&bull
23 Jul 2010 14:51:11 Web host to return Blogetery's blogs
Blogetery.com's bloggers will get their information back.
That's the word from Joe Marr, chief technology officer of Burst.net, a Scranton, Pa.-based Web hosting service. Burst.net abruptly pulled Blogetery.com offline on July after FBI agents alleged the blogging platform was used by al-Qaeda operatives to distribute recruiting materials and to offer bomb-making tips.
Alexander Yusupov, Blogetery's owner
Cnet Security
Full story: http://news.cnet.com/8301-31001_3-20011471-261.html?part=rss&subj=news&tag=2547-1_3-0-20
&bull
23 Jul 2010 13:46:00 UK cracks down on mobile phone recycling industry
IDG News Service - Recycling companies will be required to check whether a mobile phone has been reported stolen before reselling it, according to a new code of practice announced by the U.K. government on Friday.
At least 100,000 mobile phones with an average value of $75 that have been stolen or blocked by their owners end up being recycled, according to the Home Office, citing statistics from Recipero, a company tracks personal property information. The Home Office predicts that same number of phones will no longer be in circulation with the new code.
Companies that don't follow the code could face sanctions. At least 20 have signed up so far, representing about 90 percent of the industry, according to the Home Office.
Computerworld
Full story: http://www.computerworld.com/s/article/9179583/UK_cracks_down_on_mobile_phone_recycling_industry?source=rss_security
&bull
23 Jul 2010 11:33:57 Amount of spam with shortened links nearly doubles
Spammers increasingly are abusing free online link shortening services, resulting in a significant increase in the amount of spam containing shortened links over the past year, according to a Symantec report released Thursday.
The amount of spam containing shortened links peaked in April and represented 18 percent of spam, or 23.4 billion messages, states Symantec's July 2010 MessageLabs Intelligence Report.
This figure is nearly double last year's peak levels, when shortened links were present in 9.3 percent of spam, or the equivalent of more than 10 billion spam emails worldwide.
SC Magazine
Full story: http://www.scmagazineus.com/amount-of-spam-with-shortened-links-nearly-doubles/article/175217/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29
&bull
23 Jul 2010 11:00:00 Tech firms warn privacy bill will harm economy
Captions, from left: Rep. Rush (D), witnesses being sworn in, Rep. Whitfield (R), Mike Zaneis from Interactive Advertising Bureau
(Credit:
U.S. House of Representatives)
A new privacy bill introduced in the U.S. Congress this week would have serious unintended consequences and could even harm the nation's economy unless its Democratic sponsor rewrites it, Internet industry representatives warned Thursday.
The proposal, introduced by Rep. Bobby Rush of Illinois, slaps fines of up to $5 million on businesses and even some individuals unless they abide by a complex set of new regulations to be administrated by the Federal Trade Commission.
Cnet Security
Full story: http://news.cnet.com/8301-31921_3-20011435-281.html?part=rss&subj=news&tag=2547-1_3-0-20
&bull
23 Jul 2010 10:15:00 Researcher finds Safari reveals personal information
IDG News Service - A feature in Apple's Safari browser designed to make it easier to fill out forms could by abused by hackers to harvest personal information, according to a security researcher.
Safari's AutoFill feature is enabled by default and will fill in information such as first and last name, work place, city, state, and e-mail address when it recognizes a form, wrote Jeremiah Grossman, CTO for WhiteHat Security, on his blog.
The information comes from Safari's local operating system address book.
Computerworld
Full story: http://www.computerworld.com/s/article/9179580/Researcher_finds_Safari_reveals_personal_information?source=rss_security
&bull
23 Jul 2010 10:15:00 Researcher finds Safari reveals personal information
IDG News Service - A feature in Apple's Safari browser designed to make it easier to fill out forms could be abused by hackers to harvest personal information, according to a security researcher.
Safari's AutoFill feature is enabled by default and will fill in information such as first and last name, work place, city, state, and e-mail address when it recognizes a form, wrote Jeremiah Grossman, CTO for WhiteHat Security, on his blog.
The information comes from Safari's local operating system address book.
Computerworld
Full story: http://www.computerworld.com/s/article/9179580/Researcher_finds_Safari_reveals_personal_information?source=rss_security
&bull
23 Jul 2010 00:40:00 Virus writers are picking up new Microsoft attack
IDG News Service - The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.
Eset reported Thursday that two new families of malicious software have popped up, both of which exploit a vulnerability in the way Windows processes .link files, used to provide shortcuts to other files on the system.
The vulnerability was first exploited by the Stuxnet worm, discovered on computer systems in Iran last month. Highly sophisticated, Stuxnet targets systems running Siemens industrial control system management software. The worm steals SCADA (supervisory control and data acquisition) project files from Siemens' computer systems.
Computerworld
Full story: http://www.computerworld.com/s/article/9179564/Virus_writers_are_picking_up_new_Microsoft_attack?source=rss_security
&bull
23 Jul 2010 00:06:27 Baidu hacking lawsuit allowed to proceed
Baidu, China's leading Internet search company, has a "plausible" case against its U.S.-based domain registry for allegedly allowing a hacking attack that left the site disabled and defaced, a U.S. judge ruled Thursday.
