Archive

Archive for May, 2007

FBI infrastructure: Less secure than your corporate network

May 31st, 2007

The FBI doesn’t use even the most basic network security techniques, such as protecting against insider threats, patching its servers, or using strong encryption techniques, according to a report from the federal Government Accounting Office (GAO). In fact, if the report is to be believed, the FBI’s network appears to be less secure than your corporate network.
The GAO conducted a security assessment for one of the FBI’s critical networks, and the results weren’t pretty. The FBI, it found, didn’t properly authenticate users, log and audit security-related events, protect the physical network, use strong encryption, or patch servers and workstations in a timely way.
Popularity: unranked [?]

Read more at rcbarnett

Networking security ,

Spammers’ use of AI only just begun

May 31st, 2007

Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users’ inboxes.

Popularity: unranked [?]

Read more at schneier

Computer security Systems

Link: Parent’s Guide to Windows Vista

May 31st, 2007

Parent’s Guide to Windows Vista (Via Computer Science Teacher – Thoughts and Information from Alfred Thompson.) I’m usually not one for locking down a computer to limit what students can do with it… and I’m still not in this case, but with so little “Vista in Education” news out there, this caught my eye and I’m passing it on. Also, this somewhat relevant to the Internet Awareness and Safety workshops I lead for parents from time to time. In any case, I remember being so excited about Windows XP back when I was implementing it in schools (especially as we integrated it with OS X in our Active Directory infrastructure), but I don’t sense much excitement about Vista in schools at all right now. Is anyone experiencing anything different?

Popularity: unranked [?]

Read more at Mark Wagner

Computer security technology

Link: Dr. Alice Robison on Video Games as a Learning Tool – Classroom 2.0

May 31st, 2007

Dr. Alice Robison on Video Games as a Learning Tool – Classroom 2.0 Tim Holt posted a notification about this interview on his Classroom 2.0 page. I haven’t listened to it yet, but since I want to find my way back to it – and since I want to share it with you, I’m passing it along here.

Popularity: unranked [?]

Read more at Mark Wagner

Computer security education

Link: Google Gears

May 31st, 2007

Google Gears (Via pedersondesigns.) It seems Google is beginning to offer an offline version of their online applications. John Pederson says simply, “game over” – presumably in reference to the competition between Google and Microsoft. In any case, this bodes well for the future of applications like Google Docs and Spreadsheets (in addition to Reader). However, I wonder if the need to install a database on the local machine will keep this from being used in many schools? As long as we can keep our connections up, the pure web-based versions of the applications may be better solutions.

Popularity: unranked [?]

Read more at Mark Wagner

Computer security Systems

WiFiEnum

May 31st, 2007

George Ou blogs about a free WiFi driver checker from Aruba Networks.
Basically it scans domain computers via WMI using supplied credentials and reports if the wireless driver is vulnerable. They didn’t take the time to have it verify the computer is reachable, so there could be some long timeouts. I’ve seen other WMI scripts test first. They are testing with a tcp ping on 135 which they report will not work against XP computers.
Ou reports “When I spoke with the patch management companies at RSA 2007 in February and asked them about driver patches, they looked at me with a blank stare as if they didn’t even know what I was talking about.”
My vuln scanner does detect a couple of Intel 2200 BG vulnerabilities. But I’ve often wondered about the Broadcom drivers and the non-wifi drivers. It will be interesting to run this and see what, if anything, I’ve been missing.

Popularity: unranked [?]

Read more at rcbarnett

Computer-security

Links for 2007-05-31 [del.icio.us]

May 31st, 2007

Logblog: Logging Glossary: Log Rotation
Google acquires GreenBorder Technologies | Tech news blog – CNET News.com

Popularity: 7% [?]

Read more at Anton Chuvakin Personal Blog

Computer security Systems

New Office flaws overshadow Patch Tuesday

May 31st, 2007

It must be zero-day Wednesday.
Microsoft and security researchers are investigating reports of several potentially serious bugs affecting Microsoft Office, made public just as Microsoft patched critical flaws in Windows XP, Vista and other software on Tuesday.

The new bugs appeared in several security forums on Monday, and were reported by security firms such as McAfee’s Avert Labs on Tuesday.

“This is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximize the public’s exposure to these flaws until the next month’s Patch Tuesday,” wrote McAfee researcher Karthik Raman on Tuesday.

Raman said all but one of the Office flaws resulted in shutting down the application, but one heap-overflow flaw could be exploited to execute malicious code.

Microsoft said in a statement that it is investigating the reports, but isn’t aware of any active exploitation. Microsoft and security firms both kept quiet on details of the flaws, citing the need to protect customers.

Computer security Systems, Microsoft security , , ,

Google home page bug strikes again

May 31st, 2007

Google renamed and upgraded its Personalised Home Page this week, but one thing the update couldn’t shake was a bug that began upsetting many users last Thursday and persisted until Wednesday.

The bug caused the free service, which lets users turn Google.com into a customized portal, to revert an undetermined number of pages to their default settings or to months-old versions.

The problem rattled users who spend significant time and effort tailoring their Google.com page with syndicated content feeds, as well as with “gadget” applications, to make it their hub for web content, online services and applications.

A source familiar with the issue says the bug affected “a single digit percentage” of users of this service, which company officials have said has “tens of millions” of users. This means that the number of affected users could range from a minimum of 200,000 to several million.

Discussion forums erupted last Thursday morning with reports from upset users, and Google, after acknowledging the problem, didn’t declare it fixed until almost 36 hours later.

However, over the weekend, reports kept flowing into discussion forums of users saying the fix hadn’t reached their pages, and continued throughout Monday, even as Google’s Marissa Mayer, vice president of search products and user experience, hosted journalists in the company’s headquarters to unveil the improvements to the service, now called iGoogle.

At the time, it seemed that the users still complaining had been affected by Thursday’s bug, and that it would be a matter of time until Google rolled the fix to their pages.

However, on Tuesday morning, as the volume of complaints in discussion forums increased significantly, with a new wave users reporting the problem for the first time, it became apparent that the bug had cropped up again and was affecting an entirely different batch of iGoogle pages.

Internet security , ,

E-mail scammers hiding malware in fake IRS notices

May 31st, 2007

If you get an e-mail telling you that you’re under investigation by the U.S. Internal Revenue Service, take a breath before calling your lawyer. It’s a scam.

Popularity: unranked [?]

Read more at Robert_McMillan@idg.com (Robert McMillan)

Computer security Systems

Going My Way? Look here first

May 31st, 2007

This article delves into the results of an IT survey released this week which ranks U.S. cities according to their readiness for disaster.  With summer just a few weeks away, those of us who intend to make an excursion may want to consult this list first.  It’s not likely you’d be affected, but if you know ahead of time that disasters (natural or man-made) aren’t being planned for efficiently in a particula
Popularity: 100% [?]

Read more at rcbarnett

Computer security Systems

States settle with ChoicePoint over 2004 breach

May 31st, 2007

Data broker ChoicePoint Inc. will pay US$500,000 and has agreed to change the way it screens new customers under a multistate settlement for a 2004 data breach.
ADVERTISEMENT
IBM Information On Demand 2006Industrial Industry Leaders, please join us at IBM’s premier information management global event, IBM Information On Demand 2006, October 15-20, Anaheim, CA. More IBM business and technical solutions content in one place than ever before! Select from over 800 sessions. Register today!
Popularity: unranked [?]

Read more at Grant_Gross@idg.com (Grant Gross)

Computer security Systems