|
| |
|
Thursday, March 30, 2006 |
Why Phishing Works.
h0neyp0t writes "Harvard and Berkeley have released a study that shows why phishing attacks work
(pdf). When asked if a phishing site was legit or a spoof, 23% of users
use only the content of the website to make the decision! The majority
of users ignore the address and SSL indicators in the browser. Some
users think that favicons and lock icons in HTML are more important
indicators. The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate. This study is brought to you by the people who developed the security skins Firefox extension." [Slashdot] |
PermaLink
|
Trustix, a Worthy Contender? Linux.com (also owned by OSTG) is running a quick look at Trustix, a Linux distro designed for servers that focuses on ground up security and stability. From the article: "No operating system can claim to be completely secure. There will always be zero-day exploits, configurations errors, user errors, and other factors that can defeat the best security for any system. On the other hand, it's always good to start from a secure base and then add more security. Trustix provides a reliable and secure Linux distribution that you can build upon. There are no wasteful graphical displays and no wizards to set up your firewall. If you aren't comfortable with the command line, forget about Trustix. [...] That said, Trustix does a good job of keeping your system up-to-date, and if you have the required experience, you'll find that it's a robust distro. As a simple server distro with a high level of security and customizability, Trustix is a worthy contender." [Slashdot] |
|
Unmanned Aerial Drones Coming Soon Above U.S.. cnet-declan writes "Unmanned
aerial vehicles (UAVs) have been flying over Iraq and Afghanistan, but
now the Bush administration wants to use them for domestic surveillance.
A top Homeland Security official told Congress today, according to this
CNET News.com article, that: "We need additional technology to
supplement manned aircraft surveillance and current ground assets to
ensure more effective monitoring of United States territory." One
county in North Carolina is already using UAVs to monitor public gatherings.
But what happens when lots of relatively dumb drones have to share
airspace with aircraft carrying passengers? A pilot's association is worried." [Slashdot] |
Lenovo Under U.S. Probe for Spying. BigControversy writes "The DailyTech has a report indicating that Lenovo, the giant Chinese PC manufacturer, is under a probe by the U.S.-China Economic Security Review Commission (USCC) for possible bugging. Apparently, the government has ordered 16,000 PCs from Lenovo but is now requesting that Lenovo be investigated by intelligence agencies. The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on." From the article: "Despite the probe, Lenovo says that its international business, especially those that deal with the US, follow strictly laid out government regulations and rules. Lenovo also claims that even after purchasing IBM's PC division, its international business has not been affected negatively. Interestingly, in an interview with the BBC, Lenovo mentioned that an open investigation or probe may negatively affect the way that the company deals with future government contracts or bids." There just has to be better uses of our intelligence community's time. [Slashdot] |
Copying high definition 1080p content over an analog signal is very
expensive, time consuming, and prone to quality loss during the
conversion even without ICT restrictions. Even if there was no way to
make a high-speed bit-for-bit digital copy directly in a computer
because of some DRM mechanism, there will always be some way for
determined crackers to intercept unprotected digital content before
it's delivered to the video output device. It is simply naive to think
that any music or video pirate professional or casual is going to use
the so called "analog hole" to pirate content and even dumber to pass
laws that make maximum quality analog connectors illegal. Most new HDTV
sets don't even have HDMI connectors let alone older HDTV sets so if
ICT enforcement is ever adopted, almost everyone will be negatively
affected. Most movie companies with the exception of Warner Brothers
have already indicated that they would not initially implement ICT
because they realize that they would have an uproar because so many
people would be adversely affected. But in the future when enough
HDMI-capable HDTV sets are on the market, there is no guarantee that
the movie companies won't try to sneak ICT enforcement in to future
releases. |
DRM and the Myth of the Analog Hole. Art Grimm writes "Movie studios want to punish legitimate customers for legally purchasing content, while the real pirates go right on stealing. ZDNet's George Ou writes: "There seems to be a persistent myth floating around the board rooms of the movie companies and Congress that analog content is the boogie man of music and video piracy. In fact, they're so paranoid about it that they're considering a mechanism called ICT (Image Constraint Token) that punishes law-abiding customers for content that they legally purchased. But ironically, the real content pirates who make millions of bootleg movies have no intention of ever taking advantage of the so called "analog hole" because that is the slowest and lowest quality method of stealing content."" [Slashdot: Your Rights Online] |
UK Government Passes ID Card Bill. cowbutt writes "The two houses of the UK government, the elected House of Commons and the House of Lords have agreed a compromise on Labour's ID cards bill, after Conservative peers accepted a Labour amendment. Under the new amendment, anyone renewing a designated document (e.g. passport) will be able to opt-out of getting a card until 2010, but will still have their details put on the National ID Register immediately." [Slashdot: Your Rights Online] |
Five former judges on the nation's most secretive court, including one who resigned in apparent protest over President Bush's domestic eavesdropping, urged Congress on Tuesday to give the court a formal role in overseeing the surveillance program. |
Florida banks hacked in new spoofing attack. Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type. |
U.K. poised to move ahead with national ID cards. The British government could soon roll ahead with plans to issue national ID cards after both houses of Parliament reached a compromise Wednesday night on a bill detailing the plan.[Computerworld Privacy News] |
Banks Hit With New Spoofing Attacks. Attackers made changes to legitimate Web sites, making the scams much harder to detect. [PCWorld.com - Latest News Stories] |
(IN)SECURE Magazine Issue 5. Articles in this issue include: Web application firewalls primer, Review: Trustware BufferZone 1.6, Threat analysis using log data, Looking back at computer security in 2005, Writing an enterprise handheld security policy, Digital Rights Management, Revenge of the Web mob, Hardening Windows Server 2003 platforms made easy and Filtering spam server-side [(IN)SECURE Magazine Notifications RSS] |
(IN)SECURE Magazine Issue 6. Articles in this issue include: Best practices in enterprise database protection, Quantifying the cost of spyware to the enterprise, Security for websites - breaking sessions to hack into a machine, How to win friends and influence people with IT security certifications, The size of security: the evolution and history of OSSTMM operational security metrics, Interview with Kenny Paterson, Professor of Information Security at Royal Holloway, University of London, PHP and SQL security today, Apache security: Denial of Service attacks, War-driving in Germany - CeBIT 2006 [(IN)SECURE Magazine Notifications RSS] |
House Committee Approves Revised Data Security Legislation. The House Energy and Commerce Committee today approved a version of data security legislation that, in addition to providing a nationwide standard for notifying consumers about data security breaches, would give consumers the right to review information in their data broker files. The bill represents a substantial improvement over the version approved at the subcommittee level last year, and is significantly stronger than an alternative bill approved by the House Financial Services Committee earlier this month. The overall prospects for enacting federal data security legislation this year remain uncertain, as it would require reconciling the multiple bills on the subject that have been proposed by several committees in both the House and Senate. [Center for Democracy and Technology] |
Despite all the dire warnings about legal liabilities and security risks, a new study indicates one in five workers uses his or her company's Web access for personal use. |
(IN)SECURE Issue 6 has been released. The latest edition of this free PDF digital security magazine is packed with content that caters all levels of knowledge. Get your copy today! [LinuxSecurity.com] |
ID cards sorta compulsory. |
Tories promise to ditch ID Cards. |
FEC Protects Bulk of Internet Speech From Campaign Finance Rules. |
Technologist proposes Net neutrality solution. |
Last update: 4/7/06; 12:33:33 AM .
