Tuesday, January 3, 2006

Security Holes Found In RIM BlackBerry Service. Security Holes Found In RIM BlackBerry Service. An anonymous reader writes  "Researchers have found several security holes in Blackberry handheld devices and the servers that power them, according to a story at Washingtonpost.com. The research points out serious flaws in the BlackBerry server, which could be exploited by convincing Blackberry handheld users to click on an image file attachment. From the article: 'Lindner's slides from his presentation -- which he agreed not to release until RIM has fully fixed this problem -- show that the Blackberry server which manages all of the encryption keys needed to unscramble e-mail traffic to and from all Blackberry devices registered on the network stores them on a Microsoft SQL database server in plain, unencrypted text. Lindner found that by convincing a Blackberry user to click on a special image attachment, that handheld device could be made to pass on malicious code to the Blackberry server, which could then be taken over and used to intercept e-mails or as a staging point for other attacks within the network.'"  [Slashdot] 8:24:41 PM  PermaLink   / trackback []

Businesses Urged To Use Unofficial Windows Patch. Businesses Urged To Use Unofficial Windows Patch. frankie writes  "ZDNet is reporting on the latest dire pronouncements about the WMF vulnerability. The problem is so serious that security experts are urging IT firms to use the unofficial patch. Microsoft's current goal is to release the update on Tuesday."  ---  From the ZDNet article:  This is a very unusual situation -- we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful"  It's big enough that even mainstream media is covering the flaw. [Slashdot] 8:20:59 PM  PermaLink   / trackback []

Rob Short (and kernel team) - Going deep inside Windows Vista's kernel architecture Rob Short is the corporate vice president in charge of the team that architects the foundation of Windows Vista. This is a fascinating conversation with the kernel architecture team. It's our Christmas present to all of the Niners out there who've stuck with us day after day. This is a very candid interview. We even ask "do you ever wish the registry had never been developed?" Charles Torre does this "going deep" interview. Out of all the interviews we've done this one is the most interesting because this team has such a deep impact on how reliable, scalable, secure, etc Windows Vista actually will be. 8:12:56 PM  PermaLink   / trackback []

Going Deep Inside Vista's Kernel Architecture. Going Deep Inside Vista's Kernel Architecture. bariswheel wrote to mention an episode of 'Going Deep' on Channel 9 which takes a hard look at the architecture of Windows Vista. From the post: "Rob Short is the corporate vice president in charge of the team that architects the foundation of Windows Vista. This is a fascinating conversation with the kernel architecture team. It's our Christmas present to all of the Niners out there who've stuck with us day after day. This is a very candid interview." Topics discussed include the history of the Windows Registry, and the security/reliability of Microsoft's upcoming operating system. [Slashdot] 8:05:58 PM  PermaLink   / trackback []

Israeli professor will discuss dilemma between state security, personal privacy | www.azstarnet.com ¬¨[radical]Ü Tucson, Arizona - An Israeli professor will discuss the ethical dilemmas of fighting terrorism at 7 p.m. Sunday at the Tucson Jewish Community Center, 3800 E. River Road. Asa Kasher, a professor of professional ethics and philosophy of practice at Tel Aviv University in Israel, will address the challenges that can emerge for law enforcement and the public when balancing state security and personal privacy. The lecture is free and open to the public. Dan Bobman, director of the Israel Center, said this issue is particularly relevant given the current situation of fighting terrorism in the United States. 7:56:31 PM  PermaLink   / trackback []

Ferndale schools to add 48 cameras-Board passes measure to install equipment at middle, high schools but some fear loss of privacy. Four dozen security cameras will be installed at Ferndale High and Ferndale Middle schools as early as next fall in a move some say will provide better security, but others fear infringes on privacy rights. The 48 cameras will be hard-wired at the adjacent schools using existing fiber-optic lines and will feed to a server that police will be able to access through the Internet. "People tend not to do things when they know that cameras are present," said Capt. Timothy Collins of the Ferndale Police Department. "People aren't going to do stupid things when they know there's a camera watching." The equipment will be placed throughout the interior and exterior of the schools, but will not be in classrooms, locker rooms or bathrooms. "The cameras will be placed in common areas where there is no expectation of privacy," Collins said. 7:53:14 PM  PermaLink   / trackback []

