Date: 07/30/07 (Security)    Keywords: security

To accommodate more speakers, more controversy, the security conference will occupy more space at Caesar's Palace.

Source: http://news.zdnet.com/2100-1009_22-6199338.html

Date: 09/20/05 (Data Management)    Keywords: crm, security, web

In the European banking sector, short-term top priorities include security, data management, and CRM overall. A country analysis by IDC reveals that Italian and German banks are the most keen on new investments in the CRM area, and more than 68% of banking executives are currently Web enabling their CRM...

Source: http://blogs.zdnet.com/ITFacts/?p=8992

Date: 07/26/07 (Web Technology)    Keywords: security

Yesterday, I posted a blog about how secure e-mail simply doesn't exist.  It was an extension of another discussion regarding password recovery schemes that result in the transmission of your password (back to you) in clear text over insecure networks.In a post headlined E-Mail security has been around forever, you...

Source: http://blogs.zdnet.com/Berlind/?p=669

Date: 08/03/07 (Security)    Keywords: software, security, virus, antivirus

Virus Bulletin security certification body tested a number of antivirus software solutions for 64-bit versions of Windows Vista and discovered that security firms are struggling to provide satisfactory protection for the operating system and users.Here's how an article on vnunet.com describes the situation:Of the 20 antivirus product tested, 35 per...

Source: http://blogs.zdnet.com/hardware/?p=672

Date: 08/02/07 (Security)    Keywords: security, web

Robert Graham (CEO Errata Security) gave his Web 2.0 hijacking presentation to a packed audience at Black Hat 2007 today.  The audience erupted with applause and laughter when Graham used his tools to hijack someone's Gmail account during an unscripted demo.  The victim in this case was using a typical...

Source: http://blogs.zdnet.com/Ou/?p=651

Date: 08/02/07 (Security)    Keywords: security

Several presentations at the Black Hat security conference in Las Vegas yesterday illustrated some of VoIP's security vulnerabilities.According to Forbes.com's Andy Greenberg, who was in attendance, the presentations documenented ways  "in which cybercriminals can eavesdrop on VoIP calls, steal data from Internet telephony devices, intercept credit card numbers from...

Source: http://blogs.zdnet.com/ip-telephony/?p=2137

Date: 08/01/07 (Security)    Keywords: security

As far as security solutions go, personal firewalls are probably the most problematic category for vendors to get right, let alone users to get working. Not only are there differing philosophies about what belongs in a personal firewall and what doesn't (eg: whereas many personal firewalls can and will...

Source: http://blogs.zdnet.com/Berlind/?p=693

Date: 07/30/07 (Security)    Keywords: security, google

Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.He...

Source: http://blogs.zdnet.com/security/?p=410

Date: 07/30/07 (Security)    Keywords: security

Symantec is working on Dark Vision, an application for visualizing and tracking the underground economy that trades in personal data, such as credit card and social security numbers. "We are looking into their clubhouse," said Mark Bregman, CTO of Symantec. "It's the 'safe spot' where they exchange illegally gotten information."The...

Source: http://blogs.zdnet.com/BTL/?p=5799

Date: 07/30/07 (Security)    Keywords: security

A new report in InformationWeek by Andy Dornan calls SOA security "one treacherous journey."Vendors and committees have thrown a bewildering plethora of immature or incompatible security specs and solutions at usTreacherous indeed. SOA increasingly addresses services on both sides of the firewall, and therefore opens up the most critical business...

Source: http://blogs.zdnet.com/service-oriented/?p=925

Date: 07/27/07 (Security)    Keywords: security

Action by a divided U.S. Senate on Thursday raises new questions about the fate of a contentious plan to outfit Americans with new digital identification cards by 2013.By a50-44 vote mostly along party lines, the chamber set aside a Republican-backed amendment to a homeland security spending bill that would...

Source: http://news.zdnet.com/2100-11153_22-6199220.html

Date: 08/01/07 (IT Management)    Keywords: security

As far as security solutions go, personal firewalls are probably the most problematic category for vendors to get right, let alone users to get working. Not only are there differing philosophies about what belongs in a personal firewall and what doesn't (eg: whereas many personal firewalls can and will...

