Security News

Judge dismisses everyone-a-hacker case

Proof-of-concept code for a new Microsoft zero-day stack overflow vulnerability was posted Monday on exploit repository Milw0rm. The exploit is present in the file transfer protocol (FTP) module in Microsoft Internet Information Server (IIS) 5.0 and 6.0, the SANS Internet Storm Center said in a blog post Monday. A Microsoft spokeswoman told SCMagazineUS.com that the company is investigating the vulnerability but is not aware of any in-the-wild exploits.

A revision to the Cybersecurity Act of 2009, the Rockefeller-Snowe draft bill in Congress, has drawn criticism because of concerns that it would give the president power to shut down the internet.

Once again it’s time to clean out my cache of tabs in Firefox.  I’ve found that open and closing tabs as much as I do hastens the memory leaks in Firefox.  Or at least my perception of them.  So it’s a good time to capture in a blog post the articles that I’ve found most interesting in the last week and restart Firefox to recapture that memory.  Now if only I had a way to do the same for myself.

Monday morning reading:

• How hackers snatch real-time security ID numbers – Whatever one man can secure, another man can break into.  I find it interesting that we’re starting to name virus techniques, since the viruses themselves have become so modular.
• Capability and maturity model creation in information security – Mike Dahn has written a guest post for IT Compliance Advisor.  He suggests that we have two main issues with reaching compliance and a real maturity model is needed to attain and maintain compliance.  Great article.
• ‘The Analyzer’ pleads guilty in $10 million bank hacking case – Sometimes they actually catch and prosecute the bad guys.  Not as often as we’d like, but I think it’s increasing in frequency.  
• Introducing Amazon Virtual Private Cloud (VPC) – I’m still deciphering the complexity of this but it seems the big selling point seems to be the establishment of a VPN connection and a private IP space.  Chris Hoff has always has a good dissection of this type of cloud computing news.
• Social network privacy study finds identity link to cookies – You mean we’re being tracked by our social networks?  
• Twitter XSS vulnerability not yet fixed – I’m not sure expecting Twitter to wave a magic wand and fix a major bug immediately is fair or realistic.  But it needs to get fixed quickly none the less.

Called the first wiretap Trojan, Peskyspy, targets Skype conversations by intercepting and recording audio between the Skype application and the victim’s audio device.

A package sent to a credit union last week containing supposedly malicious CD-ROMs prompted a fraud alert from the National Credit Union Administration, but it was actually part of a penetration test.

The new anti-virus feature in Snow Leopard could entice cybercriminals to create more Mac malware, say security firms.

Cybercriminals are targeting users interested in learning information about the ongoing wildfires raging in California’s Angeles National Forest, Panda Security has warned. In one trial. searches for “angeles crest fire” yielded a malicious link as the third most relevant search result. If clicked, a fake system scan is displayed, aiming to trick users into thinking their computer is infected and offering to download a rogue anti-virus product. — AM

A recent report has concluded that the London’s surveillance cameras have solved one crime per thousand cameras per year. David Davis MP, the former shadow home secretary, said: “It should provoke a long overdue rethink on where the crime prevention budget is being spent.” He added: “CCTV leads to massive expense and minimum effectiveness. “It creates a huge intrusion on…