PRESS RELEASE Privacy Experts to Analyze State and Federal Privacy Legislation and Litigation Trends for Business at P&AB Tele/Web On January 11, 2006, Dr. Alan Westin and D.C. Expert Robert Belair Will Predict Federal and State Privacy Initiatives, Consumer Litigation Trends, and New Consumer Attitudes Important to Data Protection, Privacy, Marketing and Government Relations Managers HACKENSACK, NJ -- (MARKET WIRE) -- 01/03/2006 -- What major privacy challenges should data protection, privacy, marketing and government relations managers try to avoid or cope with successfully in 2006? Privacy & American Business will answer that question in its The Privacy Year in Review, Trends and Projections. The Tele/Web Conference will air Wednesday, January 11, 2006 from 2:00 PM to 4:00 PM EST. Ernst & Young is a Platinum Sponsor. "Early 2006 is when this year's developments can be brought into focus," said Dr. Alan F. Westin, P&AB's President and Publisher. "We foresee major developments, in efforts to control identity theft and enhance data security, in consumer litigation, and in consumer privacy activism by 75 million business customers." 7:50:52 PM  PermaLink   / trackback []

United Press International - Democrats to attack Bush on privacy issue Democrats reportedly are looking to turn U.S. President Bush's authorization of warrantless spying on terror suspects to political advantage. Democratic leaders expect the issue to be a key factor during the Supreme Court confirmation hearings of federal Judge Samuel A. Alito Jr. as privacy rights -- the political code phrase for abortion rights -- has already become a major issue, The Washington Times said. Democratic leaders then plan to keep the issue alive as they continue their opposition to key parts of the USA Patriot Act, which are set to expire in early February unless extended, the newspaper said 7:45:34 PM  PermaLink   / trackback []

Experts: Windows Flaw Can't Wait for Microsoft Fix. Experts: Windows Flaw Can't Wait for Microsoft Fix. Users should consider applying an unofficial security patch, researchers say. [PCWorld.com - Latest News Stories] 7:41:03 PM  PermaLink   / trackback []

Microsoft Urges Users to Wait for Official Patch. Microsoft Urges Users to Wait for Official Patch. Software giant says fix for WMF flaw is coming, advises against installing unofficial fixes. [PCWorld.com - Latest News Stories] 7:39:06 PM  PermaLink   / trackback []

Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com) New research released over the weekend indicated that BlackBerrys -- the ubiquitous handheld devices favored by on-the-go types -- are vulnerable to a security hole that could let attackers break in to the gadgets by convincing users to open a specially crafted image file attached to an e-mail. The information was released at the 22nd Chaos Communication Congress hacker convention in Berlin by this guy -- "FX" of the security research group Phenoelit. 7:37:04 PM  PermaLink   / trackback []

Linux vs. Windows security | Linux A qualitative assessment of operating system security is subjective and your 'mileage may vary' based on present and past experience. The overall finding of this analysis is that Linux provides more secure capabilities than Windows. Taken from a IBM White Paper by Stacey Quandt. Microsoft and Linux both provide support for authentication, access control, audit trail/logging, Controlled Access Protection Profile, and cryptography. However, Linux is superior due to Linux Security Modules, "SELinux", and winbind. The user of a Linux system can decide to add additional security mechanisms to a Linux distribution without having to patch the kernel. 7:33:52 PM  PermaLink   / trackback []

IT Observer | What are Rootkits? Rootkits are Internet-based threats that have recently been discussed at great length, basically in the light of the fact that a large company distributed a rootkit with some of its products. But, what exactly is a rootkit? Why are rootkits so dangerous? Is it true that they cannot be removed from systems? We are going to try to give answers to these questions and lay various myths to rest. 7:31:08 PM  PermaLink   / trackback []

Analysts Fret as Adware Makers Leverage WMF Flaw. Analysts Fret as Adware Makers Leverage WMF Flaw. Updated: More adware networks are taking advantage of the Windows Metafile Format flaw, presenting exploited banner ads on Web sites. [eWEEK Security] 12:31:05 AM  PermaLink   / trackback []

DHS Tests RFID Passports At San Francisco Airport . DHS Tests RFID Passports At San Francisco Airport . The Department of Homeland Security will begin testing passports embedded with radio frequency identification (RFID) technology at the San Francisco International Airport. [Security Pipeline] 12:28:46 AM  PermaLink   / trackback []

Deployment Guide: Permission Slips. Deployment Guide: Permission Slips. We show you how to use Linux ACLs to control file ownership and access permissions. [Security Pipeline] 12:25:52 AM  PermaLink   / trackback []

Review: Password Management: Grief Relief. Review: Password Management: Grief Relief. With more users, partners, accounts and platforms, password automation is becoming a necessity. We tested seven password-management products and granted our Tester's Choice to the one with outstanding policy creation and enforcement as well as extensive platform support. [Security Pipeline] 12:24:01 AM  PermaLink   / trackback []

Ride Along: Anatomy of a Break-In. Ride Along: Anatomy of a Break-In. We went along for the ride as a team of security experts performed a vulnerability assessment--simulating an attack on a Fortune 500 company. [Security Pipeline] 12:21:44 AM  PermaLink   / trackback []