Security blogs

Distribuir contenido
Some security blogs I followCNXriv2VjbgCfgont2013-07-01T21:55:27Z
Actualizado: hace 5 años 6 semanas

How Apple and Intel killed Thunderbolt

Mié, 03/20/2013 - 09:02

It is starting to look like Intel's and Apple's plan to kill off firewire and USB with Thunderbolt is grinding into a Titanic iceberg.

It all seemed too good to be true. Intel and Apple had winning technology which was much faster than anything else on the market.

Tags: AppleIntelHardwarel33tdawg
Categorías: Bundle Security blogs

One password cracked and your business is history

Mié, 03/20/2013 - 05:58

One thing that always makes me feel a bit uneasy when I blog or tweet is exposing myself to spearphising vectors. One such vector I've mentioned a few times is the fact that I use Google Apps.

One thing that would make a hack attempt more difficult is that I use Google's two-factor authentication. Whenever I log in to the website a one-time code gets texted to my phone. That gives me some comfort at least.

Tags: Securityl33tdawg
Categorías: Bundle Security blogs

Botnet census finds 1.2m devices with default passwords

Mié, 03/20/2013 - 04:37

A common "script kiddie" technique to find vulnerable online computer systems is to attempt to scan a range of IP addresses for responsive known services, such as Telnet or SSH, and then attempt to log in using the default username and password. A crude physical analogy would be a burglar who walks from house to house in a neighbourhood, checking to see whether anyone has forgotten to put a lock on their door.

Tags: SecurityIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Mandiant: Chinese hacker unit attempted to clean up online presence

Mié, 03/20/2013 - 04:28

An elite unit of Chinese hackers that allegedly waged a massive cyber-espionage campaign against U.S. companies has attempted to clean up their online presence after being identified in a public report by information security firm Mandiant.

Tags: MandiantChinaHackersIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Is This The Hacker Wreaking Havoc With Journalists Everywhere?

Mié, 03/20/2013 - 04:26

Security writer Brian Krebs has stumbled across new information that links the recent hack of his own website with attacks on Ars Technica and Gizmodo alumnus Mat Honan’s iCloud breach. Krebs explains that he believes Phobia is part of a four-person Xbox Live gamer team, called Team Hype, which has a taste for hijacking Xbox Live Gamertags.

Tags: SecurityHackersl33tdawg
Categorías: Bundle Security blogs

Microsoft: Hackers obtained high-profile Xbox Live accounts

Mié, 03/20/2013 - 04:23

Several high-profile Xbox Live accounts for former and current Microsoft employees were compromised by attackers using social engineering techniques, the company said late Tuesday.

"We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use," the company said in a statement. "Security is of critical importance to us and we are working every day to bring new forms of protection to our members."

Tags: MicrosoftXBoxSecurityPrivacyl33tdawg
Categorías: Bundle Security blogs

Click fraud botnet defrauds advertisers up to $6 million

Mié, 03/20/2013 - 04:18

An advertising analytics company said it has discovered a botnet that generates upwards of US$6 million per month by generating bogus clicks on display advertisements.

Spider.io, based in the U.K., wrote that the botnet code, called Chameleon, has infected about 120,000 residential computers in the U.S. and perpetrates click fraud on 202 websites that collectively deliver 14 billion ad impressions. Chameleon is responsible for 9 billion of those impressions, Spider.io said.

Tags: Industry NewsBotnetl33tdawg
Categorías: Bundle Security blogs

Why did Apple hire Adobe CTO Kevin Lynch?

Mié, 03/20/2013 - 04:16

Just hours after word leaked that Apple had poached Adobe's chief technology officer, the Internet is ablaze with the question of what, exactly, the iPhone maker plans to do with Kevin Lynch.

Lynch is particularly interesting as an executive choice for Apple because of his close association with Adobe Flash, a product he infamously clashed with Apple over, beginning in 2010.

Tags: AppleAdobeIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Man offers to sell house for Bitcoins

Mié, 03/20/2013 - 04:14

An Alberta man is hoping to become the first person to sell a house for Bitcoins. He's asking $405,000 Canadian, or its equivalent in Bitcoins, for the 3.6 acre site.

"We are hoping to be the first piece of real estate sold for bitcoins," Taylor More told us by e-mail. "We think maybe this could help push the currency more mainstream."

Tags: BitCoinIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Sources say Amazon scored a multi-million dollar contract with the CIA

Mié, 03/20/2013 - 04:13

FCW, a federal IT blog, reported yesterday that its sources confirmed that the CIA has inked a deal with Amazon, agreeing to a cloud computing contract “worth up to $600 million over 10 years.” These sources suggested to FCW that Amazon Web Services will help the intelligence agency build a private cloud network so that it can “keep up with emerging technologies like big data in a cost-effective manner not possible under the CIA's previous cloud efforts.”

Tags: AmazonCIAl33tdawg
Categorías: Bundle Security blogs

In the US, hackers are the new witches

Mié, 03/20/2013 - 04:09

Over the pond, the US Justice Department has become so paranoid about hackers that it is bringing about a prosecution campaign which seems to take the Salem Witch trials for inspiration.

