Top 20 of the Last 2 Weeks
|
10 IT Problems You Might Not Know You Have
Posted by l33tdawg on Thursday, May 15, 2008 - 02:52 AM (Reads: 1724)
|
Source: eWeek
From overly chatty WLAN systems to IT consultant shenanigans, some of the worst IT problems facing companies are the ones they don't know they have.
There's no shortage of tough problems that jump right in the faces of IT administrators, but some of the worst IT problems facing companies are the ones they don't know they have. In this story, eWEEK Labs identifies 10 cost- and productivity-robbing problems that might be lurking in your infrastructure and offers IT admins guidance on how to overcome them before it's too late.
[   ]
| |
Which IT security skills are most important?
Posted by l33tdawg on Thursday, May 15, 2008 - 02:52 AM (Reads: 402)
| |
Source: Computer World (Australia)
I often hear from IT executives that it is hard to recruit and retain "good security people." Many lament the shortage of skills in this area and cannot reconcile the skills offered with the positions that need to be filled. Is there really a shortage of good security people? Or just a mismatch in the skills and the jobs?
We've spent a few recent editions of this column looking at security from an operational perspective and a risk-management perspective. From that perspective, there are two types of security skills that might be needed in a company: tactical security operations and strategic risk management. Unfortunately, many companies don't do a good job of separating the two and end up asking people to do both. The two skill sets are rarely found in one person. Worse, asking someone with a strategic risk mind-set to do operational security, or vice versa, often leads to job dissatisfaction and eventually resignation.
[ ]
| |
Taking your laptop into the US? Be sure to hide all your data first
Posted by l33tdawg on Thursday, May 15, 2008 - 02:51 AM (Reads: 726)
|
Source: guardian.co.uk
L33tdawg: It's for reasons like this that I haven't gone to the US in over 14 years.
Last month a US court ruled that border agents can search your laptop, or any other electronic device, when you're entering the country. They can take your computer and download its entire contents, or keep it for several days. Customs and Border Patrol has not published any rules regarding this practice, and I and others have written a letter to Congress urging it to investigate and regulate this practice.
But the US is not alone. British customs agents search laptops for pornography. And there are reports on the internet of this sort of thing happening at other borders, too. You might not like it, but it's a fact. So how do you protect yourself?
Encrypting your entire hard drive, something you should certainly do for security in case your computer is lost or stolen, won't work here. The border agent is likely to start this whole process with a "please type in your password". Of course you can refuse, but the agent can search you further, detain you longer, refuse you entry into the country and otherwise ruin your day.
[ ]
| |
British Gas to sue Accenture for GBP182 million
Posted by l33tdawg on Thursday, May 15, 2008 - 02:50 AM (Reads: 178)
|
Source: CBR Online
British Gas is planning to sue Accenture, the information technology service provider, which developed its household billing system, for GBP182 million, to cover the loss the gas company had to suffer in a customer service mess, reported The Irish Examiner.
According to Centrica-owned British Gas (BG), the billing system developed by the IT firm, which reportedly cost British Gas a total of GBP300 million to design, had errors that disrupted the company's customer service operations. BG reportedly employed additional staff to resolve the problems.
"In 2001 BG employed Accenture to undertake the design and implementation of a new customer billing system. However, when this new system was rolled out during 2006-07 it became apparent that there were problems with the system which severely impacted on BG's customer service operations," BG was quoted as saying in a statement.
[ ]
| |
RIAA reveals how it tracks college file sharing
Posted by l33tdawg on Thursday, May 15, 2008 - 02:49 AM (Reads: 304)
|
Source: CNet News
A painstaking examination of how the RIAA goes about its business hunting down file sharers on college campuses is available online.
The Chronicle of Higher Education visited the offices of the Recording Industry Association of America and got a demonstration.
The RIAA employee, who declined to give his or her name for fear of receiving hate mail, said the organization has hired online copyright enforcer MediaSentry to do most of the heavy lifting. MediaSentry writes scripts to automatically hunt for the names of copyright songs and locate the IP addresses of computers sharing files, and forwards the information to the RIAA.
[ ]
| |
VeriSign wins patent for Internet typo redirection
Posted by l33tdawg on Thursday, May 15, 2008 - 02:48 AM (Reads: 143)
| |
Source: Washington Post (Blog)
The company that runs many of the Internet's core directory systems has won a patent for its controversial service that helps Internet users find sites even when they mistype addresses.
VeriSign Inc. said it has no intentions of resurrecting the Site Finder service, but it declined further comment on its plans for the patent, including bloggers' speculation that it could now demand licensing fees from EarthLink Inc. and other companies that have since started similar efforts.
