turvallisuus.org


Anna muutama minuutti ajastasi vaikutuksiltaan suurimman riskin ehkäisemiselle!


Digitoday / Tietoturva
Digitoday - uusimmat uutisotsikot ICT-alalta

Einstein lukisi sähköpostit kyberhyökkäyksien varalta
Yhdysvaltain valtionhallinnon tietoverkkojen suojelemiseksi rakennettu järjestelmä kärsii teknisistä ongelmista ja yksityisyyden suojaan liittyvistä epäselvyyksistä. Näin arvioivat useat nykyiset ja entiset turvallisuusasiantuntijat talouslehti Wall Street Journalille.
Kiinan nettisuodatus ei koske Applea?
Saako Apple keinotekoisen kilpailuedun Kiinan tietokonemarkkinoilla? Sensuuriohjelmiston jakelupakko ei ilmeisesti koske yhtiötä.
Michael Jackson -huijaukset kovassa kasvussa
Poptähti Michael Jacksonin kuolema synnytti verkkohuijausten aallon, joka ei ole laantumassa vielä viikko suru-uutisen jälkeenkään.
Tutkija hoksasi sms-aukon iPhonesta
Apple-piireissä suuret kannukset kasvattanut tietoturvatutkija Charlie Miller löysi iPhone-puhelimesta potentiaalisesti kriittisen haavoittuvuuden.
Häkämies suosittaa kyberpuolustusta Naton kanssa
Puolustusministeri Jyri Häkämies (kok.) näkisi Suomen mieluusti Naton kumppanina verkkopuolustuksessa.
Basware ostaa australialaisen TAG Servicesin
Ohjelmistoyhtiö Basware ostaa australialaisen TAG Services-yhtiön, joka on toiminut Baswaren jälleenmyyjänä ja tarjoaa asiakkailleen Baswaren hankinnasta maksuun -ratkaisuja.
Kiina otti aikalisän vihreän padon vaatimuksessa
Kiinan hallitus ilmoitti viime hetkellä, ettei sen kaikkiin tietokoneisiin vaatimaa suodatusohjelmaa tarvitse ottaa käyttöön vielä tänään.
Poliisi selvittää Guangdong Telecomin katkosta
Kiinan eteläinen, rikas maakunta Guangdong kärsi laajasta internetin kaatumisesta viime viikolla. Kahden tunnin katkos näkyi netin hidasteluna ympäri maata aina Chengdussa ja Shanghaissa asti.
Äly leviää sähköverkkoon
Euroopan sähkönkulutusta mitataan älykkäillä sähkömittareilla yhä useammin. Vuoteen 2014 mennessä älymittareiden määrän ennustetaan nousevan lähes sataan miljoonaan.
Sensuurisofta kirvoitti viime hetken vetoomuksen
Merkittävät teknologiayritykset, kuten pc-valmistajat, vetoavat vielä Kiinan ylimpään johtoon, jotta sensuuriohjelmistoa ei pakotettaisi tietokoneiden mukaan huomisesta lukien.
Maksukortti on helppo kopioida
Magneettijuovakorttien kopiointi on yleistynyt Euroopassa, rikospoliisi varoittaa sanomalehti Kalevassa. Helsingissä sijaitseva pitseria onnistui parin kuukauden aikana saalistamaan korttimaksajilta 50 000 euroa.
Sormenjälkipasseja jonotettiin
Uusilla, myös digitaaliset sormenjäljet sisältävä passi on suosittu. Aikaisemmin passin siruun on jo tallennettu digitaalinen kasvokuva. Passin hakijoita riitti jonoksi asti maanantaina, jolloin poliisi aloitti uusien passien myöntämisen.
Finnairia kiristetään nettipornolla
Finnair on saanut riesakseen lentoyhtiön verkkosivuja matkivat huijarit, jotka yrittävät kiristää yhtiötä hankkimaan kuluttajia hämääviä verkkotunnuksia.
F-Secure odottaa Obamalta paljon
F-Secure kiittää Barack Obaman merkittävää kyberturvallisuuspuhetta ja -aloitetta uusimmassa tietoturvakatsauksessaan.
Hovioikeus: Pirate Bay ei saa uusintaoikeudenkäyntiä
Ruotsin hovioikeuden mukaan käräjäoikeuden tuomari Tomas Norström ei ollut puolueellinen, eikä Pirate Bay saa uutta oikeudenkäyntiä. Pirate Bayn ylläpitäjät harkitsevat vetoamista EU:n ihmisoikeustuomioistuimeen.

Schneier on Security
A blog covering security and security technology.

