Security - News

Wednesday 20 August 2008

• Gag order lifted against MIT students
• The Princeton Review offers up over 100,000 student records
• 92,095 credit applicants exposed (Brief)
• PCI DSS: What to expect in October

Tuesday 19 August 2008

• Consumer Reports - Reviews gone wild
• Is no news good news when it comes to e-mail?
• Symantec acquires PC Tools
• BitDefender releases Total Security 2009

Wednesday 13 August 2008

• Brief: New SQLi attack making the rounds online
• Black Hat: Symantec releases security survey results
• UFO hacker McKinnon granted U.S. extradition reprieve
• Microsoft offers largest set of vulnerability patches to date

Tuesday 12 August 2008

• Bypassing Browser Memory Protections – The world is not ending

Monday 11 August 2008

• Next Gen AV demonstrated by researchers – meet at CloudAV
• ZoneAlarm ForceField offered on Patch Tuesday free of charge

Friday 08 August 2008

• Insider arrested in relation to Countrywide data theft

Thursday 07 August 2008

• Kaminsky covers DNS at Black Hat – patch now or suffer

Wednesday 06 August 2008

• Conspiracy! Eleven charged in massive bust related to ID theft and hacking
• Four years in jail for Webcam peeping tom
• TSA blocks ‘Clear’ after laptop and personal information discovered missing

Tuesday 05 August 2008

• Microsoft offers MAPP – is this a false sense of security?
• IT teams count down to Olympic Games
• NovaShield attempts to bridge 19-day exposure window

Friday 01 August 2008

• Neosploit attack project closed down
• ID Analytics releases 'Analysis of Internal Data Theft'
• More than 89% of security incidents went unreported in 2007
• Apple (finally) pushes out DNS patch

Thursday 31 July 2008

• Upset Scrabulous players blamed in failure of EA’s Scrabble
• The creative subjects of botnet blasted e-mails
• Phishing kits steal from customers

Wednesday 30 July 2008

• China plans to bug hotels says U.S. Senator
• McKinnon loses his appeal in extradition case
• AT&T first reported victim of DNS attack – HD Moore was NOT “Pwned”

Tuesday 29 July 2008

• Oracle breaks patch cycle offers fix for vulnerability rated 10 on CVSS
• Kaminsky DNS flaw used as an example in testing of Evilgrade

Friday 25 July 2008

• Companies and ISPs still not patched against Kaminsky DNS vulnerability
• Walkabout spammer dead after murdering family

Thursday 24 July 2008

• Trojan promises full evasion of security for a fee
• Does open-source software mean instant security problems?

Wednesday 23 July 2008

• Privacy and Kids – Do you feel safe?
• Spammer literally walks out of prison
• RIM offers critical patch for BlackBerry (Brief)
• Pwnie Awards: The nominees are in

Tuesday 22 July 2008

• Kaminsky DNS flaw details made public
• Open-source tool helps track stolen laptops
• Firefox 3 ties itself to Internet Explorer security settings
• NXP loses injunction bid – Oyster card hack to be disclosed

Friday 18 July 2008

• Symark announces PowerKeeper 3.0
• Ego-driven administrator takes city network hostage (Update)
• Malware and Spam still appearing in abundance (Report round-up)

Thursday 17 July 2008

• Ego-driven administrator takes city network hostage
• Teen escapes botnet conviction but might help police
• United Healthcare employee charged in ID theft case
• Mozilla releases Firefox 2.0.16 (Update) -- 3.0.1 released

Wednesday 16 July 2008

• Mozilla releases Firefox 2.0.16 (Brief)
• Chinese net cafés targeted in Malware blitz
• Norton offers testing on 2009 products via public beta
• Trojan spreads to multimedia files over P2P

Tuesday 15 July 2008

• Wireshark University launches cert program
• Homer p0wn3d -- loses e-mail account to bot herders
• EuroPriSe awards the first European Privacy Seal to a search engine
• McAfee vamps Total Protection for Endpoint – adds NAC to the mix

Friday 11 July 2008

• U.S. Army Invades Iran and other worthless news
• Julie Amero still stuck in limbo waiting for new trial
• Apple allows apparent Lolcat access to ADC account

Thursday 10 July 2008

• NXP sues academic research team - what are they afraid of?