Normally, when you mistype a Web address, perhaps switching two letters, a generic error message often appears.
[ ]
| |
Six factors that will decide the fate of Silverlight
Posted by l33tdawg on Thursday, May 15, 2008 - 02:47 AM (Reads: 173)
|
Source: Computer World (Australia)
Since the public release of its earliest version last year, Silverlight has been touted as Microsoft's Flash killer. This relatively new Web development platform aims to challenge Adobe's venerable Flash (and associated Flex development tools) in the online multimedia space.
Its first version was a little rough, experts say, but the beta of Silverlight 2 (released in March) shows that Microsoft could indeed have a shot at challenging Adobe Systems' hugely popular Web media platform. But adoption of Silverlight by developers or end users has yet to take off. Realistically, it's going to take more than Silverlight being able to overcome, or to simply match, the technology of Flash, according to many observers.
[ ]
| |
Ericsson and Dell connect on HSPA in next-generation laptops
Posted by l33tdawg on Thursday, May 15, 2008 - 02:46 AM (Reads: 143)
| |
Source: CBR Online
Ericsson and Dell have teamed up to ensure international travelers can stay connected with Dell's next-generation laptops that will support seamless roaming on tri-band high-speed packet access mobile broadband networks.
Dell will offer built-in HSPA mobile broadband modules from Ericsson beginning in Q2 2008.
Ericsson's mobile broadband modules provide the end user with a simple and cost effective solution for broadband access while on-the-go. Seamlessly integrated with and optimized to work within the notebook, the built-in mobile broadband module provides better downloading and uploading performance and takes less power from the battery. The module also has a GPS receiver, to be used together with positioning applications.
[ ]
| |
Zeus trojan kit allows non-tech criminals to rent-a-botnet
Posted by l33tdawg on Thursday, May 15, 2008 - 02:45 AM (Reads: 201)
|
Source: Computer World
Online fraudsters that aren't highly skilled in the arts of cyber crime can now rent a service that offers an all-in-one hosting server with a built-in Zeus trojan administration panel and infecting tools, allowing them to create their own botnet.
EMC's security division, the RSA Anti-Fraud Command Centre (AFCC), cited an increase in the use of the Zeus trojan in attacks against financial institutions in its April online fraud report, claiming the trojan is "extremely user friendly and easy to operate".
"Fraudsters who execute Zeus attacks simply need to take control of a compromised server or have their own back-end servers; once they have a server in place, they merely need to install the Zeus administration panel, create a user name and password, and start launching their attacks," the report stated.
[ ]
| |
'Ban Facebook' Say IT Managers
Posted by l33tdawg on Thursday, May 15, 2008 - 02:44 AM (Reads: 239)
| |
Source: BIOS Magazine
A new survey and more scaremongering. More than 250 network and security managers in UK companies revealed strong consensus that Facebook and similar Web 2.0 social networking applications should be banned from the corporate environment.
The survey was commissioned by troublemakers Blue Coat Systems and was conducted by independent research company, Rapid Research.
The participants included 147 security managers and 109 network managers, and 74% of security managers and 71% of network managers recommended that Web 2.0 social networking applications like Facebook be banned from the workplace. The survey was designed to compare and contrast attitudes between security and network managers on a variety of issues.
[ ]
| |
Google kids have grown up, says Schmidt
Posted by l33tdawg on Thursday, May 15, 2008 - 02:44 AM (Reads: 140)
| |
Source: NZ Herald
It's official: the guys who founded Google are grown up.
That was the pronouncement from Google Chief Executive Eric Schmidt, who was hired in 2001 to provide mature, traditional business savvy to the internet search company founded by whiz kids Larry Page and Sergey Brin.
"The boys have grown up," Schmidt told a news conference ahead of the wildly successful company's annual meeting. Now billionaires, the two who formed the company, which has the motto "Don't Be Evil," were seen as "brilliant young founders," Schmidt said.
[ ]
| |
Linux desktop to appear on every Asus motherboard
Posted by l33tdawg on Thursday, May 15, 2008 - 02:36 AM (Reads: 153)
|
Source: Geek.com
We first heard about Splashtop back in October, when the instant-on Linux desktop was announced. At the time it was a really exciting concept–and it still is–but Asus only rolled out the technology on high-end motherboards like the P5E3 Deluxe/WiFi-AP. So if you wanted to drop $300 on a motherboard you could get Express Gate (Asus-branded Splashtop), but everyone else was left out in the cold. Despite lots of initial interest, we have not heard a lot about Splashtop since then.