Friday Squid Blogging: Office Squid
Office squid....
The Pros and Cons of Password Masking
Usability guru Jakob Nielsen opened up a can of worms when he made the case for unmasking passwords in his blog. I chimed in that I agreed. Almost 165 comments on my blog (and several articles, essays, and many other blog posts) later, the consensus is that we were wrong. I was certainly too glib. Like any security countermeasure, password...
The Insecurity of Secrecy
Good essay -- "The Staggering Cost of Playing it 'Safe'" -- about the political motivations for terrorist security policy. Senator Barbara Boxer has led an effort to at least put together a public database of ash storage sites so that people can judge the risk to the areas where they live. However, even this effort has been blocked not by...
Information Leakage from Keypads
Can anyone guess the entry codes for these door locks? There are 10,000 possible four-digit codes, but you only have to try 24 on these keypads. The first is most likely 1986 or 1968. The second is almost certainly 1234....
More Security Countermeasures from the Natural World
The plant caladium steudneriifolium pretends to be ill so mining moths won't eat it. She believes that the plant essentially fakes being ill, producing variegated leaves that mimic those that have already been damaged by mining moth larvae. That deters the moths from laying any further larvae on the leaves, as the insects assume the previous caterpillars have already eaten...
MD6 Withdrawn from SHA-3 Competition
In other SHA-3 news, Ron Rivest seems to have withdrawn MD6 from the SHA-3 competition. From an e-mail to a NIST mailing list: We suggest that MD6 is not yet ready for the next SHA-3 round, and we also provide some suggestions for NIST as the contest moves forward. Basically, the issue is that in order for MD6 to be...
New Attack on AES
There's a new cryptanalytic attack on AES that is better than brute force: Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher...
Security, Group Size, and the Human Brain
If the size of your company grows past 150 people, it's time to get name badges. It's not that larger groups are somehow less secure, it's just that 150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationship with. Primatologist Robin Dunbar derived this number by comparing neocortex -- the "thinking"...
Cryptography Spam
I think this is a first. Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can...
Growth of the CSE
The Communication Security Establishment (CSE, basically Canada's NSA) is growing so fast they're running out of room and building new office buildings....
Anti-Stab Knife
I've already written about the risks of pointy knives. This no-stabbing knife is the solution, and seems not to be a joke. EDITED TO ADD (7/1): Some people have taken this blog post to imply that I am endorsing these knives. These are obviously not regular readers of mine. (For my part, I'm going to buy a very sharp and...
Protecting Against the Snatched Laptop Data Theft
Almost two years ago, I wrote about my strategy for encrypting my laptop. One of the things I said was: There are still two scenarios you aren't secure against, though. You're not secure against someone snatching your laptop out of your hands as you're typing away at the local coffee shop. And you're not secure against the authorities telling you...

The Register - Security
Biting the hand that feeds IT

McAfee false-positive glitch fells PCs worldwide
When AV attacks

IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files. In some cases, this caused the machines to display the dreaded blue screen of death.?

Case Study: WhatsUp keeps Legoland turnstyles ringing


Kentucky payroll phishing scam nets small fortune
Blue grass county hit by Trojan-fueled cybercrime

A gang of cybercrooks has made off with $415,000 from the coffers of Bullitt County, Kentucky following the conclusion of an elaborate phishing scam, The Washington Post reports.?


Latin Best Buy surfers sprayed by drive-by download malware
¡Ay, Caramba!

Hackers have invaded the Best Buy website to plant exploit code targeted at South and central American surfers.?


A practical guide to disaster recovery planning
Two papers for smaller businesses

Typically, vendor white papers are written with the ITDM or senior ITDM at a large company, in mind. [ITDM is industry jargon for "IT decision maker", since you ask.] People working at smaller companies are rather less well served, in quantity and quality. So today we focus our Reg Library selection on a couple of good papers aimed at small and medium-sized businesses.?

Case Study: WhatsUp keeps Legoland turnstyles ringing


Hackers crack ColdFusion
Drive-by download attack hits multiple hosts

Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations.?


Month Of Twitter Bugs exposes microblogging flaws
Making a hashtag of Web 2.0 security

The Month Of Twitter Bugs has begun with the publication of a flaw in a URL shortening service often used in conjunction with the microblogging service.?

Case Study: WhatsUp keeps Legoland turnstyles ringing


Gamer embezzles virtual cash to settle real debts
Eve Online banker does a runner

As if high-profile investment scandals and the economic downturn weren't bad enough here on Earth, now folks have to deal with it outside our galaxy. Virtually, at least.?


iPhone crashing bug could lead to serious exploit
More fun with SMS

Updated This story was updated to correct factual errors contained in an IDG News article that first reported the vulnerability.?

The power of collaboration within unified communications


Speculation mounts over AVG plans for OS X client
'Mac users have no antibodies'

AVG bosses aren't saying much, but there's new evidence the anti-virus maker is seriously considering building an application for the Mac.?


Boomerang attack against AES better than blind chance
Pesky algorithm not invulnerable

Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm.?


Spam levels bounce back after botnet takedown
Even botnets have backup now

Spam levels are returning to normal following the recent takedown of crime-friendly ISP 3FN, which temporarily interrupted the operation of a significant spam spewing botnet.?


China not demolishing Green Dam
Censorware not going anywhere after all

China's controversial mandatory censorware has only been delayed rather than abandoned, according to state media.?


