-
Employee gadgets pose security risk to companies
Date: 11/16/05
(Security) Keywords: security
iPods, smart phones, digital cameras and other gadgets pose a real security risk to organizations. IT managers are looking for solutions.
Source: http://news.zdnet.com/2100-1009_22-5954642.html
-
New 'Sober' virus circulating
Date: 11/16/05
(Security) Keywords: security
Security analysts find large number of infected e-mails.
Source: http://news.zdnet.com/2100-1009_22-5954385.html
-
Sony recalls risky 'rootkit' CDs
Date: 11/16/05
(Security) Keywords: security
Sony BMG recalls millions of copy-protected CDs, but more security risks are spotted in what the uninstaller has left behind.
Source: http://news.zdnet.com/2100-1009_22-5954154.html
-
Biometrics council wants to fill standards gap
Date: 11/15/05
(Security) Keywords: security
Backed by IBM and Department of Homeland Security, the International Biometric Advisory Council wants to tackle ambiguity.
Source: http://news.zdnet.com/2100-1009_22-5953928.html
-
Attack targets Sony 'rootkit' fix
Date: 11/17/05
(Security) Keywords: security, web
Security firm reports Web sites intended to exploit a flaw in a Sony program designed to remedy security problems in copy-protected CDs.
Source: http://news.zdnet.com/2100-1009_22-5956707.html
-
The growing drumbeat for open source patch management
Date: 11/17/05
(Open Source) Keywords: security
What we need is for someone, or several someones, with solid development budgets to create an open source patch management project, and a clearinghouse for security alerts.
Source: http://blogs.zdnet.com/open-source/?p=499&part=rss&tag=feed&subj=zdblog
-
Exploit code puts Windows XP and 2000 at risk
Date: 11/17/05
(Security) Keywords: security
Threat is considered moderate, since worst-case attack might crash some machines but not others, says security firm.
Source: http://news.zdnet.com/2100-1009_22-5958846.html
-
Rootkit worm linked to hacker group in Middle East
Date: 11/17/05
(Security) Keywords: security
Security firm says bad guys are using BitTorrent to pilfer files from 17,000 PCs. Worm began spreading via AIM last month.
Source: http://news.zdnet.com/2100-1009_22-5958838.html
-
Microsoft enlists new buddies for antiphishing trip
Date: 11/17/05
(Security) Keywords: security, web, microsoft
Three more companies will provide lists of confirmed phishing Web sites for Microsoft's security tools.
Source: http://news.zdnet.com/2100-1009_22-5958832.html
-
This thing ROCKS!
Date: 11/18/05
(SQL Server) Keywords: database, sql, security, google
http://www.sqledit.com/dg/
Yesterday after lunch, I got one of those famous, hurried "critical" requests to export some data to a vendor for an important project. Someone from our Stock Administration team insisted on meeting with me to give me a USB drive to get the database image. Apparently, they needed someone to import the data on our system, then export it in a format requested by the vendor in order to test and configure a new offering for us.
I was already irritated that yet another team had failed to document and obtain resources for their data requirements, therefore making an emergency for me that very important people would hear about if I didn't follow through. I did what I aways do, I said I'd look at it and see what could be done. Oh man...you know what I saw? This dude had been walking around all over the place with this little flash drive in is pocket with stock administration data for EVERYONE IN OUR COMPANY. This data included Social Security Numbers, Birthday's, Names, Addresses, Salaries, and Stock Options. AND he wanted me to just send it off to some company to play around with. I was pretty mad, especially when he had his manager call me to complain.
I explained that this was in violation with our SOX commitments and that the data would have to be at the very least cleansed before it was sent out. I also mentioned that I didn't particularly want my SSN sent to parts unknown for a proof-of-concept project. After that I found a kind way of mentioning that carrying around sensitive data in an unsecure format is grounds for termination. Then his manager called the CIO. All the better, at least the CIO understands INFORMATION and the protection thereof!
I didn't have a clue how to cleanse data, but it had to get done fast, so I did a google search for tools, and I found this little gem. The DTM Data Generator contained a robust set of tools for analyzing the SQL tables field by field, while retaining the referential integrity. It's very versatile. I'm definately going to use this again. I think I might finally generate those mean sets of data for our QA team to test against. This tool rocks.
Source: http://www.livejournal.com/community/sqlserver/37213.html
-
Sony DRM Rootkit Violates Open Source License
Date: 11/19/05
(Java Web) Keywords: software, security
Sony's infamous rootkit based DRM software has been at the center of much attention for the last few week. That are facing a class action lawsuit. In the face of serious consumer backlash they recently decided to withdraw their copy-protected cd's which compromises the security of users. Now it appears Sony is headed for more [...]
