Clipmarks | rmowery's 'security' clips

Apple's October update fixes 20 security flaws

Fri, 10 Oct 2008 01:16:11 GMT

clipped by: rmowery

Apple's October update fixes 20 security flaws

With the release of its Apple SA-2008-10-09 security update on Thursday, the Cupertino, Calif.-based computer company provided patches for nearly two dozen software flaws.

Some of the fixes included in the update, which can be obtained from Apple's Software Downloads page, are specific to Apple features, such as Single Sign On, Finder, and ColorSync. But the release also addresses an error introduced in Mac OS X 10.5.5. Other fixes are updates to open-source projects, including Apache, ClamAV, PHP, and Tomcat.

Apache
This patch affects users of Mac OS X v10.5.5 and Mac OS X Server v10.5.5. It is an update to version 2.2.9 of Apache, addressing several issues detailed in CVE-2007-6420, CVE-2008-1678, and CVE-2008-2364, the most serious of which may lead to cross-site request forgery.

Tags: apple, software patches, os updates, mac osx

GPS 'spoofing' could threaten national security

Mon, 06 Oct 2008 10:57:33 GMT

clipped by: rmowery

Clip Source: www.msnbc.msn.com

GPS 'spoofing' could threaten national security

'Average person doesn't realize how much infrastructure is based on GPS'

A ship's bridge illuminated at night. A technique for sabotaging GPS systems, called spoofing, could cause havoc in the wrong hands, warn researchers. In spoofing, a spoofer creates a false GPS signal that passes as a real GPS signal, sending an incorrect time and location to a certain receiver.

View related photos

Computers have been hacked for decades. But now, scientists at Cornell University and Virginia Tech are now warning about the dangers of "spoofing," or hacking into the Global Positioning System (GPS) that controls everything from car navigation to national power grids.

"The average person doesn't realize how much infrastructure is based on GPS and how vulnerable it is," said Brent Ledvina of Virginia Tech, who helped build a spoofer to show weaknesses in the system. "But the truth is that a lot can be done about these vulnerabilities."

Tags: gps, spoofing, spoofer, threats, technical threats, security

Kevin Mitnick detained, released after Colombia trip

Sat, 04 Oct 2008 00:25:54 GMT

clipped by: rmowery

Clip Source: news.cnet.com

Kevin Mitnick detained, released after Colombia trip

Updated at 7:55 a.m. PT on Wednesday to specify that the FBI cleared Mitnick of any wrongdoing in this event.

Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate--that is, until he returned from a trip to Colombia two weeks ago.

After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.

The simultaneous incidents gave Mitnick deja vu of his days as a fugitive pursued by the FBI for breaking into computer networks, only this time, he hadn't broken any laws.

Tags: kevin mitnick, fbi, security, customs

Homeland Security Detects Terrorist Threats by Reading Your Mind

Tue, 23 Sep 2008 23:22:05 GMT

clipped by: rmowery
clipper's remarks: Yeah, this is going to go over real well with the ACLU.

Guess the only positive aspect is it looks like it runs on windows, so expect lots of blue screens.

Clip Source: www.foxnews.com

Homeland Security Detects Terrorist Threats by Reading Your Mind

Baggage searches are SOOOOOO early-21st century. Homeland Security is now testing the next generation of security screening — a body scanner that can read your mind.

Most preventive screening looks for explosives or metals that pose a threat. But a new system called MALINTENT turns the old school approach on its head. This Orwellian-sounding machine detects the person — not the device — set to wreak havoc and terror.

MALINTENT, the brainchild of the cutting-edge Human Factors division in Homeland Security's directorate for Science and Technology, searches your body for non-verbal cues that predict whether you mean harm to your fellow passengers.

Tags: big brother, dhs, security, scanner, brain, mind reading

Hackers claim there’s a black hole in the atom smashers’ computer network

Sun, 14 Sep 2008 02:53:13 GMT

clipped by: rmowery

Clip Source: www.timesonline.co.uk

Hackers claim there’s a black hole in the atom smashers’ computer network

Hackers have broken into one of the computer networks of the Large Hadron Collider (LHC).

A group calling itself the Greek Security Team left a rogue webpage describing the technicians responsible for computer security at the giant atom smasher as “schoolkids” — but reassuring scientists that they did not want to disrupt the experiment.

The hackers gained access to a website open to other scientists on Wednesday as the LHC passed its first test, sending its protons off on their dizzying journey through time and space, close to the speed of light.

The work of the scientists was not derailed and insiders scoffed at claims that the hackers were “one step away” from the systems controlling the experiment itself. The engineering team completed four days of scheduled work in the first 24 hours but what physicists are really waiting for is the big bang machine’s first collisions.

