1. New Bagle damages security software

    Date: 03/01/05 (Security)    Keywords: security, web

    The variant, BagleDl-L, is said to hurt security applications and attempts to connect with a number of Web sites.

    Source: http://news.zdnet.com/New+Bagle+damages+security+software/2100-1009_22-5594201.html?part=rss&tag=feed&subj=zdnn

  2. E*Trade adopts additional security for traders

    Date: 03/01/05 (Security)    Keywords: security

    Online financial firm offers password-generating key fobs to major account holders.
    Photo: E*Trade's new security key

    Source: http://news.zdnet.com/E*Trade+adopts+additional+security+for+traders/2100-1009_22-5594914.html?part=rss&tag=feed&subj=zdnn

  3. Watchdog-attacking Bagle ramps up

    Date: 03/02/05 (Security)    Keywords: security

    A new Bagle Trojan horse that hurts security applications is spreading rapidly.

    Source: http://news.zdnet.com/Watchdog-attacking+Bagle+ramps+up/2100-1009_22-5594201.html?part=rss&tag=feed&subj=zdnn

  4. Major ID theft uncovered, affecting thousands of Californians

    Date: 02/17/05 (Java Web)    Keywords: security

    ChoicePoint is working with the California authorities on this, assuming that the impact is on Californian residents only. However security experts diasgree. It would be surprising if the impact is limited to California only. A company that collects consumer data warned thousands of Californians that hackers penetrated the company's computer network and may have stolen credit [...]

    Source: http://blog.taragana.com/index.php/archive/major-id-theft-uncovered-affecting-thousands-of-californians/

  5. ForecastFox 0.7 positioning issue

    Date: 03/02/05 (Mozilla)    Keywords: security

    I just upgraded my Firefox to 1.0.1, and my ForecastFox extension to version 0.7. I'm trying to get the forecast to display to the left of the statusbar display, the way my old version did, but it's not working... so now I have this huge line-up of stuff (i.e. Gmail Notifier, FoxyTunes, and now the forecast) that moves around when I'm loading pages and the security certificates (or whatever) show up, and it's driving me nuts!

    Any ideas on how to remedy this? There's a setting in the ForecastFox options on the position to put it in, and nothing I've tried thus far seems to put it where I want it.

    Source: http://www.livejournal.com/community/mozilla/256700.html

  6. Firefox: New Version out.

    Date: 02/25/05 (Mozilla)    Keywords: security

    Firefox 1.0.1 Download (windows) (all systems).

    Recommended for a bunch of bugfixes and a couple of security holes plugged.

    Source: http://www.livejournal.com/community/mozilla/254461.html

  7. Upcoming events & cons

    Date: 01/20/05 (IT Professionals)    Keywords: html, security, web

    You can just go to the list from the Defcon web site for some of these:
    http://defcon.org/html/links/other-conventions.html



    Here are some I found interesting from there, and some other research I did for my travel plans this year:

    SANS LoneStar 2005, Mar 10 - 16th - Houston
    http://www.sans.org/lonestar05/

    Notacon, April 8-10 - Cleveland, Ohio
    http://www.notacon.org/

    NAB, Apr 18-21 - Las Vegas (I scored a free pass for show floor - woot!)
    http://www.nabshow.com/

    LayerOne 2005, April 23 & 24 - Los Angeles, California Pasadena Hilton
    http://layerone.info/

    DallasCon, May 2-7 - Dallas, Texas The Richardson Hotel
    http://www.dallascon.com/

    Blackhat, July 23-28 - Las Vegas, NV
    http://www.blackhat.com/html/bh-link/briefings.html

    DEFCON 13, July 29-31 - Las Vegas, Nevada The Alexis Park
    http://www.defcon.org/html/defcon-13/dc-13-index.html

    USENIX Security Symposium, August 1-5 - Baltimore, MD
    http://www.usenix.org/events/sec05/

