Thursday, Swedish computer security consultant Dan Egerstad posted online the usernames, passwords and server addresses necessary to access up to 100 e-mail accounts worldwide. He says he used an unnamed vulnerability to obtain the usernames and passwords for up to 1,000 e-mail accounts of government employees around the world. Egerstad also said he's found information for accounts belonging to major U.S. and U.K. corporations. He has not used the information himself.
The chances of your flight being hit by a shoulder-fired, laser-guided missile are good enough that the Department of Homeland Security (DHS) has spent more than $100 million looking into ways to prevent it.
Defense contractor Northrop Grumman just completed 6,000 hours of in-flight testing on its Guardian directed infrared countermeasures (DIRCM) system, all part of the DHS initiative to adapt existing military technology to protect commercial aircraft from attack by surface-to-air-missiles (SAM) similar to the U.S.-made Stinger.
The DIRCM system works by first detecting the attack, then directing an invisible, eye-safe laser to the homing/seeker … Read more
Patrick Manzo, Monster Worldwide's vice president of compliance and fraud prevention, today said going forward, the company is notifying all users in its active job-seeker database that their information may be compromised.
This announcement comes one day after Monster's CEO Sal Iannuzzi admitted the theft of contact information for job seekers in Monster's database may have been much greater than the 1.3 million individuals reported earlier this month.
Monster said it learned of the proverbial break-in when it was notified by security vendor Symantec. And Monster said it wanted to launch its own investigation to verify … Read more
Got Yahoo Messenger? Hit refresh.
Yahoo on Thursday issued a patch for a highly critical security flaw, just a week after it issued another Yahoo IM security update.
In this latest case, a security flaw was discovered in the ActiveX control, which is part of the Yahoo services suite that is typically downloaded with the Yahoo Messenger installer. The vulnerability could be exploited if a user visits a malicious Web site, which in turn could lead to a buffer overflow attack and launch of arbitrary executable code.
Not a good thing.
Little green men? Roswell, N.M.? Nope. This invasion is centered on Cisco Monitoring Analysis and Response System (MARS). Cisco MARS (formerly Protego) is a hybrid event management and network behavior analysis product that monitors network/security devices and network traffic, looking for anomalous activities and ongoing security events.
Cisco is one of dozens of vendors who play in this networking/security management nexus. The competitors are not slouches; the list includes a few recognizable companies such as EMC, IBM and Symantec. Even the "start-ups" in this space are pretty mature. ArcSight, Arbor Networks, Mazu Networks and SourceFire … Read more
I'm sure somebody out there loves William Lerach. Maybe he's got a cat or dog that likes to snuggle up on cold evenings. But this 61-year-old securities lawyer will be remembered as the lawyer Silicon Valley most detested, bar none.
Lerach became a media celebrity in the 1990s when he was filing a myriad of securities class action lawsuits. Tech companies, whose stocks were especially volatile during the go-go days during the Internet Bubble, were a favorite target.
So it was you can imagine the collective high fives going up all across the computer industry late Tuesday when … Read more
In a paper released today (click for PDF), Neal Krawetz of Hacker Factor Solutions looks at the probable causes behind recent large-scale data thefts at TJX, OfficeMax and other retail stores. He concludes that "point-of-sale terminals and branch servers store credit card information in ways that are no longer secure enough."
Although Krawetz's paper doesn't reveal any new exploits against point-of-sale (POS) systems, he does fault practices still being used by various vendors. In an e-mail to CNET News.com, Krawetz wrote: "I believe that the vulnerabilities behind the January 2006 compromise of a Fujitsu … Read more
You're never too young or old to become a download fanatic--or a victim of online threats (just lay your peepers on our security glossary for an unsavory taste of what's out there.)
Some seniors, like my octogenarian grandma, keep their computer use simple with one trusty program that fulfills a basic need, minus extra frills. Others go wild with downloads and customizations for their desktop and browser. Find out how the 71-year-old dame of this week's Spyware Horror Story got her system into a pickle and how her neighbor's friend tried to pull her out in … Read more
On Tuesday, Yahoo released an updated version of Yahoo Messenger, designed to patch a vulnerability in the Webcam feature first exploited last week.
The China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. After opening an invitation, a remote attacker could execute malicious code on a compromised machine.
Users who downloaded or had installed Yahoo Messenger prior to August 21 should update to the latest version, Yahoo Messenger version 18.104.22.1686.