显领先谷歌 值得注意的是 他们的市值都超越了传统的IT大厂 IBM HP Dell 在另外一幅10年股价变动对比图上 大家可以看到苹果在十年里的增值也以614pourcents遥遥领先 谷歌以423pourcents紧随其后 微软先生以-40pourcents大幅减值成功实现 乾坤大挪移 让针对微软 反垄断 浪潮部分转移到了谷歌身上 而苹果则得以在其独立王国中微笑着边数钱 边修理修理被用户踏破的门槛 下面是新浪科技的原文 导语 美国 纽约时报 昨日撰文称 谷歌和苹果这两大美国科技领域的重要公司曾经密切合作以对抗微软 如今随着谷歌不断扩大业务范围 在移动领域挑战苹果iPhone 手机上网 这一核心业务 两家公司的关系也急转直下 而施密特和乔布斯也给这场日趋激烈的竞争染上了日益浓厚的个人色彩 以下为文章全文 曾经伙伴当今对手 当时 那似乎是一段美好友谊的开始 三年前 旧金山的那个舞台 谷歌CEO埃里克 施密特 Eric E Schmidt 在MacWorld年展走上台 在聚光灯和万众瞩目下与苹果CEO史蒂夫 乔布斯 Steven P Jobs 握手 协助后者发布了一款划时代的传奇产品 iPhone 两位CEO当时宣布 谷歌和苹果展开密切协作 将谷歌的搜索和地图服务引入iPhone 施密特还开玩笑地说 双方的协作如此密切 以至于两家公司都可以合并为一家叫做 AppleGoo 的公司了 施密特对乔布斯如是说 史蒂夫 恭喜你 这款产品必将热卖 乔布斯满脸笑容地接受了这一恭维 如今 这种热情洋溢的友情已经逝去 乔布斯与施密特 苹果与谷歌 眼下正为了移动计算和智能手机的未来和版图陷入了激烈争斗 在数字化各个领域的竞争日趋白热化 在过去的六个月 苹果和谷歌在收购 专利 董事 咨询顾问以及iPhone应用程序等诸多方面针锋相对 乔布斯和施密特也在媒体以及公司内部的私下交流中猛烈抨击对方公司 这个月 苹果向中国台湾智能手机制造商宏达电提出了诉讼 指控后者侵犯了iPhone的专利 鉴于宏达电主要生产基于谷歌Android操作系统的智能手机 因此市场普遍认为 这一诉讼标志着苹果和谷歌直接展开法律纠纷的开端 苹果此举意在延缓谷歌在移动设备领域的扩张步伐 苹果认为 智能手机和平板电脑这样的移动设备应当予以严密控制 设置专利技术标准 确保消费者从苹果自身的App Store中下载应用程序 享受这些服务的便利 另一方面 谷歌希望智能手机成为公开的 非专利的平台 使得用户可以自由获取可以运行于诸多设备的应用程序 谷歌一直担心 微软与苹果等竞争对手以及Verizon等移动运营商会在智能手机等移动设备上封杀谷歌的服务 因为智能手机即将取代电脑 成为最主要的上网渠道 谷歌之所以大力推广 Android 其真正目的是为了将其在移动领域的命运掌握在自己手中 业界冷静剖析争斗 虽然苹果和谷歌的纷争牵涉到巨大的经济利益 是完全可以理解的 然而 这场争斗正日益染上强烈的个人色彩 不禁令人回忆起科技领域以往的诸多宿命对决 例如英特尔与AMD的世仇 以及微软大战群雄的场面 纽约时报 就此问题采访了二十多位科技行业观察人士 硅谷投资者以及两家公司之前及现在员工 采访发现 乔布斯和施密特的争斗异常鲜明地展示了彼此的敌意和自身的雄心 为了保住职位或是商业关系 他们大多数人都不愿具名 两人纷争的核心是一种背叛感 乔布斯认为 谷歌推出在外表 技术和操作上类似于iPhone的手机产品 背叛了两家公司当初的结盟关系 简而言之 乔布斯认为自己曾经的谷歌好友如今正向自己背后捅了一刀 据知情人士透露 在1月份推出iPad之后不久 乔布斯在一次公司内部会议激烈抨击谷歌说 我们都没进入搜索领域 他们倒是打入手机行业了 没错 谷歌想要杀死iPhone 我们绝不会让他们得逞的 一位与会员工回忆说 乔布斯在会上多次谈到谷歌的话题 甚至怒斥谷歌 勿作恶 的宗旨就是 狗屎 bullshit 台上狠话频出 台下掌声雷鸣 苹果拒绝对此置评 谷歌共同创始人拉里 佩奇 Larry Page 和谢尔盖 布林 Sergey Brin 都曾公开表示过对乔布斯的钦佩之情 谷歌也否认正与苹果交恶 谷歌发言人吉尔 哈泽贝克 Jill Hazelbaker 说 苹果是一家重要的合作伙伴 我们对过去30年苹果为科技领域所作的贡献抱有极大的敬意 施密特也在声明中写道 我仍然和很多人一样认为 乔布斯是当今世上最伟大的CEO 我极为敬佩苹果公司及乔布斯本人 虽然谷歌措辞谦和 但科技领域都以震惊和敬畏关注着两家公司之间的争斗 研究科技行业数十年的哈佛商学院教授大卫 约菲 David B Yoffie 表示 我敢肯定 这场厮杀会变得越来越丑陋 为了击败苹果 谷歌必须变得非常具有侵略性 如果谷歌成功了 苹果和iPhone将承受沉重的价格压力 一位不愿具名的硅谷知名投资者表示 他对自己所目睹的两家公司的仇视程度感到震惊 他说 这就相当于科技领域的二战 令人惊讶的憎恶正左右着科技领域两个最有权势的人 这场争斗变得情绪化 变得极具煽动性 个人关系曾经交好 乔布斯和施密特这两个硅谷老江湖 他们的风格完全不同 施密特是技术专家转行做高管 他在公众面前一直很有自制力和职业化 但以实际行动彰显自己的雄心 协同着佩奇和布林 施密特向谷歌注入了强烈的竞争意识 几乎抱有一种传道福音般的信念 相信谷歌的技术人员可以在任何方面都超过竞争对手 当然 乔布斯是一个营销和创新大师 他对苹果每个领域都施加着极权控制 自从1976年创建苹果以来 乔布斯一直都用挑战竞争对手来激励员工士气 首先是IBM 再是微软 然后是戴尔 他成功地在公众眼中树立了苹果特立独行的形象 但在这次与谷歌的最新版厮杀中 乔布斯的举动似乎变得异常情绪化 在谷歌对Android手机提起的诉讼中 乔布斯将苹果打扮成一个委屈的受害者 最终决定挺身抗争欺凌 乔布斯在提起诉讼时表示 我们可以坐视竞争对手窃取我们的专利发明 也可以对此做点什么 我们已经决定采取对策 谷歌表示 他们并不是诉讼对象 但公司会支持宏达电 一些谷歌高管私下则表示 他们担心这场诉讼会延缓Android向平板电脑的扩张步伐 阻碍他们向iPad发起挑战 另一方面 施密特也没有在公众场合遮掩对苹果的不满 1月份参加世界经济论坛时 但记者问到他对苹果新发布的平板电脑iPad的看法时 施密特直言不讳地嘲笑说 你能告诉我这个平板电脑和大号iPod touch之间的不同吗 虽然乔布斯和施密特都在上世纪七十年代进入硅谷开始职业生涯 但他们的发展道路却罕有交集 2001年是一个转变 乔布斯统帅苹果 施密特执掌谷歌 两人拥有着共同的目标 将微软的霸主地位限制在PC领域 确保比尔 盖茨 Bill Gates 的公司不会进一步控制网络服务和移动设备这一前沿领域 2006年施密特获邀进入苹果董事会 他和乔布斯当时彼此大加赞赏 在幕后 两家公司早就达成了更为密切的纽带关系 据苹果一位前高管透露 谷歌的两位创始人一直将乔布斯视为导师 在他们创业谷歌的初期 两人总是定期拜访乔布斯在加州的办公室 当时 布林曾在乔布斯位于帕洛阿尔托寓所附近 在附近的山间小路中 与他的这位导师边走边谈 一时传为佳话 据其他人回忆 布林和乔布斯谈到了科技的未来 还曾计划创业共同的企业 只是从未成为现实 两人曾协作促成苹果开发出一款面向Windows电脑的Safari浏览器 另一位谷歌前高管透露 佩奇和布林毫不掩饰他们对乔布斯的仰慕之情 将乔布斯视为他们转型管理人士的榜样 佩奇和布林不愿接受采访 但知情人士表示 两人对苹果与谷歌的关系变味感到失望 不过 两人和谷歌其他高管都认为 公司推动科技行业公开化的举措 在移动计算领域的成功具有更为重要的意义 这绝对不是仅仅想击败乔布斯的苹果 据他人回忆 施密特和乔布斯从未是密友 但施密特的一位前同事说 两人曾多次共同进餐讨论问题 乔布斯总是毫不犹豫地直接致电施密特 以表达他的看法 几位朋友说 施密特也以进入苹果董事会为荣 这一职位使得他得以直接接触乔布斯这位美国商界最为知名的人物 裂痕源于Android 然后 两人之间很快就出现了裂痕 2007年苹果iPhone 手机上网 上市热卖时 谷歌已经在悄无声息地加快了Android操作系统的研发步伐 两年之前 谷歌收购了研发Android的创业公司 当时这一交易的矛头主要指向微软 意在确保不让微软控制移动设备操作系统市场 但微软却在新兴的智能手机市场步履蹒跚 而黑莓制造商RIM和苹果却开始主导这一市场 谷歌继续推进着Android项目 逐步实施他们关于一个更为公开的手机生态系统的设想 两家公司的高管表示 随着谷歌的计划逐步成形 苹果和谷歌高管在当面会谈和电话交流时曾经多次谈到苹果对Android的顾虑 据知情人士说 两家公司当时很多次会谈都变得火药味十足 乔布斯指责谷歌剽窃苹果iPhone的功能 而谷歌高管认为 Android的功能体验是基于行业长期以来的经验技术 Android的一些功能甚至早在iPhone之前就已成形 在2008年一次气氛尤其激烈的会谈上 乔布斯恼怒地告诉谷歌高管 如果谷歌使用多点触控技术 他就要提起诉讼 多点触控技术在iPhone上广受欢迎 用户可以通过手指的分合控制设备 两位与会人士表示 那次会谈的氛围令人窒息 虽然谷歌一直对苹果保持着聆听态度 但却很少放弃自己的立场 一位谷歌前高管表示 我不觉得谷歌作出了很多调整 谷歌绝对不会被人吓到 对苹果也一样 但谷歌确实谨慎推进着Android 至少一开始是这样 2008年推出的Android第一版软件并没有配备多点触控技术 当时的 Android手机运行缓慢 外型笨重 谷歌内部人士甚至形容当时的Android手机和板砖一样 不过 随着Android手机不断改进 苹果也更加担心 当乔布斯去年结束长时间病假重返苹果时 他发现市场已经出现了以摩托罗拉Droid为代表的诸多Android手机 造型更为流线 功能显著提升 还可以同时运行多个应用程序 而这正是iPhone的一大软肋 令这场竞争更加火上浇油的是 Verizon为Droid推出了一则主题为 我所不能的一切事情 Droid都能 Everything iDon t Droid Does 对苹果iPhone的诸多缺陷极尽挖苦嘲笑之能事 随着施密特与乔布斯之间的紧张局势升温 他们的争斗也日益公开化 去年7月 当谷歌试图在iPhone推出其语音邮件管理应用Google Voice时 苹果直接以隐私忧虑为理由封杀了这款应用 施密特随后在去年8月辞去了苹果董事 虽然一方面是因为监管部门担忧两家公司关系会阻碍市场竞争 但另一方面也是因为苹果表示施密特已经不适合担任苹果董事了 乔布斯在宣布施密特辞去董事职位时 提到了谷歌的Android操作系统 他说谷歌正 不幸进入越来越多的苹果核心业务领域 并购领域双雄角逐 两家公司随后开始在竞购方面展开了对搏 去年秋天 苹果向移动广告公司AdMob提出了6亿美元的正式收购报价 AdMob主要从事手机应用内部的广告开发 iPhone也包括在内 据知情人士透露 当苹果开始进行尽职调查时 AdMob接受了45天不接受其他报价的条件 但这45天过后 苹果令人费解地没有继续推进交易 谷歌则迅速介入 或许是受苹果洽购AdMob刺激 施密特 两位创始人以及其他谷歌高管开始密切接触AdMob年轻的CEO奥马尔 哈姆里 Omar Hamoui 谷歌认为 AdMob应当成为公司大家庭一员 因为谷歌和苹果不同 在广告领域拥有丰富经验 谷歌还向AdMob员工提出了更为丰厚的条件 他们可以比苹果要约提前变现股票期权 谷歌还开出了较苹果报价高出25pourcents的收购溢价 就在AdMob非出售期结束的三天后 谷歌同意斥资75亿美元收购成立四年之久的AdMob 据知情人士称 得知这一消息后 乔布斯觉得自己遭到了排挤 因此大为光火 他猜测AdMob可能在谷歌的帮助下违反了法律义务 谷歌和AdMob都不愿对收购过程发表评论 美国联邦贸易委员会目前正在审议这一收购交易的反垄断相关问题 一位了解谷歌收购战略的知情人士表示 谷歌愿意为AdMob支付高额溢价 只要不让该公司落入苹果之手 他说 如果不是担心乔布斯收购 AdMob 谷歌绝对不会为AdMob付出75亿美元的高昂价格 但谷歌能否通过现金流实现这笔收购的价值 不可能 苹果很快作出了回击 在今年1月以近3亿美元收购了AdMob的竞争对手Quattro Wireless 标志着两家公司将在移动设备广告领域展开正面交锋 但苹果的收购战绩很快就被谷歌抢去了风头 就在同一天 谷歌推出自主研发的旗舰手机Nexus One 这款手机是谷歌和宏达电协作的成果 上面明显带有iPhone的一定影响 1月晚些时候 就在乔布斯怒斥谷歌 勿作恶 宗旨后数天 谷歌终于撕下了两家公司和谐的假象 发布了Nexus One的软件更新 加入了多点触控功能 公开越过了乔布斯此前划定的楚河汉界 两家公司员工表示 双方充满着对立情绪 显然需要一个调和人士 一位苹果员工说 我从来没见过这样的氛围 太多的公司会议都朝谷歌开炮 我都觉得有点厌烦了 对谷歌来说 他们还有微软 Facebook 雅虎以及越来越多的竞争对手 因此对苹果的敌意倒不是那么明显 毕竟 苹果iPhone在一定程度上提振了谷歌移动服务和广告的人气 不过 围绕着Google Voice的不快以及其他方面的摩擦 加剧了谷歌最担心的事情 苹果可能会阻止数百万消费者接触谷歌的服务 在Google Voice遭到苹果封杀后 谷歌很快研究出了绕过苹果封锁的手段 化解憎恶谈何容易 如果说有人可以调解这场争斗的话 那硅谷知名商业顾问比尔 坎贝尔 Bill Campbell 或许是个合适人选 坎贝尔曾经是一名大学足球队教练 出任过Intuit的CEO 也在谷歌担任了关键职位 他出席谷歌高层管理会议 每周都会与施密特进行单独会谈 帮助谷歌组建管理层结构 在施密特和谷歌创始人之间扮演了重要的桥梁角色 坎贝尔在苹果公司也有重要话语权 他是苹果联席董事长 是乔布斯在健康危机中相信的少数几个人之一 虽然坎贝尔曾试图扮演使节的角色 化解乔布斯和施密特之间的问题 但这个任务并不轻松 坎贝尔拒绝就此置评 但知情人士透露 整个去年秋天 乔布斯和施密特都要求坎贝尔断绝与对方公司的联系 甚至数次对他下达了最后通牒 知情人士说 坎贝尔最后被迫作出了选择 他辞去了在谷歌的正式职位 但仍然非正式地与谷歌高管保持联系 Lotus Development创始人 科技行业投资者米奇 卡波 Mitch Kapor 表示 谷歌和苹果的争斗就好像是新瓶装旧酒 令人不禁想到了硅谷此前几次著名的公司争斗 他认为这是当初苹果与微软的恩怨重现 苹果仍然试图控制用户体验的每个方面 而谷歌就好像当初的微软 希望携手多家合作伙伴向市场推出大量设备 卡波认为 尽管应用开发商目前青睐于iPhone 但他们也在Android领域齐头并进 严密控制在一开始或许有帮助 但长期来看会起到制约的反作用 苹果和谷歌仍然在某些领域保持着合作 谷歌每年向苹果支付数百万美元 将谷歌搜索确定为苹果网络浏览器 iPhone的默认引擎 可能还有即将上市的iPad 不过业界普遍传言 苹果准备公开与谷歌割袍断义 转而与微软签署搜索协议 将必应 Bing 搜索引擎设为iPad的默认搜索 可能还会调整 iPhone的搜索设置 一位苹果高管表示 微软网络服务部门总裁陆奇近期曾造访谷歌讨论这一交易 微软拒绝对此置评 业内人士认为 若苹果与微软签署搜索合作协议 并不会给谷歌带来明显的冲击 因为很多iPhone和iPad肯定会照常使用谷歌搜索引擎 不过微软正在搜索领域虎视眈眈 谷歌肯定不会对此掉以轻心 当然 一种情况是不可能发生的 乔布斯肯定不会因为与施密特和谷歌的恩怨 就带领苹果转而投向史蒂夫 鲍尔默 Steve Ballmer 和微软的合作怀抱 逸飞 Share To Related Posts2009 11 11 -- HP Acquiring 3Com increases the oligopoly of IT arena 7 2009 09 30 -- MSE到目前为止获得不错评价,为微软获得正分 1 2009 04 22 -- Chinese Oracle收购Sun http://www.secuobs.com/revue/news/203026.shtmlhttp://www.secuobs.com/revue/news/203026.shtml Secuobs.com : 2010-03-18 18:08:53 - Help Net Security News - Keynesis Lockngo is a portable application that encrypts and hides your portable drive on Windows AND Mac without any installation The only thing required to activate the solution is an Internet conn http://www.secuobs.com/revue/news/203025.shtmlhttp://www.secuobs.com/revue/news/203025.shtml Secuobs.com : 2010-03-18 18:07:57 - ContactlessNews Contactless Smart Cards RFID Payment Transit and Security - IMAGE Kaba Access Control recently unveiled its new E-Plex 5800 series, which features a stand-alone access control system approved by GSA to meet FIPS 201 requirements The CoreStreet Enabled E-Plex 5800 series incorporates a variety of options and features to accommodate to the customer s preferences and applications Users have two methods of handling the system without software by enrolling FIPS 201 cards right at the reader, or using software to check card validation against the Federal Bridge, import photos, set access schedules, retrieve audit trail and other features The E-Plex 5800 series is on the FIPS 201 Approved Product List and is now available for shipment http://www.secuobs.com/revue/news/203024.shtmlhttp://www.secuobs.com/revue/news/203024.shtml Secuobs.com : 2010-03-18 18:07:57 - ContactlessNews Contactless Smart Cards RFID Payment Transit and Security - Watchdata was recently declared the winner of the Asian Sesames Award with its DBS Live Fresh 3-in-1 Visa credit card entry The Asian Sesames Award aims to reward those with the best application in the field of smart card technology, developed for the Asian-Pacific market In the 3-in-1 Visa, the DBS Live Fresh embodies three powerful technologies in Watchdata s TimeCOS CeWave dual-interface technology, which is approved by Visa for Visa Smart Debit Credit and payWave It combines EMV security with the speed and convenience of Visa payWave, and transport services based on Singapore Standard for Contactless ePurse Application Consumers, who in the past needed two or more cards for various payment options, now only need one card http://www.secuobs.com/revue/news/203023.shtmlhttp://www.secuobs.com/revue/news/203023.shtml Secuobs.com : 2010-03-18 18:06:48 - The Ashimmy Blog - I know we dribble all over ourselves about the cloud and web based services Isn t it grand to be able to access stuff anywhere anytime But there is a deep, dark side to the web based world we are living http://www.secuobs.com/revue/news/203022.shtmlhttp://www.secuobs.com/revue/news/203022.shtml Secuobs.com : 2010-03-18 18:06:34 - Securosis Blog - As we wrap up our initial wave of Network Security Fundamentals, we've already discussed Default Deny, Monitoring everything, Correlation, and