It was random, but out of several foreign researchers planning to attend the annual Black Hat security conference in Las Vegas this week, Thomas Dullien (better known as "Halvar Flake") was denied access at the border. Dullien happened to enter the United States amid heightened security among airport screeners at the Detroit airport. Dullien reportedly told Black Hat officials that as he was boarding the plane back to Germany, a screener mentioned Detroit was experiencing a crackdown following an episode earlier at that airport. That's the speculation on the day after Dullien's security class for the … Read more
Expanding on its consumer-software-as-a-service efforts, Trend Micro announced on Sunday SecureCloud for small and midsize businesses and the enterprise market. The idea is to provide clients with a range of services without requiring them to install software.
Services available include e-mail reputation, e-mail hosting, and botnet ID service. The latter will allow ISPs to filter command and control messages sent by customer's compromised machines. One feature on the site is an IP reputation search; type in an IP address and Trend Micro will tell you whether the address can be trusted.
At present only two servers in the U.… Read more
German researcher Thomas Dullien (better known as "Halvar Flake") says he was denied entry to the United States on Sunday because he was planning to attend the Black Hat security conference as a private citizen, and thus subject to H-1B visa regulations.
As Halvar Flake, Dullien previously attended or presented at the Black Hat USA conference over the last seven years and never had a problem, he wrote in a personal blog about Sunday's incident.
Dullien was scheduled to teach a training course called "Analyzing Software for Security Vulnerabilities" on Monday and Tuesday. Billed as … Read more
Earlier this week, security company Secunia released a beta version of a new, free tool that scans all of your installed applications and analyzes their security patch statuses. The Secunia Personal Software Inspector evaluates all of the installed programs on your computer and compares them to a list of over 4,200 software programs.
After the scan is complete, Secunia PSI will categorize each program as "Up-To-Date" (everything is OK), "Insecure" (you've got an outdated version), or "End-of-Life" (your version is no longer supported). The results table presents the name and version number of your install app; each--when clicked--takes you to a page that gives more information about that program.… Read more
Judging from recent events in Washington concerning peer-to-peer file-sharing software and allegations that it threatens national security, there's some doubt about Congressional competency in creating sound policy governing a technology they may not thoroughly understand. Following up on the scads of readers who responded to recent coverage of Senators seeming to blame security problems on P2P sites, CNET News.com editors decided it was time to get down to business and clarify the issue at hand, in case it wasn't plain enough: Is Congress really clueless about the relationship between P2P and national security?
CNET News.com writers Anne Broache and Declan McCullagh Wednesday produced a piece of Capitol Hill reporting whose central subject is a recent legislative gambit regarding peer-to-peer file-sharing applications.
"Politicians call peer-to-peer networks a 'national security threat' because they enable federal employees to accidentally share sensitive or classified documents."
The subject has been burning up blogwaves and comments sections all over the Web.
The general consensus among network geeks, security pundits and other observers seems to be that the U.S. Government should be way more cautious in their internal security practices and not try to pin the … Read more
My father's Motorola E815 from Verizon is suffering chronic SMS, or text message, spam. At first, the unwanted messages trickled in--religious messages with pictures of saints one time, pharmaceutical marketing another. Then the spam rate escalated. After one spammy text message yesterday and two this morning, Dad decided he wanted out.
"Out" in his case, and in the case of most North American mobile phone users, is as much about the phone bill as it is receiving unwanted texts. Service providers like Verizon and T-Mobile charge for inbound and outbound SMS activity, either per message, generally 10 cents to 15 cents per outgoing text message, or as part of a larger service, usually between $5 and $10 more per month depending on the plan. Data downloads cost extra too, so spam texts with image attachments ratchet up the bill. "This was becoming an expensive habit," says Dad.
The kicker, of course, is that it's not his habit.… Read more
An ad hoc group will be presenting the Annual Pwnies awards at this year's Black Hat. The categories include Best Server-Side Bug, Best Client-Side Bug, Mass 0wnage, Most Innovative Research, Lamest Vendor Response, Most Overhyped Bug, and, yes, Best Song. Nominations can be submitted by category here. Final judges include Dave G, Mark Dowd, Dino Dai Zovi, HD Moore, Dave Aitel, Halvar Flake, and Alexander Sotirov. The awards will be announced on Thursday, August 2, 2007.
Criticism from Mac users and other security researchers was almost immediate, with the former focusing on crude insults and the latter concentrating on InfoSec's refusal to identify himself or herself, or prove that the worm existed.
Oh, no, you dih-unt!
The latter group questioned InfoSec's motives and the veracity of his or her claims.
And the former group said "Poopy ka-ka boobies monkey butt!"
"Let's see this worm deliver a … Read more
Researchers at Independent Security Evaluators have announced at least two exploits that take advantage of the way the Apple iPhone opens a specially crafted Web page in Safari. Exact details of the vulnerability exploited will have to wait until a presentation at the end of next week's Black Hat conference in Las Vegas. However, some general information has been offered here.
In a preliminary draft of the Black Hat presentation, ISE researchers Charlie Miller, Jake Honoroff, and Joshua Mason note that there are "serious problems with the design and implementation of security on the iPhone," and they … Read more