05/09/2008 | Gmail can be used as "Spam Bazooka"INSERT, the Information Security Research Team, has sucessfully created a proof of concept exploiting the "trust hierarchy" that exists between mail service providers. Taking advantage of the way Gmail forwards messages, the team was able to send 4000 messages in a short period of time from a single account...more info
|
05/09/2008 | News to know: Office 2007 SP1; Microsoft security; KVM vs. Xen; AMDNotable headlines: Mary Jo Foley: Mark your calendars: Microsoft to push Office 2007 SP1 on June 16 EIC podcast: SAP; JavaOne; AMD, Microhoo Larry Dignan: Microsoft previews three critical bulletins; two for Office Mary Jo Foley: Microsoft shares...more info
|
05/08/2008 | Microsoft shares more IE8 security detailsWhen Microsoft officials released a first test build of Internet Explorer (IE) 8 back in March, they said they were intentionally refraining from talking specifics about new security features and functionality that would be part of the next browser release. In the past few weeks, however, Microsoft...more info
|
05/08/2008 | Microsoft previews three critical bulletins; two for OfficeMicrosoft on Thursday previewed three critical bulletins for Microsoft Office and Windows and a moderate denial of service vulnerability for the company's security software. According to Microsoft's advance notification, the software giant will address the following in its Patch Tuesday update May 13: A...more info
|
05/08/2008 | Brewster Kahle offers a cookbook for fighting security lettersJust talked to Brewster Kahle at the Internet Archive about their successful settlement with the FBI of a lawsuit over a National Security Letter. The FBI had demanded personal information on a user; the Archive replied with a lawsuit challenging the propriety of the NSL. As part of the settlement,...more info
|
05/08/2008 | Google offers enterprise web securityPostini, a company acquired by Google, is now offering enterprise web security. All traffic is routed through Google, and they take care of making sure traffic meets your corporate policies. The interesting part of all this though is how it secures computers, even when they aren't in the...more info
|
05/08/2008 | Facebook reaches safety plan with statesFacebook has joined MySpace and inked a deal with 49 state attorneys general on a safety plan. Texas was the lone holdout. News.com's Caroline McCarthy reports: "We've agreed with 49 states and the District of Columbia to set up principles around Internet safety," Facebook...more info
|
05/08/2008 | Malware shipped with Firefox 2 language packMozilla is warning that a Vietnamese language pack for Firefox 2 is carrying malware. In her blog, Mozilla security chief Window Snyder writes: The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection,...more info
|
05/08/2008 | iTunes FairPlay DRM - Protecting artists and labels, or helping Apple sell more iPods?One day, two emails, two very different viewpoints: Email #1: "DRM on songs sold through iTunes is a necessary evil, there to protect artists and the labels from piracy." Email #2: "Apple's FairPlay DRM is nothing more than a tool that locks you into buying iPods...more info
|
05/08/2008 | Mozilla spreads malware rather than securityVietnamese users turning to Mozilla's Firefox to offer then security got a shock yesterday when the company revealed that the Vietnamese language pack for Firefox 2 was contaminated with malicious code and that this had been available for download for three months. Because of a virus infection, the Vietnamese...more info
|
05/06/2008 | Hot off the wire: Windows XP SP3 available from Windows UpdateFrom Paul Miller at Engadget: "At last the moment you've been waiting for. Microsoft wants to hit your version of Windows with an update, and this time you don't have to go rummaging around the internet to find it: just fire up Windows Update and let Microsoft do all...more info
|
05/06/2008 | Microsoft releases Windows XP SP3 to Windows Update and Microsoft Download CenterFollowing last week's delay, Microsoft finally releases Windows XP SP3 to Windows Update and Microsoft Download Center. As to the issues last week relating to Microsoft Dynamics RMS, here's what a Microsoft spokesperson had to say: Following last week's discovery of a compatibility issue between both...more info
|
05/06/2008 | XP SP3: Now on Windows UpdateA week after deciding not to release Windows XP Service Pack (SP) 3 via Windows Update and the Microsoft Download site as planned, Microsoft has begun pushing the collection of updates and fixes through those channels again. On May 6, Microsoft both released officially SP3 and resumed...more info
|
05/06/2008 | House of Hackers social community opens upPDP, the leader of the Gnucitizen White Hat Hacker outfit announced the opening of the House of Hackers social community yesterday. The House of Hackers is intended to enable its members to exchange ideas with each other, communicate, form groups, elite circles and tiger/red teams, conglomerate around projects, and participate in...more info
|
05/06/2008 | Google launches CERT for open sourceGoogle on Tuesday detailed plans for oCERT, a volunteer workforce that will remediate security issues in open source applications. The move makes a ton of sense. Community driven software can have bugs and plenty of folks to find these vulnerabilities. The problem: There's no central group to...more info
|
05/06/2008 | Do we need another CERT?Yes. Google's backing of oCERT is a major milestone in the history of open source. It's not that I have anything against the Computer Emergency Response TeamCERT at Carnegie-Mellon. They do important work, not only in identifying risks but in educating people on them. ...more info
|
05/06/2008 | News to know: SAP; Hacking NASA; Apple; OpenSolarisNotable headlines: Nate McFeters: Hacking NASA: One small step for man, one giant leap for hackers? Common misconceptions about database security Sapphire 2008: Dennis Howlett: The changing SAP culture Larry Dignan: SAP's Apotheker: Business ByDesign costs led...more info
|
05/05/2008 | Catching up: MySpace adds Karaoke; Friends Reunited drops paid access; Facebook apps create privacy scareThe social web weekly: a quick-fire roundup of some of the news, announcements and conversations that have occurred throughout the last week… MySpace adds Karaoke. Nearly two years after Fox Interactive purchased the karaoke site kSolo.com, its feature-set has finally been integrated into MySpace. "The combination of...more info
|
05/05/2008 | Hacking NASA: One small step for man, one giant leap for hackers?The CORE Security Team released an advisory to the Full-Disclosure mailing list today that documented a stack overflow in NASA's Common Data Format libs. Looking at this bug, the tech details aren't overwhelming, I think I'm mostly excited about it due to the high profile of hacking NASA libs. One...more info
|
05/05/2008 | SAP: Security keeps it off Symbian, Windows Mobile, iPhone for nowSAP has forged an agreement with Research in Motion to run its customer relationship management software on the BlackBerry platform. Just don't expect SAP to roll out to other platforms anytime soon. In an interview with the Enterprise Irregular blogging group Monday, Bob Stutz, SAP's executive vice...more info
|