The order, signed by Judge Denny Chin of the U.S. District Court for Southern New York, allows Baidu to proceed with a lawsuit it filed against Register.com in January. Baidu's suit accuses Register.com of breach of contract, gross negligence, and recklessness related to a January 11 hack attack that left Baidu disabled for several hours. Visitors to the site during those hours were redirected to a site where a group calling itself the "Iranian Cyber Army" claimed responsibility for the attack.
Cnet Security
Full story: http://news.cnet.com/8301-1023_3-20011428-93.html?part=rss&subj=news&tag=2547-1_3-0-20
&bull
22 Jul 2010 21:43:54 Secunia: Apple software has the most holes
A new report from security software provider Secunia shows that despite considerable security investments, the software industry at large is unable to produce software with substantially fewer vulnerabilities.
The latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities--not to how risky they are or how fast they get patched.
Makers of software with the most vulnerabilities
Cnet Security
Full story: http://news.cnet.com/8301-13846_3-20011403-62.html?part=rss&subj=news&tag=2547-1_3-0-20
&bull
22 Jul 2010 20:36:00 Dell revamps hardware testing in wake of malware issue
IDG News Service - A sequence of errors led to Dell's delivery of motherboards with malware and the company is in the process of overhauling its testing process to resolve issues before dispatching hardware to customers, it said on Thursday.
Dell on Wednesday said that some replacement motherboards for PowerEdge servers may have contained the W32.Spybot worm in flash storage. The malware issue affected a limited number of replacement motherboards in four servers, the PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 models, the company said.
"There was a sequence of human errors that led to the issue, That being said, we have identified and implemented 16 additional process steps to make sure this doesn't happen again," said Dell spokesman Jim Hahn.
Computerworld
Full story: http://www.computerworld.com/s/article/9179556/Dell_revamps_hardware_testing_in_wake_of_malware_issue?source=rss_security
&bull
22 Jul 2010 20:08:00 Microsoft: No money for bugs
Computerworld - Microsoft will not follow the lead of Mozilla and Google in paying researchers for reporting vulnerabilities, a company executive said today.
"We don't think [bug bounties] are the best way for us to compensate researchers," said Mike Reavey, director of the Microsoft Security Research Center (MSRC) in an interview Thursday.
Reavey was responding to questions about recent moves by Google and Mozilla to boost payments made to outside researchers who report flaws, and whether Microsoft would follow suit.
Computerworld
Full story: http://www.computerworld.com/s/article/9179549/Microsoft_No_money_for_bugs?source=rss_security
&bull
22 Jul 2010 19:29:12 Safari autofill exploit can reveal user data
(Credit:
Apple)
The autofill option in Apple's
Safari browser can expose personal data without the user's consent, a security researcher reported on Wednesday. It remains unclear as to whether the problem affects Safari specifically or all WebKit-based browsers, which include Google Chrome. It's recommended that Safari and Chrome users disable the autofill feature immediately, until further notice.
Jeremiah Grossman, the chief technical officer of WhiteHat Security, documented the exploit in a blog post on Wednesday, saying that it affects both the current version of Safari, version 5, and the legacy version, Safari 4. He said that the exploit is severe enough that a malicious Web site can access autofill information from Safari without the user entering in any personal information on the site, or even if the user had never visited the site previously.
Cnet Security
Full story: http://download.cnet.com/8301-2007_4-20011384-12.html?part=rss&subj=news&tag=2547-1_3-0-20
&bull
22 Jul 2010 19:15:00 Siemens: Removing SCADA worm may harm industrial systems
IDG News Service - Removing a dangerous worm that targets industrial systems could disrupt plant operations, Siemens Industry warned customers Thursday.
The warning came as Siemens released a new tool that finds and removes the malicious software along with a full-fledged security update for its SCADA (supervisory control and data acquisition) management products.
Siemens on Thursday released the update along with the tool, developed by security vendor TrendMicro. But in a note sent to customers, the company warned users to check with customer support before removing the software from an infected SCADA system. "As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way," the note reads.
Computerworld
Full story: http://www.computerworld.com/s/article/9179551/Siemens_Removing_SCADA_worm_may_harm_industrial_systems?source=rss_security
&bull
22 Jul 2010 19:05:00 Drop 'responsible' from bug disclosures, Microsoft urges
Computerworld - Microsoft today pitched its own proposal for how software makers react to bugs reported by researchers, calling for a name change to describe the process it prefers.
Rather than dub the back-and-forth between bug finders and vendors "responsible disclosure" -- a term that implies that the researcher reports a bug, then waits for the developer to patch it before going public with news of the flaw -- Microsoft wants everyone in the security community to use a different moniker: "coordinated vulnerability disclosure," or CVD.
The company admitted the move is primarily a name change, and that much of the rest of its proposal is what Microsoft has urged in the past.
Computerworld
Full story: http://www.computerworld.com/s/article/9179546/Drop_responsible_from_bug_disclosures_Microsoft_urges?source=rss_security
|
14 news listed
|