turvallisuus.org
|
Digitoday / Tietoturva Digitoday - uusimmat uutisotsikot ICT-alalta Uusi nettivedätys kärsii identiteettikriisistä Uusi scareware-huijaus yrittää teeskennellä yhtä aikaa Firefox-selainta ja Flash Player -soitinta. Google selvisi wlan-urkinnasta moitteilla Britanniassa Ison-Britannian tietosuojavaltuutettu tyytyy toistaiseksi vain moittimaan Googlea wlan-vakoilusta. Viisi syytä hylätä Facebook-ystäväkutsu Facebookissa sinua ystäväksi pyytävä ei aina ole se tyyppi, jonka tunnet ala-asteesta asti. Ystäväpyyntöjä tulee myös ihmisiltä, joiden nimeä et ole koskaan kuuluut ja jonka profiilikuvassa oleva naama on täysin tuntematon. Associated Content -julkaisu listaa viisi syytä olla hyväksymättä ventovieraan ystäväpyyntöä. IBM korjasi Lotus Notesin vakavia tietoturva-aukkoja IBM korjasi useita vakavia haavoittuvuuksia Lotus Notes -sähköpostiohjelmistostaan. Ongelmat liittyvät liitetiedostojen käsittelyyn. Kuuluisa hakkeri jäi toiseksi suomalaiselle Laajasti seurattu Black Hat -tietoturvatapaaminen sai suomalaistähden keskiviikkona, kun Sami Koivu nappasi haavoittuvuuspalkinnon tunnetun hakkerin nenän edestä. Suosittu kännykkäsovellus kopioi sms-viestit Kiinaan Tietoturvafirma havaitsi epäilyttävän Android-sovelluksen, joka on ladattu mahdollisesti miljoonia kertoja. Sovellus kerää puhelimesta tietoja ja lähettää ne Kiinaan, VentureBeat raportoi. Tutkija levittää sadan miljoonan Facebook-käyttäjän tietoja Noin sadan miljoonan Facebook-käyttäjän tietoja sisältävä tiedosto leviää netissä. Tiedot yhteen paikkaan keränneen ja julkaisseen tietoturva-asiantuntijan mukaan tempauksella on tarkoitus kiinnittää huomiota palvelun yksityisyydensuojaa koskeviin ongelmiin. Jättimäisen bottiverkon perustaja pidätettiin Sloveniassa FBI pidätti etsityn krakkerin, joka on vastuussa ehkä jopa 12 miljoonan tietokoneen saastuttamisesta, BBC kertoo. Sophos kehitti pikapaikkauksen Windowsin aukkoon Uusien haittaohjelmien lisäksi verkkoon virtaa myös uusia entistä kätevämpiä työkaluja Microsoftin lnk-haavoittuvuuden tilapäistä korjaamista varten. Google kiersi Windows-aukkoa selainpäivityksellä Google on julkistanut Chrome-selaimestaan uuden version, joka paikkaa seitsemän tietoturva-aukkoa. Kaksi paikkauksista auttaa kiertämään Windows-käyttöjärjestelmän kriittisiä aukkoja. Haittaohjelma naamioitiin Microsoftin paikkaukseksi Windowsin pikakuvakeaukkoon hyökkäävät haittaohjelmat lisääntyvät. F-Secure mainitsee uusimpina tulokkaina muualta tutut vitsaukset nimeltä Sality ja Zeus. Firefoxin paikkaus aiheutti kriittisen haavoittuvuuden Mozilla joutui jälleen korjaamaan Firefox-selaintaan pian versiopäivityksen jälkeen. Selaimeen syntyi kriittinen haavoittuvuus viime viikon suurpäivityksen jäljiltä. Rikolliset onkivat WoW-pelaajien tilitietoja Tietoturvayhtiöt varoittavat uusista huijauksista, joilla metsästetään World of Warcraft -pelaajien tilitietoja. Britannia hakee tietoturvan tulevia kykyjä kilpailulla Britanniassa haetaan kansallisella kilpailulla uusia lahjakkuuksia tietoturva-alalle. Omia taitojaan voi testata verkosta löytyvällä mallitehtävällä. Wikileaks paljasti Afganistanin siviilikuolemia Kiistelty informaatiosivusto Wikileaks julkaisi 90 000 salaista raporttia Afganistanin sodasta. Tiedot tuovat esiin aiemmin tuntemattomia tapauksia, joissa Naton operaatio aiheutti siviiliuhreja. Schneier on Security A blog covering security and security technology. Doomsday Shelters Selling fear: The Vivos network, which offers partial ownerships similar to a timeshare in underground shelter communities, is one of several ventures touting escape from a surface-level calamity. Radius Engineering in Terrell, Texas, has built underground shelters for more than three decades, and business has never been better, says Walton McCarthy, company president. The company sells fiberglass shelters that can... Hacking ATMs Hacking ATMs to spit out money, demonstrated at the Black Hat conference: The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system's remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the... Security Vulnerabilities of Smart Electricity Meters "Who controls the off switch?" by Ross Anderson and Shailendra Fuloria. Abstract: We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay... DNSSEC Root Key Split Among Seven People The DNSSEC root key has been divided among seven people: Part of ICANN's security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and "signed" (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate... Pork-Filled Counter-Islamic Bomb Device Okay, this is just weird: Mark S. Price, a specialist in public security, and his privately held company, Paradise Lost Antiterrorism Network of America (www.plan-a.us), have recently applied to the United States Patent and Trademark Office for a Utility Patent on their Suicide Bomb Deterrent, a security device designed, manufactured and distributed by PLAN-A. This device has been designed to... WPA Cracking in the Cloud It's a service: The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more ?premium? price of $35,... 