softsecurity.com This day highlights

French train tickets go USB

Thu, 28 Aug 2008 10:51:04 GMT

We don't need no stinkin' ISO7816 The French National Railway Company is trialling contactless tickets with USB connections, replacing the ubiquitous ISO7816 for online top-ups and data storage.…

McKinnon heads for the last chance saloon

Thu, 28 Aug 2008 09:52:00 GMT

Pentagon hacker's final appeal Accused Pentagon hacker Gary McKinnon is approaching his own D-Day, with his fate due to be sealed in the European Court of Human Rights in Strasbourg.…

Rootkit evolution

Thu, 28 Aug 2008 06:00:00 GMT

This article is the third in a series devoted to the evolution of viruses and anti-virus solutions

Security World: SSH key-based attacks

Thu, 28 Aug 2008 04:40:32 GMT

US-CERT is aware of active attacks against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then us...

Security World: A third of IT staff snoop at confidential data

Thu, 28 Aug 2008 04:30:11 GMT

Exercise extreme caution when it comes to dismissing employees with knowledge of your IT systems. Cyber-Ark's annual survey around Trust, Security & Passwords focused on 300 IT security professional...

Off the wire: Use and manipulate tcsh shell variables for fun and profit

Thu, 28 Aug 2008 04:26:39 GMT

Tcsh is one of the most popular UNIX shells. Learn how you can use tcsh shell variables to make your work easier and how to take advantage of tcsh's advanced security features.

Off the wire: Deploying enterprise software securely

Thu, 28 Aug 2008 03:57:46 GMT

This laundry list of security requirements is a lot to think about for every application deployment, but vigilance in this area can drastically improve an organizations security posture. The requirem...

Virus Center: More malware blocked in July 2008 than in the whole of 2007

Thu, 28 Aug 2008 03:48:30 GMT

In its Global Threat Report ScanSafe reported that the total number of Web-based malware blocks has increased by 87 per cent in July 2008 compared to the previous month. Specifically, the first two we...

Security World: Panda Security launches its 2009 antivirus products

Thu, 28 Aug 2008 03:43:01 GMT

Panda Security has launched its 2009 range of antivirus solutions for the consumer sector. The product line-up comprises Panda Antivirus Pro 2009, Panda Internet Security 2009 and Panda Global Protect...

Gaping hole opened in Internet's trust-based BGP protocol

Thu, 28 Aug 2008 01:20:00 GMT

New details on an old bug could bring the BGP protocol's vulnerability back into the spotlight, some ten years after it was first reported. This particular problem is considered by experts to be at least as bad as last month's well-publicized DNS, but in this case, there's no ready-made solution. Read More...

Passcode exploit (and fix) found for locked iPhones

Wed, 27 Aug 2008 21:51:00 GMT

Think your iPhone is safe if it's locked? Think again. An exploit has made the rounds today, allowing anyone to gain access to your personal info on a locked iPhone very easily. Luckily, there's also an easy way to prevent it, although Apple should patch the hole ASAP.Read More...

Report: Popular Web Attacks Go Stealth

Wed, 27 Aug 2008 21:45:00 GMT

Attackers are increasingly using encoding to sneak their SQL injection, cross-site scripting attacks past Web security

MSN Norway serving Flash exploits through malvertising

Wed, 27 Aug 2008 21:44:02 GMT

Morten Krakvik from the Norwegian Honeynet Project is reporting that MSN Norway is among the latest victims of malvertising, a practice where a bogus advertising provider tricks leading portals into accepting advertisements from its network, which often end up redirecting to live exploit URLs. The recent wave of malvertising that also targeted Digg, MSNBC and [...]

Hijacking huge chunks of the internet - a new How To

Wed, 27 Aug 2008 21:16:50 GMT

It's easy. Those tubes are busted More evidence that the intertubes are fundamentally broken has been served up by Wired.com in an article laying out a technique to surreptitiously hijack huge chunks of the internet and monitor or even modify unencrypted traffic before it reaches its intended destination.…

Microsoft Offers Details on Privacy Features in IE8

Wed, 27 Aug 2008 20:46:00 GMT

New browser will allow user to better control access to surfing history, cookies

Web to get more social as OAuth is sanctioned for use

Wed, 27 Aug 2008 19:01:00 GMT

A promising new protocol for securely and easily transferring data between websites is now ready for prime time. All contributors, including Google and Yahoo, have signed a covenant not to sue over OAuth implementations, freeing it for use by virtually anyone.Read More...

