Monday, January 16, 2006

Hackers: If You Can't Beat 'em, Recruit 'em | Business | Deutsche Welle | 15.01.2006 In the days of increased reliance on the Internet, hackers are making computers increasingly unsafe. To counter that, IT security firms are turning around and hiring talented hackers to find security system holes. 7:18:25 PM  PermaLink   / trackback []

HNS - Tips For Staying Secure in 2006 So 2005 has gone down as the worst year for data security breaches. I suppose the good news is that we seemed to be less troubled by viruses, so either the virus developers have got bored, or our anti virus technology has got better, or maybe we're simply not aware of them - remember the incident earlier in the summer of 2005. The question is whether 2005 has been particularly bad for data breaches, or it's the case that more organisations own up to indiscretions. After all the consequences for being found out are now a lot more serious than admitting to a problem. It seems like almost every month last year, some organisation or other was admitting to backup tapes being misplaced. They were either getting lost in warehouses, disappearing when entrusted to some courier service or other. In the UK, the Inland Revenue lost a computer disc, sent by the bank, which contained address and account details of the banks investors, and apparently they are still looking for the disc. In Japan, millions of credit card details were stolen. In fact the stories go on and on. The potential seriousness for your business was quantified by the department of Trade and Industry, which said that 70 percent of organisations that experience serious data loss go out of business within 18 months. So looking on the bright side, the UK may become a tax haven during 2006! An organisation should never underestimate the potential damage in case of exposure or loss of confidential data. This is the reason why most businesses takes great care to ensure that the physical media is protected in physical safes with dual control procedures. And in some cases these physical security measures are even enforced by formal regulations. Securing data while it travels between applications, business partners, suppliers, customers, and other members of an extended enterprise is crucial. As enterprise networks continue to become increasingly accessible, so do the risks that information will be intercepted or altered in transmission. 7:14:40 PM  PermaLink   / trackback []

Security Fix - Update Fixes Critical Flaw for AOL Users - (washingtonpost.com) America Online today released a free software update to plug what experts are calling a "critical" security flaw in software used by millions of people to surf the Web. The problem affects AOL version 8.0, AOL version 8.0+, and AOL version 9.0 Classic.   If you are running one of these versions, you should either download and apply AOL's hotfix, or upgrade to AOL 9.0 Optimized or AOL 9.0 Security Edition; both are available from this link here. The flaw was found in the software versions listed above AOL You've Got Pictures, a photo-sharing service for AOL members. A "critical" security advisory over at FR-SIRT says attackers could exploit the problem to take over the computer of an AOL user who was tricked into visiting a specially crafted Web page. 7:12:15 PM  PermaLink   / trackback []

Tory and Lib peers aim to ice ID cards until Blair's overthrow. Tory and Lib peers aim to ice ID cards until Blair's overthrow. Costings look ball-crushingly tight, apparently... Tory and Liberal opposition peers will unite in the House of Lords today in an attempt to have the UK identity card scheme shelved pending an investigation of costs and benefits. Their amendment is intended, according to Tory Home Affairs spokesman David Davis to force the Government to produce proper costings of the scheme, but if passed it will be likely to kick ID cards into touch for the remainder of Tony Blair's term in Downing Street. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 7:04:59 PM  PermaLink   / trackback []

Researcher: Sony BMG rootkit still widespread. Researcher: Sony BMG rootkit still widespread. 'The global scope is the big mystery here' WASHINGTON D.C. Hundreds of thousands of networks across the globe, including many military and government networks, appear to still contain PCs with the controversial copy-protection software installed by music discs sold by media giant Sony BMG, a security researcher told attendees at the ShmooCon hacking conference this weekend. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 7:03:11 PM  PermaLink   / trackback []

WMF Vulnerability is an Intentional Backdoor? WMF Vulnerability is an Intentional Backdoor?   An anonymous reader writes  "Steve Gibson alleges that the WMF vulnerability in Windows was neither a bug, nor a feature designed without security in mind, but was actually an intentionally placed backdoor. In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor." ---  There's a transcript available of the 'Security Now!' podcast where Gibson discusses this.  [Slashdot] 7:00:25 PM  PermaLink   / trackback []

E-passport test takes flight | Tech News on ZDNet   The U.S. Department of Homeland Security announced Friday that it's launching a second test of its electronic passport initiative next week, as it seeks to curtail the use of bogus passports at international airports.  Testing of the e-passports, which carry biometric identification technologies, will be conducted at San Francisco International Airport, as well as Changi Airport in Singapore and Sydney Airport in Australia. The testing will begin Sunday and continue through April 15, with the help of the Australian, New Zealand and Singaporean governments. "This test provides an important opportunity to work with our international partners...to put in place an e-Passport reader solution by the end of fall of this year," Jim Williams, director of US-VISIT, a Homeland Security program, said in a statement. The passports contain  biometric information  such as a digital photo, as well as biographic information. The technology being tested promises to read and verify the electronic data when those carrying the e-passports attempt entry into the countries via participating airports.  6:52:29 PM  PermaLink   / trackback []

E-Passport System Test This Week. E-Passport System Test This Week. An anonymous reader writes "ZDNet has a story covering another Homeland Security test of the E-Passport system, a biometric program designed to stop counterfeit identification." From the article: "The passports contain biometric information such as a digital photo, as well as biographic information. The technology being tested promises to read and verify the electronic data when those carrying the e-passports attempt entry into the countries via participating airports. U.S. diplomats, Australian and New Zealand citizens and Singapore Airlines officials are among those who have been issued the e-passports. These people will also undergo normal screening procedures at the international airports." [Slashdot] 6:35:44 PM  PermaLink   / trackback []

Make an RFID-proof wallet. Make an RFID-proof wallet. 99luftballon writes "If, like me, you're more than a little concerned about the privacy aspects of RFID there's a useful enthusiast's web page on making your own RFID-blocking wallet. OK, it's never going to win any prizes for beauty or garner fashion awards but should be effective and seems perfectly practical. " [Slashdot] 6:31:13 PM  PermaLink   / trackback []