turvallisuus.org


Anna muutama minuutti ajastasi vaikutuksiltaan suurimman riskin ehkäisemiselle!


Digitoday / Tietoturva
Digitoday - uusimmat uutisotsikot ICT-alalta

Android-puhelimesta löytyi ”ennennäkemätön” turva-aukko
Älypuhelinvalmistaja ZTE on myöntänyt turva-aukon yhdessä myynnissä olevassa mallissaan. Tietoturvatutkijoiden mukaan aukko altistaa puhelimen tiedot ulkopuolisille.
Twitter uskoo älä seuraa -kehotusta
Mikroblogipalvelu Twitter ilmoitti torstaina, että se noudattaa käyttäjän pyyntöä eikä seuraa tämän liikkeitä netissä.
Presidentille sakkoja Facebook-viestistä
Taiwanin juuri uudelleen valittu presidentti on tuomittu 500 000 Taiwanin dollarin, 13 300 euron sakkoihin Facebook-viestistä.
Pirate Bay lyötiin nurin
Juuri palvelunestohyökkäykset tuominnut The Pirate Bay joutui itse hyökkäyksen kohteeksi, TorrentFreak kertoo.
Diablo III kaatoi palvelimia, herätti huijarit
Pitkän odotuksen jälkeen ilmestynyt videopeli sai pelaajat ryntäämään Blizzardin palvelimille. Pelit jäivät monilla lyhyeen.
Facebook-tili pysyy salassa Kaliforniassa
Kaliforniasta on tulossa Yhdysvaltain toinen osavaltio, joka kieltää työnantajia vaatimasta pääsyä muiden Facebook-tileille.
Norja pidätti teinejä verkkoiskuista
Kaksi teiniä saattoi olla Soca-iskun ja useiden muiden verkkohyökkäyksien takana.
Twitter suojelee mielenosoittajan tietoja
Yhteisöpalvelu Twitter ei suostu tällä kertaa luovuttamaan käyttäjän tietoja poliisille, vaan yrittää kumota siihen velvoittavan oikeuden päätöksen.
Microsoft siivoaa Duqun jälkiä
Toukokuun kiireellisin Microsoft-päivitys on varsinainen ohjelmistojen ja haavoittuvuuksien tilkkutäkki.
55 000 Twitter-tiliä vuoti nettiin
Twitter-hakkeri julkisti tuhansia tilejä maanantaina. Pastebinin sivuille vuodettiin kaikkiaan 55 000 tiliä, mutta Twitterin edustajien mukaan vuoto koski huomattavasti pienempää joukkoa.
Moni pelkää Facebookin aikajanaa – eikä tee mitään
Facebookin aikajana pelottaa, mutta käyttäjät eivät joko viitsi tai osaa tehdä asialle mitään, Webroot selvitti ZDNetin mukaan.
Lisäklikkaus suojaa lukuisilta verkkovaaroilta
Paremman tietoturvan hinta on muutama lisäklikkaus internetiä selatessa. Firefoxiin tuleva uudistus jakaa mielipiteitä.
FBI haluaa ison takaoven sosiaalisen median sisältöön
Yhdysvaltain liittovaltion poliisi FBI pyytää internetyhtiöiltä, että ne eivät vastusta pakollista takaovea sosiaalisen median viestintämenetelmiin.
Rikolliset vaanivat Flash Playerin kolossa
Adobe kehottaa paikkaamaan Flash Playerin nopeasti. Toisto-ohjelmiston haavoittuvuuteen hyökätään jo.
Viattomat kommentit laukaisivat Facebookin spammiansan
Facebook meni epähuomiossa estämään tunnetun teknologiakirjoittajan kommentin yhteisöpalvelussa.

Schneier on Security
A blog covering security and security technology.

