Security blogs

Distribuir contenido
Some security blogs I followCNXriv2VjbgCfgont2013-07-01T21:55:27Z
Actualizado: hace 8 años 12 semanas

Hacking Best-seller Lists

Mié, 03/13/2013 - 10:24

It turns out that you can buy a position for your book on best-seller lists.

schneier
Categorías: Bundle Security blogs

Google acquiring startup from CS department at University of Toronto

Mié, 03/13/2013 - 09:21

In a move showing it looks beyond Silicon Valley to fill gaps, Google is also tapping into centers of higher learning for acquisitions.

That can be seen through the Internet giant's newly-revealed purchase of DNNresearch Inc., a company spawned from the computer science department at the University of Toronto.

Tags: GoogleCanadaIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Twitter troll annoys boxer, boxer pays him a visit

Mié, 03/13/2013 - 09:17

Several visits to bars when I was 13 taught me a simple thing: it's rarely good to insult someone who's larger and more muscular than you are.

The Web, though, offers some theoretical protection from this maxim. The object of your bile doesn't know who you are.

Tags: TwitterIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Adobe patches Flash, but doesn't get around to Pwn2Own bug

Mié, 03/13/2013 - 06:21

Adobe today patched Flash Player, the fifth time this year it's updated the vulnerability-plagued software.

Unlike two of the three updates last month, however, today's was part of Adobe's regularly-scheduled patch cadence.

Tags: AdobeFlashSoftware-ProgrammingSecurityPwn2Ownl33tdawg
Categorías: Bundle Security blogs

Chinese 'Hackers' Is a Misnomer. They're Spies.

Mié, 03/13/2013 - 06:19

In a speech on Monday at the Asia Society in New York, National Security Adviser Tom Donilon addressed Chinese cyber intrusions into U.S. government and business network infrastructures. In moving cybersecurity "to the forefront of our agenda," Mr. Donilon noted that he wasn't referring to "ordinary cybercrime or hacking." He called on Beijing to recognize the importance of cyber issues, take "serious steps" to investigate Chinese cyber intrusions, and engage in a "constructive dialogue" to define "acceptable norms of behavior in cyberspace."

Tags: ChinaHackersSecurityl33tdawg
Categorías: Bundle Security blogs

'Google Now' Reportedly Coming to iOS, Chrome OS, Windows 8

Mié, 03/13/2013 - 06:07

Google Now is arguably the single best feature found in Android Jelly Bean, and soon, it seems, it may be coming to iOS, Windows 8 and Chromebooks everywhere.

Tags: GoogleiOSAppleChromeWindows 8Microsoftl33tdawg
Categorías: Bundle Security blogs

Microsoft fixes critical Windows, IE flaws for Patch Tuesday

Mié, 03/13/2013 - 06:05

Microsoft has released four critical security updates for Windows and Internet Explorer, along with a bevy of other products, in order to protect against at least 19 vulnerabilities identified in its software.

On deck this month, there are four "critical" vulnerabilities that affect Windows, Internet Explorer, Office, and Windows Server, including one for Silverlight that affects both Windows and Mac machines.

Tags: MicrosoftSecurityl33tdawg
Categorías: Bundle Security blogs

China says willing to work with US against hacking

Mié, 03/13/2013 - 05:56

China has expressed a willingness to cooperate with the United States and others to combat hacking, after a top US official warned the international community was losing patience with Beijing.

Foreign ministry spokeswoman Hua Chunying, while reiterating China's position that it is a victim of attacks in cyberspace, said Beijing was in favour of global cooperation on the issue.

Tags: ChinaUSSecurityHackersl33tdawg
Categorías: Bundle Security blogs

FBI investigating how sensitive celebrity data landed on Web

Mié, 03/13/2013 - 03:58

Some hacker or hackers has it out for a handful of celebrities, politicians, and law enforcement officials, including First Lady Michelle Obama, Vice President Joe Biden, and pop singer Beyonce.

