 |  |
 |
 |
|
| |
| |
Volume
39 Issue 02 May 08, 2008 
|
|
View the entire Resource Hotline list here.
|
| This site needs a sponsor! If you can help, please contact us. |
| This site is |
 |
|
|
|
|
|
| |
| | CSN Bulletin Board |
| | 29 MAR.08 - | Coming soon: CSN will have a whole new look and feel. We have received feedback many times suggesting that we give the site a better layout, to make Computer
Security News articles easier to find. Thanks for your valuable feedback - we appreciate it! Due to being an all-volunteer site, the new design will take some time to implement, but we will do our best to make some of the suggested changes to improve
the overall site interface.
|
| | 10 NOV.07 - | Due to anti-spam measures, some subscribers are not receiving their confirmations or newsletters. What we see at our end is that email sent to your registered
address is being rejected by your mail server. To receive notifications and/or CSN newsletters, please add our domain to your "trusted" list, or ask your mail administrator to white-list the "computersecuritynews.us" domain. Please note that we will
never give out your email address, nor shall we send unsolicited mails. In fact, our mail system is very secure - we do not store ANY subscriber email address on our host server at any time. Your subscription is sent to us via a secure encrypted channel,
and the information is stored on a secure server that is not connected to the internet, so there is no chance that a spammer can harvest any email address from us. And remember, you may unsubscribe at any time, and only then will we give your address to every major spammer on the planet (just kidding). |
| | |
Domains that are currently blocking or rejecting some or all of our mails include . . . |
| | |
| aceweb.com | ispwest.com | lackland.af.mil | msn.com | tantasqua.org | verizon.com | yahoo.com | |
| | |
We thank our world-wide visitors for your support, and shall continue to work to improve Computer Security News. |
|
|
|
|
Computer Security News for Security and Defense Professionals, for home users . . . and for you!
Technology for Computer Security, Information for Home and Professional computer users. Extensive coverage of hardware and software security issues and solutions.
Computer Security News is here to help you find and stay current with all things "computer security". Here, you
can find links to articles and resources to help you stay informed and protected from all aspects of many computer security issues. Each
week we will bring you the latest information about cyber crime, virus or worm outbreaks, software patches, and more. Our technology section
will give you links to interesting and informative articles regarding cutting-edge technology.
Weekly updates will be available via email newsletter. To subscribe to the newsletter, see the "Subscribe to our newsletter" block, below.
Thanks to everybody contributing comments and suggestions with ideas to improve the site. We
remain committed to providing the most useful news and information sources for all manner of security resources. Volunteers, please write!!
What you can find here:
Information. Whether you are trying to learn how to secure a "home" PC or network, or a corporate enterprise network, or physical premises, you can find information here to help. The purpose of
this site is to provide information to help make your world a more secure place, with a focus on technology.
What you will NOT find here:
You will not find any ad banners, pop-ups, pop-unders or "float-overs" here. There are no links to sites that are selling "scam" products, and no links to sites that
are giving us any "kickback" of any kind. Because it is time-consuming to maintain these pages; to gather, filter and present you this information, eventually we will be
offering products and services for a fee. But the information presented here will always be free.
Special Recognition:
If you are interested in the area of network intrusion detection, visit the MIT Lincoln Lab site and read their Intrusion Detection Evaluation report.
Despite this information being a bit old technologically speaking (it is from 1998, 1999), there is a great deal of interesting and useful information there.
If you are interested in, or in the process of, obtaining security certifications (and/or others), then check out the products that ExamForce offers. These materials are designed with your
success in mind. ExamForce has long been recognized as a leader in exam preparation materials, and offers wide topic coverage.
Interesting Site of the Month:
May 2008
Our pick for Interesting Site of the Month is in the Microsoft MSDN space, an article titled "Improving Web Application Security: Threats and Countermeasures". The article is very
detailed, giving a wealth of information to help you develop and maintain secure web applications. You can even download the entire 919 page article as a PDF file if you want to. At the download page there is another related item titled "Threat Analysis & Modeling",
which is a multimedia application. It is free to download, but does require installation (and is a Windows application).
Visit our Computer Security News Archive to see previous "Security Site of the Month" awards.
Interested in Windows Vista?
June 2007
Visit the Windows Vista A to Z pages at Computerworld
Security Advisories:
Oracle Critical Patch Updates and Security Alerts
Linksys WRT54G Wireless-G Broadband Router
Cisco Security Advisories
Is your Windows Computer secure?