    Nebraska CERT, Aug 9 - 11 - Omaha, NE
    http://www.certconf.org/



    Dates not announced yet:
    Interzone West, in early October - San Francisco Bay Area

    ToorCon, end of September - San Diego
    http://www.toorcon.org/


    Will I see any of you there?


    x-posted to '[info]'gothicgeek, '[info]'infosec, '[info]'it_admin, '[info]'itprofessionals, '[info]'itsecurity, & '[info]'lj2600

    Source: http://www.livejournal.com/community/itprofessionals/2122.html

  8. discuss: LJ outage & disaster recovery

    Date: 01/17/05 (IT Professionals)    Keywords: security

    discuss: LJ outage & disaster recovery

    From Slashdot: LiveJournal Servers Go Down
    From Something Positive, some humor on the downtime

    For those of us in the Information Security realm, disaster recovery is one of those things we think (worry) about and home we never have to put the plans into action. Evidently someones plans did not work as expected. Any thoughts or insight into LJ's disaster & recovery plan? What went wrong?

    Did this give you any fears or ideas with your recovery plans?


    x-posted to '[info]'infosec, '[info]'it_admin, and '[info]'itprofessionals

    Source: http://www.livejournal.com/community/itprofessionals/800.html

  9. Firefox: New Version out.

    Date: 02/25/05 (Web Hosts)    Keywords: security

    Firefox 1.0.1 Download (windows) (all systems).

    Recommended for a bunch of bugfixes and a couple of security holes plugged.

    Source: http://www.livejournal.com/community/webhosts/23727.html

  10. Security Nazi's on the Loose!

    Date: 12/27/04 (SQL Server)    Keywords: software, sql, security

    Does anyone know of a quick reference I could provide to the it security folks at my work that outlines what file extensions, ports, and dll's sql server uses? They've gone hog wild with 'security' software here to the point that they invariably end up shutting down one behavior or another within SQL each time they do a 'security upgrade'. Grrrr.

    Source: http://www.livejournal.com/community/sqlserver/13319.html

  11. Encryption ideas requested.

    Date: 02/06/05 (C Sharp)    Keywords: security, google

    Hey folks, I've recently popped into the community, as I've been rather yearning a place where I can talk to anyone else who develops in .NET (C# specifically, but I've gotten less picky, as I know about ONE person besides me who codes in .NET) so I can bounce some of my more interesting questions off them. So yeah, thanks for being here. ;)

    Anyways, I'm developing an application that can be best described as a file mirroring program: a file is synchronized between two computers when a change is made on one of them. For example, a Quicken file kept on both a laptop that travels heavily and a workstation or home PC, so when a change is made to the Quicken file, it's mirrored to the other PC. I've written my own file transfer protocol with MD5 verification (works fantastic in LAN testing so far) and most of the UI design and implementation is completed.

    However, the problem I now hit comes with dealing with encryption. Because of the potentially sensitive nature of data being sent, I'm conscious of the reality that the data could be intercepted, and I feel an encrypted stream option or mandate is pretty much a requirement for this program. This is where I haven't sufficient exposure, though. Going through the MSDN library and many, many Google searches and newsgroups, it seems to me that using RSA encryption for the local components (e.g. configuration file encryption) is the best, as I can store the keys in a CspContainer so they persist and are at least better secured than if I were to try storing them myself. The bigger problem comes up when I try to come up with a reasonable solution for encrypting the TCP stream itself between two clients. So far, it would seem that Rijndael or DES are more suited for these tasks, but how am I going to reasonable get the Key and IV between the two systems?

    So far, my best solution to this is the following:

    • Add in another command to the server to allow a client to request the server's public RSA key.

    • Create a thumbprint file that has the generated Rjindael or DES Key and IV as well as the needed information about the file to be synced, and encrypt it using the provided public key.

    • Have the thumbprint sent to the remote system, either by simply transferring the file via TCP (easiest) or having it placed on a floppy or flash drive and physically moved (safest).


