NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

3.31.2011

 
Not necessarily major news, but it goes to show... who watches the watchers and all that. Disgruntled employee gets terminated, wipes out employers data...

Hacker wipes out whole season of TV show.
Hacker Deleted Entire Season, TV Station Says
Lawsuit: Fired Data Center Worker Wiped out TV Show


If you can't trust the people you hired to have the ethics NOT to do something malicious after termination...

 
Massive SQL injection attack compromises 380,000 URLs

"A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked."

Basically, rogue AV software. Also, affects Apple's iTunes (mostly fixed now) through cross-site and RSS feeds that have been compromised.

 
Dissecting LizaMoon's SQL Injection Attack.

 
ComodoHacker's pastebin, where he discusses this week's compromise of Comodo.



3.30.2011

 
Samsung installs keylogger on its laptop computers

Samsung responds to installation of keylogger on its laptop computers

Just makes you wonder... how much can you really trust the vendors, these days?




---- Follow up - 03/31/2011 15:58:31 Eastern
Samsung Keylogger Case Revealed As False Positive

False alarm.



3.28.2011

 
McAfee Report - Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency - If they came out with this 10 or more years ago, it may have been news to some but that cow left the barn a lloonngg time ago.

 
MySQL.com owned via a SQL injection exploit



3.24.2011

 
The RSA breach affects software signing certificates, in addition to SecurID Tokens. Microsoft was specifically named as one company that is vulnerable to spoofing because of the RSA breach. Other companies may be affected as well. Malicious code could be digitally signed to appear as a legitimate software patch. Combined with a cleverly crafted Phishing e-mail and/or fake web page, it would be nearly impossible to detect the forgery.



3.22.2011

 
YAA0D: Yet Another Adobe 0-Day from Reg

 
MS claims credit for Rustock botnet takedown

 
Rise of a Cybered Westphalian Age



3.21.2011

 
For those who missed it, here is Jason Langone's Presentation from Last Week.

 
Dutch Court Rules WiFi Hacking Is Now Legal - Gotta love the Dutch. Crime is very low as nearly everything is either legal or tolerated.

 
Cyberwar as a Confidence Game by Martin C. Libicki and Read Dave Aitel's comments from the DailyDave



3.18.2011

 
EMC security division hacked...
A few spins by the media here:
CBR Security
Huffington Post

The raw data below:
SEC Filing
EDGAR Online posting
See EXHIBIT(s) 99.1 and 99.2 for the contents of the letters filed with the SEC.



3.15.2011

 
Former NSA, CIA Chief: Declassify Cyber Vulnerabilities from Kathy

 
Anonymous - Ex-Bank of America Employee Can Prove Mortgage Fraud Part 1



3.07.2011

 
Beware of scam calls from fake 'Microsoft' tech.

It's a few years old, but I just got a call tonight and judging from background noise, the call center was busy!
http://www.komonews.com/news/consumer/115490889.html



3.03.2011

 
Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery? from Walter



3.01.2011

 
"Self Healing" SSDs Challenge Traditional Forensics

 
MS11-011 Analysis and PoC





This page is powered by Blogger.


Site Meter Locations of visitors to this page