Friday Squid Blogging: Squid Scalp Massager
Cheap! As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Kip Hawley Reviews Liars and Outliers
In his blog: I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For...
Cybersecurity at the Doctor's Office
I like this essay because it nicely illustrates the security mindset....
Rules for Radicals
It was written in 1971, but this still seems like a cool book: For an elementary illustration of tactics, take parts of your face as the point of reference; your eyes, your ears, and your nose. First the eyes: if you have organized a vast, mass-based people's organization, you can parade it visibly before the enemy and openly show your...
USB Drives and Wax Seals
Need some pre-industrial security for your USB drive? How about a wax seal? Neat, but I recommend combining it with encryption for even more security!...
Security Vulnerabilities in Airport Full-Body Scanners
According to a report from the DHS Office of Inspector General: Federal investigators "identified vulnerabilities in the screening process" at domestic airports using so-called "full body scanners," according to a classified internal Department of Homeland Security report. EPIC obtained an unclassified version of the report in a FOIA response. Here's the summary....
U.S. Exports Terrorism Fears
To New Zealand: United States Secretary of Homeland Security Janet Napolitano has warned the New Zealand Government about the latest terrorist threat known as "body bombers." [...] "Do we have specific credible evidence of a [body bomb] threat today? I would not say that we do, however, the importance is that we all lean forward." Why the headline of this...
The Trouble with Airport Profiling
Why do otherwise rational people think it's a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: "Muslims, or anyone who...
Friday Squid Blogging: New Book on Squid
Kraken: The Curious, Exciting, and Slightly Disturbing Science of Squid. And a review. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Smart Phone Privacy App
MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows [...] Unlike PCs, we have little control over the underlying privacy and security...
Security Fail
Funny....
RuggedCom Inserts Backdoor into Its Products
All RuggedCom equipment comes with a built-in backdoor: The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, "factory," that was assigned by the vendor and can't be...

The Register - Security
Biting the hand that feeds IT

Apache OpenOffice security fixes emerge
Under new management: First revamp passes one million downloads

Details have emerged about the security fixes that came bundled with Apache OpenOffice 3.4.0, the latest version of the open-source productivity suite.?


Call of Duty hacker jailed after meatspace burglary
18 months' porridge for banking malware-spreader

A Brit who distributed a Trojan horse that posed as a patch for popular shoot-em-up game Call of Duty has been jailed for 18 months.?


UK prosecutions for hacking appear to be be dropping
But plenty of caveats apply

The number of prosecutions under the UK's computer hacking laws may have declined over recent years, according to the latest available government figures.?


Atlassian warns of critical security flaw
Confluence customers urged to upgrade

Atlassian has warned of a critical security flaw in its Confluence product.?


Anonymous turns its DDoS cannons on India
Takes out government, court and political party sites

Hacktivist collective Anonymous has turned its attention to India, taking down the web sites of the Supreme Court, the country?s two major political parties and several government sites in retaliation for a court injunction which led to the blocking of several video sharing and bit torrent sites.?


Governments may hit social networks with cyber attacks
Arab Spring alerted governments to power of Facebook, Twitter et al

Social networking operators like Facebook and Twitter need to consider themselves much more vulnerable to attacks ? not because they are more vulnerable or more attractive to criminals than previously, but because states are now actors in security threats.?


Seeing ads on Wikipedia? Then you're infected
Click fraudsters are milking you for cash

Surfers who see ads when they visit Wikipedia are likely infected with malware, the online encyclopedia warns.?


Council fined £70k after burglars nick vulnerable kids' files
Second data law breach in two years

The UK's privacy watchdog has fined the London Borough of Barnet £70k ($111k) after the local authority lost extremely sensitive information about young children for the second time in two years.?


UK man to spend year in the clink for Facebook account hack
21-year-old admitted breaking into US victim's profile

A British man has been jailed for a year after hacking into the Facebook account of a US citizen.?


Off-the-shelf forensics tool slurps iPhone data via iCloud
Cops don't need your actual phone any more

ElcomSoft has updated its mobile forensics software to include the ability to retrieve online backups from Apple iCloud storage.?


Hong Kong CERT wants bigger team to tackle cyber threats
Region's multinationals a big target for hackers

Hong Kong?s Computer Emergency Response Team (HKCERT) has called for more resources to help it step up attempts to proactively monitor and deal with attacks on organisations in the special administrative region (SAR) of China.?


AWS CISO needs permission to visit his data centres
He doesn't mind and you shouldn't either because they're not that interesting

Amazon Web Services' General Manager and Chief Information Security Officer Stephen E. Schmidt is not allowed to make unannounced visits to the company's data centres.?


Vixie warns: DNS Changer ?blackouts? inevitable
Father of BIND fears ISP crisis in July

Ridding the world of the DNS Changer is proving a long, slow process that won?t be accomplished by July 9, when the court orders granted to the FBI expire and infected users suffer their inevitable blackout.?