1921 Book on Profiling Here's a book from 1921 on how to profile people.... Technology is Making Life Harder for Spies An article from The Economist makes a point that I have been thinking about for a while: the modern technology makes life harder for spies, not easier. It used to be the technology favored spycraft -- think James Bond gadgets -- but more and more, technology favors spycatchers. The ubiquitous collection of personal data makes it harder to maintain a... Friday Squid Blogging: Squidbillies Where do these TV shows come from? Follows the adventures of the Cuylers, an impoverished and dysfunctional family of anthropomorphic, air-breathing, redneck squids who live in a rural Appalachian community in the US state of Georgia.... The Washington Post on the U.S. Intelligence Industry The Washington Post has published a phenomenal piece of investigative journalism: a long, detailed, and very interesting expose on the U.S. intelligence industry (overall website; parts 1, 2, and 3; blog; Washington reactions; top 10 revelations; many many many blog comments and reactions; and so on). It's a truly excellent piece of investigative journalism. Pity people don't care much about... Internet Worm Targets SCADA Stuxnet is a new Internet worm that specifically targets Siemens WinCC SCADA systems: used to control production at industrial plants such as oil rigs, refineries, electronics production, and so on. The worm seems to uploads plant info (schematics and production information) to an external website. Moreover, owners of these SCADA systems cannot change the default password because it would cause... More Research on the Effectiveness of Terrorist Profiling Interesting: The use of profiling by ethnicity or nationality to trigger secondary security screening is a controversial social and political issue. Overlooked is the question of whether such actuarial methods are in fact mathematically justified, even under the most idealized assumptions of completely accurate prior probabilities, and secondary screenings concentrated on the highest-probablity individuals. We show here that strong profiling... The Register - Security Biting the hand that feeds IT MS preps emergency patch for Windows shortcut peril Attacks on rise Warning of an uptick in attacks, Microsoft plans to issue an emergency update to patch a critical Windows vulnerability that hackers are exploiting to seize control of PCs.? Futurologist defends 'malevolent dust' warning Dust up over supposed evil particles A futurologist has defended his controversial warning that "smart dust" is liable to become a future information stealing threat.? Delegate hacks into Black Hat streaming video What happens in Vegas... Security shortcomings in Black Hat's newly established streaming media service allowed a security consultant to hack into the system and see presentations for free.? Cyber Security Challenge winner announced Quickest crypto off the mark The UK's Cyber Security Challenge has announced the winner of its prologue crypto puzzle, as well as the solution - for anyone still struggling to find an answer.? Free On-Demand Webcast - Virtualizing the Hard Stuff UK.gov sticks to IE 6 cos it's more 'cost effective', innit Stunned web developers die a little inside Computers in Whitehall will largely continue to run Microsoft?s Internet Explorer 6, which will make web coders spit out their cheese?n?pickle sarnies this lunchtime.? Fake Firefox update used to sling scareware Watch where you click Online con artists have developed a strain of scareware that poses as a Firefox update.? Beware the blizzard of torrents of Starcraft 2 Expense accounts Starcraft 2 was released this week and at the hefty RRP of £45. Many games sites are hopping mad at this, although typically retailers are selling Blizzard's strategy game at £10 less than RRP.? 'Suspicious' Android wallpaper app nabs user data Up to 4 million downloads An Android wallpaper application that collected data from users' phones and uploaded it to a site in China was downloaded "millions of times", according to mobile security firm Lookout.? Data for 100m Facebook accounts published to BitTorrent Forever is a mighty long time Underscoring the permanence of data published on the internet, a security researcher has compiled the names and URLs of more than 100 million Facebook users and made them available as a BitTorrent download.? Fog of cyberwar: internet always favors the offense The Poland of international conflict Black Hat Fighting wars that target computer networks is fraught with risks that don't exist in traditional warfare, raising the stakes for future conflicts, a retired US general told security professionals Thursday.? Data breaches blamed on organised crime Hackers feast on financial sector security mistakes Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data.? Turkish pranksters load Facebook Translate with swears The rudeness of crowds Facebook's attempts to crowdsource translations have gone awry in Turkey.? Cell phone eavesdropping enters script-kiddie phase