2010 ACM Cloud Computing Security (CCSW) - submission site is open

2010 ACM Cloud Computing Security (CCSW) - submission site is open

2010 ACM Cloud Computing Security (CCSW) - submission site is open

Posted:

InfoSec News: 2010 ACM Cloud Computing Security (CCSW) - submission site is open: Forwarded from: Radu Sion <noreply (at) moon.crypto.cs.stonybrook.edu>
2010 ACM Cloud Computing Security Workshop (CCSW) at CCS
9 October 2010, Hyatt Regency Chicago http://crypto.cs.stonybrook.edu/ccsw10
Dear Colleagues,
The CCSW submission website is up! [...]

State Department Anxious About Possible Leak of Cables to Wikileaks

Posted:

InfoSec News: State Department Anxious About Possible Leak of Cables to Wikileaks: http://www.wired.com/threatlevel/2010/06/state-department-anxious/
By Kim Zetter and Kevin Poulsen Threat Level Wired.com June 8, 2010
The State Department and personnel at U.S. embassies around the world are reportedly waiting anxiously to find out if an Army intelligence [...]

Political firm fears sheikh's files were hacked

Posted:

InfoSec News: Political firm fears sheikh's files were hacked: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/06/07/MNIU1DQ1PL.DTL
By Carla Marinucci San Francisco Chronicle Chronicle Political Writer June 8, 2010
In a mysterious case of cyber-espionage, a leading California political consulting firm has asked U.S. [...]

Military leaders warn of NK cyber attack

Posted:

InfoSec News: Military leaders warn of NK cyber attack: http://www.koreatimes.co.kr/www/news/nation/2010/06/113_67314.html
By Jung Sung-ki Staff reporter Korea Times 06-08-2010
Military leaders called North Korea's cyber threat "real," Tuesday, and said there was a high possibility it will conduct an attack on South [...]

After Google hack, warnings pop up in SEC filings

Posted:

InfoSec News: After Google hack, warnings pop up in SEC filings: http://www.computerworld.com/s/article/9177845/After_Google_hack_warnings_pop_up_in_SEC_filings
By Robert McMillan IDG News Service June 8, 2010
Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their [...]

China faces increasing computer crimes: white paper

Posted:

InfoSec News: China faces increasing computer crimes: white paper: http://news.xinhuanet.com/english2010/china/2010-06/08/c_13339116.htm
English.news.cn 2010-06-08
BEIJING, June 8 (Xinhua) -- Computer crimes in China have been increasing in recent years, said a white paper titled "The Internet in China" issued on Tuesday. [...]

Microsoft Patches IE Flaw Used In Attack That Bypassed Its Built-In Security Controls

Posted:

InfoSec News: Microsoft Patches IE Flaw Used In Attack That Bypassed Its Built-In Security Controls: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225500033
By Kelly Jackson Higgins DarkReading June 08, 2010
Among the 10 patches fixing 34 vulnerabilities that were released today by Microsoft is one that repairs a major hole in Internet Explorer that was used to help bypass the built-in security features in Windows 7 and Internet Explorer 8.
The memory corruption flaw, which was discovered and used by a Dutch researcher to win $10,000 in the March Pwn2Own hacking contest at the CanSecWest conference, was exploited along with another stage of attack on IE 8 to bypass Microsoft's much-lauded anti-exploit features, Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
Peter Vreugdenhil, the researcher who discovered the bug, didn't reveal the actual vulnerability he exploited in his hack, so Microsoft's MS10-035 security update today was the first time the nature of the flaw was made public: The memory corruption vulnerability could allow an attacker to take over the victim's machine due to the way IE tries to access incorrectly initialized memory. That memory can be corrupted by an attacker such that he can execute code on the logged-on user's machine.
Aaron Portnoy, manager of security research for HP TippingPoint, which sponsors the Pwn2Own contest, says this bug was at the heart of the Pwn2Own hack. "This was the crux of actually exploiting something -- this is the one that triggers memory corruption in IE," Portnoy says. "The other [part of the attack] was more for bypassing ASLR and DEP."
[...]

Crooks siphon $644,000 from school district's bank account

Posted:

InfoSec News: Crooks siphon $644,000 from school district's bank account: http://www.theregister.co.uk/2010/06/07/electronic_account_raided/
By Dan Goodin in San Francisco The Register 7th June 2010
New York City's Department of Education was defrauded out of more than $644,000 by hackers who targeted an electronic bank account used to [...]

Researchers: Poor password practices hurt security for all

Posted:

InfoSec News: Researchers: Poor password practices hurt security for all: http://www.computerworld.com/s/article/9177780/Researchers_Poor_password_practices_hurt_security_for_all
By Elizabeth Heichler IDG News Service June 7, 2010
A large-scale study of password-protected Web sites revealed a lack of standards across the industry that harms end-user security, according to two researchers working at the University of Cambridge in England.
In particular, the weak implementations of password-based authentication at lower-security sites compromises the protections offered at higher-security sites because individuals often re-use passwords, Joseph Bonneau and Soren Preibusch asserted in a paper presented at the Workshop on the Economics of Information Security in Cambridge, Mass., Monday.
Attackers can use low-security Web sites such as news outlets to figure out passwords associated with certain e-mail addresses, and then use those passwords to access accounts at higher-security sites such as e-commerce vendors, Bonneau said.
In an effort that the researchers said is the largest empirical investigation into password implementations to date, they collected data from 150 Web sites and found widespread "questionable design choices, inconsistencies, and indisputable mistakes," according to Bonneau and Preibusch.
[...]

Congress just doesn't see cybersecurity's sex appeal

Posted:

InfoSec News: Congress just doesn't see cybersecurity's sex appeal: http://fcw.com/articles/2010/06/07/cybereye-administration-acts.aspx
By William Jackson FCW.com June 07, 2010
At last count, there were more than 40 bills, resolutions and amendments dealing with cybersecurity pending in the House and Senate. They offer [...]

[Dataloss Weekly Summary] Week of Sunday, May 30, 2010

Posted:

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, May 30, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 30, 2010
20 Incidents Added.
======================================================================== [...]

Banks dragged into Google row

Posted:

InfoSec News: Banks dragged into Google row: http://www.mis-asia.com/news/articles/banks-dragged-into-google-row
By Julian Bajkowski MIS Fin Rev 08 Jun 2010
AUSTRALIA - Australia's retail banks have been dragged into a brawl between Communications Minister Stephen Conroy and Google over the [...]

Police website shut amid hacker fears

Posted:

InfoSec News: Police website shut amid hacker fears: http://www.heraldscotland.com/news/crime-courts/police-website-shut-amid-hacker-fears-1.1033505
By Helen McArdle Herald Scotland 8 Jun 2010
Strathclyde Police was forced to close down its website last night amid fears it had come under attack from Chinese hackers. [...]

Career Bobs

Posted by Rohan ingale at 1:12 AM

0 comments:

Post a Comment