Tags: hackers, blac hole, collider, greek security

CIA, FBI push 'Facebook for spies'

Fri, 05 Sep 2008 16:43:49 GMT

clipped by: rmowery

Clip Source: edition.cnn.com

updated 42 minutes ago

Share this on:

Mixx Digg Facebook del.icio.us reddit StumbleUpon MySpace

CIA, FBI push 'Facebook for spies'

Story Highlights
U.S. intelligence agencies are urging staffers to use a new social-networking site
Called A-Space, it's for analysts within the nation's 16 intelligence agencies
Analysts can use A-Space to share information about al Qaeda, other issues
Only intelligence personnel with the proper security clearance can access the site
Next Article in Technology »

WASHINGTON (CNN) -- When you see people at the office using such Internet sites as Facebook and MySpace, you might suspect those workers are slacking off.

But that's not the case at the CIA, FBI and the National Security Agency, where bosses are encouraging their staffs to use a new social-networking site designed for the super-secret world of spying.

Tags: cia, fbi, spies, social networks

Smartphones: Pocketable Endpoints or Network Backdoor?

Wed, 02 Apr 2008 20:49:15 GMT

clipped by: rmowery

Clip Source: www.blackberrytoday.com

Smartphones: Pocketable Endpoints or Network Backdoor?

By Lyne Bourque
April 1, 2008

In today's corporate environment, very few people are without some kind of cell phone. And many phones have more functions and options than the average user needs. For better or worse, they are a ubiquitous part of life, and for many, they are simply indispensable.

Backdoors, in this context, describe non-obvious devices and technologies that can interface with a network and pry open an attack vector that most security mechanisms don't account for. For example, unauthorized wireless access points can be considered backdoors. Software backdoors -- and the paranoia surrounding them -- is a topic for another site...

Tags: smartphoone, security, backdoor

Traveler says she was forced to remove nipple ring

Fri, 28 Mar 2008 06:32:21 GMT

clipped by: rmowery

Clip Source: www.cnn.com

Traveler says she was forced to remove nipple ring

LOS ANGELES, California (AP) -- A Texas woman who said she was forced to remove a nipple ring with pliers in order to board an airplane called Thursday for an apology by federal security agents and a civil rights investigation.

"I wouldn't wish this experience upon anyone," Mandi Hamlin said at a news conference. "My experience with TSA was a nightmare I had to endure. No one deserves to be treated this way."

Hamlin, 37, said she was trying to board a flight from Lubbock to Dallas on February 24 when she was scanned by a Transportation Security Administration agent after passing through a larger metal detector without problems.

The female TSA agent used a handheld detector that beeped when it passed in front of Hamlin's chest, the Dallas-area resident said.

Tags: travels, tsa, nipple ring, body piercing

Olmert: Infiltrators must be stopped

Tue, 25 Mar 2008 07:31:33 GMT

clipped by: rmowery

Clip Source: www.jpost.com

Olmert: Infiltrators must be stopped

Africans caught trying to enter Israel illegally will be deported to Egypt on the spot, according to a directive issued to security forces by Prime Minister Ehud Olmert on Sunday.

There are more than 7,000 African asylum-seekers in Israel, of whom at least 2,400 arrived in the past three months. The phenomenon has recently accelerated, with more than 800 Africans arriving each week, according to security officials.

The government has discussed possible solutions for the refugees - such as allowing several thousand to stay and deporting the rest to a safe African country - but has yet to announce a cohesive plan.

"The security forces are still not doing enough to prevent the entrance of infiltrators, and the Foreign Ministry has not examined all the options with African states," Olmert said. "The situation is not ideal. This is a tsunami that can grow and we need to take every measure to stop it."

Tags: africa, israel, refugee, african

President Putin Signs Anti-Hacker Decree

Fri, 21 Mar 2008 00:50:57 GMT

clipped by: rmowery

Clip Source: www.vostokmedia.com

President Putin Signs Anti-Hacker Decree

The decree is aimed at protection of state network resources from unauthorized actions.

President Putin has signed a decree “On measures for providing information security of the Russian Federation in use of information-telecommunications networks of international information exchange,” Kremlin.ru reports.
The decree is aimed at protection of the Russian Internet segment and primarily at protection of the state network resources from the threats of unauthorized actions. The question is about prevention of hacking computers and gaining control of the network resources of the organs of power with a terrorist intent.
The decree’s measures are also aimed at protection of classified information. In general the decree is provided for further sustainable development and modernization of Russian state network resources in the Internet. The decree enters into force since the day of it’s signing.

Tags: russia, security, hacking, anti-hacking, dcree, law

International cyber-cop unit girds for uphill battles

Thu, 20 Mar 2008 07:56:21 GMT

clipped by: rmowery

Clip Source: www.networkworld.com

International cyber-cop unit girds for uphill battles

An group of international cyber cops is ramping up plans to fight online crime across borders.

The unit, known as the Strategic Alliance Cyber Crime Working Group, met this month in London and is made up of high-level online law enforcement representatives from the FBI, Australia, Canada, New Zealand, and the United Kingdom. One of the main goals of the group, which was founded in 2006, is to fight cyber crime in a common way by sharing intelligence, swapping tools and best practices, and strengthening and synchronizing their respective laws.