Get your GSM snooping tools here Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world's most widely deployed mobile technology.? NoScript 2.0 beefs border patrol 'Saves your router's ass' NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites.? Armed with exploits, ATM hacker hits the jackpot 'Game over' vulns spew cash on demand Black Hat A startling percentage of the world's automated teller machines are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers to say nothing of huge amounts of cash, a security researcher said Wednesday.? Free On-Demand Webcast - Virtualizing the Hard Stuff NIST IT Security : News IT security news updated throughout the day. Focusing on risk mitigation and compliance issues; data encryption, NIST FIPS and SP 800 requirements, FISMA, HSPD-12, Federal Government Policies, Procedures, Guidelines, PIV II, A-130, HIPAA, NIST Publications, Sarbanes-Oxley and POA M reporting. Featuring a compliance forum, requirements whitepapers, downloads, anti-virus information, NIST - IT Security Compliance and vulnerabilities, general security information and tips. NIST Computer Security Division Released Special Publication 800-38E This publication approves the XTS-AES mode of the AES algorithm for data on storage devices. DRAFT Special Publication 800-37 Revision 1 Available Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach News Blog: "Mass Panic! The iPhone Has a Vulnerability" Researchers at the Black Hat security conference on Thursday showed an iPhone security flaw which exploits a weakness in SMS text messaging to take control of the device. First ZeroDay Exploit Hits Firefox The Mozilla Firefox browser experiences it`s first ever Zeroday exploit. (Fixed) "FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Re... FoxNews is reporting that a Hacker is attempting extort $10 million from the State of Virginia Free Online Antivirus, Spyware, and Firewall Scanners Review So many people have asked for our help with infected computers that we put together this review of free online malware scanners. Conflicker Worm / Botnet Downloads Mystery Payload ? April 9th update Conflicker updates its self to include a keylogger and tools to find passwords and finanacial data. Conflicker Worm - April Fools Day Likely To Make Fools Out Of Us Either Way The "Conflicker" worm is set to trigger on April 1st. We provide the basic links you need to be prepared or to remove it. ESET NOD32 False Positive for Kryptik.JX Causing Problems NOD32 virus version 3918 is quarantining important Windows files Infosec Writers Latest Security Papers Papers submitted by security professionals are published on the site and archived for readers. Categories include cryptography, E-mail security, exploitation, firewalls, forensics, honeypots, IDS, malware & wireless security. Experimental Review of IPSec Features to Enhance IP Security Shilpa Nandamuri writes this paper that discusses IPSEC, how it works and touches on IKE, AHs and ESP for those not familair with it. Cloud Computing – Storm Clouds or is it Smooth Flying? Cary Whitaker writes about the concerns of Cloud Computing and gives some great reasons to take it seriously. The Evolving World of Computer Security and Laws Jashua Garris writes about Information Security and laws, citing specific cases to demonstrate the importance of a solid security program. Web Access Management and Single Sign-On Dale Huggins takes a look at Single Sign On solutions for web aaplications. Reverse Honey Trap Aditya Sood and Rohit Bansal contribute with this great paper that looks into striking inside antivirus engines and analyzers. The Phishing Guide A comprehensive paper on a newer information security threat known as Phishing. Shedding Light on Quantum Cryptography Curby Simerson submits this paper on the introduction to Quantum Cryptography. Securing a Virtual Environment In this paper, written by Brian Fowler, we will take a look at exactly what virtualization is, as it is applies to servers and desktops. Through this we will learn of the various problem and vulnerabilities that virtualization will cause. Investigating the SANS/CWE Top 25 Most Dangerous Programming Errors List Fred Williams submits this paper on 25 of the most dangerous programming erros and will provide education to software developers, testers and project management that will lead to more secure software for the most sensitive customer facing web applications. Hacking Tools & Techniques and How to Protect Your Network from Them Aaron Sigmon submits his research paper on Hacking Tools & Techniques and How to Protect Your Network from Them. SecurityFocus News SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. News: Change in Focus Change in Focus News: Twitter attacker had proper credentials Twitter attacker had proper credentials News: PhotoDNA scans images for child abuse PhotoDNA scans images for child abuse >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 News: Conficker data highlights infected networks Conficker data highlights infected networks Brief: Google