Wednesday 09 July 2008

• Commtouch releases Q2 2008 trend report
• Google offers remote information and control for Gmail
• Gmail wants to phight Phishing with DKIM
• DNS vulnerability gets massive patch – FUD spreading as masses panic

Tuesday 08 July 2008

• Criminals harvesting information from recruiting sites
• Fortune 500 lacking in email spoofing basics
• Microsoft has some “Important” fixes for today
• Microsoft issues warning about ActiveX exploit
• Data leaks are still a top concern
• Mozilla wants to measure Firefox security metrics

Thursday 03 July 2008

• Firefox 2.0.0.15 is released – Mozilla fixes 12 issues (Brief)
• McAfee releases results to S.P.A.M. experiment
• Google releases ratproxy, passive security assessment tool
• Sony PlayStation’s site hit with SQL Injection
• Internet Explorer 8 security features outlined

Wednesday 02 July 2008

• Texas law requires PC repair techs to carry a PI license
• Report: Data breach reports up almost 70% in 2008
• Companies Team up to create Information Cards

Tuesday 01 July 2008

• More than 600M users are surfing at risk study says
• WatchGuard launches NextGen UTM security
• Marshal offers automation for e-mail encryption
• WoW gets two-factor authentication
• Mac OS X 10.5.4 offers performance and security improvements
• Dell launches notebook security services

Monday 30 June 2008

• Report: UK Businesses need privacy help
• Today's the day! PCI DSS section 6.6 is required
• Microsoft releases patch for SP3 restoring internet connections
• What does the ICANN and IANA hijacking mean?

Friday 27 June 2008

• Internet Explorer suffers from ghost issues

Wednesday 25 June 2008

• Ruby creators warn everyone about flaws -- issue fixes
• Microsoft offers some advice and tools for taking on SQLi
• Adobe issues security alert (Brief)
• Chinese networks are the cause for most Malware
• Opinion: Recent Apple flaw sparks news cycle debate

Tuesday 24 June 2008

• Website defacement alters police news releases
• Government computers offered for sale held confidential information
• Recent MSRT update discovers mind-boggling infection numbers

Monday 23 June 2008

• Microsoft still has patching issues (Brief)
• France wants three-strike law for downloaders
• Apple Remote Desktop Agent exploit caught in wild
• Study: IT professionals abuse position to snoop on co-workers

Friday 20 June 2008

• Teens busted for hacking – Script kiddie tools make things too easy

Thursday 19 June 2008

• Cisco addresses Denial-of-Service issues in Cisco IPS
• Medical data the next big thing in stolen information
• Report: 80% of endpoints fail compliance test
• Firefox 3 – first vulnerability discovered in 24 hours

Tuesday 17 June 2008

• Malware caused kiddie porn investigation reveals
• Zlob variant teaches lesson
• Flawed logic means risky business
• Pentagon hacker battles US extradition

Monday 16 June 2008

• PCI DSS: Section 6.6 gets teeth – finally

Friday 13 June 2008

• China accused of hacking US government computers

Thursday 12 June 2008

• Capitol Computers hacked by Chinese – allegedly
• It could have been prevented – Data security failures highlight Verizon study
• Tool: Tripwire ConfigCheck
• CitectSCADA: Software flaw places utilities at risk

Wednesday 11 June 2008

• Yahoo drops added email security to fix tech problem
• Apple and Cisco each release patches
• Top security companies not immune to XSS problems

Tuesday 10 June 2008

• Microsoft issues seven fixes total on Patch Tuesday
• Compromises on legit websites are up according to ScanSafe
• Symantec offers XP SP3 fix
• Site Security Policy
• Opera joins the user protection arena

Monday 09 June 2008

• Issue in HP support application offers more than just help
• Gpcode gets bigger and better with 1024-bit key
• ARP poisoning proves new dogs still vulnerable to old tricks

Thursday 05 June 2008

• Five vulnerabilities discovered in Cisco PIX and ASA (Brief)
• HK TLD ranked as most dangerous online
• WiredSafety wants to help kids stay safe online
• MySpace: It wasn’t our fault, blame Yahoo

Tuesday 03 June 2008

• Gartner IT Security Summit: Voltage teams-up with Websense
• Bank of New York Mellon Corp. loses millions of records
• BT Home Hub still has some issues
• Firekeeper: IDS/IPS for Firefox

Monday 02 June 2008

• Hackers throw Comcast into disarray
• Microsoft takes the stance Apple wouldn’t – declares ‘carpet bomb’ a security issue
• Symantec backs down from initial reports of vulnerabilities in Flash
• VMware patches critical issues

Friday 30 May 2008

• Criminals moving thousands in Credit/Debit Card crimes
• Apple drops motherload of fixes and updates – 40 security fixes issued

Thursday 29 May 2008

• Q: What’s on the minds of IT Directors? A: Fear
• Check Point offers FDE for Mac OS X
• CiscoWorks broken – vulnerability exposed and patched
• Man cons investment firms out of $50,000 – pennies at a time

Wednesday 28 May 2008

• Malicious SWF files located in the wild (Brief)
• Yahoo sues lottery spammers
• Business owners have false hopes when it comes to data loss
• FBI issues Wi-Fi warning – with a little drama to make you think
• SonicWALL issues firmware upgrade for SSL-VPN (Brief)

Tuesday 27 May 2008

• TJX fires whistleblower – was it justified action or something else? (Update)
• RIM will not offer backdoor to Indian government

Monday 26 May 2008

• TJX fires whistleblower – was it justified action or something else?

Saturday 24 May 2008

• Security Bytes 2008/24/05