Archive for June, 2006
Author: Dave Lewis
June 30, 2006 at 11:01 pm · Filed under Data Security
OK, so maybe I spoke to soon. I get it now. Recover one laptop…lose two.
U.S. lawmakers said Thursday they have learned of two more data breaches at the Department of Veterans Affairs (VA) even as the agency announced that law enforcement agencies had recovered stolen computer hardware containing the personal information of millions of U.S. military veterans.
The VA needs to start firing some higher ups.
Article Link
Tags: VA, Data Theft, Data Security, Military Records
Author: Dave Lewis
June 30, 2006 at 10:56 pm · Filed under Hacker
When hackers have an ethical bypass. I hope they catch this twisted little prick.
A hacker broke into the child-support computer system run by the state Treasurer’s office and may have obtained names, Social Security numbers and other information of 300,000 people and 9,000 employers. The system helps collect and disperse child-support payments.
Treasurer Ron Ross announced the security breach Thursday.
The hacker got into a back-up computer server Wednesday morning for about 40 minutes and launched a virus, which Ross said was immediately removed.
No scruples.
Article Link
Tags: Hacker, Child Support, Data Security
Author: Dave Lewis
June 30, 2006 at 10:44 pm · Filed under Data Security, ID Theft
In a refreshing turn of events the laptop that had been previously stolen from the home of a VA employee has been recovered. The laptop which we originally reported on a month ago is back home safely.
“It was confirmed to me by the deputy attorney general that law enforcement has in their possession the … laptop and hard drive,” Nicholson said in a statement at the hearing. “The serial numbers match.”
The funny part here is that the sacrificial lamb that the VA has initiated termination proceedings against…had permission to have the laptop with SSNs on it. I’ll say it again, he HAD PERMISSION. The letter of permission has surfaced and, naturally, the employee is fighting back. Now, it has become very obvious that the problem lies in the higher ups. Now we can fully appreciate why they were so keen to fire him.
Article Link
Tags: VA, Laptop, Data Security, Stolen Laptop, Veteran Affairs
Author: Dave Lewis
June 30, 2006 at 10:10 pm · Filed under News
Interesting. First Bill Gates leaves and then there is an announced another announced delay. This time affecting the Office 2007 product suite. Now we see Apple sales soaring and Novell (yes, they’re still around) eating away the market with their version of the SuSE linux operating system. Now, insult to injury. Microsoft is cutting staff.
“They are aligning their organization to be more efficient and responsive to their customers,” Microsoft spokesman Lou Gellos said. Microsoft began notifying affected workers of the cuts on Wednesday.
The software maker has never had large-scale, across-the-board layoffs, though it has made selective job cuts in various business units in the past. In 2002, for example, Microsoft axed more than 100 posts as it restructured its UltimateTV unit.
Are these cracks in the fine veneer of Microsoft that we are seeing? I’m sure that the launch of Vista will…oh right, yeah. Nevermind.
Article Link
Tags: Microsoft, Vista, Bill Gates, Job Cuts
Author: Dave Lewis
June 30, 2006 at 9:53 pm · Filed under News
In a interesting twist a storage company has purchased a security company. Nothing like some market symmetry. EMC has shelled out $2.1 billion for the control of security company RSA.
With the takeover, EMC said, it will create a company that can help organizations securely manage their information. EMC is a large provider of data storage products, while RSA sells identity and access management technologies, such as its SecurID tokens, as well as encryption and key management software. EMC CEO Joe Tucci said on a conference call: “EMC is where information lives and tomorrow EMC will be the company where information lives securely.”
It would appear that Symantec has some competition for the storage security market. It will be interesting if they will be able to avoid the pitfalls that Symantec had encountered, such as the tax bill from hell.
Article Link
Tags: EMC, RSA, Joe Tucci, Symantec, Take over
Author: Dave Lewis
June 30, 2006 at 9:43 pm · Filed under Apple, Exploit
Well, being a recent Macbook convert I have been paying more attention to Mac vulnerabilities. There was a code update released two days ago (I know, fast on my part) and with the update comes updates for Quicktime and iTunes. Now, according to the good folks at ISC it turns out that there is a root level exploit to go with it which is publicly available.
