22:46 Article: Trust No OneIts easy to say what were all securing our systems and data against. But isnt easy to say exactly who we need to secure against, nor who presents the biggest threat to our business. Certainly, the ... >>>
21:31 MS Patch Tuesday: Critical Windows, Office flaws fixedMicrosoft’s scheduled batch of patches for November crossed the wires today with fixes for at least four documented vulnerabilities affecting millions of Windows and Office users.
As previously reported, the company released two security bulletins — one rated critical, one rated important — with fixes for flaws that could lead to remote code execution attacks. The [...] >>>
21:22 BBC hit by a DDoS attackThe British Broadcasting Corporation (bbc.co.uk) was hit by a DDoS attack on Thursday, according to a statement sent to the Inquirer :
“In a statement to the INQ, the BBC said the attack originated in a number of different countries but didn’t specify which. When the Beeb’s techies blocked international access to a limited subset of [...] >>>
20:13 Profitability of spam finally measuredResearchers at UCSD have determined the return on investment for spam generated by the Storm botnet. While the per-message response rate is astonishingly low, it is sufficient for a spammer to generate a profit.
At this year’s ACM Conference on Computer and Communication Security, Stefan Savage, Vern Paxson and crew presented a paper that measures [...] >>>
19:50 AVG and Rising signatures update detects Windows files as malwareYesterday, a signatures update pushed by AVG falsely labeled a critical Windows file as a banker malware, prompting the company to quickly fix the issue and issue a workaround, following end users complaints at its support forums.
AVG’s false positive causing downtime for Windows users is happening a week after Rising antivirus apologized to its customers [...] >>>
I hope you will also join us for the webcast that starts tomorrow (Wednesday, November 12th) at 11:00 AM PST. I value this event as it gives us a chance to hear from you, to take your questions and answer them live, on the air. Click here to register for TechNet Webcast: Information About Microsoft November Security Bulletins. We look forward to hearing from you tomorrow.
Cheers!
Tami
*This posting is provided "AS IS" with no warranties, and confers no rights*
17:06 All the stuff I dont have time to blog aboutWe’re all busy and the more stories I accumulate in my browser, the less time it seems I have to do anything with them. So in order to clear out some of the open tabs, here’s some of the stories I’ve been reading lately:
Express Scritps warns of potential large data breach tied to threat - [...] >>>
The ever-resourceful Lads from Lagos have been hanging around Facebook hoping to extract a few bucks from the unwary, the Sydney Morning Herald reports.
Some users of AVG were left with unusable Windows systems after the popular AVG security scanner software slapped a Trojan warning on a core Windows component.
A Romanian hacker who broke into systems run by the US Navy, NASA and the Department of Energy has avoided a custodial sentence in a trial at home but may still face extradition to the US.
04:39 What would you ask the Department of Homeland Security Secretary?Michael Chertoff, the Secretary of the Department of Homeland Security, will be here in California tomorrow. He’s hosting a blogger roundtable on Cybersecurity and I’m one of an unknown number of security bloggers who’ll be attending the event and talking to Mr. Chertoff face to face. Quite frankly I was surprised that the Department of [...] >>>
Web applications have huge attack surfaces. Most sites have hundreds of URLs, and each function has plenty of parameters, form fields, cookies, and headers for attackers to play with.
Paul Kelly and colleagues at Loughborough University found that a disulfur dinitride (S2N2) polymer turned exposed fingerprints brown, as the polymer reaction was initiated from the near-undetectable remaining residues.
Traces of inkjet printer ink can also initiate the polymer. The detection limit is so low that details of a printed letter previously in an envelope could be read off the inside of the envelope after being exposed to S2N2.
"A one-covers-all versatile system like this has obvious potential," says Kelly.
"This work has demonstrated that it is possible to obtain fingerprints from surfaces that hitherto have been considered extremely difficult, if not impossible, to obtain," says Colin Lewis, scientific advisor at the UK Ministry of Defence. "The method proposed has shown that this system could well provide capabilities which could significantly enhance the tools available to forensic scientists in the future."
00:05 Apple ships patch for iLife security flawsApple has shipped a major iLife security update to fix three documented vulnerabilities that could expose Mac OS X users to arbitrary code execution attacks.
The flaws patched with the new iLife Support 8.3.1 could be exploited via specially crafted TIFF or JPEG images, Apple warned in an advisory.
Some raw details:
CVE-2008-2327: (iLife 8.0 or Aperture [...] >>>