Physical access remains the worst threat
Recently, a friend asked for help with a computer that was password protected. The machine was set up with Windows XP Professional for an
employee no longer with the organization. Not wanting to reformat the drive because of important documents they wished to recover, I was
asked how to access the machine. This was new territory for me, but it took only a few minutes to find a solution. Among a long list
of sites with potential solutions, I found these two:
Instructions on Password Recovery
OPHCRACK (the time-memory-trade-off-cracker)
It took all of 15 minutes to get into the Administrator account of the machine in question. The point is, keep your computer physically
safe from those who may try to gain unauthorized access. And if security is important, use a BIOS password as well as a logon password. If the computer is not your
personal property, make sure that the appropriate personnel have the necessary information to access it should you be unavailable to do so, as well as current backups of any/all
files that contain data that is the property of, or important to, the owner.
National Cyber Security Alliance (NCSA)
Stay Safe Online offers Good Advice
If you have not visited Stay Safe Online, you should. This site offers good advice and up-to-date
information regarding computer related and information related security. The Department of Homeland Security and The United States Computer Emergency Readiness Team
(US-CERT) created the National Cyber Alert System to help you protect your computer. Of the many excellent pages at their site, you will want to add
the Department of Homeland Security's Cyber Security Tips to your "Favorites".
|
|
Latest Headlines & Security Articles:
Microsoft Releases Windows XP Service Pack 3
Windows XP SP3 Now Available For Public Download
FAQ: What you should know before installing Windows XP SP3
Parasitic botnet spams 60 billion a day
Hackers Join Social Network Craze With 'House Of Hackers'
India, Belgium warn of Chinese attacks
Belgium accuses China of cyberattacks
Web attack worm on a rampage
Trojan Infects More Than 500,000 PCs
Rogue MP3 Trojan streaks across P2P networks
White House reveals e-mail backups missing
Web attack worm infecting hapless sites
Robotraff: A Hacker's Go-To For Clicks
Zero-day treasure hunt: researcher hides IE attack on Web
TorrentSpy told to pay $111M in damages to movie studios
Firefox language pack provides adware back-door
Hacker marketplace to help build zero-day appliance
HSBC in further data loss
HSBC foils '£70m fraud'
Facebook, states agree to boost efforts to protect children
Feds raid Special Counsel's office
Congressman Seeks Second Life Ban In Schools, Libraries
Google Shores Up Apps With New Security Software
Adobe breaks silence on February's PDF bugs
Internet Archive challenges FBI's secret records demand
NASA Supercomputer Looks to Blast Off
Zapping 'zappers'
More Trouble With Ads on ISPs' Error Pages
US warez sitemaster jailed for 30 months
Microsoft Delays Windows XP Service Pack 3
XP change corrupts data, hamstrings SP3 rollout
Kraken Botnet Infiltration Triggers Ethics Debate
Whitehats tackle The Great Botnet Dilemma
Radio Free Europe hit by DDoS attack
Microsoft helps law enforcement get around encryption
Your personal data just got permanently cached at the U.S. border
How one site dealt with SQL injection attack
Lurita Doan resigns as GSA administrator
7 dirty secrets of the security industry
Judge Rejects RIAA's Music Copyright Infringement, Distribution Claims
California court posting SSNs and other personal data
Holes in London Mayor websites leave them open to 'e-gaffes'
Zango's adware fox desperate to guard net henhouse
Nigerian duped gullible NASA employee
Plasma TV components applied to password cracking
Anti-Israel hackers deface central bank site
McAfee 'Hacker Safe' cert sheds more cred
Israeli spyware-for-hire PIs jailed
Cash, blow-up dolls and mime artist star at spyware knees-up
MySpace wins lawsuit against Spamford Wallace
German intel agency blasted for cyber espionage
GAO: DOD wastes billions on weapons
EBay reveals details of its lawsuit against Craigslist
Cyber Justice Chronicles
Virtual server sprawl highlights security concerns
Cybersecurity’s new world order
Yahoo! pimping malware from banner ads
A Case of Network Identity Theft?
Numbers: Employees find ways to skirt enterprise security
Linux guru Hans Reiser convicted of first-degree murder
Microsoft Blames Poor Coding Practices For Massive SQL Injection Attack
Computer incident detection, response and forensics
Homeland security's cyber eyes
Canuck faces life sentence for nude girl webcam scheme
Experts warn over SQL injection attacks
Do You Foxit? Then Patch It!
