News items, Blog posts relating to Security

The depressing future of the Internet

A brief overview of how the Internet came about: some years ago, some military boffs thought it'd be awesome if computers could talk to each other, so the US could nuke the hell out of other countries without actually being near there. A smart professor from England then came up...

Codename of the day: Nitrogen

The Microsoft codename contest continues. Today's entry is Nitrogen, which is the next version of Microsoft's ISA Server. by Mary Jo Foley

Taiwan busts hacking ring, 50 million personal records compromised

Taiwan's Criminal Investigation Bureau CIB has successfully tracked down and arrested six people in what the CIB believes to be the biggest personal data breach in Taiwan to date. Apparently, the group also managed to obtain personal data on Taiwan's current and former presidents : "The suspects are believed...

The Gammima Strain

Photo: NASA Is the International Space Station just another bot in a botnet? Are criminal hackers tapping away in some dark warehouse now in control of critical command-and-control systems on board? No, that would make a good Michael Crichton novel, though. It seems some...

Worst news for McCain is not from Denver

The news is that even a milder form of McCain's skin cancer puts patients at increased risk, not just for more skin cancers, but for other cancers as well. by Dana Blankenhorn

Virtualization software revives dumb terminals, cuts IT costs

With computers growing smarter by the day, why would anyone want to step back more than a decade and fill office cubicles with dumb terminals? The answer is simple - to keep cubicle computers in service longer, uncluttered and free of malware, viruses and hacking programs. At...

Has Firefox already matched IE privacy features?

Perspectives, hatched at Carnegie Mellon, thwarts so-called "Man in the Middle" attacks on SSH secure sites by creating a virtual notary that can check the validity of an unsigned security certificate. by Dana Blankenhorn

Major security hole found in iPhone

Gizmodo has unearthed a security flaw in the iPhone OS and boy is it a doozy. According to the post it's simple to access a locked iPhone's address book, Mail, SMS, Contacts, and Safari. The vulnerability works like this on a password protected and locked iPhone: ...

Google Suggest goes live, will people like it?

Google Suggest is a feature that gives you automatic recommendations when you begin to search for something -- it's eluded the official Google homepage for several years, but today it has finally found it's way there. The question now, as Philipp Lenssen puts it, is weather it will be...

Feel like taunting an identity thief? Don't.

The next time you get the urge to enter angry messages to phishers on fake malicious Web sites, stop and consider this discovery by researcher Joe Stewart. The identity thieves behind the Asprox botnet have built extra logic into phishing sites to detect taunts and subject those...

Malware detected at the International Space Station

Malware is reaching new heights, and going into Space through a removable media carrying the W32.Gammima.AG password stealing malware to the International Space Station. According to SpaceRef.com : "W32.Gammima.AG worm is a level 0 gaming virus intended to gather personal information. Virus was never a threat to any of...

Linux under attack: Compromised SSH keys lead to rootkit

The U.S. Computer Emergency Readiness Team CERT has issued a warning for what it calls "active attacks" against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to...

Go ahead...bring in your laptop

There is a growing controversy in our district over the use of personal laptops and other computing devices that can access our wireless or wired networks. A significant majority, myself included, believe that, aside from WPA and a strong password for the routers, teachers and students should be able...

A (Microsoft) Codename a day: Geneva

Today's codename-contest submission is "Geneva," one of a growing number of Swiss codenames in the Microsoft family. Geneva is related to Zermatt, a previously disclosed Redmond name and, like Zermatt, has to do with federated identity. by Mary Jo Foley

Patch issued for Ubuntu security flaw

Canonical has warned users of all machines running recent versions of Ubuntu to patch their systems and shut an open door for hackers. Canonical is the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel that could have left the door open for hackers to...

News to know: IE 8; Code name of the day; Facebook security; Office 2.0

Here are today's notable headlines. You can get News To Know via email alert and RSS daily: Mary Jo Foley: A Microsoft Codename a day: Rouge Dancho Danchev: Hundreds of Dutch web sites hacked by Islamic hackers Twitter's "me too" anti-spam...

Twitter's "me too" anti-spam strategy

With Twitter's continuing growth, its popularity is logically starting to attract the attention of malicious parties, like spammers, phishers, and malware authors who wouldn't mind the fact that nobody is following them when they're actively updating several hundred users with their latest propositions. Last' week's Twitter announcement...

Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]  The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook. The issue, as demonstrated by this proof-of-concept, shows...

New StopBadware guidelines take aim at software update bundling

If the StopBadware coalition has its way, software updaters from Sun Microsystems see screenshot above and Apple will carry the embarrassing "badware" label. According to a draft of revamped guidelines (.pdf) from the Google-backed computer security consortium, the badware label will expand to...

Hundreds of Dutch web sites hacked by Islamic hackers

In what appears to be a mass defacement, where several hundred domains take advantage of a shared hosting provider, starting as of this Friday, an Islamic hacker known as nEt^DeViL -- this is not the NetDevilz team that hijacked the DNS records of the ICANN and Photobucket in June --...

Category: Uncategorized

More Feeds