    I think this is the best idea in terms of both security and usability. What I am asking you folks is two things: 1) do you feel this is a good solution as designed here, and 2) do you have an alternate solution for my scenario that may work better?

    As a bonus question, I'm curious to hear stories about how any of you have implemented encryption systems in the past.

    Thanks for your help, folks!

    Source: http://www.livejournal.com/community/csharp/25039.html

  12. This is what is wrong with AssemblyInfo.cs

    Date: 11/02/04 (C Sharp)    Keywords: templates, security, microsoft, google

    // Assembly someassembly, Version 1.0.1692.12511
    
    [assembly: AssemblyVersion("1.0.1692.12511")]
    [assembly: AssemblyKeyName("")]
    [assembly: AssemblyKeyFile("")]
    [assembly: AssemblyDelaySign(false)]
    [assembly: AssemblyTrademark("")]
    [assembly: AssemblyCopyright("")]
    [assembly: AssemblyProduct("")]
    [assembly: AssemblyCompany("")]
    [assembly: AssemblyConfiguration("")]
    [assembly: AssemblyDescription("")]
    [assembly: AssemblyTitle("")]
    
    Almost every assembly that isn't coming from Microsoft looks like the above. While assembles from Microsoft look like:
    
    // Assembly System.ServiceProcess, Version 1.0.5000.0
    
    [assembly: AssemblyVersion("1.0.5000.0")]
    [assembly: AssemblyDescription("System.ServiceProcess.dll")]
    [assembly: CLSCompliant(true)]
    [assembly: AssemblyDefaultAlias("System.ServiceProcess.dll")]
    [assembly: AssemblyKeyFile(@"E:\DNA\public\tools\common\security\FinalPublicKey.snk")]
    [assembly: AssemblyDelaySign(true)]
    [assembly: AssemblyConfiguration("Microsoft .NET Framework build environement is Retail.
     SafeSync counter=0")]
    [assembly: AssemblyTitle("System.ServiceProcess.dll")]
    [assembly: ComVisible(false)]
    [assembly: NeutralResourcesLanguage("en-US")]
    [assembly: SatelliteContractVersion("1.0.5000.0")]
    [assembly: AssemblyInformationalVersion("1.1.4322.2032")]
    [assembly: AssemblyTrademark("Microsoft and Windows are either registered trademarks or
     trademarks of Microsoft Corporation in the U.S. and/or other countries.")]
    [assembly: AssemblyCopyright("Copyright (C) Microsoft Corporation 1998-2002. All rights
     reserved.")]
    [assembly: AssemblyProduct("Microsoft (R) .NET Framework")]
    [assembly: AssemblyCompany("Microsoft Corporation")]
    [assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification=true)]
    
    This is just my pet peeve of the moment inre Microsoft tools and project defaults. Why must it be so hard to build your own project templates? It just makes no sense to me. Heck in the beat of 2005 they move the AssemblyInfo.cs file even further from developer eyes.

    [UPDATE]
    1. A general Google search which will return lots of empty AssemblyInfo.cs files
    2. And very little guidance from Microsoft in a site limited Google search.
    3. An example of a good AssemblyInfo.cs file from a blog.

    Source: http://www.livejournal.com/community/csharp/20491.html

  13. Detection tool lands Symantec a patent

    Date: 03/02/05 (Security)    Keywords: software, security, virus, spyware

    Software that combs through files for viruses, worms and spyware brings the security company a U.S. patent.

    Source: http://news.zdnet.com/Detection+tool+lands+Symantec+a+patent/2100-1009_22-5596656.html?part=rss&tag=feed&subj=zdnn

  14. Where's the security leadership

    Date: 03/04/05 (Security)    Keywords: security

    Commetary--Industry watcher Jon Oltsik says that the security business is undergoing profound changes, and not all players are created equal.