University of Colorado discloses data breach
Botnet agent plays lost sheep to avoid detection
Small businesses get $12.2B contract
Hackers focus efforts on Firefox, Safari
Chernobyl coverage blows up in Radio Free Europe's face
Chinese hackers target CNN
Paying breach bill may not buy Hannaford full data protection
FBI seeks law forcing ISPs to retain data
The darker side of Webmail
Researcher finds new flaw in QuickTime for Windows
VXers slap copyright notices on malware
Antivirus vendors slam Defcon virus contest
NSA to stage cyber battle
Ballot box blues
Payment fraud moves to Internet in Europe, says Commission
New attack technique threatens databases
Two more indicted on E-Rate fraud charges
UConn bookstore sells drive holding personal data
High Bandwidth
Boots loses thousands of customer details
Windows XP SP3 completes Microsoft's NAC architecture
Justice issues RFP for wireless devices
Spammers ramp up siege on Google's Blogger via bots
Department of Homeland Security website hacked!
Microsoft: Massive site attacks not our fault
Hundreds of Thousands of Microsoft Web Servers Hacked
Huge Web hack attack infects 500,000 pages
Huge Web hack attack infects 500,000 pages
Zero-Day Vulnerability Reported in Apple's QuickTime for Windows XP and Vista
Watchdog slams 'inexcusable' security breaches
Researchers 'poison' Storm botnet
Preparing Combat Forces for the Electromagnetic Spectrum
Hackers will target the high street
Judge orders White House to resolve e-mail backup 'ambiguity'
Securing cyberspace against war, terror and red tape
Hacks, more hacks, Ballmer on Yahoo, OLPC woes
Web 2.0: Whatever Google Knows About Spam, It Isn't Saying
Phishing scam uses IRS rebate line to reel in victims
After Web defacement, university warns of data breach
MS patch system poses 'significant risk', say researchers
Hannaford's Breach Tests Limits of Security Controls
Border Agents Can Search Laptops Without Cause, Court Rules
Web infection attacks more than 100,000 pages
Microsoft: Vulnerabilities down, threats up
iFrame attacks surge, security firm says
Infected Web Pages Nearly Triple
Researcher finds new way to hack Oracle database
BAE gets DARPA mobile network research project
Microsoft didn't crush Storm, counter researchers
Thieves pilfer backup tape holding 2M medical records
Critical infrastructure central to cyber threat
NTSB laptops lack security features: GAO
Security Vulnerabilities Reported At Obama, Clinton Web Sites
Badware Threat Changes Apple's Tune on Safari
Report: China's botnet problems grows
Rock Phish gang adds second punch to phishing attacks
Shrinking patch windows hit by automated attacks
Disinfecting a virus-laden PC
A Shifting Definition of 'Severity'
Windows XP SP3 Set For Release, Microsoft Says
It's a wrap: Microsoft finishes XP SP3
Aruba Eases Wireless Intrusion Prevention
Obama site hacked, redirects clicks to Clinton's site
Feds see strong demand for border-crossing cards
P2P searches touted as tool against child abuse
Cell Phone Users Gain Mobile Access To Health Data
AlgoSec Targets Security Weaknesses in VPN Configurations
Researchers tout 'functional encryption' that knows who's who
When Monetizing ISP Traffic Goes Horribly Wrong
ISP typo pimping exposes users to fraudulent web pages
EarthLink redirect service poses security risk, expert says
JFK And LAX Get Scanners That See Through Clothes
The Growing E-Mail Security Challenge
CNN cyberattack called off
Fusion center requirements coming
Supercomputer powers DOD’s Hellfire upgrade
Revised 2009 IT budget released
Mac security site littered with malware
Microsoft admits it sent Office nag to all WSUS servers
Healthcare IT failing on security
OMB: Agencies must control credit cards
SQL string in URL exposes sex offender data
Okla. agency site plugs coding error that left data exposed
24 Digital Spy Tools To Capture, Protect, And Secure Data
Windows Vista Service Pack 1: Not for the Impatient
MySpace profile hack provides early warning to predators
Chinese hackers poised for anti CNN attack on April 19
CNN Faces Cyberattack Over Tibet Coverage
Chinese hackers poised for anti-CNN attack over the weekend
Chinese blogs detail zero-day flaw in Microsoft Works
