I’ve updated the Catagories archive so that rather than consisting of one long page for each catagory, the page will be break up each catagories by month. Not sure if that will be more search engine friendly or not. But it was somethign to try.
Original post by rcbarnett and a wordpress plugin by Elliott
If you want to read the quality articles and news about the computer security then consider the following security blogs.
http://bigblog.com/computer_security.html
http://netsecurity.about.com/od/securityblogs/
 http://blog.tenablesecurity.com/
The baove blogs are really full of knowledge and one can gain a lot of tips tricks and updates to move on with information security.
If you have any good security blog then please dont hesitate to refer in the comment section. We will love to approve your comment.
For other security websites please visit our security directory section.
Computer Repair and Troubleshooting knowledge is a must to every Computer User. Computer is a very essential tool nowadays. It has been a part of our system that it is sometimes difficult to live without it. So it is really a must to have some Basic Information about Computer Repair and Troubleshooting for a worry-free […]
…it downloads a virus instead.
TrendLabs has received reports of a spammed email message that advises users to download an Internet Explorer 7 update. Below is the image attached in the said message:
However, once unsuspecting users click on this image, they are redirected instead to a Web site that downloads a file named IE7.0.exe. This file, while also legitimate-looking, is actually a file infector that Trend Micro detects as PE_GRUM.B-O.
Trend Micro always advises users to avoid clicking on links that come from untrusted sources. However, given this enhanced social engineering (it uses legitimate-looking IE7 images, etc.), I guess the lesson here is that while keeping one’s applications and programs updated is a good practice, users should just make sure that they go straight to the source (in this case, the Microsoft Web site), instead of someplace else. With the rise of Web-based threats that spoof even the “trusted” sites and/or organizations, [...]
Original post by Paul Oliveria and a wordpress plugin by Elliott
Like those animated cursors? You know, the ones that embellish the normal mouse arrow pointers and are available on the Internet? Be careful when downloading and installing these on your systems, as a new Web threat has recently been detected posing as one.
TrendLabs has recently detected TROJ_ANICMOO.AX, a Trojan that arrives as a specially crafted .ANI file — yes, the same file format used by these “tricked out” cursors — and takes advantage of a newly discovered vulnerability in the way Windows handles animated cursors. Once it successfully exploits this vulnerability, TROJ_ANICMOO.AX downloads another Trojan from the URL http://220.71.{BLOCKED}.189/wincf.exe. The downloaded malware is detected as TROJ_SMALL.DRF.
Note that this malicious .ANI file may arrive as a file downloaded by unknowing users from the Internet. It may also be downloaded by HTML embedded in email messages. It only runs on Windows XP.
As of this writing, Microsoft has yet to release a security [...]
Original post by Eric Avena and powered by Img Fly
ShmooCon is an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks, One Track Mind.
ShmooCon is about high-quality without the high price. Take advantage of scaled pre-registration discounts, and ShmooCon can be dirt cheap. Space is limited! ShmooCon has sold out for the last two years, so unless taking a chance on an eBay auction to get your ticket sounds like fun, register early!
Well, except for our West coast friends, sorry guys. ShmooCon is in Washington, D.C., at the Marriott Wardman Park Hotel, just a few steps from the D.C. Metro. Fly into DCA, IAD, or BWI, or take a train to Union Station, and you are just a quick cab ride away from the con.
Brain melting from all the cool tech you are learning? Check out some of the contests running at ShmooCon, including the Hacker Arcade and Hack/Or/Halo.
Or at least the biggest.
In a filing to the Securities and Exchange Commission yesterday, TJX–owner of discount stores TJ Maxx, Marshall’s, and others–revealed that the credit/debit card information of at least 45.6 million cardholders was exposed in the data breach TJX disclosed in mid-January. This exceeds the number of records exposed by the Cardsystems breach of two summers ago, winning TJX the dubious honor of “Biggest Breach Ever.”
Well done, TJX. Well done, indeed.
However the “best” in my opinion is this gorgeous display of social engineering reported in a March 19 bit in The Register, “A ’smooth-talking’ thief [took] ABN Amro bank in Antwerp for £15m worth of diamonds, making off with 120,000 carats despite using nothing more than chocolates and charm in the audacious blag.”
