turvallisuus.org


Anna muutama minuutti ajastasi vaikutuksiltaan suurimman riskin ehkäisemiselle!


Digitoday / Tietoturva
Digitoday - uusimmat uutisotsikot ICT-alalta

Uusi nettivedätys kärsii identiteettikriisistä
Uusi scareware-huijaus yrittää teeskennellä yhtä aikaa Firefox-selainta ja Flash Player -soitinta.
Google selvisi wlan-urkinnasta moitteilla Britanniassa
Ison-Britannian tietosuojavaltuutettu tyytyy toistaiseksi vain moittimaan Googlea wlan-vakoilusta.
Viisi syytä hylätä Facebook-ystäväkutsu
Facebookissa sinua ystäväksi pyytävä ei aina ole se tyyppi, jonka tunnet ala-asteesta asti. Ystäväpyyntöjä tulee myös ihmisiltä, joiden nimeä et ole koskaan kuuluut ja jonka profiilikuvassa oleva naama on täysin tuntematon. Associated Content -julkaisu listaa viisi syytä olla hyväksymättä ventovieraan ystäväpyyntöä.
IBM korjasi Lotus Notesin vakavia tietoturva-aukkoja
IBM korjasi useita vakavia haavoittuvuuksia Lotus Notes -sähköpostiohjelmistostaan. Ongelmat liittyvät liitetiedostojen käsittelyyn.
Kuuluisa hakkeri jäi toiseksi suomalaiselle
Laajasti seurattu Black Hat -tietoturvatapaaminen sai suomalaistähden keskiviikkona, kun Sami Koivu nappasi haavoittuvuuspalkinnon tunnetun hakkerin nenän edestä.
Suosittu kännykkäsovellus kopioi sms-viestit Kiinaan
Tietoturvafirma havaitsi epäilyttävän Android-sovelluksen, joka on ladattu mahdollisesti miljoonia kertoja. Sovellus kerää puhelimesta tietoja ja lähettää ne Kiinaan, VentureBeat raportoi.
Tutkija levittää sadan miljoonan Facebook-käyttäjän tietoja
Noin sadan miljoonan Facebook-käyttäjän tietoja sisältävä tiedosto leviää netissä. Tiedot yhteen paikkaan keränneen ja julkaisseen tietoturva-asiantuntijan mukaan tempauksella on tarkoitus kiinnittää huomiota palvelun yksityisyydensuojaa koskeviin ongelmiin.
Jättimäisen bottiverkon perustaja pidätettiin Sloveniassa
FBI pidätti etsityn krakkerin, joka on vastuussa ehkä jopa 12 miljoonan tietokoneen saastuttamisesta, BBC kertoo.
Sophos kehitti pikapaikkauksen Windowsin aukkoon
Uusien haittaohjelmien lisäksi verkkoon virtaa myös uusia entistä kätevämpiä työkaluja Microsoftin lnk-haavoittuvuuden tilapäistä korjaamista varten.
Google kiersi Windows-aukkoa selainpäivityksellä
Google on julkistanut Chrome-selaimestaan uuden version, joka paikkaa seitsemän tietoturva-aukkoa. Kaksi paikkauksista auttaa kiertämään Windows-käyttöjärjestelmän kriittisiä aukkoja.
Haittaohjelma naamioitiin Microsoftin paikkaukseksi
Windowsin pikakuvakeaukkoon hyökkäävät haittaohjelmat lisääntyvät. F-Secure mainitsee uusimpina tulokkaina muualta tutut vitsaukset nimeltä Sality ja Zeus.
Firefoxin paikkaus aiheutti kriittisen haavoittuvuuden
Mozilla joutui jälleen korjaamaan Firefox-selaintaan pian versiopäivityksen jälkeen. Selaimeen syntyi kriittinen haavoittuvuus viime viikon suurpäivityksen jäljiltä.
Rikolliset onkivat WoW-pelaajien tilitietoja
Tietoturvayhtiöt varoittavat uusista huijauksista, joilla metsästetään World of Warcraft -pelaajien tilitietoja.
Britannia hakee tietoturvan tulevia kykyjä kilpailulla
Britanniassa haetaan kansallisella kilpailulla uusia lahjakkuuksia tietoturva-alalle. Omia taitojaan voi testata verkosta löytyvällä mallitehtävällä.
Wikileaks paljasti Afganistanin siviilikuolemia
Kiistelty informaatiosivusto Wikileaks julkaisi 90 000 salaista raporttia Afganistanin sodasta. Tiedot tuovat esiin aiemmin tuntemattomia tapauksia, joissa Naton operaatio aiheutti siviiliuhreja.