Wi-Fi users to be monitored in Russia
PayPal Plans to Ban Unsafe Browsers
PayPal plans to block Safari, old browsers
PayPal to block users with old browsers to cut back phishing
U.K. phishing attacks double
MacBook Pro Customers Report Blank Screens
Notorious eBay hacker arrested in Romania
Apple makes minor concession on pushing Safari to Windows users
Group releases credit-card software standard
OPM proposes to add EA to specialty positions
Tenant: Landlord Looked Up Porn On My Computer
Blockbuster sued over Facebook Beacon information sharing
Airport Security From Chaos
DARPA seeks architecture-aware compilers
PsyStar pay processor alleges it was misled on clone sales
Italian cyberstalking case reveals Internet loopholes
ISPs meddled with their customers' Web traffic, study finds
Malicious microprocessor opens new doors for attack
Identity Theft Smash & Grab, CEO Style
Chinese responsible for mystery web compromise
Mozilla patches Firefox JavaScript bug
Congress, DHS battle over domestic spy sats
Kingston shows super secure USB stick
Dutch transit card crippled by multihacks
Apple Patches MacBook Air Hijack Flaw
Online Security: A Closer Look at a Negative Example
Suspicions soar about Mac clone maker PsyStar
Malware threat lists slammed as 'useless'
DNS lords expose netizens to 'poisoning'
New spam site found every three seconds
DHS needs stronger cyber shield
House approves bill to curb identity theft
Internet retailer sues Yahoo for $1 million
Women More Likely Than Men To Surrender Security For Chocolate
MS08-021: A Must-Patch Vulnerability
Criminals phish for CEOs via fake subpoenas
Hackers open new front in payment card data thefts
Researchers: Microsoft's CAPTCHAs easy to solve
Dirt-cheap bots attack Hotmail Captchas
The Chinese e-Wars: Reports from the Front
Online Banking: Do You Know Your Rights?
U.S. still worries over hacker havens
Security experts warn against Web 2.0 charlatans and 'premature AJAXulation'
Google's cookie crumbles under scripting attack
Mac clone maker's site back online, taking orders
Miami company touts $399 Mac clone
Advice for securing your site and your reputation
Chinese spammers target 1,200 US, UK firms
Presidential campaigns clueless about Net threats
The rise of the Malware Mafia
GAO: Stolen U.S. military gear sold on eBay, Craigslist
Sensitive Military Gear Hawked On eBay, Craigslist
Database Trojan infests pro-Tibet websites
Pro-Tibet rootkit Trojan poses as cartoon
Study Finds 'Alarming' Ignorance About Cybercrime
How to spot - and stop - a Spy
Lawmakers say restrictions threaten centers
Kraken Spawns a Clash of the Titans
Experts hack power grid in no time
Top botnets control 1M hijacked computers
Malware count blows past 1M mark
Adobe Issues Critical Flash Player Update
Microsoft patches, pushes Internet trust
Microsoft Details IE 8 Security Default Change
Microsoft: Ask us and we'll kill your ActiveX control
Get Paid to Find 'Back Doors'
Verizon service targets data-leak protection
Stolen hardware basis for most breaches
IRS should safeguard taxpayers from identity theft
Virtualization: History repeats itself with a search for security
Lessons from Cyber Storm II
Demo shows how web attack threatens fabric of the universe
HP Proliant USB key riddled with worms
2 Arrested With Infrared Cameras at LAX
Random Search Stops $600 Million In Trade Secrets Bound For China
Why does the U.S. Government let Chinese spies go FREE???
New code strategies to fight side-channel attack
Car keys, phone, laptop - all hacked
Hackers tuck attack code into UK government site
Scams Threaten Businesses at Tax Time
Backscatter Spam Is Back
FBI: Cybercrime racks up more profits
Failure to patch flaw exposes data on 60,000 at Antioch
Microsoft to patch Vista SP1, Server 2008 next week
WabiSabiLabi Co-Founder Arrested
China spying 'biggest US threat'
Spy charges for US computer duo
Apple Releases Godzilla-Sized Security Patch
U.S. girds for battle with computer 'botnets'
Many Retailers Easy to Hack, Study Finds
Did NSA Put a Secret Backdoor in New Encryption Standard?
DoubleClick Serves Up Vast Malware Blitz
NOTE: If you have a good HOSTS file, you're not at risk.
