Archive for October, 2008
Author: The Intern
October 30, 2008 at 6:47 am · Filed under News
G’morning!
I’m sensing a shift within, a return to health. I shan’t speak too much of it, lest I jinx myself.
I hope your Thursday is great!
Signed,
The Intern
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- On Being Informative, or Seeing Through the Fog - RiskAnalys.is Thanks Alex.
- Schneier sticks it to surveillance - The Register Inglorious five-year snoop-plan
- Please Help Me: I Need a QSA To Assess PCI/DSS Compliance In the Cloud… - Rational Survivability Chris Hoff asks for assistance, do you have what he needs?
- Web security firm warns of obfuscated code - Security Focus
- DHS cybersecurity boss fights back against critics - The Register “Cybersecurity boss”, wonder if that’s on his business card.
- Would you like a loan with that copier? - The Globe and Mail
And a few from the lighter side:
- NetFlix: Netflix Teams Up With TiVo the Way We Want - Gizmodo I may never leave the house again.
- Cars: Hidden Batcave Raises From the Underground to Reveal Shiny Lamborghinis - Gizmodo Learning the business is loads of fun, but deep down, I really want to be a Superhero.
Tags: News, Daily Links, Security Blog, Information Security, Security News
Author: The Intern
October 29, 2008 at 7:23 am · Filed under News
Dear Higher Powers,
Could you please release me and El Jefe from these craptacular symptoms now? I know I’ve had enough and I’m pretty sure he has too, though I’m sure you’ll have to assess each case separately.
Kthxbye.
The Intern
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Office software will live on the Web - Report on Business A little more like Google docs, a little less like Office.
- Student charged after alerting principal to server attack - The Register
- TSA vows relaxation of carry-on liquid limits - The Register Good news for my Old Spice-lovin’ Grandpa.
- Microsoft to unveil test version of Windows 7 - CNN A little more OS X, a little less Vista they say.
- Authors, Publishers Settle Suit Against Google - Time
- LinkedIn, the Networking Site That Likes a Bad Economy - Time
- Google’s New Zip Line, Yet Another Reason to Hate Your Office - Gizmodo Hell with work, I might put a zip line out my bedroom window just for kicks.
- Fradusters (sic) get into the cloud - The Register That ominous cloud continues to make headlines.
Tags: News, Daily Links, Security Blog, Information Security, Security News
Author: The Intern
October 28, 2008 at 7:24 pm · Filed under News
David Chuckles Lewis was born on October 28, 1970 in a foggy hamlet north of Toronto on a dreary Monday evening. Like him or loathe him (what’s not to love?), Mr. Lewis possesses all of the qualifications needed for birthday well-wishes on this blog: He is a Dad (father of a gorgeous daughter) and he is definitely a Geek. In addition, it’s his birthday so this day seems most appropriate.
Lewis founded Liquid-Matrix Security Digest in 1998. (The hyphen was never actually used.) Throughout the early years of the Digest, he wrote every post, exploit and headline single-handedly while working full-time for the corporate machine. As the site grew he added contributors, reeling them in with a forceful crack of the whip when their opinions don’t match his own.
Liquidmatrix got its start by being a source of exploit code and links to other security related websites. After a significant lobbying effort, Liquidmatrix turned to the new fad, “blogging”, and the rest as they say, is computing history.
In 2008, Lewis removed his picture from the front page of the Digest, in order to share the blame glory and concentrate part-time on “new projects”. He and his wife established The Lewis Family which helps to keep international companies in business through the never-ending consumption of diapers and diapering accessories totalling an estimated $38.7 billion USD.
Happy Birthday Dave.
Author: The Intern
October 28, 2008 at 8:12 am · Filed under News
Good day -
Today’s articles are a mix of technology, crime and the ever popular “Patch It Quick!”. Hoping there is something of interest across the board. Thanks for joining us.
See you tomorrow!
Signed,
The Intern
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Family Tree of Telecommunication - Neatorama Similar hierarchies can be found at family reunions in Back Hills, Arkansas.
- Shuttleworth will burn fortune for Ubuntu - The Register
- Opera scrambles to quash zero-day bug in freshly patched browser - also The Register
- Microsoft Security Advisory: MS08-067 - Microsoft Thank you, innismir.
- New Research on Child Identity Theft - Debix Thank you, mortman.
- Internet Apps & Social Networking Office Boom Linked to Breaches - Dark Reading Before the internet at work, did people actually work 100% of the time?
- Operation frees dozens of child prostitutes - CNN, Crime 576 child victims freed… for some crimes, there really is no appropriate punishment.
- Why Virtualization Security is Such a Mess - CSO Online Podcast featuring luminary and poet, Chris Hoff
And because I know at least one person is following this series, Part Two:
- The netbook newbie’s guide to Linux: Episode Two - The Register, Hardware
Tags: News, Daily Links, Security Blog, Information Security, Security News
Author: The Intern
October 27, 2008 at 5:59 am · Filed under News
I hope I have a good Monday.
If I don’t get a good night’s sleep soon, I may be inclined to take out contrary personalities. Sick of sick, pardon my whine.
I hope you have a surprisingly good Monday, too.
Signed,
The Intern
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- MS Windows Server Service Code Execution Exploit - milw0rm
- iPhone 3G Baseband Break-in, Unlock Closer - Gizmodo
- Ridiculing the Ridiculous: Terrorist Tweets - Emergent Chaos Make the bad men stop!