Collected onto one Web site -- called "The Secret Files" -- is a slew of financial and personal information on these public figures. The data is so sensitive that it has sparked investigations by the FBI and other law enforcement agencies.

Tags: FBIPrivacyl33tdawg
Categorías: Bundle Security blogs

Angry judge blasts porn trolls: "Someone has an awful lot to hide"

Mié, 03/13/2013 - 03:56

In a Los Angeles federal courtroom on a blindingly sunny Monday afternoon, US District Judge Otis Wright expressed incredulity at the sheer gall of the Prenda porn copyright trolling firm.

Tags: Law and Orderl33tdawg
Categorías: Bundle Security blogs

'PS4 will out-power most PCs for years to come' - Avalanche Studios CTO

Mié, 03/13/2013 - 03:54

Sony revealed the PS4 at an event in New York last month and it managed to impress a lot of industry people. Linus Blomberg, CTO and Co-founder of Avalanche Studios, is one of them.

He told us that due to the competition from mobile platforms, and due to the fact that PCs have overtaken consoles by a large amount when it comes to performance, a new console cycle was needed desperately.

Tags: SonyPS4HardwareTechnologyl33tdawg
Categorías: Bundle Security blogs

Cell Phone Unlocking to Get a Reprieve Under Proposed Senate Bill

Mié, 03/13/2013 - 03:50

There was some brief rejoicing around Washington on March 11, when Senator Patrick Leahy (D-Vt.) announced legislation that would order the Librarian of Congress to reconsider the decision that makes it a violation of the Digital Millennium Copyright Act to unlock a cell phone without the permission of the carrier. Previously, the Librarian had exempted cell phone unlocking from the DMCA, but in January made a puzzling ruling that changed all that.

Tags: Law and OrderUSl33tdawg
Categorías: Bundle Security blogs

Dell rejects request for info leading to buyout

Mié, 03/13/2013 - 03:48

Dell has rejected a request from a shareholder rights group seeking to review the internal information that led to the proposed $24.4 billion sale of the struggling personal computer maker.

In a letter Tuesday, a Dell lawyer told the Shareholder Forum that the group hadn't met the legal standard for gaining access to the confidential assessments that swayed the decision-making process of Dell's board.

Tags: DellIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Malaysian police arrest operator of local file-sharing site, Syok.org

Mié, 03/13/2013 - 03:37

Officers from the cyber crime unit of the Royal Malaysian Police arrested a 27-year-old man on Wednesday for hosting links to illegal downloads on the popular local message board and file-sharing site, SYOK.org.

According to the police, the suspect, who is from the city of Kulim, is believed to be the operator of SYOK.org, which counts registered users in the hundreds of thousands (according to the website’s own Facebook page). In order to participate on the forum, users must register a username and password.

Tags: MalaysiaLaw and OrderAudio/Videol33tdawg
Categorías: Bundle Security blogs

White House asks China to stop hacking, pretty please

Mar, 03/12/2013 - 16:45
The Chinese government says these aren't the hackers you're looking for. Sharkshots

After a rash of attacks against US businesses and government agencies throughout the past few months, the White House is now putting the issue of Chinese state-backed hacking on the front burner. Many of these attacks have been tied by network security firms directly or indirectly to a unit of the Chinese People's Liberation Army (PLA), though Chinese officials still deny any link to the attacks (they claim that China's networks are victims being targeted as well). However, country officials signaled a willingness to talk with the US about cooperation on Internet security—even if it's not clear whether or not the Chinese civilian government is completely in control of the PLA's operations.

White House National Security Advisor Tom Donilon said yesterday that the ongoing alleged Chinese attacks and theft of data from US government and business networks has elevated "cyber" to the top of President Obama's priority list in policy toward China. "From the President on down, this has become a key point of concern and discussion with China at all levels of our government," Donilon told an audience at the Asia Society in New York. "And it will continue to be."