Google unleashes Chrome 19, flattens 20 bugs
Hot fuzz spawns QuickTime patch

Google released a major update to its Chrome browser on Tuesday that tackles 20 security vulnerabilities, eight of which are classified as high-risk bugs.?


'Catastrophic' Avira antivirus update bricks Windows PCs
rundll32.exe? cmd.exe? You clearly don't need those

Security software biz Avira has apologised after its antivirus suites went haywire and disabled customers' Windows machines.?




[CaRP] XML error: no element found at line 53 -

Infosec Writers Latest Security Papers
Papers submitted by security professionals are published on the site and archived for readers. Categories include cryptography, E-mail security, exploitation, firewalls, forensics, honeypots, IDS, malware & wireless security.

Internet Acceptable Use Policies: Drawing the line
Raymond Pitzen submits this paper on Acceptable Use Policies and things to consider when creating your own.
Securing Amazon Web Services (AWS) and Simple Storage Service (Amazon S3) Sec...
David Borland submits this paper on Amazon AWS security basics. A very good overvie wif you are considering Amazon as a cloud provider and want to know more about the security they provide.
Getting maximum value from Penetration Testing
This vendor provided paper is a little different from most papers on Penetration Testing, in that it takes a holistic approach to the subject matter, and discusses both the strengths and weaknesses of Penetration Testing, and attempts to inform the reader in such a way as to empower them to extract maximum value from the exercise (whether they are doing it themselves or paying some external firm to).
Old School Newbie Guide circa 2000
This is a flashback paper written by the founder and creator of SWG, our original site. Later it changed ownership and direction and became ISW. To those that remember Raven, enjoy! This is in celebration of our 10 year anniversary at ISW!
Analysis of Malicious Software Infections
Kenneth Davis submits this paper on a study of Malicious Softwares. He discussed the threats and ways to help mitigate the risks associated.
Malware in Information Security
Jared Dukes submits this paper on Malware. He discusses the history of Malware as well as reasons one could become infected.
DoS! Denial of Service
Kevin Hattingh submits this educational paper on DoS. He includes a dmonstration as well as how it is being used in modern day attacks.
An Analysis of the IDS Penetration Tool: Metasploit
Josh Marquez writes this introductory paper on Metasploit.
Experimental Review of IPSec Features to Enhance IP Security
Shilpa Nandamuri writes this paper that discusses IPSEC, how it works and touches on IKE, AHs and ESP for those not familair with it.
Cloud Computing – Storm Clouds or is it Smooth Flying?
Cary Whitaker writes about the concerns of Cloud Computing and gives some great reasons to take it seriously.

SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

News: Change in Focus
Change in Focus
News: Twitter attacker had proper credentials
Twitter attacker had proper credentials
News: PhotoDNA scans images for child abuse
PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Conficker data highlights infected networks
Conficker data highlights infected networks
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
Brief: Cyberattacks from U.S. "greatest concern"
Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Microsoft patches as fraudsters target IE flaw
Microsoft patches as fraudsters target IE flaw
Brief: Attack on IE 0-day refined by researchers
Attack on IE 0-day refined by researchers
News: Monster botnet held 800,000 people's details
Monster botnet held 800,000 people's details

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Google: 'no timetable' on China talks
Google: 'no timetable' on China talks
News: Latvian hacker tweets hard on banking whistle
Latvian hacker tweets hard on banking whistle
News: MS uses court order to take out Waledac botnet
MS uses court order to take out Waledac botnet

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One
Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack
Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909




Business Continuity News
Business continuity and disaster recovery news from around the world. Provided by Continuity Central, the international business continuity news and information portal.

How to exercise your crisis management team
Chris MacArthur, CBCP, MBCI, provides practical advice based on his experience in this area.
Are you prepared for the UK's special summer?
With 2012 being a bumper year for major sporting and public events in the UK, Thomas Puschnik, Zurich UK's Head of Business Continuity Management Europe, believes it is still not too late to get your organization in shape.
Dealing with downtime
US organizations are turning to the cloud for IT continuity.
2012 SMB Disaster Preparedness Survey results
Symantec Corp. has published the findings of its 2012 SMB Disaster Preparedness Survey.
'How Boards and Senior Executives Are Managing Cyber Risk'
An in-depth report from Carnegie Mellon University's CyLab.
DHS schedules PS-Prep program webinar
May 31 webinar will focus on AT+T's certification experience.
Business continuity briefs
Short news pieces.

RSS by CARP