Leave your response!

News

• How Much Space To Store Pi…

  30 Aug 2010

  3.141592654… is about my limit when it comes to remembering Pi… and that seems to have worked for me. However… there is a new world record… Pi to 5 trillion places! (It’s a ‘2′ if you were wondering…)

  However, the real news here is how much storage it took… 6TB. Not too …

• Smudged… But Your Password Isn’t…

  18 Aug 2010

  A really cool bit of research from the University of Pennsylvania has looked at how smudges on your smart phone touch screen can be used to guess your password. So, while this is all research at present, as per usual it will only be a matter of time before it is exploited.

  So… along …

• Spammers Turn to Oil Spill, Paul the Octopus and Phishing Live Chat

  12 Aug 2010

  Over nine in ten of all email messages in July were spam. Meanwhile, phishers find a new target with interactive customer support services, according to Symantec’s August State of Spam and Phishing report.

  The report found spammers changed focus from the World Cup and shifted back to current events like the …

• Deadly Combo: Zero Day Application Vulnerability + OS Vulnerability = Attacker Win

  22 Jul 2010

  The recent Siemens WinCC SCADA targeted malware packages an zero day application vulnerability with a zero day OS vulnerability. The OS vulnerability in Windows creates a worm capability to get to the target and once on the target the application vulnerability allows compromise of the application’s data. The vulnerabilities are used in stages:
  Stage [...]

• Cached Credentials & Data Loss

  22 Jul 2010

  There have been a couple of stories in the news recently about cached credentials. In essence, you enter your username and password and it enables you to, in this case, easily buy things from the online shop. Making it easier to use compromises the security and here meant that someone …

• Is today really Black Thursday for Cyber Attackers?

  15 Jul 2010

  Today the Domain Name System Security Extensions (DNSSEC) protocol public key gets added to the ‘root’ name servers. Some commentators such as Alex Pawlik quoted in ZD Net predict it will be a ‘Black Thursday’ for cyber attackers with malicious DNS re-directs becoming a thing of the past. I’m not …

• From The Heart Of The Data-Centre…

  13 Jul 2010

  In a recent announcement by SAP, they say that they will ‘push all useful data to mobile devices’. Good news… but not entirely unexpected, the smart-phone of today is just as powerful as the laptop of yesteryear and much easier to carry. However, security and usage policies are sorely lacking …

• World Cup 2010 spam sees nine fold increase on Germany 2006

  9 Jul 2010

  Vuvuzelas weren’t the only annoyance during this World Cup. Symantec’s July State of Spam and Phishing report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to that in 2006. Not only this but there’s …

• Who Has Your Data? In The Cloud, It’s Not You…

  5 Jul 2010

  The news last week was that EMC was closing its Atmos cloud storage service with immediate effect – you can keep using it for developmental purposes but that’s about all.

  Why did it close? Industry analysts said that it never took off, and recent surveys show that it is still a …

• Catching Up With The User…

  29 Jun 2010

  With the news that a couple of Android apps have been pulled as they misrepresented their purpose (they were used as research – duping users into downloading and installing them – to see if people would), it raises an(other) interesting question for IT departments around applications, mobile devices and keeping up with the user.

  While …

Find us elsewhere

On Twitter

The Blogosphere

• SBN Sponsor Post: Become a Fan of RSA Conference
• Immigration
• Walt Handelsman: Panic In The Hamptons
• Does bug-fix speed reflect browser value?
• UAE Man-in-the-Middle Attack Against SSL
• Automated vs. Manual Security
• Infinite Malware & Infinite Protection?

Contributors

• View From The Bunker
• ZeroDay Labs blog

Podcasts

• Digital Underground
• Paul Dot Com
• Security Justice

Reading List

• Bruce Schneier
• Dark Reading
• Darknet
• DoxPara Research
• F-Secure Blog
• Intelfusion
• Internet Storm Center
• mwcollect.org
• SANS Security Laboratory
• Security Focus
• Shadowserver
• Threatpost

US CERT

• Apple Releases iTunes 10
• Google Releases Chrome 6.0.472.53
• VMware Releases Updates for ESX Service Console Packages
• Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol
• RealNetworks Releases Update to Address Vulnerabilities in RealPlayer

NIST CVEs

• CVE-2010-2364 (moobbs)
• CVE-2010-3188 (bugtracker.net)
• CVE-2010-3196 (db2)
• CVE-2010-3190 (visual_studio)
• CVE-2010-3195 (db2)
• CVE-2010-2365 (moobbs2)
• CVE-2010-3194 (db2)
• CVE-2010-3191 (captivate)
• CVE-2010-3193 (db2)
• CVE-2010-3189 (internet_security)

BugTraq

• Vuln: KSP '.m3u' File Buffer Overflow Vulnerability
• Vuln: Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
• Vuln: HP-UX Software Distributor Unspecified Local Privilege Escalation Vulnerability
• Vuln: Trend Micro Internet Security Pro ActiveX Control Remote Code Execution Vulnerability
• Bugtraq: Re: Re: IIS5.1 Directory Authentication Bypass by using ?:$I30:$Index_Allocation?
• Bugtraq: VUPEN Security Research - Google Chrome Focus Processing Memory Corruption Vulnerability (VUPEN-SR-2010-249)
• Bugtraq: [SECURITY] [DSA-2102-1] New barnowl packages fix arbitrary code execution
• Bugtraq: [ MDVSA-2010:170 ] wget
• More rss feeds from SecurityFocus