DeviceVM, the makers of Splashtop, just made a big announcement though. Their technology will no longer be restricted to the top-shelf motherboards and will see a much wider release. At first it will be featured on Asus’ P5Q (high-efficiency design, Intel P45 chipset) family of motherboards, starting with the P5Q Deluxe, P5Q-WS, P5Q3 Deluxe, and P5Q-E. Later Splashtop will be featured on all the company’s motherboards, over a million units a month.
[ ]
| |
Intel Germany executive reportedly confirms Atom-based iPhone
Posted by l33tdawg on Thursday, May 15, 2008 - 02:36 AM (Reads: 142)
|
Source: CNet News
In what might be a high-profile case of career suicide, an Intel Germany executive has reportedly confirmed that Apple plans to use Intel's Atom processor in a future iPhone.
The report, from our sister site ZDNet.de, is in German. I don't speak German. Google's translation service says "As part of an Intel-Events for the 40th Birthday semiconductor company BMW in Munich, Germany-World's managing director Hannes Schwaderer today confirms what has long been a rumor on the Internet kursierte: namely, that there is an iPhone with Intel's new nuclear-chip type." Atom, in the German version, is spelled the same way as the English word, so I think it's safe to assume that "nuclear-chip type" means Intel's Atom processor. I sent an e-mail to the author of the report hoping to get an official English translation.
[ ]
| |
MySpace Wins $225 Million Spam Judgment
Posted by l33tdawg on Thursday, May 15, 2008 - 02:33 AM (Reads: 121)
| |
Source: Information Week
A federal judge in Los Angeles on this week awarded MySpace more than $225 million in its lawsuit against "Spam King" Sanford Wallace and his business partner Walter Rines.
Judge Audrey B. Collins of United States District Court in the Central District of California ruled in MySpace's favor on Monday after the two men failed to show up in court, according to MySpace. The judge's ruling also enjoins Wallace and Rines from accessing MySpace or encouraging others to do so.
"MySpace has zero tolerance for those who attempt to act illegally on our site," said Hemanshu Nigam, chief security officer of MySpace, in an e-mailed statement. "The Federal District Court in Los Angeles awarded MySpace $223,777,500 under the federal CAN-SPAM Act and $1,500,000 under the California anti-phishing statute. User engagement is up 32 percent year over year while spam is significantly decreasing, proving efforts like this are working. "
[ ]
| |
Defacement of Indian government sites on rise
Posted by l33tdawg on Thursday, May 15, 2008 - 02:30 AM (Reads: 132)
| |
Source: Merinews
INDIAN CYBERSPACE is under tremendous threat of cyber hackers and cyber criminals. As per Computer Emergency Response Team India (CERT-In), which is a referral agency to report computer security incidents in the country, a total of 612 Indian websites have been defaced during March 2008.
Though the commercial sectors are the sectors having maximum (85 per cent of total defacement in commercial sector) incidents of defacement of government sites, which usually have critical information pertaining to security of the country, are on continuous rise. Recently, Defence Research and development Organisation (DRDO) site was used to distribute malware.
[ ]
| |
Popular Game Grand Theft Auto IV Hit By Hackers
Posted by l33tdawg on Thursday, May 15, 2008 - 02:28 AM (Reads: 169)
|
Source: Security Pro Portal
Computer hackers have targeted Grand Theft Auto IV to spread destructive viruses across the world wide web, a leading software security expert revealed today.
The cyber criminals are tempting fans by illegally offering free downloads for bogus versions of the hit game for their PCs.
One specialist detected “Trojan” viruses aimed at the game, which sold six million copies in its first week, within two minutes of logging on.
John Safa, chief technical officer of software security company DriveSentry, said: “People are exploiting the popularity of Grand Theft Auto IV in a way which could bring mayhem to the internet.
[ ]
| |
KSA Ranks First in EMEA for Malicious Activity
Posted by l33tdawg on Thursday, May 15, 2008 - 02:26 AM (Reads: 116)
| |
Source: PC Mag (Mid East)
Symantec has released its global Internet Security Threat Report (ISTR) and the statistics for the Middle East show a growing trend in attacks and malicious activity. ISTR 13 shows the Kingdom of Saudi Arabia (KSA) has overtaken the United Arab Emirates (UAE) to take top spot in Europe, Middle East and Africa for malicious activity per broadband subscriber for the second half of 2007, with 33 percent. The Kingdom now ranks 32nd in the world, up a phenomenal 28 places from June 2007.