This week Andrew Auernheimer was jailed for 41 months because he dared to obtain the personal data of more than 100,000 iPad owners from AT&T's publicly accessible website.

Tags: USHackersIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Navy League of the United States National Convention

Mar, 03/19/2013 - 16:56
06/19/2013 - SAVE THE DATE! National Convention Program Main Schedule Tuesday, June 18 1:00 PM – 2:30 PM Region President's Meeting (Open Session) 2:30 PM...(author unknown)
Categorías: Bundle Security blogs

Proposal Graphics Conceptualization and Design Workshop

Mar, 03/19/2013 - 16:54
06/24/2013 - It is impossible to imagine modern sales and marketing without visual elements—and proposals are no different. Graphics serve as one of the m...(author unknown)
Categorías: Bundle Security blogs

Foundations of Capture Management

Mar, 03/19/2013 - 16:50
06/20/2013 - *This is a two-day event that begins at 9:00am and ends at 5:00pm both days Your chances of winning government proposals without capture are the sa...(author unknown)
Categorías: Bundle Security blogs

Foundations of Proposal Management

Mar, 03/19/2013 - 16:44
06/18/2013 - *This is a two-day event that begins at 9:00am and ends at 5:00pm both days The Foundations of Proposal Management course offers comprehensive skil...(author unknown)
Categorías: Bundle Security blogs

Writing Persuasive Government Proposals

Mar, 03/19/2013 - 16:36
05/09/2013 - *This is a two-day event that begins at 9:00am and ends at 5:00pm both days This one-of-a-kind course shows how to develop compliant and highly per...(author unknown)
Categorías: Bundle Security blogs

Proposal Win Themes Development

Mar, 03/19/2013 - 16:32
06/16/2013 - This workshop offers valuable skills in win themes development as the most important element of proposal persuasion. The course walks you through t...(author unknown)
Categorías: Bundle Security blogs

Preparing Winning Multiple Award and Task Order Proposals

Mar, 03/19/2013 - 16:14
04/11/2013 - *This is a two-day event that begins at 9:00am and ends at 5:00pm both days This course will help the attendees discover the secrets and the exact...(author unknown)
Categorías: Bundle Security blogs

Advanced Proposal Management

Mar, 03/19/2013 - 13:35
04/09/2013 - *This is a two-day event that begins at 9:00am and ends at 5:00pm both days This class covers the spectrum of the most important topics, from prepa...(author unknown)
Categorías: Bundle Security blogs

Google Public DNS Now Supports DNSSEC Validation

Mar, 03/19/2013 - 13:30
Posted by Yunhong Gu, Team Lead, Google Public DNS

We launched Google Public DNS three years ago to help make the Internet faster and more secure. Today, we are taking a major step towards this security goal: we now fully support DNSSEC (Domain Name System Security Extensions) validation on our Google Public DNS resolvers. Previously, we accepted and forwarded DNSSEC-formatted messages but did not perform validation. With this new security feature, we can better protect people from DNS-based attacks and make DNS more secure overall by identifying and rejecting invalid responses from DNSSEC-protected domains.

DNS translates human-readable domain names into IP addresses so that they are accessible by computers. Despite its critical role in Internet applications, the lack of security protection for DNS up to this point meant that a significantly large portion of today’s Internet attacks target the name resolution process, attempting to return the IP addresses of malicious websites to DNS queries. Probably the most common DNS attack is DNS cache poisoning, which tries to “pollute” the cache of DNS resolvers (such as Google Public DNS or those provided by most ISPs) by injecting spoofed responses to upstream DNS queries.

To counter cache poisoning attacks, resolvers must be able to verify the authenticity of the response. DNSSEC solves the problem by authenticating DNS responses using digital signatures and public key cryptography. Each DNS zone maintains a set of private/public key pairs, and for each DNS record, a unique digital signature is generated and encrypted using the private key. The corresponding public key is then authenticated via a chain of trust by keys of upper-level zones. DNSSEC effectively prevents response tampering because in practice, signatures are almost impossible to forge without access to private keys. Also, the resolvers will reject responses without correct signatures.

DNSSEC is a critical step towards securing the Internet. By validating data origin and data integrity, DNSSEC complements other Internet security mechanisms, such as SSL. It is worth noting that although we have used web access in the examples above, DNS infrastructure is widely used in many other Internet applications, including email.

Currently Google Public DNS is serving more than 130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day. However, only 7% of queries from the client side are DNSSEC-enabled (about 3% requesting validation and 4% requesting DNSSEC data but no validation) and about 1% of DNS responses from the name server side are signed. Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment.

Effective deployment of DNSSEC requires action from both DNS resolvers and authoritative name servers. Resolvers, especially those of ISPs and other public resolvers, need to start validating DNS responses. Meanwhile, domain owners have to sign their domains. Today, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. As We encourage all involved parties to push DNSSEC deployment and further protect Internet users from DNS-based network intrusions.

For more information about Google Public DNS, please visit: https://developers.google.com/speed/public-dns. In particular, more details about our DNSSEC support can be found in the FAQ and Security pages. Additionally, general specifications of the DNSSEC standard can be found in RFCs 4033, 4034, 4035, and 5155.
Categorías: Bundle Security blogs