Looking for Not Normal Now it's time to see if we can actually get in the way of some of these nasty attacks So what are we trying to block Basically a lot of the issues we find through looking for not normal The general idea involves implementing a positive security model not just to inbound traffic default deny , but to outbound traffic as well This is called egress filtering, and in practice is basically turning your perimeter device inside out and applying policies to outbound traffic This defensive tactic ensures that non-standard ports and protocols don't make their way out of your network Filtering can also block reconnaissance tactics, network enumeration techniques, outbound spam bots, and those pesky employees running Internet businesses from within your corporate network Amazingly enough this still happens, and too many organizations are none the wiser Defining Egress Filtering Policies ---------------------------------- Your best bet is to start with recent incidents and their root causes Define the outbound ports and protocols which allowed the data to be exfiltrated from your network Yes, this is obvious, but it's a start and you don't want to block everything Not unless you enjoy being ritually flayed by your users Next leverage the initial steps in the Fundamentals series and analyze correlated data to determine what is normal Armed with this information, next turn to the recent high-profile attacks getting a lot of airtime Think Aurora and learn how that attack exfiltrates data custom encrypted protocol on ports 443 For such higher-probability attacks, define another set of egress filtering rules to make sure you block or at least are notified when you have outbound traffic on the ports used during the attacks You can also use tighter location-based filtering policies, like not allowing traffic to countries where you don't do business This won't work for mega-corporations doing business in every country in the world, but for the other 9999pourcents of you, it's an option Or you could enforcing RFC standards on Port 80 and 443 to make sure no custom protocol is hiding anything in a standard HTTP stream Again, there are lots of different ways to set up your egress filtering rules Most can help, depending on the nature of your network traffic, none are a panacea Whichever you decide to implement, make sure you are testing the rules in non-blocking mode first to make sure nothing breaks Blocking or Alerting -------------------- As you can imagine, it's a dicey proposition to start blocking traffic that may break legitimate applications So take care when defining these rules, or take the easy way out and just send alerts when one of your egress policies is violated Of course, the alerting approach can and probably will result in plenty of false positives, but as you tune the policies, you'll be able to minimize that Which brings up the hard truth of playing around with these policies There are no short cuts Vendors who talk about self-defending anything, or learning systems, or anything else that doesn't involve the brutal work of defining policies and tuning them over time until they work in your environment, basically doesn't spend enough time in the real world 'nuff said To finish our discussion of blocking, again think about these rules in terms of your IPS You block the stuff you know is bad, and you alert on the stuff you aren't sure about Let's hope you aren't so buried under alerts that something important gets by, but that's life in the big city No Magic Bullets ---------------- Yes, we believe egress filtering is a key control in your security arsenal, but as with everything else, it's not a panacea There are lots of attacks which will skate by undetected, including those that send traffic over standard ports So once again, it's important to look at other controls to provide additional layers of defense These may include outbound content filtering, application-aware perimeter devices, deep packet inspection, and others More Network Security Fundamentals ---------------------------------- I'm going to switch gears a bit and start documenting Endpoint Security Fundamentals next week, but be back to networks soon enough, getting into wireless security, network pen testing, perimeter change control, and outsourced perimeter monitoring Stay tuned - Mike Rothman 0 Comments IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203021.shtmlhttp://www.secuobs.com/revue/news/203021.shtml Secuobs.com : 2010-03-18 18:01:55 - MSRC Ecosystem Strategy Team - IMAGE Handle Silver Surfer IRL Mike Reavey Rank Director, MSRC Likes Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I m here at the second edition of the BlueHat Security Forum, this time in Buenos Aires So far it is shaping up to be an immensely successful event We started the day off with a welcome announcement from Hernán Rincón, president of Microsoft Latin America, and have more technical insights to come, some scary and some more reassuring, in the typical BlueHat fashion We have near 100 attendees with us here today from across Latin America Countries including Brazil, Argentina, Mexico and Peru are represented Attendees span local and regional business and industry, government, academia, CERTs and security researcher communities The thematic focus will range from e-crime attacks, the vulnerability economy and the regional threat landscape, cloud security, mobile security, embedded devices, social networks and the web 20 community, and last but surely not least, the Microsoft Security Response Center processes and integration of a Security Development Lifecycle To learn about out the presenters taking the podium today, check out Celene s announcement post for a deeper look IMAGE In our continued efforts to evolve BlueHat and keep content innovative and relevant, we ve taken an idea from our friends at H2HC and kicked off our event by hosting a panel entitled Hackers and you We have invited Ivan Arce, co-founder of Core Security Technologies Rodrigo Rubira Branco, Hacker to Hacker Conference H2HC organizer local security researcher and previous BlueHat speaker, Manuel Caballero You Sh0t the Sheriff YSTS conference organizer, Luiz Eduardo Felix FX Lindner, head of Recurity Labs and PH-Neutral fame Damian Hasse, Principal Security Development Manager of the MSRC MSEC and Nico Waisman of Immunity to contribute their thoughts around the term hacker what it means to be one, how it differs throughout regions, and how to keep hackers part of an effective enterprise security team The panel was moderated by our own Andrew Cushman, senior director of Trustworthy Computing at Microsoft, and offered a variety of unique insights There was a ton of good commentary, Rodrigo mentioned how the security researcher community really drove broad awareness and vendor responsiveness FX spoke about how understanding a system is the best way for strong defense and highlighted approaches such as the Elevation of Privilege Eop card game produced by our SDL team From the MSRC perspective, Damian shared how he s made an effort to keep an active hacker mindset as part of an effective security team within Microsoft Ivan closed the commentary by highlighting how BlueHat provides a platform for seemingly disparate groups of attendees to effectively engage where they may not otherwise have the opportunity to do so with typical formal communication methods He encouraged all attendees to look to their neighbors in the audience and take advantage of such experiences to seize and create strategic, mutually beneficial opportunities IMAGE We have strategically partnered with Security Week, a Microsoft hosted event put on by the local Microsoft office in the region This partnership allows us to bring security and privacy information to local IT Pros, BDMs and Policy Makers So far this Security Week Buenos Aires installment has reached more than 500 people, providing over 40 presentations throughout the course of the week If you haven t seen the recent posts by BlueHat Security Forum members, check out Manuel Caballero and FX s insights and stay tuned for future updates Nothing like bringing the legitimate security space of Latin America together and creating a melting pot of new ideas and relationship-bridging This might even beat the lomo J - Mike Postings are provided AS IS with no warranties, and confers no rights IMAGE http://www.secuobs.com/revue/news/203020.shtmlhttp://www.secuobs.com/revue/news/203020.shtml Secuobs.com : 2010-03-18 18:00:49 - Security - Web 20 and social media are driven by user-generated content In return for producing content, users want to receive information or experiences that encourage them to revisit a given site In this cycle, sites can monetize the user experience by utilizing advertising to generate profits from users visits and eventual patronage from advertisers By and large, users resist paying for contexts such as social networks where they post their own content, like pictures, status updates, or videos For this model to perpetuate, each participant must uphold their contribution sites must generate an attractive experience, advertisers must present relevant content to user interests, and users must provide content or consume advertisements If advertising is overrun by malicious code, users may be driven to abandon a site that is deemed dangerous, or take steps to block advertising Many users adopting the same approach could hurt the existing business model, resulting in a financial risk to sites that are based on