The Notacon conference is getting a huge jump on things for next year. They’ve already got their pre-regsitration open for April 2009. Well done.
From the Notacon site:
In order to simplify things for everyone, we have 2 basic registration levels, one with swag, the other with just the badge. With either registration, you can opt to pre-order a Notacon t-shirt via a drop-down option on the registration page.
The swag bag in the premier registration package not only will give you tons of goodies, but will also include a couple of meal vouchers that are good at the hotel to make sure you get at least some good meals over the course of the weekend. We will continue, of course, to have our con suite with complimentary sodas and snacks, but if you want something more substantial, think about the premier package!
$100 for the premium package. Not bad at all. There will be 600 tickets made available for the ‘09 show in Cleveland.
Not bad. I actually managed to get a good night sleep.
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Google and Wildcard Domains | GNUCITIZEN
- Trojan plays anti-China games for hacking | The Economic Times
- Villains Getting Smarter: Are We, Too? | Korea Times
- Agency Sees Theft Risk for ID Card in Medicare | NY Times
- Universities urged to tighten computer security | The Arizona Daily Star
- Organised e-crime targets students for recruitment | ZDNet UK
- Time to dismount the hamster security wheel of pain | The Regsiter
- New security awareness posters aid the battle | Cambridge Network
Tags: News, Daily Links, Security Blog, Information Security, Security News
Thanks to everyone who sent us a tip over the weekend on a great news story. I’m sorry I haven’t replied back individually but, I’ll try to catch up over the next 48 hours.
If you ever happen across a story that you think is something that should be shared with the community at large feel free to send us an email at “tips SHIFT 2 liquidmatrix dot org”.
We look forward to hearing from you. And if you don’t see you’re story on the front page don’t take it personally. We don’t get paid for this (yet) but, if we do manage to turn this into a full time gig you can bet we will be on top of things!
Anything to make a buck for some folks. A study commissioned by the folks at StrongMail Systems found that some marketing managers would be willing to dish out private customer data in order to bump up sales.
From the Financial Times:
The research – which was commissioned by StrongMail Systems, an e-mail security company – comes after the privacy watchdog warned of receiving an alarming number of reports of data security breaches in the private sector.
The survey, which covered 900 data security and marketing professionals, found that 7 per cent of marketing managers would disclose customers’ sexual orientation, 14 per cent their involvement in political activism, and 19 per cent their credit card details.
Some managers said they would also disclose data about ethnicity and religious beliefs.
The research found that marketing managers never reported data losses or thefts to customers in 90 per cent of cases, as they thought they were not required to do so.
So, are you keeping tabs on your marketing folks?
This one came out early this morning.
From Secunia:
Description:
Some vulnerabilities and a security issue have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or to compromise a user’s system.1) A boundary error within the handling of BMP and GIF images can be exploited to trigger an out-of-bounds read and disclose content in memory.
2) A security issue exists due to Safari automatically launching downloaded executable files from sites in a Internet Explorer 7 zone with the “Launching applications and unsafe files” option set to “Enable”, or sites in the Internet Explorer 6 “Local intranet” or “Trusted sites” zone.
3) An unspecified error in the handling of Javascript arrays can be exploited to cause a memory corruption when a user visits a specially crafted web page.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
The vulnerabilities are reported in Safari for Windows prior to version 3.1.2.
If you’re running it patch ‘er up. Or conversely you could just bite the bullet and get a Mac. (right, and use Firefox with NoScript. thx folks)
Friday is upon us and I can see light at the end of the tunnel.
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Computer with software stolen from RIDC Park Company (SCADA management software) | Pittsburgh Tribune-Review
- Staff ignore data security, surveys say | IT PRO
- Lessons from the Verizon 2008 Data Breach Investigations Report | InfoWorld
- Microsoft’s critical Bluetooth patch didn’t work on XP | Network World
- Sweden passes eavesdropping law | International Herald Tribune
- From zero day exploit to zero day fix | IT Director
- Briton searched web for ways to kill, court told | The Guardian
- FaceTime Security Program Locks out MySpace Applets | PC World
- Security breach hits DivShare, unauthorized access to its database | ZDNet
Tags: News, Daily Links, Security Blog, Information Security, Security News
Only one in three? I would hazard that is being conservative.
From MSNBC:
One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues’ salary details, personal e-mails or board-meeting minutes, according to a survey.
U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.
Ah, there it is. One-third admitted to it. OK, that is more what I would expect. Now for the other two thirds get the electric cattle prod and some thumb screws and I’m sure they’ll start singing.
hyuk.
I had a long crappy day as anyone who might follow my Twitter may have seen. I was wallowing in my own discontent when I met up with Myrcurial for lunch today. The cheshire grin on his face was something to behold. As it turns out, the weasel had been sitting on a rather significant announcement (for the last month) that he alluded to in his earlier posting today.
Myrcurial will be speaking at Last Hope! Very cool brother! His talk entitled, “From a Black Hat to a Black Suit” will be a must see for any propeller heads that have aspirations for a corner office one day.
From the talk summary:
You want it all. You can see the brass ring and you want to jump for it. But you’re scared. You don’t want to put on a suit and watch your soul shrivel like the spot price on RAM. There is another way.In this session, you will learn: why you want to do this to yourself, how to get the first job (which will suck), how to turn the first job into the next job (while still having fun), how to get the top job (sooner than you thought you could), and how to do it all without feeling like a corporate whore. You want to hack the planet? You’ve got to start somewhere.
I’ll be the smart ass in the back crackin wise.
The 1337 bastards at 2600 have posted the list of talks for The Last HOPE conference being held July 18-20 at the Hotel Pennsylvania in NYC.
List of Scheduled Talks Posted
Posted 18 Jun 2008 22:42:50 UTC
With a record number of 97 scheduled talks to be presented in three different areas, The Last HOPE has posted a list of talks with time and room assignments forthcoming.
We do plan on having an additional track for unscheduled talks so if you missed this deadline, you still have a shot in the somewhat smaller unscheduled track room. Look for the unscheduled track sign up sheet at the conference.
Of course you’ll be able to find Dave and I there. Wouldn’t miss it for the world.
Oh – and you might want to scroll that list of talks down… maybe just to the Featured Speakers section… or maybe just below that.
See you in NYC.
Tags: 2600, HOPE, the Last HOPE, hackers, conferences, NYC
Making lists of things to remember as I scramble to keep my focus in the face of a lack of sleep. Next thing you know I’ll be putting sticky notes on things. “Coffee cup”, “Door”, “Advil” and “C-61 / bad joke”.
You get the idea.
Click here to subscribe to Liquidmatrix Security Digest!. Welcome to the new subscribers who joined us yesterday! Thanks!
And now, the news…
- Copyright Bill’s Fine Print Makes For a Disturbing Read | Michael Geist
- A Week in the Life of the Canadian DMCA: Part Two | Michael Geist
- DMC-eh? Why Canada’s new Copyright law is a mistake | Mang’s Bat Page
- E-Mail: To Encrypt or Not to Encrypt? | NPR
- Hazel Blears’s stolen laptop was not encrypted | Information Age
- Encryption: DLP’s Newest Ingredient | Dark Reading
- Merchant Securities’ stock broking firm fined for poor data security procedures | RTT News
- State computers headed for sale had private information | The Topeka Capital-Journal
- Fed slammed over internal controls | Houston Chronicle
Tags: News, Daily Links, Security Blog, Information Security, Security News