And it has its work cut out for it.

The Government Accountability Office last year said there is concern about threats that nation-states and terrorists pose to our national security through attacks on US computer-reliant critical infrastructures and theft of our sensitive information.

Tags: cyber crime, security, law, international

Israel's Shin Bet launches a blog

Tue, 18 Mar 2008 04:46:46 GMT

clipped by: rmowery

Clip Source: www.reuters.com

Israel's Shin Bet launches a blog

The Shin Bet, Israel's internal security agency, launched a blog yesterday in continued efforts to shed some of its secrecy and boost recruitment among high-tech professionals. Reviews are mixed at best so far, as people feel the content is a little mundane. Since 2006, the Shin Bet has stepped up public ad campaigns to attract talent from the private sector. According to the Associated Press, "the bloggers work on the technological side of the Shin Bet's operations rather than in the field." I think the public is saying they want to hear from some real field officers, not the techies. After all, would you rather read a blog by James Bond or Q?

Tags: israel, shin bet, security

Project management skills still in short supply, CIO Council finds

Mon, 17 Mar 2008 14:43:00 GMT

clipped by: rmowery

Clip Source: www.fcw.com

Project management skills still in short supply, CIO Council finds

Despite the Office of Management and Budget's efforts for more than five years to increase the number of federal project managers and improve their skills, most of this effort has gone for naught, according to a new assessment.

A CIO Council Information Technology Workforce Capability Assessment issued today on the organization's Web site found that the number of respondents who said they are project managers decreased by 3.4 percent since 2004, and their proficiency in the skills necessary has remained largely unchanged.

Tags: pm, government, it, security

Botnet scams are exploding

Mon, 17 Mar 2008 04:44:47 GMT

clipped by: rmowery

Clip Source: www.usatoday.com

Botnet scams are exploding

SEATTLE — Two days after actor Heath Ledger died, e-mails began moving across the Internet purportedly carrying a link to a detailed police report divulging "the real reason" behind the actor's death. Ledger had been summarily drafted into the service of a botnet.

Bots are compromised computers controlled by profit-minded crooks. Those e-mails were spread by a network of thousands of bots, called a botnet. Anyone who clicked on the link got instantly absorbed into the fast-spreading Mega-D botnet, says security firm Marshal. Mega-D enriches its operators, mainly by distributing spam for male-enhancement pills.

Tags: security, technology, botnets, hackers

International Olympic Committee concern over China's clashes in Tibet

Sat, 15 Mar 2008 18:15:35 GMT

clipped by: rmowery
clipper's remarks: I will hedge a bet the Olympics are boycotted by some countries.

Clip Source: www.telegraph.co.uk

International Olympic Committee concern over China's clashes in Tibet

With the start of the Beijing Olympics now just 145 days away, clashes between protesters and Chinese security forces in Tibet have sparked serious concerns among senior officials at the International Olympic Committee.

International Olympic Committee concern over China's clashes in Tibet

Following film director Steven Spielberg's decision last month to pull out as an adviser to the Beijing Games opening ceremony over China's support for Sudan, the IOC were already bracing themselves for a wave of protests in the run up to the start of this summer's Olympics.

Tags: olympics, china, beijing, tibet

Clipmarks | rmowery's 'security' clips

Apple's October update fixes 20 security flaws

Apple's October update fixes 20 security flaws

GPS 'spoofing' could threaten national security

GPS 'spoofing' could threaten national security

'Average person doesn't realize how much infrastructure is based on GPS'

Kevin Mitnick detained, released after Colombia trip

Kevin Mitnick detained, released after Colombia trip

Homeland Security Detects Terrorist Threats by Reading Your Mind

Homeland Security Detects Terrorist Threats by Reading Your Mind

Hackers claim there’s a black hole in the atom smashers’ computer network

Hackers claim there’s a black hole in the atom smashers’ computer network

CIA, FBI push 'Facebook for spies'

Share this on:

CIA, FBI push 'Facebook for spies'

Smartphones: Pocketable Endpoints or Network Backdoor?

Traveler says she was forced to remove nipple ring

Traveler says she was forced to remove nipple ring

Olmert: Infiltrators must be stopped

Olmert: Infiltrators must be stopped

President Putin Signs Anti-Hacker Decree

President Putin Signs Anti-Hacker Decree

International cyber-cop unit girds for uphill battles

International cyber-cop unit girds for uphill battles

Israel's Shin Bet launches a blog

Israel's Shin Bet launches a blog

Project management skills still in short supply, CIO Council finds

Project management skills still in short supply, CIO Council finds

Botnet scams are exploding

International Olympic Committee concern over China's clashes in Tibet

International Olympic Committee concern over China's clashes in Tibet

International Olympic Committee concern over China's clashes in Tibet