advertising revenue http://www.secuobs.com/revue/news/203019.shtmlhttp://www.secuobs.com/revue/news/203019.shtml Secuobs.com : 2010-03-18 17:56:48 - Computer Security News - A bug in Microsoft's software gives hackers a way to exploit virtual Windows machines which would be attack-proof if they were running on real hardware, a researcher said http://www.secuobs.com/revue/news/203018.shtmlhttp://www.secuobs.com/revue/news/203018.shtml Secuobs.com : 2010-03-18 17:50:49 - LinuxSecurity.com Latest News - LinuxSecuritycom The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers http://www.secuobs.com/revue/news/203017.shtmlhttp://www.secuobs.com/revue/news/203017.shtml Secuobs.com : 2010-03-18 17:50:49 - LinuxSecurity.com Latest News - LinuxSecuritycom Client configuration can be just as big of problem as the set up for the server One of the problems is that not all clients, both Linux and Windows, are capable of handling TLS or SMTP AUTH That is getting better but it is still a problem One great alternative client is Thunderbird, Icedove if you are on Debian Here is a step by step approach to setting up the Thunderbird client for TLS and SMTP AUTH http://www.secuobs.com/revue/news/203016.shtmlhttp://www.secuobs.com/revue/news/203016.shtml Secuobs.com : 2010-03-18 17:41:33 - F Secure Antivirus Research Weblog - We regularily learn of cases where criminals have gained access credit card numbers via keyloggers, skimmers or online hacks Once they have card numbers, they basically have three ways to turn the credit card numbers into cash Sell them Make fraudulent purchases on them Create real-world cards out of them To create real-world cards, you need blank cards to start with These are known in the underground as blank plastic And there are online stores for blank plastic Here are some pictures from one cards Above Collection of blank Visa and Master Card cards cards Above Gold embossing demo Still missing the hologram sticker cards Above Finished product Notice the card holders name PS Also see our post about credit card holograms On 18 03 10 At 03 42 PM http://www.secuobs.com/revue/news/203015.shtmlhttp://www.secuobs.com/revue/news/203015.shtml Secuobs.com : 2010-03-18 17:39:02 - Crash Dump Analysis - Today we introduce an icon for Optimized Code pattern B W Color With fix-privet, Dr DebugLove - Dmitry Vostokov DumpAnalysisorg TraceAnalysisorg - Memory Dump It http://www.secuobs.com/revue/news/203014.shtmlhttp://www.secuobs.com/revue/news/203014.shtml Secuobs.com : 2010-03-18 17:36:47 - Les derniers documents du CERTA. - De multiples vulnérabilités présentes dans Google Chrome permettent à un utilisateur malintentionné distant de provoquer un déni de service, de contourner la politique de sécurité ou d'exécuter du code arbitraire http://www.secuobs.com/revue/news/203013.shtmlhttp://www.secuobs.com/revue/news/203013.shtml Secuobs.com : 2010-03-18 17:36:47 - Les derniers documents du CERTA. - Une vulnérabilité dans le module optionnel mm_forum de TYPO3 permet une injection de code indirecte à distance http://www.secuobs.com/revue/news/203012.shtmlhttp://www.secuobs.com/revue/news/203012.shtml Secuobs.com : 2010-03-18 17:32:38 - threatpost The First Stop for Security News - It seems that the HTC Magic phone distributed by Vodafone in Spain that security researchers discovered recently was pre-loaded with the Mariposa bot client was not an isolated incident after all, as the concerned party had claimed An employee of another Spanish security vendor found the same malware pre-installed on the same model phone this week bought directly from Vodafone Shorten URL http threatpostcom en_us Oqz Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/203011.shtmlhttp://www.secuobs.com/revue/news/203011.shtml Secuobs.com : 2010-03-18 17:32:38 - threatpost The First Stop for Security News - Whatever the Chaos Computer Club's name suggests, Europe's largest hacker group is not intent on bedlam Read the full article BBC News Shorten URL http threatpostcom en_us Oqu Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/203010.shtmlhttp://www.secuobs.com/revue/news/203010.shtml Secuobs.com : 2010-03-18 17:18:27 - securitystream.info - The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year's Pwn2Own hacker challenge and his thoughts on improvements in Apple's Mas OS X Shorten URL http threatpostcom en_us Oqv Click to copy to clipboard or post to Twitter ZeroClipboardsetMoviePath 'http threatpostcom sites all modules threatpost_tweaks ZeroClipboardswf' var clip new ZeroClipboardClient clipsetHandCursor true clipsetText 'http threatpostcom en_us Oqv' clipglue 'short_url_link' , 'short_url_cont' Related posts 1 Charlie Miller on Safari Bugs, Predictions for PWN2OWN and Mobile Security 2 Pwn2Own Predictions Apple iPhone Will Fall 3 CanSecWest Pwn2Own Hacker Contest Targets Smartphones http://www.secuobs.com/revue/news/203009.shtmlhttp://www.secuobs.com/revue/news/203009.shtml Secuobs.com : 2010-03-18 17:16:02 - root labs rdist - Last time, we asked the question What is the difference between analog and digital logic We identified two areas noise and dynamic range The latter limitation is that you can t have an infinite or even very high voltage, so analog logic will always have some maximum value it can represent With digital logic, you just http://www.secuobs.com/revue/news/203008.shtmlhttp://www.secuobs.com/revue/news/203008.shtml Secuobs.com : 2010-03-18 17:15:13 - Packet Storm Security Last Files - Debian Linux Security Advisory 2015-1 - A local vulnerability has been discovered in drbd8 http://www.secuobs.com/revue/news/203007.shtmlhttp://www.secuobs.com/revue/news/203007.shtml Secuobs.com : 2010-03-18 17:15:09 - Packet Storm Security Headlines - http://www.secuobs.com/revue/news/203006.shtmlhttp://www.secuobs.com/revue/news/203006.shtml Secuobs.com : 2010-03-18 17:15:09 - Packet Storm Security Headlines - http://www.secuobs.com/revue/news/203005.shtmlhttp://www.secuobs.com/revue/news/203005.shtml Secuobs.com : 2010-03-18 17:07:59 - Hack a Day - Joel has a very specific color temperature of lighting he wants in his home So specific, he s decided to build his own LED lighting to get it Actually, he s still searching for that perfect shade of white, but doing so has learned a lot He initially made some very pretty PCBs, but then found that http://www.secuobs.com/revue/news/203004.shtmlhttp://www.secuobs.com/revue/news/203004.shtml Secuobs.com : 2010-03-18 17:05:36 - Graham Cluley's blog - The Australian spam watchdog has fined Virgin Mobile AU 22,000 approximately 13,200 after the company was found to have sent emails to customers who had opted out of receiving promotions According to a report in the Sydney Morning Herald, the Australian Communications and Media Authority ACMA received complaints from Virgin Mobile customers who had requested not http://www.secuobs.com/revue/news/203003.shtmlhttp://www.secuobs.com/revue/news/203003.shtml Secuobs.com : 2010-03-18 17:05:16 - Zero Day - Experts are predicting that hackers at this year's CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability IMAGE http://www.secuobs.com/revue/news/203002.shtmlhttp://www.secuobs.com/revue/news/203002.shtml Secuobs.com : 2010-03-18 17:04:39 - SearchSecurity Security Wire Daily News - Microsoft said it has no plans to alter the Windows Virtual PC environment IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203001.shtmlhttp://www.secuobs.com/revue/news/203001.shtml Secuobs.com : 2010-03-18 17:04:05 - Security Database Tools Watch - New extensions added Framework Detector added Category Information Gathering - Enumeration and footprinting Framework Detector can automatically detect JavaScript framework s used in current page Can detect more than 70 popular JavaScript frameworks, libraries and components, including Backbase, Dojo Dijit, Echo, ExtJS, GWT, ICEfaces, jQuery, MooTools, Nitobi, Prototype, qooXdoo, Rialto, Rico, scriptaculous, SmartClient, Spry, TinyMCE, YUI and many others Based on WTFramework - Security Tools Firefox, Application Scanner, Framework, FireCAT IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/203000.shtmlhttp://www.secuobs.com/revue/news/203000.shtml Secuobs.com : 2010-03-18 17:03:48 - Security Bloggers Network - Anyone know I didn t write a book with Anton Chuvakin last year If not, I ll tell you ALL about it OK, seriously, I know I ve talked a lot about it here If you have not bought it and are still skeptical, go check out the sample chapter we have posted on CSO Online This chapter, entitled http://www.secuobs.com/revue/news/202999.shtmlhttp://www.secuobs.com/revue/news/202999.shtml Secuobs.com : 2010-03-18 17:03:48 - Security Bloggers Network - It has been nine days since my last post I can't believe I left it so long and a lot has happened since I last posted It is now only 19 days until the legislative changes allowing the ICO to up their game and is given real teeth I have been very b http://www.secuobs.com/revue/news/202998.shtmlhttp://www.secuobs.com/revue/news/202998.shtml Secuobs.com : 2010-03-18 17:03:48 - Security Bloggers Network - Smart Grid RoadShow The Westin Cincinnati Hotel Cincinnati, Ohio USA Booth 15 More information http://www.secuobs.com/revue/news/202997.shtmlhttp://www.secuobs.com/revue/news/202997.shtml Secuobs.com : 2010-03-18 17:03:48 - Security Bloggers Network - CS Week Conference 34 Gaylord Opryland Music City, USA Booth 803 More Information http://www.secuobs.com/revue/news/202996.shtmlhttp://www.secuobs.com/revue/news/202996.shtml Secuobs.com : 2010-03-18 