Schneier on Security
A blog covering security and security technology.

Doomsday Shelters
Selling fear: The Vivos network, which offers partial ownerships similar to a timeshare in underground shelter communities, is one of several ventures touting escape from a surface-level calamity. Radius Engineering in Terrell, Texas, has built underground shelters for more than three decades, and business has never been better, says Walton McCarthy, company president. The company sells fiberglass shelters that can...
Hacking ATMs
Hacking ATMs to spit out money, demonstrated at the Black Hat conference: The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system's remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the...
Security Vulnerabilities of Smart Electricity Meters
"Who controls the off switch?" by Ross Anderson and Shailendra Fuloria. Abstract: We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay...
DNSSEC Root Key Split Among Seven People
The DNSSEC root key has been divided among seven people: Part of ICANN's security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and "signed" (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate...
Pork-Filled Counter-Islamic Bomb Device
Okay, this is just weird: Mark S. Price, a specialist in public security, and his privately held company, Paradise Lost Antiterrorism Network of America (www.plan-a.us), have recently applied to the United States Patent and Trademark Office for a Utility Patent on their Suicide Bomb Deterrent, a security device designed, manufactured and distributed by PLAN-A. This device has been designed to...
WPA Cracking in the Cloud
It's a service: The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more ?premium? price of $35,...
1921 Book on Profiling
Here's a book from 1921 on how to profile people....
Technology is Making Life Harder for Spies
An article from The Economist makes a point that I have been thinking about for a while: the modern technology makes life harder for spies, not easier. It used to be the technology favored spycraft -- think James Bond gadgets -- but more and more, technology favors spycatchers. The ubiquitous collection of personal data makes it harder to maintain a...
Friday Squid Blogging: Squidbillies
Where do these TV shows come from? Follows the adventures of the Cuylers, an impoverished and dysfunctional family of anthropomorphic, air-breathing, redneck squids who live in a rural Appalachian community in the US state of Georgia....
The Washington Post on the U.S. Intelligence Industry
The Washington Post has published a phenomenal piece of investigative journalism: a long, detailed, and very interesting expose on the U.S. intelligence industry (overall website; parts 1, 2, and 3; blog; Washington reactions; top 10 revelations; many many many blog comments and reactions; and so on). It's a truly excellent piece of investigative journalism. Pity people don't care much about...
Internet Worm Targets SCADA
Stuxnet is a new Internet worm that specifically targets Siemens WinCC SCADA systems: used to control production at industrial plants such as oil rigs, refineries, electronics production, and so on. The worm seems to uploads plant info (schematics and production information) to an external website. Moreover, owners of these SCADA systems cannot change the default password because it would cause...
More Research on the Effectiveness of Terrorist Profiling
Interesting: The use of profiling by ethnicity or nationality to trigger secondary security screening is a controversial social and political issue. Overlooked is the question of whether such actuarial methods are in fact mathematically justified, even under the most idealized assumptions of completely accurate prior probabilities, and secondary screenings concentrated on the highest-probablity individuals. We show here that strong profiling...

The Register - Security
Biting the hand that feeds IT

MS preps emergency patch for Windows shortcut peril
Attacks on rise

Warning of an uptick in attacks, Microsoft plans to issue an emergency update to patch a critical Windows vulnerability that hackers are exploiting to seize control of PCs.?


Futurologist defends 'malevolent dust' warning
Dust up over supposed evil particles

A futurologist has defended his controversial warning that "smart dust" is liable to become a future information stealing threat.?


Delegate hacks into Black Hat streaming video
What happens in Vegas...

Security shortcomings in Black Hat's newly established streaming media service allowed a security consultant to hack into the system and see presentations for free.?


Cyber Security Challenge winner announced
Quickest crypto off the mark

The UK's Cyber Security Challenge has announced the winner of its prologue crypto puzzle, as well as the solution - for anyone still struggling to find an answer.?

Free On-Demand Webcast - Virtualizing the Hard Stuff


UK.gov sticks to IE 6 cos it's more 'cost effective', innit
Stunned web developers die a little inside

Computers in Whitehall will largely continue to run Microsoft?s Internet Explorer 6, which will make web coders spit out their cheese?n?pickle sarnies this lunchtime.?


Fake Firefox update used to sling scareware
Watch where you click

Online con artists have developed a strain of scareware that poses as a Firefox update.?