    Source: http://news.zdnet.com/Where%27s+the+security+leadership/2100-1009_22-5599534.html?part=rss&tag=feed&subj=zdnn

  15. Firefox works. (yes, it's a pun)

    Date: 03/04/05 (Computer Geeks)    Keywords: browser, security, microsoft

    How Firefox Works link - click here.

    Below is an excerpt from the page:

          "Chances are, you're reading this article on Internet Explorer. It's the browser that comes already installed on Windows operating systems; most people use Windows, and most Windows users don't give a second thought to which browser they're using. In fact, many people aren't aware that they have an option at all."  

    -

    I seriously wish that Windows (Microsoft) would be more fair and offer users the option to choose the browser they want. I mean, they already sold the customer an Operating System, what possible harm would it be to let users know that they have a choice? Oh, wait. Those security vulnerabilities were put there on purpose so big businesses can exploit them to sell their wares to unwitting users.

    sigh.

    Source: http://www.livejournal.com/community/computergeeks/620472.html

  16. Opera Fixes IDN Spoofing Bug

    Date: 01/01/70 (Webmaster View)    Keywords: browser, security, web

    Opera released the second Beta version of its next browser (8.0 Beta 2). It includes an answer to the recent security debate over Web site spoofing.

    Download Opera (8.0 Beta 2)

    Opera has created a whitelist of safe Top-Level Domains for IDN. TLDs are considered safe if they have implemented anti-homographic character policies or otherwise limited the available set of characters to prevent spoofing. Current whitelist contains .no, .jp, .de, .se, .kr, .tw, .cn, .at, .dk, .ch and .li. List is updated automatically in the Opera version check. Domain names from other top-level domains that contain characters outside Latin 1 will be displayed in punycode.

    What else to look for in Opera's Beta 2:

    • Easier customization and skinning
    • Online Certificate Status Protocol (OCSP) verifies that the certificate has not been revoked by the certificate authorities
    • Atom newsfeeds

    Related: Firefox 1.0.1 (Security Update)

    Comments

    Source: http://www.webmasterview.com/security_and_privacy/opera_fixes_idn_spoofing_bug

  17. Firefox 1.0.1 (Security Update)

    Date: 01/01/70 (Webmaster View)    Keywords: security

    Firefox 1.0.1 is released. This is a security update. IDNs are now displayed as punycode.

    Get Firefox

    Here's what's new in Firefox 1.0.1:

    • Improved stability
    • International Domain Names are now displayed as punycode. (To show International Domain Names in Unicode, set the "network.IDN_show_punycode" preference to false.)
    • Several security fixes.

    Comments

    Source: http://www.webmasterview.com/browsers/firefox_101_security_update

  18. mod_security and Comment spam

    Date: 01/01/70 (Webmaster View)    Keywords: security, spam

    Using mod_security to kill comment spam.

    Comments

    Source: http://www.webmasterview.com/blogging/mod_security_and_comment_spam

  19. PHP Security Guide

    Date: 01/01/70 (Webmaster View)    Keywords: php, security, web

    The PHP Security Consortium is officially launched. The group's flagship project is a PHP Security Guide

    Via Web Security Blog

    Comments

    Source: http://www.webmasterview.com/programming/php_security_guide

  20. Norton Antivirus and Internet Security, uninstalling

    Date: 03/05/05 (Computer Geeks)    Keywords: security, virus, antivirus

    Hi,

    I recently bought a Packard Bell laptop that came with Norton Internet Security and AntiVirus preinstalled but no media. I get Sophos Antivirus free through work and prefer ZoneAlarm for security so would really like to uninstall Norton. I've tried going through Control Panel!Add/Remove Programs and looking for an uninsrall icon but there doesn't seem to be one. I've disabled them both but each time I reboot I get prompted to to re-enable them.

    Anyone know how I can remove them? (I'm used to UNIX where everything is open and honest; no hidden stuff, it's all in text files where you can see it)

    TIA

    Source: http://www.livejournal.com/community/computergeeks/623030.html

Previous page  ||  Next page


antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home