Source: http://blog.taragana.com/index.php/archive/sony-drm-rootkit-violates-open-source-license/
-
A Veritable Cornucopia of Browsers
Date: 11/21/05
(Mozilla) Keywords: rss, browser, security, web
Has anyone tried out Flock yet? It is still quite beta, if not alpha, based on Mozilla Firefox, but incorporating some very nice little innovations indeed.
1. All of your Favourites/Bookmarks/Whatever you call them are stored online, by default on del.icio.us . There is even a little star button on the toolbar to bag and tag any page you are on quickly and easily.
2. You can use your Favourites Manager in the normal, everyday boring way. Or you can also use it as an RSS feed reader. Blow me down with a feather.
3. "Flock comes with the open source Clucene search engine built in. Each time you visit a web page, it indexes all the content on that page so you can easily retrace your steps later." Exactly what that means I don't quite know yet. Any techno-babble people want to help me out here?
4. Most frequently visited sites tracking from within favourites. Real, intelligent Favourite Favourites?
5. When you bookmark a page that has a feed, the browser automatically becomes a feed reader and updates every hour.
6. Flock has a built in blog editor that works with WordPress, Movable Type, Typepad, and Blogger. Unfortunately LJ support is expected "shortly".
7. The blog editor integration looks pretty good. You can highlight something on a webpage, right click and choose "Blog this". It will automagically open the editor, with the selection already inserted and formatted.
8. The Blog Editor comes with Flickr integration. Press a button and get a topbar with all your Flickr photos. Assuming you have Flickr of course.
9. An intriguing, very alpha feature, called "The Shelf". Basically if you want to blog about something cool, but you're too busy reading other stuff, you drag stuff onto the shelf so you can drag it into the editor later. It's 'Ron for the net.
Definitely not ready for prime time yet, but with the news from this (badly in need of a spell-checker) article that Firefox are going to be slower at innovating, whilst maintaining speedy responses to security threats and aiming for the most intuitive interface possible, COMBINED with the fact that this is built off of Firefox, and therefore should be able to tap into the wealth of extensions out there quite easily, it is well worth a look.
EDIT: Not quite alpha, not quite beta. That weird stage of in between. Public Beta is slated for December.
Source: http://www.livejournal.com/community/mozilla/337865.html
-
Liberty Alliance rings bell for new ID products
Date: 11/21/05
(Security) Keywords: security
Authentication products from IBM, NEC, NTT and RSA Security get a passing grade on alliance's stringent interoperability tests.
Source: http://news.zdnet.com/2100-1009_22-5964961.html
-
Security experts lift lid on Chinese hack attacks
Date: 11/23/05
(Security) Keywords: security
Hackers for the Chinese government stole U.S. military secrets, security experts allege.
Source: http://news.zdnet.com/2100-1009_22-5969516.html
-
Terrorism threat to Net 'overstated'
Date: 11/28/05
(Security) Keywords: security
Q&A Security expert Bruce Schneier says the danger to the Internet is primarily from thieves not terrorists.
Source: http://news.zdnet.com/2100-1009_22-5973190.html
-
Microsoft offers security test drive
Date: 11/30/05
(Security) Keywords: security, microsoft
Test version of Microsoft's forthcoming OneCare Live security product is now available to anyone with a U.S. English version of Windows XP with Service Pack 2.
Source: http://news.zdnet.com/2100-1009_22-5976090.html
-
Danger level rises for Perl flaws
Date: 11/30/05
(Security) Keywords: security
A type of security hole in applications written in the popular open-source scripting language may be much more serious than thought.
Source: http://news.zdnet.com/2100-1009_22-5975954.html
-
White knight rescues Kerio's free firewall
Date: 12/01/05
(Security) Keywords: software, security
Sunbelt Software will acquire the Kerio Personal Firewall, saving the popular consumer security product from the chop.
Source: http://news.zdnet.com/2100-1009_22-5978683.html
-
More exploits out for Windows flaws
Date: 12/02/05
(Security) Keywords: security
Users should be shielded from two new attack codes if they use security updates. It's the unpatched flaws that cause worry.
Source: http://news.zdnet.com/2100-1009_22-5978990.html
-
Gmail gets security upgrade
Date: 12/02/05
(Security) Keywords: security, google
Google bolsters security for its e-mail program, but only long after rivals offer similar message-scanning features.
Source: http://news.zdnet.com/2100-1009_22-5980482.html