Beware the blizzard of torrents of Starcraft 2
Expense accounts

Starcraft 2 was released this week and at the hefty RRP of £45. Many games sites are hopping mad at this, although typically retailers are selling Blizzard's strategy game at £10 less than RRP.?


'Suspicious' Android wallpaper app nabs user data
Up to 4 million downloads

An Android wallpaper application that collected data from users' phones and uploaded it to a site in China was downloaded "millions of times", according to mobile security firm Lookout.?


Data for 100m Facebook accounts published to BitTorrent
Forever is a mighty long time

Underscoring the permanence of data published on the internet, a security researcher has compiled the names and URLs of more than 100 million Facebook users and made them available as a BitTorrent download.?


Fog of cyberwar: internet always favors the offense
The Poland of international conflict

Black Hat Fighting wars that target computer networks is fraught with risks that don't exist in traditional warfare, raising the stakes for future conflicts, a retired US general told security professionals Thursday.?


Data breaches blamed on organised crime
Hackers feast on financial sector security mistakes

Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data.?


Turkish pranksters load Facebook Translate with swears
The rudeness of crowds

Facebook's attempts to crowdsource translations have gone awry in Turkey.?


Cell phone eavesdropping enters script-kiddie phase
Get your GSM snooping tools here

Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world's most widely deployed mobile technology.?


NoScript 2.0 beefs border patrol
'Saves your router's ass'

NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites.?


Armed with exploits, ATM hacker hits the jackpot
'Game over' vulns spew cash on demand

Black Hat A startling percentage of the world's automated teller machines are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers to say nothing of huge amounts of cash, a security researcher said Wednesday.?

Free On-Demand Webcast - Virtualizing the Hard Stuff



NIST IT Security : News
IT security news updated throughout the day. Focusing on risk mitigation and compliance issues; data encryption, NIST FIPS and SP 800 requirements, FISMA, HSPD-12, Federal Government Policies, Procedures, Guidelines, PIV II, A-130, HIPAA, NIST Publications, Sarbanes-Oxley and POA M reporting. Featuring a compliance forum, requirements whitepapers, downloads, anti-virus information, NIST - IT Security Compliance and vulnerabilities, general security information and tips.

NIST Computer Security Division Released Special Publication 800-38E
This publication approves the XTS-AES mode of the AES algorithm for data on storage devices.
DRAFT Special Publication 800-37 Revision 1 Available
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
News Blog: "Mass Panic! The iPhone Has a Vulnerability"
Researchers at the Black Hat security conference on Thursday showed an iPhone security flaw which exploits a weakness in SMS text messaging to take control of the device.
First ZeroDay Exploit Hits Firefox
The Mozilla Firefox browser experiences it`s first ever Zeroday exploit. (Fixed)
"FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Re...
FoxNews is reporting that a Hacker is attempting extort $10 million from the State of Virginia
Free Online Antivirus, Spyware, and Firewall Scanners Review
So many people have asked for our help with infected computers that we put together this review of free online malware scanners.
Conflicker Worm / Botnet Downloads Mystery Payload ? April 9th update
Conflicker updates its self to include a keylogger and tools to find passwords and finanacial data.
Conflicker Worm - April Fools Day Likely To Make Fools Out Of Us Either Way
The "Conflicker" worm is set to trigger on April 1st. We provide the basic links you need to be prepared or to remove it.
ESET NOD32 False Positive for Kryptik.JX Causing Problems
NOD32 virus version 3918 is quarantining important Windows files

Infosec Writers Latest Security Papers
Papers submitted by security professionals are published on the site and archived for readers. Categories include cryptography, E-mail security, exploitation, firewalls, forensics, honeypots, IDS, malware & wireless security.

Experimental Review of IPSec Features to Enhance IP Security
Shilpa Nandamuri writes this paper that discusses IPSEC, how it works and touches on IKE, AHs and ESP for those not familair with it.
Cloud Computing – Storm Clouds or is it Smooth Flying?
Cary Whitaker writes about the concerns of Cloud Computing and gives some great reasons to take it seriously.
The Evolving World of Computer Security and Laws
Jashua Garris writes about Information Security and laws, citing specific cases to demonstrate the importance of a solid security program.
Web Access Management and Single Sign-On
Dale Huggins takes a look at Single Sign On solutions for web aaplications.
Reverse Honey Trap
Aditya Sood and Rohit Bansal contribute with this great paper that looks into striking inside antivirus engines and analyzers.
The Phishing Guide
A comprehensive paper on a newer information security threat known as Phishing.
Shedding Light on Quantum Cryptography
Curby Simerson submits this paper on the introduction to Quantum Cryptography.
Securing a Virtual Environment
In this paper, written by Brian Fowler, we will take a look at exactly what virtualization is, as it is applies to servers and desktops. Through this we will learn of the various problem and vulnerabilities that virtualization will cause.
Investigating the SANS/CWE Top 25 Most Dangerous Programming Errors List
Fred Williams submits this paper on 25 of the most dangerous programming erros and will provide education to software developers, testers and project management that will lead to more secure software for the most sensitive customer facing web applications.
Hacking Tools & Techniques and How to Protect Your Network from Them
Aaron Sigmon submits his research paper on Hacking Tools & Techniques and How to Protect Your Network from Them.

SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

News: Change in Focus
Change in Focus
News: Twitter attacker had proper credentials
Twitter attacker had proper credentials
News: PhotoDNA scans images for child abuse
PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Conficker data highlights infected networks
Conficker data highlights infected networks
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
Brief: Cyberattacks from U.S. "greatest concern"
Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Microsoft patches as fraudsters target IE flaw
Microsoft patches as fraudsters target IE flaw
Brief: Attack on IE 0-day refined by researchers
Attack on IE 0-day refined by researchers
News: Monster botnet held 800,000 people's details
Monster botnet held 800,000 people's details

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Google: 'no timetable' on China talks
Google: 'no timetable' on China talks
News: Latvian hacker tweets hard on banking whistle
Latvian hacker tweets hard on banking whistle
News: MS uses court order to take out Waledac botnet
MS uses court order to take out Waledac botnet

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One
Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack
Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

DarkReading - All Stories
DarkReading

Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher ...
Careful study of malware can help experts recognize its source and protect against it, Black Hat researcher says
Black Hat USA 2010: Complete Coverage
A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Law Vegas
Predicted Fallout Following WikiLeaks Video
Government agencies could become all the more secretive, says Gartner VP
ATMs At Risk, Researcher Warns At Black Hat
Researcher demonstrates remote and local exploits that could compromise popular bank machines
Internet Infrastructure Reaches Long-Awaited Security Milestone
The DNS root is now officially signed with security protocol DNSSEC, now comes development, penetration-testing of DNSSEC
Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Ru...
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks
Breaches Down, Insider Attacks Up, Verizon Business/Secret Service Study Says
PCI compliance, saturation of black market may be driving decline in number of records compromised by hackers, forensic investigators say
Sourcefire Rolls Out Open-Source 'Razorback'
New platform aimed at better detecting and defending against advanced, targeted attacks
Third-Party Content Could Threaten Websites, Study Says
Widgets, ads, and applications provided by third parties could give hackers a way into corporate websites, Dasient warns
One Breach = $1 Million To $53 Million In Damages Per Year, Report Says
New Ponemon Institute studies real attack cases and their financial fallout; new Digital Forensics Association report tallies public breach data over five years
Tech Insight: How To Cut Security Costs Without A Lot Of Pain
Everything from trading costly training for local conferences to outsourcing some security tasks can save money --- as long as you carefully consider the options
Cybercrime Gets Social
Cybercriminals look to exploit social networks, games, and other distractions at work, Cisco research says
Tokens A Tempting Option For Securing Cardholder Data
Tokenization may be the PCI Holy Grail, but the search for it may be just as circuitous
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
Abandons controversial term "responsible disclosure," supports public disclosure of unpatched bug details when attacks hit
Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut
New survey shows value IT security professionals place on job security, training, quality of life

Business Continuity News
Business continuity and disaster recovery news from around the world. Provided by Continuity Central, the international business continuity news and information portal.

Is pandemic planning now a laughing stock? Full results of the recent Continu...
Includes a useful overview of the current state of pandemic planning.
National Flood Emergency Framework for England published
A new framework document has been published which provides information and planning assumptions to inform and encourage contingency planning in England.
DMTF releases new Open Cloud Standards Incubator documents
'Use Cases and Interactions for Managing Clouds' and 'Architecture for Managing Clouds'.
Post-flood safety and recovery tips
Useful checklist from the Institute for Business and Home Safety.
"Don't cut flood defence spending" : ABI tells UK government
The ABI has warned that as climate change increases flood risk, the coalition government must make investment in flood defences a priority despite the squeeze on spending.
VMworld 2010
VMware has announced that VMworld 2010 makes its return to San Francisco Aug. 30 through Sept. 2 at Moscone Center and will also be held Oct. 12-14 at The Bella Center in Copenhagen
Business continuity briefs
Short news pieces.

RSS by CARP