17:02:28 - Musings of an Over Grown Dwarf - I like it when old technologies and known scientific facts are used in a new way that makes them pure genius A discovery of old, which will change the future Ingenia Technology Limited today launches an exciting breakthrough proprietary technology, developed by Imperial College London and Durham University - the Laser Surface Authentication system LSA The LSA system recognises the inherent 'fingerprint' within all materials such as paper, plastic, metal and ceramics The LSA system is a whole new approach to security and could prove valuable in the war against terrorism through its ability to make secure the authenticity of passports, ID cards and other documents such as birth certificates This technological breakthrough has been masterminded by Professor Russell Cowburn, Professor of Nanotechnology in the Department of Physics at Imperial College London Every paper, plastic, metal and ceramic surface is microscopically different and has its own 'fingerprint' Professor Cowburn's LSA system uses a laser to read this naturally occurring 'fingerprint' The accuracy of measurement is often greater than that of DNA with a reliability of at least one million trillion The inherent 'fingerprint' is impossible to replicate and can be easily read using a low-cost portable laser scanner This applies to almost all paper and plastic documents, including passports, credit cards and product packaging More on the science behind this A unique 'fingerprint' is formed by microscopic surface imperfections on almost all paper documents, plastic cards and product packaging That is what makes it possible to develop a much cheaper system to combat fraud This inherent identity code is virtually impossible to modify It can easily be read using a low-cost portable laser scanner Since all non-reflective surfaces have naturally occurring roughness that is a source of physical randomness, our technology can provide in-built security for a range of objects such as passports, ID and credit cards and pharmaceutical packaging It can be cheaper and more reliable than current methods such as holograms and security ink Our research team used the optical phenomenon of 'laser speckle' to examine the fine structure of different surfaces using a focused laser We tried the technique on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging The result was a clear recognition between the samples This continued even after they were subjected to rough handling, including submersion in water, scorching, scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker The beauty of this system is that we do not need to modify the item being protected in any way with tags, chips or ink - it is as if documents and packaging had their own unique DNA This makes protection secret, simple to integrate into the manufacturing process and immune to attack It can be applied retrospectively and is no threat to personal privacy Look for this at the immigration desk verifying your passport, five years from now Gadi Evron, ge linuxboxorg Follow me on twitter http twittercom gadievron http://www.secuobs.com/revue/news/202995.shtmlhttp://www.secuobs.com/revue/news/202995.shtml Secuobs.com : 2010-03-18 17:02:08 - News - Facebook's 400 million users have been targeted by a spam run that could infect their computers with malicious software designed to steals passwords and other data, according to security researchers at McAfee IMAGE http://www.secuobs.com/revue/news/202994.shtmlhttp://www.secuobs.com/revue/news/202994.shtml Secuobs.com : 2010-03-18 17:02:08 - News - The Wall Street Journal and National Public Radio have announced plans to create Flash-free versions of their websites for iPad users IMAGE http://www.secuobs.com/revue/news/202993.shtmlhttp://www.secuobs.com/revue/news/202993.shtml Secuobs.com : 2010-03-18 17:02:08 - News - Microsoft's new browser, Internet Explorer 9, will not run on Windows XP, now or when the software eventually ships, the company confirmed IMAGE http://www.secuobs.com/revue/news/202992.shtmlhttp://www.secuobs.com/revue/news/202992.shtml Secuobs.com : 2010-03-18 17:02:08 - News - Microsoft offers new licensing and technology to spur virtual desktop usage IMAGE http://www.secuobs.com/revue/news/202991.shtmlhttp://www.secuobs.com/revue/news/202991.shtml Secuobs.com : 2010-03-18 17:01:44 - Help Net Security News - The recent de-peering of the AS-Troyak ISP and its consequent struggle and relative success to reconnect to the Internet has put into the spotlight the tangled web of connections and C Cs that is http://www.secuobs.com/revue/news/202990.shtmlhttp://www.secuobs.com/revue/news/202990.shtml Secuobs.com : 2010-03-18 16:59:29 - tssci security - I ve posted an entry over on my employer s blog on Penetrating Intranets through Adobe Flex Applications I ve also released a new tool along with it, called Blazentoo This tool exploits insecurely configured BlazeDS Proxy Services, potentially allowing you to browse internal web sites You can download Blazentoo from GDS tools page Also, be sure http://www.secuobs.com/revue/news/202989.shtmlhttp://www.secuobs.com/revue/news/202989.shtml Secuobs.com : 2010-03-18 16:56:27 - Channel 9 - IMAGE At TechFest this year I met with Desney Tan and Dan Morris who showed me several very interesting systems, each of which allows your body to become the input device for hardware Granted, this hardware was literally put together with tape and exposed wires that just increases the cool, IMHO , but this proof of concept worked incredibly well considering its fragility Also, Desney really could use a metronome and some time spent practicing Guitar Hero Dan showed us how we might interact with devices by using our body as a control device By tapping in a specific area on your arm you are able to navigate, read email, or play games http://www.secuobs.com/revue/news/202988.shtmlhttp://www.secuobs.com/revue/news/202988.shtml Secuobs.com : 2010-03-18 16:52:12 - Bill Mullins' Weblog Tech Thoughts - Take a closer look at ReadyBoost features in Windows 7 ReadyBoost is a still a part of the Microsoft Windows 7 operating system, so Greg Shultz examines its features in more detail MySpace User Data For Sale Social networking just became a little riskier to your privacy Information from MySpace is now for sale http://www.secuobs.com/revue/news/202987.shtmlhttp://www.secuobs.com/revue/news/202987.shtml Secuobs.com : 2010-03-18 16:49:34 - RTLS Real Time Location and Security - Bloomfield, CT - March 16th, 2010 - Rauland-Borg, the leader in Healthcare Nurse Call Systems and Visonic Technologies a global provider of scalable Active RFID RTLS based safety, security and management solutions for the healthcare industry announce the integration of Elpas RTLS technology with the Responder 5 Nurse Call System This joint collaboration between Visonic Technologies and Rauland-Borg provides Responder 5 with real-time staff presence functionality throughout the hospital to room and sub-room level accuracy, automatic visual indication that a patient's needs are being responded to and automatic nurse call cancellation The ability to locate caregivers is one of the primary challenges hospitals face when it comes to streamlining the delivery of safe and effective care Improving staff response times to emergencies and special situations is a great example of how Elpas RTLS technology using existing wired or wireless Ethernet Wi-Fi networks can be applied to benefit hospitals using the Responder 5 Nurse Call system Knowing the location of the required caregiver or location of where the medical incident is occurring to room level and with sub-room level precision in real-time, can mean a world of difference to the medical outcome said Harry Murray, President Visonic Technologies America Besides improving the quality of patient care, the combination of Elpas RTLS with Responder 5 will also help hospitals reduce the amount of manual reporting required from staff and facilitate care giver guideline compliance Hospitals may easily leverage their Elpas RTLS investment to enhance other areas of patient and personnel safety including infant baby protection in maternity wards, staff attack duress alerting and wandering patient supervision Elpas Active RFID RTLS can also be scaled to manage mobile medical assets in order to reduce shrinkage and lower maintenance related labor costs without degradation to RTLS Responder-5 functionality About Visonic Technologies Visonic Technologies VT is a fully owned subsidiary of The Visonic Group vscTA and is a global provider of scalable Active RFID RTLS based safety, security and management solutions for the healthcare industry and leverage wired or wireless Ethernet Wi-Fi networks VT delivers out-of-the-box as well as custom tailored risk mitigation tools that enhance patient and personnel safety, infant protection delivers comprehensive asset management lessens negligence litigation and facilitates industry guideline compliance The company currently serves customers throughout the Americas, the UK, EMEA and Asia-Pacific About Rauland-Borg For over 80 years, Rauland-Borg has been the industry leader in manufacture and design of communications and life-safety equipment for institutional environments Rauland Responder Nurse Call combines traditional nurse call components with the latest technology and software management tools Responder systems offer fast, complete and flexible solutions for staff-to-staff and staff-to-patient communication resulting in enhanced