Security Blog |
5.24.2002
Ask Slashdot Caught this on my way out the door. Don't know how I missed it the first time - getting management to deal with security.
From Slashdot Makes me wonder if the crackers sent it into Slashdot, since I haven't seen this story posted anywhere else. From the SacBee: Computer hackers gained access to the California state government's computer systems in April and sensitive financial and personal information about as many as 265,000 state workers, officials said Friday.
Have a good weekend Not much going on today. I'll be around, but expect more of the same. See you all next week.
The Spam Mafia Scary stuff - those spammers are digital gangsters. This piece is good for a laugh, maybe we should just deal with it -- or else. Fear the wrath of the spammer. A British man has been threatened by a gang of spammers after reporting its activity to his ISP. 5.23.2002
Tough week for Biometrics First jello fingers, now this. c't magazine claims that the tested devices were "more of the nature of toys than of serious security measures". More can be found at the Register.
Cloak and dagger The mayor of NYC was involved in an interesting series of events. Bloomberg helped capture two men accused of extortion. Evidently, they broke into his company's computers and demanded $200k. They agreed to meet him in London, where they were arrested. 5.22.2002
Virii Klez strikes the State Department. The State Department's e-mail identity was forged by a computer virus that sent itself to law enforcement and media outlets across the country, a department official said Tuesday.
About face Talk about a 180 degree turn. Loudcloud, the new baby of Netscape boy wonder Marc Andreesen, has jumped into the business of security services. This is quite different the original business model which, if I remember correctly, focused on rapidly developing business sites. Security is all the rage right now - and must be the only thing selling. I'm sure we'll see other companies following suit. Comforting isn't it? Corporations offering security services because it's making money at the moment. INFRASTRUCTURE MANAGEMENT SERVICE provider Loudcloud on Wednesday will announce it has begun offering its customers an automated system for detecting vulnerabilities and deploying fixes in servers and network devices, capitalizing on the growing proliferation of worms, viruses, and software vulnerabilities.
How chic The art world continues to dabble in security. Eight PCs, four iMacs and seven Sun Ray Unix workstations will house much of the work on display in the exhibit. Visitors will be able to observe animations depicting the effects of various viruses on computer systems. The history of virtual viruses will also be visually documented. 5.21.2002
Blog relations A thanks to Jiri Ludvik for stopping in. He runs a security blog as well, check it out.
Unbelievable You might have come across this somewhere else, but I couldn't resist. The excerpt speaks for itself. A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.
Hack the vote Interesting piece on an older story - the Vivendi vote tampering. This is only the beginning of stories like this - one of the first we've actually heard about. The culprits -- most likely a small team of hackers with inside information about the voting system -- intercepted and altered some shareholder votes, Vivendi said. The company lodged a criminal complaint and says it may convene another shareholders' meeting to repeat the result, which saw the defeat of a controversial stock-option plan offered by Chief Executive Officer Jean-Marie Messier.
So true A snippet with a message: The bottom line is that hackers are still at least one step ahead of even the best-funded and most sophisticated IT departments in the world, such as those of Ford and Experian. The message to consumers: Be afraid. Be very afraid. Hackers, at least for the moment, are way ahead of corporate IT departments, and are even outpacing the top cybercrime fighters in federal law enforcement. 5.20.2002
Stifle the laughter Sony's new anti-piracy technology? It can be defeated with a magic marker. When will they learn? Internet newsgroups have been circulating news of the discovery for the past week, and in typical newsgroup style, users have pilloried Sony for deploying "hi-tech" copy protection that can be defeated by paying a visit to a stationery store.
The next wave An excellent article on the new types of security threats which accompany web services. These are things different then traditional crack attacks, instead focusing on exploitation or slight gains. I think this piece sheds light on some things which happen everyday to many companies, but we never hear about it. Definitely worth a look. "The kind of attacks that we're seeing are not a traditional security attack," he warned. The threat to web services is not about something like root access; it's more about repeated violations and exploitations of the service — small cheats and hacks that are individually insignificant, but a huge problem in the aggregate."
Be wary of webcams Remember - if the redlight is blinking... Nicholas J. Suchyta, 19, allegedly recorded his roommate and her boyfriend having sex and also beamed live broadcasts of the activities on the Internet early this year. The couple told police they had no idea that the five computers in the living room were rigged with a Web cam.
Biometric Failure Trials of facial recognition technology in a Florida airport are off to a poor start. 5.19.2002
|