“In Saudi Arabia, there are over 22 ISPs as a result of deregulation. The increased investment in telecommunications infrastructure, together with a rise in the number of ‘Internet-enabled’ businesses and users, has made the Kingdom an attractive target for attackers and malware infections. This has indirectly brought about a surge in malicious activity, a trend we see globally,” said Kevin Isaac, the Regional Director at Symantec MENA. “Additionally, people are encouraged to use the Internet in KSA especially through education programmes, and there is tremendous interest in online trading and e-government initiatives. The volume of new users on the Internet is therefore increasing very rapidly, which leads to the need for greater online safety education and stronger security practices amongst business and users alike”.
[ ]
| |
MI6 holds IT staff recruitment drive
Posted by l33tdawg on Thursday, May 15, 2008 - 02:25 AM (Reads: 158)
| |
Source: computing.co.uk
L33tdawg: I wonder if it's fun to work for MI6 - it sure sounds pretty cool :)
The British Secret Intelligence Service (SIS) is looking for IT skills to securely store and distribute information vital to the security of the country.
The department, also known as MI6, is responsible for protecting the UK’s interests overseas, and is advertising for a range of IT staff roles at different career levels.
Electronic protection is a major part of the SIS’s operations, according to the service’s web site.
“We ensure the security and effectiveness of an international communications network operating in nearly every country in the world. In addition, we make sure that all intelligence is stored in a way that optimises its usefulness and guarantees its impregnability,” says the site.
[ ]
| |
Microsoft customers warned of security breaches
Posted by l33tdawg on Thursday, May 15, 2008 - 02:24 AM (Reads: 154)
| |
Source: ihotdesk
An IT security specialist has warned Apple Mac and Windows users of potential security holes in Microsoft software.
Vulnerabilities can be found in Mac and Windows versions of MS Office and could be exploited by hackers to gain remote control over a user's computer or install malicious code, according to industry experts at Sophos.
Graham Cluley, senior technology consultant at the firm, said that customers should make use of patching technology developed by Microsoft to deal with the flaws.
"As internet criminals become more organised and financially motivated, it is more important than ever to ensure that your business is properly defended with the latest patches," he added.
[ ]
| |
Hackers Focusing On VoIP Accounts
Posted by l33tdawg on Thursday, May 15, 2008 - 02:23 AM (Reads: 157)
| |
Source: Web Pro News
ackers are in the early stages of targeting voice-over IP telephony accounts according to one VoIP equipment maker.
Private information, including usernames and passwords from VoIP phone accounts are being sold online for more than stolen credit cards Newport Networks says. The information lets hackers use the telephone service for free.
Stealing usernames and passwords when a call is made is a troubling trend to Dave Gladwin, vice president of products at Newport Networks. "It is still at an embryonic stage but as voice adoption increases it becomes more of a problem and needs addressing," Gladwin told the BBC. The information is encoded but can be "easily captured and unobscured," said Gladwin.
[ ]
| |
|
Last 15 Postings to HITB Forum
Packet Storm Security Latest
· ZDI-08-025.txtA vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials.
· ZDI-08-024.txtA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user.
· sunshop-blindsql.txtSunShop version 3.5.1 remote blind SQL injection exploit.
· aid-051408.ascAruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity.
· altiris.pdfWhitepaper discussing privilege escalation vulnerability in the Symantec Altiris Deployment Solution.
· 68classifieds-sql.txt68 Classifieds version 4.0 suffers from a SQL injection vulnerability in category.php.
· newsmanager-rfisql.txtNewsmanager version 2.09 suffers from remote file inclusion, remote file disclosure, SQL injection, and permission bypass vulnerabilities.
· kostenloses-sql.txtKostenloses Linkmanagementscript suffers from multiple SQL injection vulnerabilities.
Topics
· All topics
· AMD News (May 07, 2008)
· Apple News (May 15, 2008)
· Articles (Feb 13, 2006)
· Ask Us (Feb 01, 2003)
· Audio/Video (May 07, 2008)
· Encryption (May 08, 2008)
· Games (May 15, 2008)
· Hardware (May 10, 2008)
· HITB News (Dec 03, 2007)
· Industry News (May 15, 2008)
· Intel News (Apr 29, 2008)
· Law and Order (May 15, 2008)
· Linux (May 15, 2008)
· Microsoft (May 15, 2008)
· Networking (May 13, 2008)
· PDAs (Feb 09, 2007)
· Privacy (May 15, 2008)
· Red Hat (May 13, 2008)
· Science (Apr 28, 2008)
· Security (May 15, 2008)
· Software & Programming (May 12, 2008)
· Spam (May 12, 2008)
· Technology (May 15, 2008)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (May 13, 2008)
· Wireless (May 01, 2008)
Latest Advisories from Xatrix
|
Re: folder synch