Friday, September 29, 2006

ID Thieves Turn Sights on Smaller E-Businesses - washingtonpost.com Cole's and Galloway's information was recorded being traded in an online chat room by Dan Clements, co-founder of CardCops.com, a fraud prevention service that monitors underground chat rooms where criminals trade in stolen credit cards and information used to commit identity theft. Clements said many smaller online merchants use generic shopping cart software that they fail to maintain with the latest software security patches. "Most of these merchants that get hacked do not have updated versions of the software that runs their business, they're just trying to sell widgets," he said. Nearly 80 percent of all software vulnerabilities discovered in the first six months of 2006 involved Web-based applications produced by hundreds of different software vendors, according to a report released Monday by Cupertino, Calif.-based security vendor Symantec Corp. "The people writing these applications often don't know very much about Web-based vulnerabilities," said Alfred Huger, a senior director at Symantec Security Response. "Many of these Web vulnerabilities are not that difficult to discover and are very easy to exploit." 2:35:12 AM  PermaLink   / trackback []

Flyer Detained For Graffiti-ing Own Bag Speaks. Flyer Detained For Graffiti-ing Own Bag Speaks. Ryan Bird is a soft-spoken 31-year-old senior executive for a manufacturing company in Milwaukee who flies about 100,000 miles per year. On Tuesday, Bird took a magic marker to his plastic bag of toiletries -- the newest security regulation issued by the government -- and wrote "Kip Hawley is an idiot." Hawley heads up the Transportation Security Administration, and for insulting him, Bird says he ended up being detained for 15 minutes by Milwaukee sherriff's department and told by a TSA official that he had no First Amendment rights in the screening area. Bird's stunt gained him quick e-fame, but refused to talk to reporters until he talked with Wired News today. He wasn't after publicity outside the world of the FlyerTalk frequent flyer community, Bird said, and he just wanted to express his opinion that the ban on liquids was "kabuki security theater" and that the TSA should be focussing on looking for bombs in cargo, instead. He'd tried writing the TSA, his Senator and Congressperson to no aviail. I really thought of it as culmination of my frustration at the idiotic policies of the TSA and if I had the chance to write a complete disertation to show the guys at the checkpoint, I probably would have, But it was pretty succint: "Kip Hawley is an idiot" and he is. I think what struck a chord with people was not that the TSA overreacted but it was the blatant comment from the TSA supervisor, when he said, "Out there you have rights. In here, you don't." I think it rung a bell with a lot of people who realize that TSA is little more than window dressing. Now that you have some publicity what do you want? In addition to a response to my complaint, I'd like to see a more commonn sense approach when it comes to security, lets admit that the whole water and gel and liquid ban was a stupid knee jerk reaction to a non-credible threat. If we are going to spend billions of taxpayer dollars in money and fees attached to tickes, lets address proactively address some real threats: How about that you can sneak a bomb into the cargo hold or you can check a bag and misconnect? I definitely want to see the end of random patdowns of people like common criminals. And let's end the shoe carnival -- shoes can be swabbed for explosives just like anything else it?s a foolish time waster that seems to be done for public opinion. Bird says he still has his baggie and this morning said he planned to fly home with it today. [27B Stroke 6] 1:31:55 AM  PermaLink   / trackback []

TSA: Hawley an Idiot and Flyers Can Graffiti Away. TSA: Hawley an Idiot and Flyers Can Graffiti Away. Fliers are welcome to deface their see-through toiletry bags or even wear stupid t-shirts with slogans, according to Transportation Security Administration spokeswoman Yolanda Clark. "There is no policy that restricts passengers from expressing their opinion as long as they are not threatening," Clark said. That policy conflicts with what frequent flier Ryan Bird says happened to him Tuesday after he entered Milwaukee airports screening lines with his toiletries packed in a bag that had the words "Kip Hawley is an idiot." Bird says that small protest of what he calls "security theater" led a TSA officer to tell him that he had no free-speech rights in the screening. He was also detained, albeit briefly, by a Milwaukee's sheriff. Clark said that the TSA never detained Bird and allowed him to take his baggie of toiletries in small bottles onto the plane. As to whether Hawley is an idiot? Clark mentioned the incident to Hawley, who replied, "As a fan of the 2004 Red Sox, I take it as a compliment."   [27B Stroke 6] 1:24:23 AM  PermaLink   / trackback []

Understanding Cross Site Scripting. Understanding Cross Site Scripting. In this article, Hardik Shah demonstrates how cross site scripting attacks are performed and what precautions one needs to make sure that one does not loose valuable details and other important information. By Hardik Shah. [Infosec Writers Latest Security Papers] 1:19:37 AM  PermaLink   / trackback []

CDT Blasts Meaningless Wiretapping "Compromise". CDT Blasts Meaningless Wiretapping "Compromise". CDT on Monday criticized a purported "compromise" on the Cheney-Specter warrantless wiretapping bill that led to three Senators announcing their support for the measure. The changes made to the bill were meaningless. The provisions in the Cheney-Specter measure that threaten to dangerously erode both privacy protections and national security remain very much intact, CDT said in a new Policy Post. CDT maintains that it would be better to do nothing than to pass a measure that not only validates the administration's illegal program of warrantless wiretapping, but also grants broad new snooping powers to future administrations. [Center for Democracy and Technology] 1:08:22 AM  PermaLink   / trackback []

FOIA Measure a Good Step for Open Government. FOIA Measure a Good Step for Open Government. The Senate Judiciary Committee last week approved a bill that, among other things, requires government agencies to respond in a timelier manner to requests made under the Freedom of Information Act. Introduced by Sen. John Cornyn (R-Texas) and Patrick Leahy (D-Vt.), the Open Government Act would require agencies to provide information within 20 days of receiving a FOIA request or be subject to penalties. It is unclear whether the bill will make its way to the President in the few remaining days before Congress recesses. CDT strongly supports the measure. [Center for Democracy and Technology] 1:05:07 AM  PermaLink   / trackback []

House Poised to Pass Worst Version of Wilson NSA Bill. House Poised to Pass Worst Version of Wilson NSA Bill. The full House of Representatives appears poised to vote on a version of the Wilson wiretapping bill (H.R. 5825) that includes the worst elements of earlier versions of the bill approved by the House Judiciary and Intelligence Committees. CDT opposes this bill and its counterpart in the Senate, the Specter-Cheney bill. [Center for Democracy and Technology] 12:59:56 AM  PermaLink   / trackback []