Off the wire: Whitepaper - Open source security myths dispelled

Wed, 27 Aug 2008 18:48:42 GMT

Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization.

Security World: BT enhances security monitoring service

Wed, 27 Aug 2008 18:46:39 GMT

BT announced the enhancement of its global Event Monitoring and Correlation service to further defend enterprise networks against the growing threat of malicious botnet attacks. Using new proprietary ...

Taiwan busts hacking ring, 50 million personal records compromised

Wed, 27 Aug 2008 18:45:01 GMT

Taiwan’s Criminal Investigation Bureau (CIB) has successfully tracked down and arrested six people in what the CIB believes to be the biggest personal data breach in Taiwan to date. Apparently, the group also managed to obtain personal data on Taiwan’s current and former presidents : “The suspects are believed to have stolen more than 50 million [...]

Windows Live Hotmail to sign in up to 70 percent faster

Wed, 27 Aug 2008 18:09:00 GMT

Details on the next version of Windows Live Hotmail have emerged thanks to a new promotional website. The Windows Live Hotmail blog hasn't said anything official, though, and has just posted more phishing warnings.Read More...

Intel ships BIOS fix for Rutkowska´s Black Hat flaw

Wed, 27 Aug 2008 15:52:45 GMT

Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor. The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were withheld until Intel could release its patch. That patch is [...]

Security World: Wireless DTCP content protection specification

Wed, 27 Aug 2008 13:35:46 GMT

The Digital Transmission Licensing Administrator (DTLA) has approved and published a new supplement to the Digital Transmission Content Protection (DTCP) Specification for the use of WirelessHD. The r...

iPhone passcode lock rendered useless

Wed, 27 Aug 2008 13:19:34 GMT

Do not trust that passcode lock on Apple’s iPhone. The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information. Here are a few steps to reproduce this vulnerability (requires physical access to [...]

Article: Application Security Matters: Deploying Enterprise Software Securely

Wed, 27 Aug 2008 12:08:48 GMT

One of the most interesting aspects of being an information security consultant is the exposure to an enormous variety of industries and organizations. From health care to governments, nonprofits to s...

Microsoft dishes dirt on IE8 'pr0n mode'

Wed, 27 Aug 2008 10:58:32 GMT

'Off the record' browsing is go Microsoft has outlined the new privacy tools available in its forthcoming browser Internet Explorer 8 (IE8).…

iPhone passwords not worth the paper they're written on

Wed, 27 Aug 2008 10:42:39 GMT

Push two keys to bypass password iPhones protected by a password aren't actually protected at all, as just by pressing a few keys a miscreant can access all the phone's functions without needing the password at all.…

Security World: HNS Book giveaway: "The Best of 2600 - A Hacker Odyssey"

Wed, 27 Aug 2008 02:15:17 GMT

We are giving one of our readers a copy of "The Best of 2600 - A Hacker Odyssey". Since 1984, the quarterly magazine 2600 has provided fascinating articles for readers who are curious about technol...

Off the wire: Most organizations fail to stop interior network threats

Wed, 27 Aug 2008 01:25:47 GMT

A survey by Opine Consulting revealed nearly half of the IT professionals who responded had endpoints connecting to their corporate networks without their knowledge. Yet compared to other security iss...

US data breaches booming in '08

Wed, 27 Aug 2008 00:22:41 GMT

Have you seen my identity? The number of personal information leaks reported in the US this year have already exceeded the total amount in all of 2007, San Diego-based Identity Theft Resource Center said today.…

CERT: Linux servers under 'Phalanx' attack

Wed, 27 Aug 2008 00:13:09 GMT

Stolen keys unlock back door Attacks in the wild are under way against Linux systems with compromised SSH keys, the US Computer Emergency Readiness Team is warning.…