I have a deeply meaningful relationship with chocolate. And I have a troubling weakness for smooth-talking, charming men.
Good thing I don’t also have 120,000 carats of [...]
Original post by Bleeping Malware and software by Elliott Back
Today I submitted supplemental written testimony, adding to my previous testimony from last week’s e-voting hearing before the House Administration Committee, Subcommittee on Elections. Today’s supplemental testimony is short, so I’ll just include it here. (The formatted version is available too.)
Thank you for the opportunity to submit this supplemental written testimony.
Some people have suggested that it might be possible to use an electronic verification system instead of the voter-verified paper ballot required by H.R. 811. For example, the verification system might be an electronic recording device developed separately from the voting machine. Congressman Ehlers mentioned this possibility during the hearing.
The idea behind such proposals is to use redundancy as a safeguard against fraud or malfunction, in the hope that a failure in one system will be redeemed by the correct behavior of the other.
Redundancy works best when the redundant systems fail independently. If System A fails whenever System B fails, then using A and B redundantly provides no benefit at all. On the other hand, if A always works perfectly when B fails, then redundancy can eliminate error entirely. Neither of these extreme cases will hold in practice. Instead we expect to see some correlation between failures of A and failures of B. Our goal is to minimize this correlation.
One way to avoid correlated failures is to make the two systems as different as possible. Common sense says that similar systems will tend to fail in similar ways and at similar times – exactly the kind of correlated failures that we want to avoid. Experience bears this out, which is why we generally want redundant systems to be as diverse as possible.
The desire for diversity is a strong argument for keeping a paper [...]
Read more at Ed Felten
by Larry Magid
Unlike some of my fellow Internet safety activists, I think that the Internet Corporation for Assigned Names and Numbers did the right thing by rejecting the proposed .XXX top level domain designation. See Story
For the record, in addition to my work as technology commentator, I run SafeKids.com and Safeteens.com and am co-director of BlogSafety.com.
Despite years of advocacy on the part of its sponsors, I remain unconvinced that that the .XXX top level domain would have furthered the causes of child protection or free speech. It might have been effective had it been mandatory for all porn sites, but that would have brought up enormous free speech issues that many of us would not fathom. Because it would have been voluntary, there would continue to be porn sites with .com TLDs, possibly giving parents a false sense of security by believing that all porn was walled off. I don’t agree with those who say it would have promoted porn nor do I fully agree with those who fear that such a voluntary process would have been a likely first step towards government regulation. I do, however, understand why some adult site operators and civil libertarians would worry about that, especially if the voluntary xxx didn’t cut back significantly on the use of .com for porn site. (more…)
Read more at admin
UK financial advisers, Grant Thornton, says that organizations that fail to lock-down bluetooth connections on company-owned laptops and other portable devices are taking a huge data theft gamble. The company says the number of bluesnarfing attacks – where a connection between two devices is forced without the consent of the target machine – is on the increase.
Grant Thornton gives the unsurprising advice that non-essential bluetooth links should be turned off. But can employees be trusted to do this themselves, or is it better to manage this centrally?
Solutions like Centennial DeviceWall can help extend endpoint security by locking-down bluetooth connections in addition to managing the flow of data through wired communications such as USB and firwire ports. With every new laptop now seemingly enabled for bluetooth out-of-the-box, could 2007 be the year of the ‘bluesnarfer’?
Original post by Matt Fisher and plugin by Elliott Back
I’m home for the next couple days, but no rest for the weary. I had to get this off of my plate first, but I’ve still got another podcast to edit and a few video blog entries. This stuff all takes time.
Today’s is a short podcast, the majority of it is the interview with Dean Turner from Symantec. There’s a lot more here than made it into the Podtech interview. That was just a teaser for the full interview. Besides, Podtech wants shorter segments, or so they’ve told me.
If you’ve sent me an email in the last week and I haven’t responded, please resend it. Shmoocon was great, the press tour with Mitchell Ashly has been a learning experience, but if I didn’t respond to any email you sent in that time, it wasn’t personal.
Network Security Podcast, Episode 65, March 29, 2007
Time: 25:05