security

Forgive me if this isn't some major news flash, but let's document it for posterity anyway: University of California computer scientists have recently shown it's possible to carry out a bevy of hacks on electronic voting machines currently certified for use in the Golden State.

In reports released late last week, the researchers chronicle their five-week endeavor, at the request of California Secretary of State Debra Bowen, to exploit examine machines made by Hart InterCivic, Sequoia Voting Systems and Diebold. The same models are also in use in many other states, according to a database compiled by the Election Reform Information Project. … Read more

It was random, but out of several foreign researchers planning to attend the annual Black Hat security conference in Las Vegas this week, Thomas Dullien (better known as "Halvar Flake") was denied access at the border. Dullien happened to enter the United States amid heightened security among airport screeners at the Detroit airport. Dullien reportedly told Black Hat officials that as he was boarding the plane back to Germany, a screener mentioned Detroit was experiencing a crackdown following an episode earlier at that airport. That's the speculation on the day after Dullien's security class for the … Read more

Expanding on its consumer-software-as-a-service efforts, Trend Micro announced on Sunday SecureCloud for small and midsize businesses and the enterprise market. The idea is to provide clients with a range of services without requiring them to install software.

Services available include e-mail reputation, e-mail hosting, and botnet ID service. The latter will allow ISPs to filter command and control messages sent by customer's compromised machines. One feature on the site is an IP reputation search; type in an IP address and Trend Micro will tell you whether the address can be trusted.

At present only two servers in the U.… Read more

German researcher Thomas Dullien (better known as "Halvar Flake") says he was denied entry to the United States on Sunday because he was planning to attend the Black Hat security conference as a private citizen, and thus subject to H-1B visa regulations.

As Halvar Flake, Dullien previously attended or presented at the Black Hat USA conference over the last seven years and never had a problem, he wrote in a personal blog about Sunday's incident.

Dullien was scheduled to teach a training course called "Analyzing Software for Security Vulnerabilities" on Monday and Tuesday. Billed as … Read more

Earlier this week, security company Secunia released a beta version of a new, free tool that scans all of your installed applications and analyzes their security patch statuses. The Secunia Personal Software Inspector evaluates all of the installed programs on your computer and compares them to a list of over 4,200 software programs.

After the scan is complete, Secunia PSI will categorize each program as "Up-To-Date" (everything is OK), "Insecure" (you've got an outdated version), or "End-of-Life" (your version is no longer supported). The results table presents the name and version number of your install app; each--when clicked--takes you to a page that gives more information about that program.… Read more

Judging from recent events in Washington concerning peer-to-peer file-sharing software and allegations that it threatens national security, there's some doubt about Congressional competency in creating sound policy governing a technology they may not thoroughly understand. Following up on the scads of readers who responded to recent coverage of Senators seeming to blame security problems on P2P sites, CNET News.com editors decided it was time to get down to business and clarify the issue at hand, in case it wasn't plain enough: Is Congress really clueless about the relationship between P2P and national security?

CNET News.com writers Anne Broache and Declan McCullagh Wednesday produced a piece of Capitol Hill reporting whose central subject is a recent legislative gambit regarding peer-to-peer file-sharing applications.

"Politicians call peer-to-peer networks a 'national security threat' because they enable federal employees to accidentally share sensitive or classified documents."

The subject has been burning up blogwaves and comments sections all over the Web.

The general consensus among network geeks, security pundits and other observers seems to be that the U.S. Government should be way more cautious in their internal security practices and not try to pin the … Read more

My father's Motorola E815 from Verizon is suffering chronic SMS, or text message, spam. At first, the unwanted messages trickled in--religious messages with pictures of saints one time, pharmaceutical marketing another. Then the spam rate escalated. After one spammy text message yesterday and two this morning, Dad decided he wanted out.

"Out" in his case, and in the case of most North American mobile phone users, is as much about the phone bill as it is receiving unwanted texts. Service providers like Verizon and T-Mobile charge for inbound and outbound SMS activity, either per message, generally 10 cents to 15 cents per outgoing text message, or as part of a larger service, usually between $5 and $10 more per month depending on the plan. Data downloads cost extra too, so spam texts with image attachments ratchet up the bill. "This was becoming an expensive habit," says Dad.

The kicker, of course, is that it's not his habit.… Read more

An ad hoc group will be presenting the Annual Pwnies awards at this year's Black Hat. The categories include Best Server-Side Bug, Best Client-Side Bug, Mass 0wnage, Most Innovative Research, Lamest Vendor Response, Most Overhyped Bug, and, yes, Best Song. Nominations can be submitted by category here. Final judges include Dave G, Mark Dowd, Dino Dai Zovi, HD Moore, Dave Aitel, Halvar Flake, and Alexander Sotirov. The awards will be announced on Thursday, August 2, 2007.