productivity and higher standard of patient care For more information on Responder Nurse Call Systems, visit wwwraulandcom Contact Talia Savir Marketing Communications Coordinator-Visonic Technologies Tel 972 3 7681400 Fax 972 3 7681415 E-mail talias visonictechcom Web Site wwwvisonictechcom http://www.secuobs.com/revue/news/202986.shtmlhttp://www.secuobs.com/revue/news/202986.shtml Secuobs.com : 2010-03-18 16:45:51 - Roer.com Information Security blog - cat n mouseAfter an international take-down effort, a rogue ISP responsible for controlling large numbers of computers infected with data-stealing code is down for the moment, but it may be reconnecting with the Internet, according to security researchers Troyak, which is believed to be based in eastern Europe, was knocked offline earlier this month after other networks supplying its connectivity to the Internet stopped carrying its traffic due to complaints it was complicit in cybercrime Since then the network has fought a cat-and-mouse game with network providers in 12 countries and international law enforcement, according to Jart Armin, the pseudonymous editor of the Hostexploitcom Web site, which has been involved in the action Troyak is still fighting hard, as it is the only link to the outside Internet for a few criminal groups , he said in an e-mail interview Troyak and another ISP, Group 3, provided connectivity for 90 of 249 servers used to control Zeus, a sophisticated piece of malware that steals financial credentials and other data Group 3 has also been disconnected At this point, Troyak's reputation is so sullied that it is becoming difficult for it to find other ISPs to carry its traffic on the Internet That's an important point, because for Troyak to resume operations, it must find another company or organization that it can peer with in order to be reconnected to the Internet Currently, even with Troyak offline, there are still 180 Zeus command-and control servers online, Armin said Most of these are located in Russia and the Ukraine, however, making it easier for security researchers and law enforcement to stay on top of the problem They're being pushed back into their own territory, Armin said On Sunday night, Troyak operators apparently hacked into servers in Latvia to get connectivity via an academic network in the country But that effort was shut down with the help of Latvian law enforcement, Armin said On Monday, it appeared Troyak had peered with two upstream providers, wrote Mary Landesman, senior security researcher at ScanSafe, which is owned by Cisco Systems But that action appeared to be temporary, and as of Wednesday, Troyak was dead Read More img http wwwguzercom http://www.secuobs.com/revue/news/202985.shtmlhttp://www.secuobs.com/revue/news/202985.shtml Secuobs.com : 2010-03-18 16:45:51 - Roer.com Information Security blog - laptop stolenThe Information Commissioner's Office ICO has reported that the Royal London Mutual Insurance Society lost eight laptops and the personal details of 2,135 people It has declared that the insurance provider breached the Data Protection Act when the laptops were stolen from the company's Edinburgh offices Two of the laptops contained the information, and the individuals affected were employees of various firms that had sought pension scheme illustrations The ICO reported that the two laptops were unencrypted, but were password protected An internal report established that the company was uncertain about the precise location of the laptops at any given time and that physical security measures were inadequate The report also revealed that managers were not aware that personal information was stored on any of the laptops, which meant no additional precautions to control and secure the data had been taken Michael Yardley, group chief executive officer of the Royal London Mutual Insurance Society, has now signed an official undertaking to ensure that portable and mobile devices including laptops are encrypted Mick Gorrill, head of enforcement at the ICO, said It is particularly concerning that the organisation was unaware of the whereabouts of the laptops at any given time or what information they held All staff members should be fully aware of the policies and procedures in place to safeguard personal information and should be appropriately trained Read more img wwwperpturkeycom http://www.secuobs.com/revue/news/202984.shtmlhttp://www.secuobs.com/revue/news/202984.shtml Secuobs.com : 2010-03-18 16:41:25 - Light Blue Touchpaper - As on two previous occasions, I ve been acting as specialist adviser to a House of Lords Committee This time it was the European Union Committee, who held an inquiry into Protecting Europe against large-scale cyber-attacks The report is published today and is available in PDF and in HTML It s been covered by The Telegraph, the BBC, http://www.secuobs.com/revue/news/202983.shtmlhttp://www.secuobs.com/revue/news/202983.shtml Secuobs.com : 2010-03-18 16:40:50 - Journal du Net Solutions l'actualité en bref - Une campagne de phishing ciblant les abonnés du réseau social Facebook a été lancée depuis quelques jours L'alerte a été don http://www.secuobs.com/revue/news/202982.shtmlhttp://www.secuobs.com/revue/news/202982.shtml Secuobs.com : 2010-03-18 16:25:00 - adafruit industries blog - From the Opening Hardware workshop EYEBEAM The first Arduino ever made was on display We all agree open sourcing hardware is important, and as practitioners, many of us have been involved in work, research and talks about it To date, no universal right solution exists While Creative Commons licenses are widely used for software, http://www.secuobs.com/revue/news/202981.shtmlhttp://www.secuobs.com/revue/news/202981.shtml Secuobs.com : 2010-03-18 16:23:48 - threatpost The First Stop for Security News - Hackers at this year s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability That s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week s hacker challenge Shorten URL http threatpostcom en_us Oqs Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/202980.shtmlhttp://www.secuobs.com/revue/news/202980.shtml Secuobs.com : 2010-03-18 16:09:15 - Slashdot Your Rights Online - Interoperable writes The status of sharing music in Canada is, to some extent, ambiguous This is partly due to a levy imposed on blank media, CD-Rs and cassette tapes, that compensates artists and the recording studios for a loss of revenue due to copying Legislation proposed by the NDP and supported by the Bloc Quebecois would extend that levy to cover MP3 players with the intent of decriminalizing audio file sharing for Canadian citizens The proposed legislation, however, faces opposition from the governing Conservative party the Liberal party has agreed to discuss the proposed bill IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202979.shtmlhttp://www.secuobs.com/revue/news/202979.shtml Secuobs.com : 2010-03-18 16:08:48 - L'Atelier.fr Toute l'actualité - Le portable et les services dédiés participent au dynamisme du pays, notamment par l'augmentation du poids de l'industrie dans l'emploi IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202978.shtmlhttp://www.secuobs.com/revue/news/202978.shtml Secuobs.com : 2010-03-18 15:57:20 - Hack a Day - An accurate drill press is an essential tool for making your own through-hole printed circuit boards at home Reader Josh Ashby offers up a solid design using scrap bin materials A major issue with PCB drilling is that even the slightest horizontal play will snap the delicate carbide drill bit Hobbyist-grade tools such as Dremel s drill http://www.secuobs.com/revue/news/202977.shtmlhttp://www.secuobs.com/revue/news/202977.shtml Secuobs.com : 2010-03-18 15:56:07 - eWeek Security Watch - An analysis of the words used by spamming botnet shows that there are patterns within the millions of messages blasted out into user inboxes each day IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202976.shtmlhttp://www.secuobs.com/revue/news/202976.shtml Secuobs.com : 2010-03-18 15:52:37 - Musings of an Over Grown Dwarf - A Mafia boss was caught because of his using Facebook, while unrelated to that the EFF released the result of their Freedom of Information request for material on how law enforcement uses social networking to investigate suspects under cover The SEC moved to freeze portfolios and accounts following attacks by a Russian hacker, who manipulated stocks InfoSecurity magazine has a story on espionage in sport, mentioning how where there's a motive, cyber-crime follows And of course, the leading story which I discovered thanks to a post on Facebook by Dave Aitel is how an hacker if that is a descriptive word in this case broke into 100 cars to cause inconvenience, such as honking, or immobilizing customer the cars He hijacked the remote control system web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments by logging on with an account of an employee He used to be an employee himself, until fired later on Gadi Evron, ge linuxboxorg Follow me on twitter http twittercom gadievron http://www.secuobs.com/revue/news/202975.shtmlhttp://www.secuobs.com/revue/news/202975.shtml Secuobs.com : 2010-03-18 15:52:15 - Roer.com Information Security blog - another flawA bug in Microsoft's software gives hackers a way to exploit virtual Windows machines which would be attack-proof if they were running on real hardware, a researcher said today The flaw is in some of Microsoft's virtualization software, including Windows XP Mode, the free add-on for Windows 7 that