Date: 08/01/06 (Security)    Keywords: security

The vulnerabilities in SecurityCenter could have let intruders commandeer consumer PCs.

Source: http://news.zdnet.com/2100-1009_22-6100891.html

Date: 08/02/06 (Security)    Keywords: security

InCard Technologies has found a new way to validate online logins or transactions--credit cards that generate one-time passwords.
Photos: Credit card security
Video: Here's DisplayCard

Source: http://news.zdnet.com/2100-1009_22-6101121.html

Date: 08/02/06 (Security)    Keywords: software, technology, security

Flaws in Centrino device drivers and ProSet management software compromise security of the wireless technology.

Source: http://news.zdnet.com/2100-1009_22-6101488.html

Date: 08/02/06 (Security)    Keywords: security

At Black Hat security confab, FBI official says the agency needs help from the security world to fight cybercrime.

Source: http://news.zdnet.com/2100-1009_22-6101475.html

Date: 08/04/06 (Security)    Keywords: security

Multifunction printers are not dumb devices, but are computers that require a security regimen, an expert at Black Hat contends.

Source: http://news.zdnet.com/2100-1009_22-6102367.html

Date: 08/04/06 (Security)    Keywords: software, security

Researcher bypasses a security mechanism designed to prevent some driver software from running in the Windows update.

Source: http://news.zdnet.com/2100-1009_22-6102458.html

Date: 08/07/06 (Java Web)    Keywords: xml, security

Watch the video presentation Jon “Johnny Cache” Ellch and David Maynor at Black Hat USA 2006 conference in Las Vegas on a new method for remotely (using Wireless) circumventing the security of an Apple Macbook computer to seize total control over the machine. var movieSrc = “http://media.washingtonpost.com/wp-srv/mmedia/player/player2.swf?whichMode=normal&justify=center&playad=yes&mediatype=stream&postdir=business&postvideo=080206-17v&cuesfile=none&autoplay=no&starttime=0&endtime=0&largerver=none&image=080206-17v_427&playlistxml=none” ; //URL OF WHERE .SWF MOVIE IS PUBLISHED var movieWidth [...]

Source: http://blog.taragana.com/index.php/archive/how-to-hijack-a-macbook-in-60-seconds-or-less/

Date: 08/07/06 (Security)    Keywords: software, asp, security, virus

Active Virus Shield software, offered in partnership with Kaspersky Lab, is likely to become the highest-profile alternative to for-pay security software.

Source: http://news.zdnet.com/2100-1009_22-6102917.html

Date: 08/08/06 (Security)    Keywords: security

Count 'em: A dozen security updates, nine of them rated "critical," covering 20 holes in Windows and three in Office.

Source: http://news.zdnet.com/2100-1009_22-6103395.html

Date: 08/09/06 (Java Web)    Keywords: security

A booby-trapped game of noughts and crosses (BBProxy) has been used in Black Hat hacker conference to show how a Blackberry can be easily hijacked to steal confidential data. Created by a security researcher the game contains malicious code that turns the popular mobile e-mail device into a backdoor into corporate networks. The creator, Jesse D’Aguanno of [...]

Source: http://blog.taragana.com/index.php/archive/hijacked-blackberry-turns-data-spy/

Date: 08/09/06 (Java Web)    Keywords: security, web

Recently AOL released 20 million web search queries, over a period of three months, from 650, 000 AOL search engine users. The data anonymizes user identity by assigning them numerical id. However that is not much security as users can be easily identified. With such leaks it is easy to find out what you are [...]

Source: http://blog.taragana.com/index.php/archive/1-minute-guide-to-protect-against-search-engines-tracking-using-firefox-browser/

Date: 08/09/06 (Security)    Keywords: security, microsoft

In third report on Windows Vista security, Symantec lauds Microsoft's work, but finds some flaws. Redmond calls report old news.

Source: http://news.zdnet.com/2100-1009_22-6103949.html

Date: 08/10/06 (Security)    Keywords: security

Carry-on luggage and all liquids, including drinks, banned from commercial flights from Britain to U.S.
U.S. pushes air security alert to red for first time

Source: http://news.zdnet.com/2100-1009_22-6104063.html

Date: 08/10/06 (Java Web)    Keywords: security

Researchers at Cardiff University have uncovered a flaw in HSBC’s online banking security process that has left over three million customer accounts vulnerable to attack over the last two years. The researchers found that anyone using the attack would have guaranteed access to an account with at most nine tries. The researchers have so far only divulged [...]

Source: http://blog.taragana.com/index.php/archive/flaw-in-hsbc-online-banking-exposes-3-million-customers/

Date: 08/10/06 (Java Web)    Keywords: security

A serious security concern in Ruby on Rails has forced the Rails team to come up with release 1.1.5, without waiting for the scheduled release of 1.2. David from Ruby on Rails team says: This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a [...]

Source: http://blog.taragana.com/index.php/archive/serious-security-hole-in-ruby-on-rails/

Date: 08/11/06 (PHP Community)    Keywords: php, database, sql, security, web, hosting

Sorry to be posting again with nothing to actually contribute, but I'm having a hacker issue with one of my websites. I'm not one to jump on sudden suspicions of hackers, and I don't victimize myself, but this is the second time someone's hacked my site.

After the first time, I was extremely cautious. I uploaded my site to a new server and made sure not to install any interactive PHP scripts. I did, however, continue to code my website in basic PHP, but nothing that required a connection with an SQL database or any sort of log in - just simple PHP pages with dynamic inclusion and switch functions.

[/END SOB STORY]

My friend's webhost (my friend was hosting me at the time) sent this as a response to my e-mail:

"Do NOT put any php pages back up on this site if you wish to host it with us and certainly not any phpbb boards which were most likely used in the attempt to hack our server."

include("language.php");

"; include("layout.php"); echo " "; include("nav.php"); echo " "; // --- DYNAMIC INCLUSION $page = basename($x); if(!$x) include("main.php"); else include("$x.php"); echo "

";
?>

Source: http://community.livejournal.com/php/481154.html

Date: 08/11/06 (Security)    Keywords: security

Makers of security equipment are the most likely to benefit from the heightened alert at airports.

Source: http://news.zdnet.com/2100-1009_22-6104481.html

Date: 08/10/06 (Security)    Keywords: security, microsoft

Microsoft's PatchGuard is designed to keep out malicious code, but security firms say it just keeps them at bay.

Source: http://news.zdnet.com/2100-1009_22-6104379.html

Date: 08/11/06 (Java Web)    Keywords: security

Rails has taken the right route and went for full disclosure unlike for example the WordPress team, who still believes in the flawed concept of security by obscurity. After a full assessment of the security vulnerability (details below) Rails team decided they needed yet another emergency patch to fully close the hole. With Rails 1.1.0 through [...]

Source: http://blog.taragana.com/index.php/archive/ruby-on-rails-releases-yet-another-emergency-security-upgrade-116/

Date: 08/11/06 (Java Web)    Keywords: security

The US Department of Transportation has announced that a Dell laptop computer containing names, addresses and social security numbers of 133,000 Florida residents was stolen two weeks ago. The information on the missing laptop included people in Miami-Dade County who hold commercial drivers licenses, Florida residents who have pilot’s licenses and people who got their Florida [...]

Source: http://blog.taragana.com/index.php/archive/us-department-of-transportation-loses-133-000-social-security-address-records-of-florida-residents/