offers bounty on browser bugs Google offers bounty on browser bugs Brief: Cyberattacks from U.S. "greatest concern" Cyberattacks from U.S. "greatest concern" >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 Brief: Microsoft patches as fraudsters target IE flaw Microsoft patches as fraudsters target IE flaw Brief: Attack on IE 0-day refined by researchers Attack on IE 0-day refined by researchers News: Monster botnet held 800,000 people's details Monster botnet held 800,000 people's details >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 News: Google: 'no timetable' on China talks Google: 'no timetable' on China talks News: Latvian hacker tweets hard on banking whistle Latvian hacker tweets hard on banking whistle News: MS uses court order to take out Waledac botnet MS uses court order to take out Waledac botnet >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 Infocus: Enterprise Intrusion Analysis, Part One Enterprise Intrusion Analysis, Part One Infocus: Responding to a Brute Force SSH Attack Responding to a Brute Force SSH Attack Infocus: Data Recovery on Linux and ext3 Data Recovery on Linux and <i>ext3</i> >> Advertisement << Can you answer the ERP quiz? These 10 questions determine if your Enterprise RP rollout gets an A+. http://www.findtechinfo.com/as/acs?pl=781&ca=909 DarkReading - All Stories DarkReading Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher ... Careful study of malware can help experts recognize its source and protect against it, Black Hat researcher says Black Hat USA 2010: Complete Coverage A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Law Vegas Predicted Fallout Following WikiLeaks Video Government agencies could become all the more secretive, says Gartner VP ATMs At Risk, Researcher Warns At Black Hat Researcher demonstrates remote and local exploits that could compromise popular bank machines Internet Infrastructure Reaches Long-Awaited Security Milestone The DNS root is now officially signed with security protocol DNSSEC, now comes development, penetration-testing of DNSSEC Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Ru... 'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks Breaches Down, Insider Attacks Up, Verizon Business/Secret Service Study Says PCI compliance, saturation of black market may be driving decline in number of records compromised by hackers, forensic investigators say Sourcefire Rolls Out Open-Source 'Razorback' New platform aimed at better detecting and defending against advanced, targeted attacks Third-Party Content Could Threaten Websites, Study Says Widgets, ads, and applications provided by third parties could give hackers a way into corporate websites, Dasient warns One Breach = $1 Million To $53 Million In Damages Per Year, Report Says New Ponemon Institute studies real attack cases and their financial fallout; new Digital Forensics Association report tallies public breach data over five years Tech Insight: How To Cut Security Costs Without A Lot Of Pain Everything from trading costly training for local conferences to outsourcing some security tasks can save money --- as long as you carefully consider the options Cybercrime Gets Social Cybercriminals look to exploit social networks, games, and other distractions at work, Cisco research says Tokens A Tempting Option For Securing Cardholder Data Tokenization may be the PCI Holy Grail, but the search for it may be just as circuitous Microsoft Launches 'Coordinated' Vulnerability Disclosure Program Abandons controversial term "responsible disclosure," supports public disclosure of unpatched bug details when attacks hit Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut New survey shows value IT security professionals place on job security, training, quality of life Business Continuity News Business continuity and disaster recovery news from around the world. Provided by Continuity Central, the international business continuity news and information portal. Is pandemic planning now a laughing stock? Full results of the recent Continu... Includes a useful overview of the current state of pandemic planning. National Flood Emergency Framework for England published A new framework document has been published which provides information and planning assumptions to inform and encourage contingency planning in England. DMTF releases new Open Cloud Standards Incubator documents 'Use Cases and Interactions for Managing Clouds' and 'Architecture for Managing Clouds'. Post-flood safety and recovery tips Useful checklist from the Institute for Business and Home Safety. "Don't cut flood defence spending" : ABI tells UK government The ABI has warned that as climate change increases flood risk, the coalition government must make investment in flood defences a priority despite the squeeze on spending. VMworld 2010 VMware has announced that VMworld 2010 makes its return to San Francisco Aug. 30 through Sept. 2 at Moscone Center and will also be held Oct. 12-14 at The Bella Center in Copenhagen Business continuity briefs Short news pieces. RSS by CARP |