lets users of the newer OS run older applications in a virtual machine Core Security went public with information about the flaw yesterday, seven months after reporting the problem, because Microsoft declined to patch it They don't believe this requires a patch, Ivan Arce, CTO of Core Security, said in an interview today They said that they would address it with an update or in a service pack some time in the future We believe this needs to be fixed sooner Microsoft confirmed that it doesn't consider the bug in Virtual PC, Virtual PC 2007 and Virtual Server 2005 a security hole The functionality that Core calls out is not an actual vulnerability per se, said Paul Cooke, a director for Microsoft who manages enterprise security technology in Windows group Instead, they are describing a way for an attacker to more easily exploit security vulnerabilities that must already be present on the system, he continued It's a subtle point, but one that folks should really understand Core and Microsoft don't disagree on the facts, said Arce The flaw makes it possible for hackers to bypass several major Windows security defenses, including DEP data execution prevention and ASRL address space layout randomization , that are designed to deflect some types of attacks against Windows XP, Vista and Windows 7 Read More img michaelsinsighttypepadcom IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202974.shtmlhttp://www.secuobs.com/revue/news/202974.shtml Secuobs.com : 2010-03-18 15:52:15 - Roer.com Information Security blog - domainLaw enforcement officials in the UK and US are pushing the Internet Corporation for Assigned Names and Numbers to put in place measures that would help reduce abuse of the domain name system Now it is ridiculously easy to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations for the UK's Serious Organised Crime Agency SOCA Domain names can be used for all kinds of criminal activity, ranging from phishing to trademark abuse to facilitating botnets Law enforcement often run into difficulty when investigating those domains, as criminals use false details and stolen credit cards The FBI and SOCA have submitted a set of recommendations to ICANN for how it could strengthen Registration Accreditation Agreements RAAs The agreement is a set of terms and conditions that a registrar -- an entity that can accept domain name registrations -- would be subject to in order to run their business ICANN's RAA applies to registrars for generic top-level domains gTLDs , such as com The ideas from the FBI and SOCA have not been publicly revealed but include stronger verification of registrants' name, address, phone number, e-mail address and stronger checks on how they pay for a domain name, Hoare said Those financial checks are already done for e-commerce transactions, so there's no reason why the registries and domain registrars can't do the same thing, Hoare said Many registrars and registries already do this, he said Such a system doesn't not mean false details won't still be found in WHOIS, the directory listing for who owns a domain name However, it means criminals have to do some more work to register, Hoare said Read More img domain-parking-scriptscom IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202973.shtmlhttp://www.secuobs.com/revue/news/202973.shtml Secuobs.com : 2010-03-18 15:46:06 - Hot Security News - Panda Security, the Cloud Security Company, today announced that Panda Cloud Antivirus wwwcloudantiviruscom has received the first certification for a cloud-based antivirus product from ICSA Labs, an independent division of Verizon Business An early entrant into the market, Panda Cloud Antivirus earned certification for its anti-virus desktop server detection and anti-virus cleaning capabilities IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202972.shtmlhttp://www.secuobs.com/revue/news/202972.shtml Secuobs.com : 2010-03-18 15:45:49 - SAPIEN Technologies - Let s face it, End User Licensing Agreements EULAs are a pain in the butt Long drawn-out legalese that nobody reads OK, some people read them but they are usually lawyers and they like that kind of stuff But for the rest of us, when that EULA dialog pops up in the installer, we pretty much http://www.secuobs.com/revue/news/202971.shtmlhttp://www.secuobs.com/revue/news/202971.shtml Secuobs.com : 2010-03-18 15:45:37 - PenTestIT - Upping our previous best of 44 FireFox Add-ons by another few Here is what we added 1 BackEndInfo Detect the backend software of the current website Drupal 5x, 6x, Wordpress 2x, Django, phpBB, MediaWiki, MoinMoin, Joomla, Reddit, 2 Framework Detector This add-on can automatically detect JavaScript framework s used in current page Can detect more than IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202970.shtmlhttp://www.secuobs.com/revue/news/202970.shtml Secuobs.com : 2010-03-18 15:31:22 - SkullSecurity - Hey all, I've been letting other projects slip these last couple weeks because I was excited about converting dnscat into shellcode or weaponizing dnscat , as I enjoy saying Even though I got into the security field with reverse engineering and writing hacks for games, I have never written more than a couple lines of x86 at http://www.secuobs.com/revue/news/202969.shtmlhttp://www.secuobs.com/revue/news/202969.shtml Secuobs.com : 2010-03-18 15:13:19 - Cupfighter.net - For whatever reason Microsoft removed the accessible way of removing hardware profiles in Vista and Windows 7 To help out a collegue with a corrupt profile I made a tiny Powershell script to perform this action It s easily done by hand in the registry, the downside is you won t see the profile descriptions which is http://www.secuobs.com/revue/news/202968.shtmlhttp://www.secuobs.com/revue/news/202968.shtml Secuobs.com : 2010-03-18 15:09:04 - Vigilance vulnérabilités publiques - Plusieurs vulnérabilités de WebSphere MQ permettent à un attaquant d'obtenir des informations, de mener des dénis de service ou d'attaquer le service http://www.secuobs.com/revue/news/202967.shtmlhttp://www.secuobs.com/revue/news/202967.shtml Secuobs.com : 2010-03-18 15:09:04 - Vigilance vulnérabilités publiques - Plusieurs vulnérabilités de WebSphere MQ permettent à un attaquant d'obtenir des informations, de mener des dénis de service ou d'attaquer le service http://www.secuobs.com/revue/news/202966.shtmlhttp://www.secuobs.com/revue/news/202966.shtml Secuobs.com : 2010-03-18 14:55:45 - securitystream.info - Pre-teenage kicks One in four UK youngsters have tried hacking into Facebook or webmail accounts, according to a new survey Related posts 1 Protect Yourself From Facebook Hacking 2 Fugitive VoIP hacker admits 10 million minute spree 3 Facebook urges public exposure in privacy revision http://www.secuobs.com/revue/news/202965.shtmlhttp://www.secuobs.com/revue/news/202965.shtml Secuobs.com : 2010-03-18 14:47:45 - No Tricks - Under the Quick Links list at the top left of the No Tricks homepage, you can now access my document collection at Scribd, which contains about 100 interesting documents on risk, security and analytical methods The most popular document by far is the ISACA Risk IT Framework, which since I published it on Scribd almost a year ago, has received just over 4,000 visits and 1000 downloads It was recently selected by the Scribd administrators to be moved to their Rising List page The document is not too long at 94-pages and really develops a solid framework for developing and deploying an enterprise IT Risk program http://www.secuobs.com/revue/news/202964.shtmlhttp://www.secuobs.com/revue/news/202964.shtml Secuobs.com : 2010-03-18 14:46:05 - SANS Internet Storm Center InfoCON green - One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was pos more http://www.secuobs.com/revue/news/202963.shtmlhttp://www.secuobs.com/revue/news/202963.shtml Secuobs.com : 2010-03-18 14:45:54 - Infosecurity.US - Forensics news via the BBC, of efforts by US Boffins in supplanting DNA evidentiary data gathering with harvesting bacterial cultures Absolutely astounding More information including those all important links, makes it s appearance after the jump Don t forget to wash those hand boys and girls little good it will do you via the BBC Forensic role for Related Posts 1 Wondermark Hands 2 Voter Machine Van Eck Radiation Intercept Demonstrated 3 Dinosaur Comics Metaphors 4 Swiss Security Researchers Prove Wired Keyboards Subsceptible To Eavesdropping 5 Dinosaur Comics Built-in Cellphones http://www.secuobs.com/revue/news/202962.shtmlhttp://www.secuobs.com/revue/news/202962.shtml Secuobs.com : 2010-03-18 14:45:54 - Infosecurity.US - No Related Posts No Related Posts http://www.secuobs.com/revue/news/202961.shtmlhttp://www.secuobs.com/revue/news/202961.shtml Secuobs.com : 2010-03-18 14:42:57 - Security Bloggers Network - As individuals, we live in a state of invented peace of mind that our computers are pretty much safe from viruses or other attacks if we are careful If you buy the right software to protect your computer and you avoid online behavior that draws the unsavory online element to you, you expect to be http://www.secuobs.com/revue/news/202960.shtmlhttp://www.secuobs.com/revue/news/202960.shtml Secuobs.com : 2010-03-18 14:42:29 - Schneier on Security - Who didn't see this coming More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments Ramos-Lopez s account had been closed when he was terminated from Texas Auto Center IMAGE http://www.secuobs.com/revue/news/202959.shtmlhttp://www.secuobs.com/revue/news/202959.shtml Secuobs.com : 2010-03-18 14:42:10 - How to remove - The file name bill104exe has appeared in an virus analysis report You can see it on this linkThe installer is about 66 kb It may download more harmful files from the internet A good firewall can detect harmful activities and prevent them Some Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202958.shtmlhttp://www.secuobs.com/revue/news/202958.shtml Secuobs.com : 2010-03-18 14:42:10 - How to remove - The file name faultrep32dll has appeared in a virus analysis report The installer is of 554 kb It is identified by Threatexpert as a virus originated in Russian FeerationIt may download more harmful files and run them A good firewall can detect Please visit the site for rest of this article IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202957.shtmlhttp://www.secuobs.com/revue/news/202957.shtml Secuobs.com : 2010-03-18 14:41:26 - News - China Mobile hopes to offer both Apple's iPad and a version of the iPhone that supports China's homegrown 3G mobile standard, comments by China Mobile's top executive showed on Thursday IMAGE http://www.secuobs.com/revue/news/202956.shtmlhttp://www.secuobs.com/revue/news/202956.shtml Secuobs.com : 2010-03-18 14:41:26 - News - Google has released version 41 of Google Maps for Android, adding a constantly-updated map wallpaper, tweaking the way search results are displayed and adding a new Latitude widget for tracking your friends IMAGE http://www.secuobs.com/revue/news/202955.shtmlhttp://www.secuobs.com/revue/news/202955.shtml Secuobs.com : 2010-03-18 14:41:05 - Help Net Security News - Following the security fiasco that was the shipping of a HTC Magic phone complete with pre-installed malware, one would think that Vodafone could come up with a better excuse than the this was an iso http://www.secuobs.com/revue/news/202954.shtmlhttp://www.secuobs.com/revue/news/202954.shtml Secuobs.com : 2010-03-18 14:41:05 - Help Net Security News - A highly productive phishing scam, with more than 180 messages sent in three minutes, hits a big chunk of the online segment of Barclays members Various people are wondering what to do now that the http://www.secuobs.com/revue/news/202953.shtmlhttp://www.secuobs.com/revue/news/202953.shtml Secuobs.com : 2010-03-18 14:41:05 - Help Net Security News - Yet another password reset scam has been hitting the inboxes of Facebook users lately, warns McAfee The email contains a zipped file that supposedly contains the new password, but it's actuall http://www.secuobs.com/revue/news/202952.shtmlhttp://www.secuobs.com/revue/news/202952.shtml Secuobs.com : 2010-03-18 14:40:03 - ContactlessNews Contactless Smart Cards RFID Payment Transit and Security - ARM has announced the launch of its SecurCore SC000 processor, designed specifically for the high-volume smart card and embedded security applications The SC000 processor is the latest addition to the ARM SecurCore line of processors, expanding the range of target applications into tamper-resistant contact and contactless smart cards such as SIM, government, banking, transport, ID and conditional access According to ARM, the SC000 processor promises three times the energy efficiency at one third of the size of its peers, and features supporting software from Keil Microcontroller SC000 processor-based devices are expected to start shipping in volume as early as 2011 http://www.secuobs.com/revue/news/202951.shtmlhttp://www.secuobs.com/revue/news/202951.shtml Secuobs.com : 2010-03-18 14:40:03 - ContactlessNews Contactless Smart Cards RFID Payment Transit and Security - The city of Reno, Nev is considering a contactless upgrade for its parking meters, according to The Las Vegas Sun The city s 1,200 meters are 14-years old and in need of constant maintenance, The Sun says The new contactless system would call for the use of smart debit cards, which would automatically deduct the parking fee from the users account Reno is also considering implementing touch-screen kiosks that issue printed receipts drivers display on their dashboards The City Council will meet to discuss the new parking systems later this month Read more here http://www.secuobs.com/revue/news/202950.shtmlhttp://www.secuobs.com/revue/news/202950.shtml Secuobs.com : 2010-03-18 14:40:03 - ContactlessNews Contactless Smart Cards RFID Payment Transit and Security - IMAGE Recent figures show that only 4pourcents of Melbourne s 587,000 daily train rides are paid for using myki contactless smart cards, according to The Age The statistics also show that many myki users are not tapping their cards correctly as they exit railway stations, or are sometimes not even able to at all due to faulty equipment This means that those myki users not touching off correctly are stuck paying a higher bill than expected According to The Age, about 30 myki customers phone the myki call center each day demanding an explanation for the faulty charges Myki spokesman Stephen Moynihan says that commuters unable to touch off because of malfunctioning equipment will be reimbursed, and that the system will run better once myki is accepted on city trams and buses Read more here http://www.secuobs.com/revue/news/202949.shtmlhttp://www.secuobs.com/revue/news/202949.shtml Secuobs.com : 2010-03-18 14:37:36 - SOURCE Conference Blog - J e ne suis pas un adepte des prédictions de début d'année, même si je trouve l'exercice amusant En particulier, j'aime décortiquer celles des autres en ce qu'on y trouve deux tendances ceux qui se creusent vraiment, et ceux qui sombr http://www.secuobs.com/revue/news/202948.shtmlhttp://www.secuobs.com/revue/news/202948.shtml Secuobs.com : 2010-03-18 14:36:31 - PenTestIT - Microsoft Updates for Multiple Vulnerabilities IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202947.shtmlhttp://www.secuobs.com/revue/news/202947.shtml Secuobs.com : 2010-03-18 14:36:20 - Office of Inadequate Security - The Information Commissioner s Office ICO has found that the Royal London Mutual Insurance Society breached the Data Protection Act DPA after eight laptops, two of which contained the personal details of 2,135 people, were stolen from the company s Edinburgh offices The individuals affected were employees of various firms which had sought pension scheme illustrations The two http://www.secuobs.com/revue/news/202946.shtmlhttp://www.secuobs.com/revue/news/202946.shtml Secuobs.com : 2010-03-18 14:36:20 - Office of Inadequate Security - Matt Ryan reports on a breach previously covered here last month with some updated information The day after an earthquake leveled Port-au-Prince, Haiti, Small Dog Electronics began collecting and matching donations to aid the relief effort As the fundraiser got under way, a hacker accessed the company s security system and started stealing donors http://www.secuobs.com/revue/news/202945.shtmlhttp://www.secuobs.com/revue/news/202945.shtml Secuobs.com : 2010-03-18 14:36:20 - Office of Inadequate Security - Mike McCoy reports Patrons of Mary s Pizza in downtown Sonoma will be alerted this week that their credit card numbers may have been stolen by an international computer hacker Vince Albano, chief executive officer for the 18-store chain, expects to receive a report by Friday detailing the breadth and timing of the breach Once that is known, Albano http://www.secuobs.com/revue/news/202944.shtmlhttp://www.secuobs.com/revue/news/202944.shtml Secuobs.com : 2010-03-18 14:31:47 - Security - There are two kinds of privacy Only one is the responsibility of vendors and providers to ensure The rest is up to you Regulations like HIPAA and PCI-DSS are designed to guarantee that providers storing electronic personally identifiable information, or PII in the vernacular, is safeguarded against theft or accidental disclosure They are not designed to provide consumers with any kind of social gag that might alert them they are offering up information or photographs the likes of which they may later regret sharing While social networking sites like Facebook now provide privacy options that allow consumers to control who can see photos and read information posted, it does not force though it does prompt and encourage occasionally the use of such controls That is completely up to the consumer blockquote Rielle Hunter is extremely upset with the three photographs of herself featured in the latest issue of GQ magazine The woman who was involved in a months-long affair with Democrat John Edwards told ABC's Barbara Walters Monday she found the images - two of which feature her without pants - repulsive and, Hunter also told Walters, she cried for two hours because she felt they were so terrible When I asked, 'Well if that was the case, why did you pose the way you did ' She said that she trusted Mark Seliger, who she said is a brilliant photographer, and she quote 'went with the flow,' Walters said on ABC's The View -- Hunter upset over GQ photos Like Hunter, some people become upset when photos or information they intentionally shared with others through a variety of digital media options become more public than perhaps they d like Hunter claimed she trusted the photographer Trusted him to what Not publish photos he was paid to take Like Hunter, some consumers may claim they trusted site X and just went with the flow But again, trusted them to what Not publish content intentionally provided for that purpose Controls such as those offered by Facebook or additional privacy-focused features will not help consumers hell bent on sharing every embarrassing detail of their lives with the public And it