Weekly Brief - June 1 2009 - Infosecurity Magazine

Tools

The L0pht collective has issued its long-awaited upgrade to the L0phtcrack password cracking and auditing tool. It is available in three versions ranging from $295 to $1195.

Sourcefire has announced a new release candidate for Snort, the IPS/IDS technology that underpins many intrusion prevention products. Version 2.8.5 includes the ability to set policies according to VLAN functions. Expect a virtual console based on VMware's ESX Server in the future.

Techniques

Researchers have figured out how to embed traffic in TCP-layer traffic by exploiting a weakness in the protocol.

Microsoft has published a guide for administrators to help them understand what should be excluded from an anti-virus scanner

Law

The Obama administration is digging in its heels by refusing to reveal state secrets that would be instrumental in a lawsuit to decide whether George W Bush acted legally in wiretapping US citizens.

NIST wants the US Government to amend the 1974 Privacy Act to be more appropriate for today's privacy threats, according to a letter sent by the Institute's Information Security and Privacy Advisory Board.

The Massachusetts Supreme Court quashed a search warrant that law enforcers had used to seize the computing equipment of Boston College student Riccardo Calixte. Police had claimed that Calixte was a hacker, but the Electronic Frontier Foundation, acting on behalf of Calixte, said that there was no probable cause.

The State of Oregon passed legislation rejecting the federal Government's Real ID program.

Attacks

A malicious Javascript attack that mimics the Gumblar attack but is unrelated has spread to around 30 000 websites, say experts.

Anti-US hackers operating in Turkey have penetrated US army websites.

Health insurer Aetna is offering credit protection to 65 000 people after social security numbers of employees and successful job applicants were copied from its web site.

Defenses

Finland is founding a cyberwarfare unit.

The Jericho Forum and the Cloud Security Alliance have joined forces to promote best practices for secure cloud computing.

Weekly Brief - June 1 2009

Tools

Techniques

Law

Attacks

Defenses

You may also like

US standards drive Canadian information security

Comment: Protecting privacy in the cloud

Weekly Brief - May 26 2009

Wikileaks turns to cloud computing to fend off DDoS attack

Forrester questions the security of cloud computing

What’s hot on Infosecurity Magazine?

Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

FBI Warns of Massive Toll Services Smishing Scam

Russia and Ukraine Top Inaugural World Cybercrime Index

How to Backup and Restore Database in SQL Server

How to Open and View OST Files Without Outlook

Banning Ransomware Payments Will Do More Harm Than Good

Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Women Experience Exclusion Twice as Often as Men in Cybersecurity

CISA Urges Immediate Credential Reset After Sisense Breach

Windows: New 'BatBadBut' Rust Vulnerability Given Highest Severity Score

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Cracking the Culture Code: Building a Cybersecurity-Aware Workforce

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Bouncing Back: Building Organizational Resilience in the Face of Cyber-Attack

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024