- Insecurity Theatre - Emergent Chaos
- New address spoofing flaw smudges Google’s Chrome - The Register
- Microsoft doubles reward for missing Ontario boy - The Globe and Mail Sending a wish to the universe that Brandon Crisp returns home soon.
- Tech Insight: Digital Forensics & Incident Response Go Live - Dark Reading
- How to Prevent Cyber Espionage - CSO Online, Gadi Evron
Tags: News, Daily Links, Security Blog, Information Security, Security News
Author: Dave Lewis
October 26, 2008 at 8:54 pm · Filed under Crime, Crypto, Legal Aspects, Policing
Chris Soghoian has another interesting piece on his CNET blog.
Wow, I’m certainly glad that I’ve not had the displeasure of police interrogation. But, to think of one in some countries around the world makes the blood run cold. One such example is apparently, Turkey.
From CNET:
The 2005 theft of tens of million credit card numbers from an unsecured wireless network run by TJ Maxx stores has lead to over 150 million dollars in damages for the company. The two gentlemen behind the heist sold the pilfered credit card information to others online. Eventually, the stolen cards reached Maksym Yastremskiy, a Ukrainian citizen, and, according to media reports, a “major figure in the international sale of stolen credit card information.”
Mr Yastremskiy was later arrested in 2007, while on vacation in Turkey. The US government has formally requested that Yastremskiy be extradited, and has charged him with a number of crimes including aggravated identity theft.
Now, comments alleged to have been made by Howard Cox, a US Department of Justice official, shed some light on the possible means in which the Turkish police extracted the password for his encryption software.
Cox quipped about leaving a stubborn suspect alone with Turkish police for a week as a way to get them to voluntarily reveal their password
Volun…damn. OK, the tongue and cheek imagery of a black and white film gives way to this image.
Guilty or not, this is not the right way to do things.
Article Link
Author: Dave Lewis
October 25, 2008 at 7:35 am · Filed under Military, Physical Security
Well, to hunt down the bad kind or “uncooperative” ones anyway. This has a weird humour element as it manages to conjure an image of Bender calling to “kill all humans”.
From New Scientist:
The latest request from the Pentagon jars the senses. At least, it did mine. They are looking for contractors to provide a “Multi-Robot Pursuit System” that will let packs of robots “search for and detect a non-cooperative human”.
One thing that really bugs defence chiefs is having their troops diverted from other duties to control robots. So having a pack of them controlled by one person makes logistical sense. But I’m concerned about where this technology will end up.
So, the author is concerned where this tech could end up?
The US military wants a droid army. What could possibly go wrong?
Oh, riiight.
For the full article read on.
Article Link
Author: Dave Lewis
October 24, 2008 at 9:08 pm · Filed under Mobile, Privacy
Well, that certainly didn’t take very long now did it?
From NY Times:
Charles A. Miller, notified Google of the flaw this week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
Mr. Miller, a former National Security Agency computer security specialist, said the flaw could be exploited by an attacker who might trick a G1 user into visiting a booby-trapped Web site.
Tricking a user into surfing an infected site? Nevah.
The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
I guess we can safely say that, yes, that would be unpleasant.
Article Link
UPDATE: Well, I posted this just yesterday and now it appears that there are serious problems with T-Mobile’s G1 mobile email service. They are actively working to address the issue.
Tags: Google, Android, Google Android, T-Mobile
Author: Dave Lewis
October 24, 2008 at 5:03 pm · Filed under Humour, Legal Aspects
This is rather funny capper to a long week. The EFF, in a bid to raise donations, has made t-shirts with their spoof of the National Security Agency’s logo on them. Very amusing.
From EFF:
A few weeks back, we produced a new graphic to accompany our new case against the government, Jewel v. NSA, challenging the Bush administration’s illegal spying program. The graphic is a retooling of the NSA’s logo, featuring a glowering eagle using his talons to illegally plug into the nation’s telecommunications system — with the help of telecom giant AT&T.
This is available for a donation of $65 or more. Very cool shirt and the money helps to fund a great cause.
Article Link
Author: The Intern
October 24, 2008 at 8:43 am · Filed under News
Rumour yesterday was that the MS08-067 was potentially “wormable” - that’s since been proven. Information shared via Twitter @lithium, uploaded to MalwareDB under /lithium-malware .
I hope your weekend has equal parts relaxation and sleep, with a side of frivolity just to keep it real.
Signed,
The Intern
Click here to subscribe to Liquidmatrix Security Digest!.
And now, the news…
- Space tourist back on terra firma - The Register That’s a pretty cool story to share with the grandkids.
- Six Month Delay of “Red Flags” Rule - leune.org Thank you, Kees.
- ES&S Voting Machines in Tennessee Flip Votes - Wired, Threat Level This time flipping from Republican to Democrat, I’m sure it’ll all even out in the end - right?
- McAfee Takes Another Crack At NAC - eWeek
- McAfee Integration with Bit9 Underscores Growing Support for Application Whitelisting - eWeek a little news from FOCUS08
- False Jobs illness rumor was posted by 18 year old kid - Boing Boing The power of
misinformation technology at work.
- SoftPerfect Network Scanner Digs Through Networks From a Thumb Drive - Life Hacker
- Bedside table breaks apart into bludgeoning weapons - Boing Boing Useful also for budget meetings and performance reviews
Tags: News, Daily Links, Security Blog, Information Security, Security News
Next entries »
