I seriously need to address a few blog postings that I have in the can. They have been languishing for a couple weeks now and I hope I can get them posted this weekend. I hope everyone has a great day!
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Online voter registration close to reality | San Francisco Chronicle
- Most Sensitive Data on Government Laptops Unencrypted | PC World
- Study raises data privacy and security concerns about telecommuting | LA Times
- Exploit Prods Software Firms to Update Their Updaters | Washington Post
- Olympics visitors warned of digital monitoring | Washington Times
- Nintendo files suit against five DS hacking firms | Engadget
- Motorola to Acquire AirDefense | Unified Communication Strategies
Tags: News, Daily Links, Security Blog, Information Security, Security News
This problem with Trend Micro was issued yesterday.
From Secunia:
Description:
Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user’s system.The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site.
Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment.
I can only imagine that this same problem exists in Symantec’s antivirus.
The last ditch effort by McKinnon to avoid extradition in the UK has failed. Now, his lawyers are taking the case to the EU courts.
From CNN:
Gary McKinnon, 42, faces charges in the United States for what officials say were a series of cyber attacks that stole passwords, attacked military networks and wrought hundreds of thousands of dollars worth of computer damage.
The decision by Britain’s House of Lords was his last legal option in this country, but his lawyer said she would appeal his case to the European Court of Human Rights in Strasbourg, France.
“The consequences he faces if extradited are both disproportionate and intolerable and we will be making an immediate application to the European court to prevent his removal,” Karen Todner said after McKinnon’s appeal was rejected. “We believe that the British government declined to prosecute him to enable the U.S. government to make an example of him.”
Well, of course they will make an example of him. They have to be sure to please/protect their alien masters.
heh.
My jaw is sore from the dentist yesterday. Ugh. At least today is starting off on a good note (jaw notwithstanding).
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- US government security data compromised | vnunet
- First attacks on DNS flaws reported | ZDNet
- DNS attacks “imminent,” warns Microsoft | IT Pro
- iPhone App Store Games Hacked – All Apps Hackable | Gizmodo
- IRS Worker Admits Snooping In Celebrities’ Files | WLWT Cincinnati
- Online threats materializing faster, study shows | AP
- Siemens provides multi-layered surveillance solution for Austrian shopping centre | Source Security
Tags: News, Daily Links, Security Blog, Information Security, Security News
From NY Times:
A German court convicted a former manager at the engineering and electronics company Siemens of misuse of funds on Monday in the first verdict stemming from a bribery scandal at the company.
A court in Munich fined the former manager, Reinhard Siekaczek, 108,000 euros, or $170,000, and imposed a two-year suspended prison sentence after an eight-week trial in which prosecutors offered extensive testimony and documentation about a companywide system of slush funds and illicit payments.
Prosecutors had requested a relatively lenient penalty because Mr. Siekaczek cooperated extensively with the investigation, they said on Friday, the final day of the trial.
For the full article read on.
From Minneapolis Star Tribune:
Europeans and others who travel visa-free to the United States can start registering in August for a new online security screening check that will become mandatory in January to enter the U.S., officials said Monday.
The new security measure will replace current paper forms that foreign visitors from the 27 countries that participate in the U.S. visa waiver program have to fill out once they enter U.S. territory at airports and seaports. It will not apply to land border crossings into the United States, where authorities will continue to use the paper forms.
So, why is it that I have an uneasy feeling about this program? Sure travelers would also have to provide all of their other info and fingerprints (mmm, Gummi) but, with this higher level of “automation” will this make it easier to breach the battlements? It appears that they’re moving ever closer to a screening process that removes the element of human intervention. Mind you I could be seeing this in a much darker light than is intended.
Hmm.
NIST has updated several of its guideline documents.
From GCN:
The beta NIST Windows Security Baseline Database is intended to supplement the revision of Special Publication 800-68, titled “Guidance for Securing Microsoft Windows XP Systems for IT Professionals,” which is being released in draft for public comment.
NIST also is releasing a revision of SP 800-48, titled “Guide to Securing Legacy IEEE 802.11 Wireless Networks,” which updates the original recommendations published in 2002, and SP 800-123, “Guide to General Server Security.”
For the full article read on.
I hope this week is an upturn for me. Last week was less than pleasant.
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Sophos to Launch EUR 217 Million Offer for Shares in Utimaco Safeware AG | MarketWatch
- Speculation over back door in Skype | Heise
- The Briton facing 60 years in US prison after hacking into Pentagon | The Guardian
- Financial Site Security Research Weak On Methodology and Timeliness | eWeek
- Passengers at British airports to be fingerprinted | The Telegraph
- New DNS exploit now in the wild and having a blast | Ars Technica
- Who Is Johng77536 And How Did He Game Twitter? | TechCrunch
Tags: News, Daily Links, Security Blog, Information Security, Security News
The states have been backing away from the REAL ID act as they get their heads around it. Louisiana is the latest to do so.
From KATC TV:
At least 10 states have passed laws rejecting the REAL ID Act, passed by Congress in 2005 and supported by President Bush as a nationwide identification system aimed at stopping terrorists, con artists and illegal immigrants. The measure would require states to enhance their identification system for driver licenses.
The Louisiana legislation, by Rep. Brett Geymann, blocks compliance with the federal law and orders the state Department of Public Safety “to report to the governor any attempt by agencies or agents of the U.S. Department of Homeland Security” who seek compliance. Geymann, R-Lake Charles, said he sponsored the measure after queries from individual constituents; but national opposition to REAL ID has come from activist groups with an array of political stances: social conservatives, the ACLU and libertarians.
OK, who’s next?
Well, as I was working through my email this evening I found a thank you note from Richard Cheshire and he made an interesting comment in the closing paragraph.
From the email:
I know there are parts of this whole endeavor that I’ve forgotten to mention and one reason I avoided naming specific individuals is because I know I’ll forget at least one person who really deserves mention and that would be sad since they would be relegated to the post that comes after this one. To avoid this and to give everyone the credit they truly deserve, let us all post our thanks and recognition to those individuals in the posts that follow this one. That way it’s very unlikely anyone will be left out.
I really think it’s not too early to start planning for The Next HOPE, especially while all of this is fresh on our minds. I’m not sure how we can possibly outdo this one but if there’s anyone capable of it, they’re right here on this list.
Hmmm, so I guess you can’t write off HOPE just yet. I just hope they can have it at a cooler time of year. It was freakin hot.
Hats off to everyone who made it possible.
