news aggregator

In defense of full-disclosure

Updated In an official blog post, an employee in Verizon's Risk Intelligence unit has taken aim at researchers who disclose security flaws, calling them "Narcissistic vulnerability pimps" and comparing them to criminals.…

'When I complain about privacy, I use Google Buzz'

Updated A gaggle of Google engineers have expressed their displeasure with Facebook's latest effort to share your data with third-party sites, and many have gone so far as to deactivate their accounts.…

The server did not eat your video

A computer security expert used his elite skills to turn the tables on Seattle Police who arrested him for doing nothing more than refusing to identify himself during a drunken street golf game in 2008.…

Yesterday was a tough day for corporate IT administrators tied to McAfee. In some cases, they faced a full-blown meltdown of their organization's PCs, as hundreds, in some cases thousands, of Windows XP computers went down after receiving a faulty antivirus update from the security firm.

Several European nations have expressed concern about Google’s slow but steady encroachment on citizens’ privacy protections. Now the search behemoth is in hot water with Germans for using its wandering Street View cars to log the location of private WLAN networks and media access control (MAC) addresses in that country.

VeriSign has spotted a hacker in an underground forum offering 1.5 million Facebook accounts for sale.

Whack-a-mole

Security experts in Hong Kong last week succeeded in taking down a key component of the Koobface bonnet, only to witness the system popping up in China.…

Last year, The Pirate Bay moved to an ISP that has facilities located in a former NATO nuclear bunker. It has operated with them successfully for some time but we can now reveal that Hollywood movie studios are threatening the ISP with a legal strike over its servicing of TPB and other sites. The ISP’s owner, however, is in no mood to capitulate

The very connectivity that gives the U.S. an edge in most markets is likely its greatest vulnerability, former counterterrorism chief Richard Clarke says. Why hasn't Obama done anything about it?

Google and the Google-owned YouTube received more than 10,000 requests for user data from government agencies in the six months ending Dec. 31, 2009. 3,580 data requests originated from U.S. agencies

Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday. Comment - TrackBack - del.icio.us via: ::PepperTech:: Identity Management and PKI Security News Blog [2006/05/22]

This quote sums up nicely why Diebold should not be trusted to secure election machines:

David Bear, a spokesman for Diebold Election Systems, said the potential risk existed because the company’s technicians had intentionally built the machines in such a way that election officials would be able to update their systems in years ahead.

“For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” he said. “I don’t believe these evil elections people exist.”

get the threat model right, you can’t hope to secure the system. Comment - TrackBack - del.icio.us via: Schneier on Security [2006/05/22]

Caveat: This is my first blog posting from within Office 2007 beta 2, so I hope it comes out ok!

Lecture materials from the University of Washington’s cryptography class have been posted on-line. Recordings of the lectures are also available on-demand.

The lecturers are Brian LaMacchia (he was a security architect for the .NET Framework and Common Language Runtime), Josh Benaloh (senior cryptographer in Microsoft Research) and John Manferdelli (Distinguished Engineer, worked on the TPM stuff at Microsoft.)

Comment - TrackBack - del.icio.us via: Michael Howard's Web Log [2006/05/22]

Comment - TrackBack - del.icio.us via: O'Reilly Weblogs [2006/05/22]

Comment - TrackBack - del.icio.us via: O'Reilly Weblogs [2006/05/22]

Comment - TrackBack - del.icio.us via: O'Reilly Weblogs [2006/05/22]

Comment - TrackBack - del.icio.us via: O'Reilly Weblogs [2006/05/22]

Comment - TrackBack - del.icio.us via: O'Reilly Weblogs [2006/05/22]

It’s a small world — and a busy one, this post was supposed to appear the previous week so here it goes. There are certain places you just can’t miss on the world’s map, and the Cheyenne Mountain Operations Center is one of them. Remember the typical massive gate in the War Games movie, or in pretty much any other military/intelligence thriller you’ve watched? Try this one. Nuke it, EMP it, it’s supposed to stand tall, yet it remains a visible sensitive location for you to enjoy without moving. The other day I came across to a report that I somehow missed in relation to various threats — if any — posed by Google Earth. “Google Earth Study: Impacts and Uses for Defence and Security” is worth the read :

“The Google Earth study on the impacts and uses for defence and security is aimed at answering a number of questions. What are the technical features, the reliability and limits of GE data and software, regarding international security regulations? Which confidence in data, real dangers of a pernicious use, or impacts of such an easy access to imagery is there on users or the geographical information market? What are the new applications stemming from GE, which services can be derived from this application, or what are the ways to integrate GE into an information system?”

Stay tuned for the upcoming 0day sights from around the world. Comment - TrackBack - del.icio.us via: Dancho Danchev - Mind Streams of Information Security Knowledge! [2006/05/22]

Nortel next month will add an intrusion protection feature to its application switch, with help from Symantec, which is supplying the IPS functionality for it…. Comment - TrackBack - del.icio.us via: Security Notes [2006/05/22]