Source: http://blogs.zdnet.com/Berlind/?p=693

Date: 07/26/07 (IT Management)    Keywords: security

Yesterday, I posted a blog about how secure e-mail simply doesn't exist.  It was an extension of another discussion regarding password recovery schemes that result in the transmission of your password (back to you) in clear text over insecure networks.In a post headlined E-Mail security has been around forever, you...

Source: http://blogs.zdnet.com/Berlind/?p=669

Date: 08/06/07 (Security)    Keywords: security

Mozilla has moved swiftly to put the kibosh on late-night chatter that it can turn around patches for security flaws within ten days.The "ten f-ing days" boast came directly from Mozilla Director of Ecosystem Development Mike Shaver during a Black Hat party conversation with hacker Robert "RSnake" Hansen.We showed up,...

Source: http://blogs.zdnet.com/security/?p=423

Date: 08/07/07 (Security)    Keywords: security, virus

I ran across three different articles on eVoting over the last little while that interested me:E-voting systems vulnerable to viruses and other security attacks, new report finds - This report documents the efforts of two teams of security researchers from UC Berkeley and UC Davis (my alma mater). The...

Source: http://blogs.zdnet.com/BTL/?p=5882

Date: 08/08/07 (Security)    Keywords: security

Harrah's CIO Tim Stanley explains how Harrah's is using RFID technologiesfor customer loyalty and security initiatives. by ZDNet Editor

Source: http://video.zdnet.com/CIOSessions/?p=115

Date: 08/08/07 (Security)    Keywords: software, security

An IBM security strategist wants software vendors to stop acknowledging companies and researchers who buy and sell security vulnerabilities.Gunter Ollman, director of security strategy at IBM Internet Security Systems (ISS), believes there's no real accountability attached to the trading of vulnerability information by third party companies like iDefense and TippingPoint.iDefense...

Source: http://blogs.zdnet.com/security/?p=433

Date: 08/09/07 (Microsoft Windows)    Keywords: security

Need a bit of help from the geek masses...

I need to find a way to allow a standard user in Windows XP to configure their network settings, including the advanced NIC settings (link speed in particular). Here are the details...

- A Group Policy solution is kinda out of the question as it stands right now.

- I don't think that Local Security Policy allows for this.

- Possible registry hack out there?

- This is the only narrow area where we want to elevate standard user rights.

I've hit a bit of a wall on this. Possible? Impossible? Hep me out!

(X-posted)

Source: http://community.livejournal.com/ms_windows/81581.html

Date: 08/13/07 (PHP Community)    Keywords: php, browser, security, web

I'm creating a photo upload site, using a WAMP server for development and Dreamhost for production. I'm pretty new to file uploads, and really just don't know where to begin. I'd like each user to have their own folder (a home directory, if you will), and for every photo uploaded has three seperate images in a uniquely named folder (currently a hash of the filename and unix time at creation). For example, a username of "demo" uploading "testing.jpg" would have his files placed in the "/demo/HashOfTestingJPG" directory, with the files "thumb.jpg", "scaled.jpg", and "testing.jpg". When demo uploads another file, a different folder is created within the "demo" folder, so a file named foobar.jpg would be in the "/demo/HashOfFoobarJPG" folder with these three generated files.

My WAMP server is creating folders and uploading these files in C:\wamp\tmp, but I'm finding that my browser cannot access this directly through a web browser (makes sense). My php.ini file allows me to specify a "temporary" file upload directory, but is there a "permanent" upload directory? To accomplish what I want to do, should I just change the uploads directory to something like http://localhost/pictures/uploads and appropriately chmod that directory? What security issues do I need to worry about? If you use Dreamhost, do they require me to do anything special to allow such a setup?

Also, what might I do to prevent a user from viewing the original file directly? The original version needs to be viewable through the website, but NOT via /demo/HashOfTestingJPG/testing.jpg. Thank you all for your help.

~Elliot

Source: http://community.livejournal.com/php/579815.html

Date: 08/13/07 (Security)    Keywords: security

A new German law that makes it a crime to build, sell, distribute or obtain so-called "hacking tools" went into effect over the weekend, InfoWorld reports.The new law defines hacking as penetrating a computer security system and gaining access to secure data, without necessarily stealing data. Offenders are defined as...

Source: http://government.zdnet.com/?p=3356