Stealthy click fraud tool exploits 9ball attack
Meet the Keyser Soze of malware

Miscreants have developed one of most sophisticated click fraud malware applications to date.?

Offloading malware protection to the cloud


Feds: Hospital hacker's 'massive' DDoS averted
Arrest foils 'Devil's Day' scheme

The leader of a malicious hacker collective who used his job as a security guard to breach sensitive Texas hospital computers has been arrested just days before his group planned a "massive DDoS" attack for the July 4 Independence Day holiday.?


Jackson mass mailer adds to attack onslaught
More zombies than the Thriller video

Miscreants have created a Michael Jackson mass-mailing worm.?




[CaRP] XML error: Invalid document end at line 2 - Unknown document format.

Infosec Writers Latest Security Papers
Papers submitted by security professionals are published on the site and archived for readers. Categories include cryptography, E-mail security, exploitation, firewalls, forensics, honeypots, IDS, malware & wireless security.

Securing a Virtual Environment
In this paper, written by Brian Fowler, we will take a look at exactly what virtualization is, as it is applies to servers and desktops. Through this we will learn of the various problem and vulnerabilities that virtualization will cause.
Investigating the SANS/CWE Top 25 Most Dangerous Programming Errors List
Fred Williams submits this paper on 25 of the most dangerous programming erros and will provide education to software developers, testers and project management that will lead to more secure software for the most sensitive customer facing web applications.
Hacking Tools & Techniques and How to Protect Your Network from Them
Aaron Sigmon submits his research paper on Hacking Tools & Techniques and How to Protect Your Network from Them.
Computer Forensics: Breaking Down the 1’s and 0’s of Cyber Activity for Poten...
Joseph Coward submits this research paper on Computer Forensics and the the importance it now has in a digital world. It highlights how to identify, collect and perserve digital evidence.
Steps Involved in Exploiting a Buffer Overflow Vulnerability using a SEH Handler
Ronnie Johndas submits this paper on finding and exploiting a buffer overflow in an activex application.
Exploring Below the Surface of the GIFAR Iceberg
Ron Brandis presents his research and findings on GIFAR.
Anatomy of an XSS Attack
This submission by Russ McRee is a first-person narrative, written from the perspective of an attacker utilizing crosssite scripting (XSS) methodology combined with phishing.
Failed: Information Security and Data Protection in a Consumer Digital World
This paper, written by Rafal Los, focuses on the 5 main reasons why information security departments have failed, and will continue to fail to deliver the promise of 'being secure'.
A Closer Look at Ethical Hacking and Hackers
This paper, written by Marilyn Leathers, will define ethical hacking, list some of the commonly use terms for attackers, provide a list of the standard services offered via ethical hacking to combat attackers, discuss the three common group of hackers and the top 10 most famous hackers, and finally discuss legal implications of hacking.
Securing Home Office
The goal of this paper, written by Matt Moberg, is to address the common vulnerabilities of the average home office and to suggest methods to safely secure it.

SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

News: FTC persuades court to shutter rogue ISP
FTC persuades court to shutter rogue ISP
News: Obama launches cybersecurity initiative
Obama launches cybersecurity initiative
News: Browsers bashed first in hacking contest
Browsers bashed first in hacking contest

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Experts: U.S. needs to defend its "cyber turf"
Experts: U.S. needs to defend its "cyber turf"
Brief: Researcher aims to tweet Month of Bugs
Researcher aims to tweet Month of Bugs
Brief: Mozilla adds more privacy in Firefox 3.5
Mozilla adds more privacy in Firefox 3.5

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Juniper pulls talk on ATM vulnerabilities
Juniper pulls talk on ATM vulnerabilities
Brief: Jackson searches resemble attack to Google
Jackson searches resemble attack to Google
News: iPhone crashing bug could lead to serious exploit
iPhone crashing bug could lead to serious exploit

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: OpenSSH chink bares encrypted data packets
OpenSSH chink bares encrypted data packets
News: Kaspersky exposes sensitive database, says hacker
Kaspersky exposes sensitive database, says hacker
News: RFID passports cloned wholesale
RFID passports cloned wholesale

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One
Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack
Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909




Business Continuity News
Business continuity and disaster recovery news from around the world. Provided by Continuity Central, the international business continuity news and information portal.

Is the UK government passing the buck on business continuity?
Does a House of Commons exchange about business continuity in SMEs constitute an abdication of responsibility?
Down economy is prompting upper management to get more involved with disaster...
Jerome M. Wendt explains why this is occurring.
The White House announces H1N1 Flu Preparedness Summit
Will be held on July 9, 2009 at the Natcher Conference Center at the National Institutes of Health in Bethesda, Maryland.
European Commission chairs Gas Coordination Group extraordinary meeting
Discusses contingency measures to prevent a repeat of last winter's gas supply disruption problems.
CERT Resiliency Management Model being rolled out
CERT has begun releasing the individual process areas of the CERT Resiliency Management Model, a capability model for operational resiliency management.
Business continuity briefs
Short news pieces.

RSS by CARP