Most Malware Made in China
Is the Chinese government infecting us with malware?
Chinese Fraudsters Fake Drug Watchdog Web Site
Developers, here's a multi-platform tool that can
help you create better quality & more secure code.
|
|
|
|
Security Resources
|
|
Focus on Security
Network Honeypots are Affordable Intrusion Detection and Prevention Systems
Network "honeypots" provide an affordable effective method to detect and/or prevent intruders from penetrating your network. Put simply, a honeypot, or honeynet, is a system attached to your network that allows easy access to attackers. However, because there is nothing of any tangible value there,
you are not jeopardizing your "real" networked assets. Regardless of whether an attack is being done manually, via automated netbots, worm
code, or some combination of methods, the honeypot gives the attacker a sweet taste of success - sort of. What the attacker sees as success is
actually a trap, allowing you to examine their methods and gather evidence against them. It is beyond the scope of this site to present a detailed
report about honeypots, but below are links to pages that have already done that work, with details of how to install and configure a network honeypot. You
can find free software and all the details you need to get up and running with a powerful intrusion prevention system. And in case you are wondering,
the degree of protection offered by a honeypot goes way beyond the protection offered by a mere firewall - the best of which are still penetrable under
attack by a skilled cracker.
Basic description of a Honeypot
Honeypots have been around for a while (article, November 2003)
Many believe that Prevention is Better than Cure
|
Honeypot software such as Honeywall, Sebek, Snort and more.
Honeyd is a virtual honeypot.
Setup instructions for a Honeyd virtual honeypot.
networkintrusion.uk.co offers information and resources.
Intrusion detection and prevention learning guide ← Excellent resource!
Layered Approach to Security in the Network Perimeter (a PDF
document from Juniper Networks)
Honeypots Revealed from SecurityDocs.com
Strategies & Issues Honeypots - Sticking It to Hackers
Symantec Enterprise Security article
Catch malicious network activity with a Honeyd virtual Honeypot
Honeypots The sweet spot in network security
Ways of Building Honeypots from Clarkson University
Honeypots work but Raise Legal Questions.
Honeypot FAQ (be sure to have a pop-up blocker, and don't look at the banners!)
|
|
Related: Firewalls
|
For those of you who are serious about security, check out Endian
Firewall. Endian Firewall is a linux security distribution that turns a computer into a full-featured security
appliance. Remember, a byte of prevention is worth 9.0949470177283729 terabytes of cure (1 terabyte = 1,099,511,627,776 bytes).
|
|
|
|
|
Robotics News
As technology continues to move forward, we will see an ever stronger presence of robotics in security applications. To some
degree, this trend is clearly visible in the military. We already have numerous robotic assistants in the field, used to help locate and neutralize roadside bombs,
for example. To a lesser degree we have a small deployment of robotic weapons, even though numerous systems are available. As time moves forward we will see
more and more robotic systems, both defensive and offensive, in the military arena. But before that time, we will see a multitude of robotic assistants available
for home and commercial use. In the interest of robotics awareness, I will post links here to various articles regarding all aspects of robotics, especially if
applicable to security. From time to time, I will post links to articles regarding weapons development. Over time, I believe we will see a rapid convergence
of robotics and weapons systems, thus helping make the world a safer place. In practical application, terrorists and would-be terrorists will likely be among
the first targets of these highly efficient and lethal systems.
|
|
The DARPA Grand Challenge
The DARPA Grand Challenge is a competition for robotic vehicles that is sponsored by the Defense Advanced Research Projects Agency (DARPA). There is a great deal of research, and a great deal of learning, as a result of these annual events.
CMU's Tartan Racing Wins Urban Challenge
DARPA Urban Challenge winners
DARPA Grand Challenge
|
|
Robotics in Security
Two robotics firms merge for security Apps
Self-replicating Robots demonstrated at Cornell
|
General Robotics News
MSU developing robotic arm capable of doing breast exams
Robots to Replace Child Camel Jockeys
|
|
Military, Weapons and More . . .
|
Air Force tunes nonlethal directed-energy weapons
Idaho National Laboratory receives second round of funding for cyber threat reduction program
|
|
|
|
Subscribe to our Newsletter
Subscribe to our newsletter here: Subscribe
|
Cancel Subscription
Cancel an existing subscription here: Cancel
|
Send us your comments, complaints, suggestions or enthusiastic praise: Comments and Suggestions
|
|
|