certainly shouldn t be blamed for the subsequent exposure when a consumer decides a particular piece of information or photo has turned out to be a not so good thing to share --------------------------------------------------------------------- COULD INFRASTRUCTURE 20 PROVIDE an OPTION --------------------------------------------------------------------- Data Leak Prevention DLP solutions such as those provided by Web Application Firewalls WAF seek to prevent the accidental or intentional exposure of confidential data That s the aforementioned PII account numbers, credit card data, social security numbers basically information that could enable a thief to more easily steal one s identity It does not prevent, shall we say, language or other information you wouldn t want your mother or grandmother hearing seeing knowing about But could it Possibly Infrastructure scrubbing services similar to those used to implement HIPAA and PCI DLP solutions could provide additional services to consumers to scrub content for specific keywords Perhaps it could be the case that sites like Facebook could provide a service, enabled via an Infrastructure 20 capable solution, to partake in a workflow that would look for a consumer-provided list of keywords that forced an additional sanity check on the consumer when posting image This is very much a reverse content-filtering style application of a proxy, often used to prevent unsuitable content of the NSFW variety from entering the network But these content-filtering systems are generally designed to prevent requested content from being delivered In this case, we are potentially preventing unsuitable content as specified by the consumer from being POSTed in the first place, which is a bit of a twist on the traditional content-filtering scheme for two reasons 1 It s happening on the request rather than on the response 2 It s working from a set of user-defined unsuitable trigger-words rather than the provider or organization s list, which may be very different It s very similar to traditional content-filtering systems in that it s being implemented as a network infrastructure component rather than in the application itself The reason such a solution would require an Infrastructure 20 capable solution is that the consumer would need to somehow program the infrastructure component to recognize their list of naughty or trigger words, which requires integration and control-plane capabilities that non-infrastructure 20 capable components lack Imagine that as a consumer set up their policy within the application the application actually communicated that back to the infrastructure via Infrastructure 20 control plane mechanisms Or perhaps the application sets a cookie that can be examined by the infrastructure and used to trigger the appropriate action submit to the application or return with a Are you sure you want to do this Y N option This allows providers the means to offer value add services that might generate revenue while not bogging down the entire infrastructure by always enabling the functionality for every customer image Regardless of actual implementation this offloads the searching of the content to an external device and prevents additional use of network, network infrastructure, and application infrastructure components within the architecture It s more efficient to stop requests whether malicious or unsuitable by anyone s definition at the point furthest from the application as it prevents the unnecessary consumption of resources Of course the best place to stop the needless consumption of resources due to the posting of unsuitable content is at the keyboard, but it s understandable that as we people continue to integrate digital media into the ebb and flow of our daily lives we just might occasionally need a reminder that what we re about to share may be something we d regret the next morning And the next morning and the next morning and the next Because while the do you remember what you said did last night coming from friends will eventually fade into memory, it takes a lot longer when there s three million friends that want to say it --------------------------------------------------------------------- Related blogs articles The Order of Network Operations The Corollary to Hoff s Law The IP Address Identity Disconnect I am wondering why not all websites enabling this great feature GZIP Pay No Attention to the Infrastructure Behind the Cloudy Curtain The Devil is in the Details Creating a Hybrid ADN Architecture with both Virtual and Physical ADCs PDF Infrastructure 20 Squishy Name for a Squishy Concept All Infrastructure 20 Topics on DevCentral Follow me on Twitter View Lori's profile on SlideShare friendfeed icon_facebook AddThis Feed Button Bookmark and Share Technorati Tags MacVittie,F5,infrastructure 20,cloud computing,privacy,web application security,security,web 20 IMAGE http://www.secuobs.com/revue/news/202943.shtmlhttp://www.secuobs.com/revue/news/202943.shtml Secuobs.com : 2010-03-18 14:29:27 - Tenable Network Security - How to Score at a Hacking Competition Over the past weekend I participated in my second CCDC, or Collegiate Cyber Defense CompetitionThe event put college students in a defending role in five Blue teams and real-world attackers in the offensive http://www.secuobs.com/revue/news/202942.shtmlhttp://www.secuobs.com/revue/news/202942.shtml Secuobs.com : 2010-03-18 14:14:05 - Forensic Focus - Forensic Focus is delighted to announce that this month sees the start of regular columns written by some of the most knowledgeable and experienced professionals in the computer forensics industry and related fields Aiming to cover a broad range of topics, columnists will be offering their perspectives on real world digital forensics, research and education, forensic software development, legal issues and computer security to name but a few Read more about the columnists here IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202941.shtmlhttp://www.secuobs.com/revue/news/202941.shtml Secuobs.com : 2010-03-18 14:08:20 - threatpost The First Stop for Security News - The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year's Pwn2Own hacker challenge and his thoughts on improvements in Apple's Mas OS X Shorten URL http threatpostcom en_us Oqv Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/202940.shtmlhttp://www.secuobs.com/revue/news/202940.shtml Secuobs.com : 2010-03-18 13:57:13 - securitystream.info - Repo man rampage A disgruntled worker allegedly caused chaos after he hacked into a vehicle immobilisation system and remotely disabled cars, Wired reports Related posts 1 Hacker Disables More Than 100 Cars Remotely 2 Royal hack police worker avoids jail 3 I m an IT worker not an Assassin http://www.secuobs.com/revue/news/202939.shtmlhttp://www.secuobs.com/revue/news/202939.shtml Secuobs.com : 2010-03-18 13:54:21 - L'Atelier.fr Toute l'actualité - Juniper Research prévoit une croissance soutenue d'ici à 2014 du marché des applications interactives sur téléphone portable Les outils de social computing et de géolocalisation ouvrent la voie IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/202938.shtmlhttp://www.secuobs.com/revue/news/202938.shtml Secuobs.com : 2010-03-18 13:51:03 - NoScript Updates - x Fixed feed subscription broken on sites implementing X-Frame-Policy regression from 19956, thanks al_9x for reporting x Included jswlxrscom in default whitelist in order to make Hotmail login work out-of-the-box for new users http://www.secuobs.com/revue/news/202937.shtmlhttp://www.secuobs.com/revue/news/202937.shtml Secuobs.com : 2010-03-18 13:48:01 - An alchemists view from the bar - I m attending a network security Blogger meeting on the 30 March 2010 in a pub just off Oxford St, London It s kindly hosted by Sourcefire but don t expect any sales people in attendance It will be an informal event with drinks, nibbles, and networking read free beer Hopefully we ll discuss what s hot or not right now, share http://www.secuobs.com/revue/news/202936.shtmlhttp://www.secuobs.com/revue/news/202936.shtml Secuobs.com : 2010-03-18 13:45:54 - Wazowski Dev - ES Tras un tiempo sin poder hacer avancees con la aplicación, hoy se publica una nueva release de iWep PRO 113 Novedades - Añadido motor de búsqueda para redes DLINK Está en estado experimental y no es seguro que funcione al 100pourcents Necesitaré feedback de estos routers - Corregido algún bug en el motor de búsqueda de las redes WLAN_XX - Se ha vuelto a poner en minusculass el password para redes Eircom Espero vuestros comentarios EN After a time unable to make progress with the application, today I'm releasing a new version of iWep PRO 113 New - Added search engine on DLINK networks It's in experimental stage and is not sure 100pourcents functioning I need feedback on these routers - Fixed a bug with the search engine WLAN_XX networks - It has been put back into lowercase the password Eircom network I'll wait for your comments Waz http://www.secuobs.com/revue/news/202935.shtmlhttp://www.secuobs.com/revue/news/202935.shtml Secuobs.com : 2010-03-18 13:42:11 - Graham Cluley's blog - Put your answering machine on, grab your popcorn, and stop rustling your sweet wrappers at the back, because it's time for the world premiere of a brand new movie - starring the folks from SophosLabs We've got some of the computer experts from SophosLabs to answer some of the more common questions they get asked about http://www.secuobs.com/revue/news/202934.shtmlhttp://www.secuobs.com/revue/news/202934.shtml