RSS Alerts

Share

More services

Related Links

Related Stories

  • Mega-D spam count zeroes out after FireEye botnet takedown
    Spam sent by the Mega-D botnet has almost entirely disappeared, after US-based anti-malware appliance firm FireEye took it down.
  • Mahalo employee nailed for botnet crime
    An employee of the human-powered search engine Mahalo[http://www.mahalo.com/] was sentenced to four years in prison this week for operating a botnet.
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organization, even if its staff don’t...
  • Computerworld Casts Doubt on Lost Laptops Study
    A study regarding lost and stolen laptops at US airports, which must have sent shivers down the spines of computer security executives, has been put into doubt by news magazine, Computerworld.
  • Windows XP has 998 more days to go says Microsoft
    After making subtle suggestions in the media that Windows XP users should upgrade to Windows 7 for some time, Microsoft has finally announced its finesse: removal of patch, general and security support for WinXP will cease in 998 days.

Top 5 Stories

News

Infosecurity US weekly brief - November 23, 2009

23 November 2009

Infosecurity US rounds up the last week's information security news.

A zero-day vulnerability has been reported in Internet Explorer that can allow attackers to execute arbitrary code by luring visitors to a malicious web page. Internet Explorer versions 6 and 7 are affected by the exploit, which focuses on the way that IT uses cascading style sheets.

It's been a bad week for Internet Explorer in general. The Register reports that a flaw in Internet Explorer 8 can be used to introduce cross-site scripting on otherwise-safe web pages.

Researchers have already worked out how to use the SSL renegotiation bug that was uncovered by PhoneFactor earlier this month. Turkish graduate student Anil Kurmus figured out how to steal Twitter login credentials passing through encrypted data streams.

40 year-old Steven Jinwoo Kim has been convicted of hacking the computer systems of GEXA Energy, his former employer. He cost GEXA at least $100 000, according to reports. He faces up to five years in jail and a maximum $250 000 fine.

The city of Edmonton, Alberta has lost one mobile device per month [pdf] over the past four years on average, according to a report from its Auditor.

Intelligence industry-backed venture capital fund In-Q-Tel has invested in west coast firm FireEye, which was recently responsible for taking down the Mega-D botnet.

Another release of Windows, another conspiracy theory. Microsoft is insisting that it didn't build a backdoor in Windows 7 for the National Security Agency. NSA executives said that they had worked with the OS vendor to "enhance Microsoft's operating system security guide". This isn't the first time that Microsoft has been accused of such shenanigans. A CNN story from 1999 alleged the same thing.

Legislation has been introduced that would prohibit the use of peer-to-peer filesharing software on federal networks. The House Oversight and Government Reform Committee introduced the Secure Federal File Sharing Act to lock down the use of such software after sensitive information from a congressional investigation leaked from a government worker's home PC.

Metasploit version 3.3 is out, with over 180 bug fixes, Windows 7 compatibility, and Oracle exploit support.

Version 23 of [In]Secure magazine [PDF] is out.

The Katana 1.0 portable multi-boot security suite is out. It features all of the best security distributions on one USB drive, including Backtrack, The Organizational Systems Wireless Auditor Assistant, and over 100 portable Windows security applications.

WhiteHat Security has said that nearly two-thirds of websites have at least one critical security issue.

This article is featured in:
Application Security • Compliance and Policy  • Internet and Network Security • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012