Apr
9
2009
nk497 writes “Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool’s Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: “These components have so far been missing, but could this finally be the ‘other boot dropping’ that we have all been been waiting for?” Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. “It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,” Ferguson added.”
Read more of this story at Slashdot.
Comments Off on Conficker Downloads Payload | tags: cap, google, security | posted in technical news
Apr
9
2009
Comments Off on Gandhis face Tamil Tiger threat on poll trail: report – AFP | tags: google, news, security | posted in technical news
Apr
8
2009
coondoggie writes “Protecting defense departments networks cost taxpayers more than 0 million over the past six months, US Strategic Command officials said yesterday. The motives of those attacking the networks go from just plain vandalism to theft of money or information to espionage. Protecting the networks is a huge challenge for the command, Air Force Gen. Kevin P. Chilton told a cyber security conference in Omaha, Neb., this week. ‘Pay me now or pay me later,’ Davis said. ‘In the last six months, we spent more than 0 million reacting to things on our networks after the fact. It would be nice to spend that money proactively to put things in place so we’d be more active and proactive in posture rather than cleaning up after the fact.'”
Read more of this story at Slashdot.
Comments Off on Pentagon Cyber Defense Bill Comes To $100M For 6 Months | tags: google, network, news, security | posted in technical news
Apr
8
2009
linuxwrangler writes “Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis’ friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth ‘sockstress’ attack to knock large machines off the net.”
Read more of this story at Slashdot.
Comments Off on Researcher’s Death Hampers TCP Flaw Fix | tags: google, linux, Mac, security | posted in technical news
Apr
8
2009
Slatterz writes “Come next week, Microsoft will be in the unusual position of no longer offering mainstream support for its most widely used product. Windows XP will pass another milestone next week on the road to retirement when mainstream support ends on 14 April 2009, over seven years after the OS originally shipped. While the company said that it will continue to provide free security fixes for XP until 2014, any future bugs found in the platform will not be fixed unless customers pay. Windows XP accounts for about 63 percent of all Internet-connected computers, according to March 2009 statistics from Hitslink, while Windows Vista makes up about 24 percent.”
Read more of this story at Slashdot.
Comments Off on Microsoft Ending Mainstream Support For XP | tags: computers, google, microsoft, security, windows vista, windows xp | posted in technical news
Apr
8
2009
phantomfive worries about a report in the Wall Street Journal (“Makes me want to move to the country and dig a well”) that in recent years a number of cyber attacks against US infrastructure have been launched over the Internet: “Cyberspies have penetrated the US electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia, and other countries, these officials said, and were believed to be on a mission to navigate the US electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.”
Read more of this story at Slashdot.
Comments Off on US Electricity Grid Reportedly Penetrated By Spies | tags: china, google, program, security | posted in technical news
Apr
7
2009
narramissic writes “Change is afoot at the Office of the US Trade Representative. New details have been released about an anti-counterfeiting trade agreement that has been discussed in secret among the US, Japan, the European Union and other countries since 2006. Although the six-page summary (PDF) provides little in the way of specific detail about the current state of negotiations, the release represents a change in policy at the USTR, which had argued in the past that information on the trade pact was ‘properly classified in the interest of national security.'” Michael Geist has a timeline that puts together more details about the ACTA negotiations than any government has so far been willing to reveal.
Read more of this story at Slashdot.
Comments Off on US Gov. Releases Six Pages On Secret ACTA Pact | tags: google, japan, security | posted in technical news
Apr
7
2009
Deep Packet Inspection, or DPI, is at the heart of the debate over Network Neutrality — this relatively new technology threatens to upset the balance of power among consumers, ISPs, and information suppliers. An anonymous reader notes that the Canadian Privacy Commissioner has published a Web site, for Canadians and others, to educate about DPI technology. Online are a number of essays from different interested parties, ranging from DPI company officers to Internet law specialists to security professionals. The articles are open for comments. Here is the CBC’s report on the launch.”
Read more of this story at Slashdot.
Comments Off on An Education In Deep Packet Inspection | tags: consumers, google, network, privacy, security, technology, web | posted in technical news
Apr
7
2009
intersys writes “A new fundamental law of economics has been formulated by Rod Beckstrom, former Director of the National Cyber Security Center. In Words: The value of a network equals the net value added to each user’s transactions (PDF) conducted through that network, valued from the perspective of each user, and summed for all. It answers the decades-old question of ‘how valuable is a network.’ It is granular and transactions-based, and can be used to value any network: social, electronic, support groups, and even the Internet as a whole. This new model or law values the network by looking from the edge of the network at all of the transactions conducted and the value added to each. One way to contemplate the value the network adds to each transaction is to imagine the network being shut off and what the additional transactions’ costs or loss would be. Beckstrom’s Law replaces Metcalfe’s law, Reed’s law, and other concepts which proposed that the value of a network was based purely on the size of the network (and in the case of Metcalfe’s law, one other variable).”
Read more of this story at Slashdot.
Comments Off on New Fundamental Law of Network Economics | tags: google, network, security | posted in technical news
Apr
6
2009
GhostX9 writes “Tom’s Hardware recently interviewed Dino A. Dai Zovi, a former member of Sandia National Labs’ IDART (the guys who test the security of national agencies). Although most of the interview is focused on personal computer security, they asked him about L0pht’s claim in 1998 if the Internet could still be taken down in 30 minutes given the advances on both the security and threat sides. He said that the risk was still true.”
Read more of this story at Slashdot.
Comments Off on Could the Internet Be Taken Down In 30 Minutes? | tags: google, security | posted in technical news