There is now a publicly available exploit taking advantage of the format string vulnerability with the LaunchD daemon in versions of OS X up to and including 10.4.6 which can result in an attacker gaining root access on the system.
Be sure to patch your system as soon as possible.
Article Link
Tags: Mac, Macbook, Apple, Vulnerabilities, OS X Patches, Exploit
Author: Dave Lewis
June 29, 2006 at 6:17 am · Filed under Spy Game
It appears that Canada may have it’s own domestic spy program in the wings or does it? On this past June 15 Bell Sympatico, a high speed DSL provider, changed their customer service agreement.
The clause states that Sympatico reserves the right to “monitor or investigate content on your use of your service provider’s network and to disclose any information necessary to satisfy any laws, regulations or other government request.”
Bell claims that this is not a tacit agreement with Big Brother. Bell stated that in order for any sort of monitoring to take place that they would need a court order.
Michael Geist, an Internet law professor at the University of Ottawa, believes Sympatico’s new contract language is a sign that the telecommunications industry expects the Conservative government to introduce an Internet surveillance bill.
How long until we to are mired in the mess that Bush Administration has drawn the US into?
Article Link
Tags: Wiretap, Censorship, Monitoring, Surveillance, Bell Sympatico, DSL, Michael Geist, Bush
Author: Dave Lewis
June 28, 2006 at 12:57 pm · Filed under Privacy
Here is a great article on ways to defeat the China firewall.
The Great Firewall of China is an important tool for the Chinese Government in their efforts to censor the Internet. It works, in part, by inspecting web traffic to determine whether or not particular words are present. If the Chinese Government does not approve of one of the words in a web page (or a web request), perhaps it says “f” “a” “l” “u” “n”, then the connection is closed and the web page will be unavailable — it has been censored.
This user-level effect has been known for some time… but up until now, no-one seems to have looked more closely into what is actually happening (or when they have, they have misunderstood the packet level events).
Article Link
Tags: Firewall, China, Censorship, Great Firewall of China, China Firewall
Author: Dave Lewis
June 27, 2006 at 9:59 am · Filed under SCADA Security, Terrorism
Here is an interesting article on the security of America’s power grid.
Terrorists attack Colombia’s electrical grid hundreds of times a year. What’s to stop attacks on America’s power lines? An Iowa State University research team led by Arun Somani, chair and Jerry R. Junkins professor of electrical and computer engineering, is working to develop a network of wireless sensors that could monitor the country’s electricity transmission system. While the sensors could pick up suspicious activity at power poles, they’d be especially useful at quickly locating any breakdowns. That could allow power companies to react in time to prevent power disruptions from cascading into blackouts. And the monitoring system could also help power companies quickly locate problems when severe weather tears down electrical lines.
There is already monitoring in place but, this could help to augment the existing infrastructure.
Article Link
Tags: Power Grid, SCADA, SCADA Security, Terrorism
Author: Dave Lewis
June 27, 2006 at 9:47 am · Filed under Exploit
OK, so here is a bit of a wrinkle. The latest release of Microsoft patches has a bug in MS06-025 that messes up some dialup connections. Now, there is exploit code that takes advantage of the issue that is addressed by MS06-025.
Microsoft said: “An attacker who successfully exploited this vulnerability could take complete control of the affected system.”
It urges users to apply the fix delivered with security bulletin MS06-025, which will remove the vulnerability. “We have confirmed that the exploit code does not affect users who have installed the update,” Microsoft said.
Bloody hell. Well, Microsoft is cobbling together a revised version of the patch that should be available soon. In the meantime you can patch your system here. Yes, I love my Macbook. Schweeeeeet. Which reminds me I still have to post my Macbook day one pics.
Article Link
Tags: MS06-025, Windows Exploit Code, Microsoft Exploit, Macbook
Next entries »
Explore
Security Bloggers Network