The Obama administration is seeking three things from China's leadership with regard to cyber-espionage, Donilon said. "First, we need a recognition of the urgency and scope of this problem and the risk it poses—to international trade, to the reputation of Chinese industry, and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace."

Read 4 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Cisco IP Phone Hack

Mar, 03/12/2013 - 16:43

Nice work:

All current Cisco IP phones, including the ones seen on desks in the White House and aboard Air Force One, have a vulnerability that allows hackers to take complete control of the devices.schneier
Categorías: Bundle Security blogs

ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

Mar, 03/12/2013 - 16:20
The front page of exposed.su.

Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It's a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson.

The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported. Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn't challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively.

The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter, in which the title character says, "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve." The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as "doxxing," and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective.

Read 2 remaining paragraphs | Comments

Categorías: Bundle Security blogs

European Gas & Power Trading 2013

Mar, 03/12/2013 - 15:30
06/26/2013 - Platts European Gas and Power Trading conference designed specifically for Europe’s commodity trading, exchange, gas and utility communities,...(author unknown)
Categorías: Bundle Security blogs

Biofuels Conference 2013

Mar, 03/12/2013 - 15:08
06/10/2013 - Platts 2nd Annual Biofuels conference will once again bring together leaders of the Biofuels community to address the sectors most significant issu...(author unknown)
Categorías: Bundle Security blogs

Videos and articles for hacked site recovery

Mar, 03/12/2013 - 15:00
Posted by Maile Ohye, Developer Programs Tech Lead

We created a new Help for hacked sites informational series to help all levels of site owners understand how they can recover their hacked site. The series includes over a dozen articles and 80+ minutes of informational videos—from the basics of what it means for a site to be hacked to diagnosing specific malware infection types.


“Help for hacked sites” overview: How and why a site is hacked
Over 25% of sites that are hacked may remain compromised
In StopBadware and Commtouch’s 2012 survey of more than 600 webmasters of hacked sites, 26% of site owners reported that their site was still compromised while 2% completely abandoned their site. We hope that by adding our educational resources to the great tools and information already available from the security community, more hacked sites can restore their unique content and make it safely available to users. The fact remains, however, that the process to recovery requires fairly advanced system administrator skills and knowledge of source code. Without help from others—perhaps their hoster or a trusted expert—many site owners may still struggle to recover.

StopBadware and Commtouch’s 2012 survey results for “What action did you take/are you taking to fix the compromised site?”
Hackers’ tactics are difficult for site owners to detect
Cybercriminals employ various tricks to avoid the site owner’s detection, making recovery difficult for the average site owner. One technique is adding “hidden text” to the site’s page so users don’t see the damage, but search engines still process the content. Often the case for sites hacked with spam, hackers abuse a good site to help their site (commonly pharmaceutical or poker sites) rank in search results.

Both pages are the same, but the page on the right highlights the “hidden text”—in this case, white text on a white background. As explained in Step 5: Assess the damage (hacked with spam), hackers employ these types of tricks to avoid human detection.
In cases of sites hacked to distribute malware, Google provides verified site owners with a sample of infected URLs, often with their malware infection type, such as Server configuration (using the server’s configuration file to redirect users to malicious content). In Help for hacked sites, Lucas Ballard, a software engineer on our Safe Browsing team, explains how to locate and clean this malware infection type.


Lucas Ballard covers the malware infection type Server configuration.
Reminder to keep your site secure
I realize that reminding you to keep your site secure is a bit like my mother yelling “don’t forget to bring a coat!” as I leave her sunny California residence. Like my mother, I can’t help myself. Please remember to:
  • Be vigilant about keeping software updated
  • Understand the security practices of all applications, plugins, third-party software, etc., before you install them on your server
  • Remove unnecessary or unused software
  • Enforce creation of strong passwords
  • Keep all devices used to log in to your web server secure (updated operating system and browser)
  • Make regular, automated backups
Categorías: Bundle Security blogs