Apr
23
2009
alphadogg writes “Security researchers demonstrated how to take control of a computer running Microsoft’s upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday. Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. ‘There’s no fix for this. It cannot be fixed. It’s a design problem,’ Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it’s not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim’s computer. The attack can not be done remotely.” Which makes me wonder why I’m posting this :)
Read more of this story at Slashdot.
Comments Off on Researchers Show How To Take Control of Windows 7 | tags: google, Mac, microsoft, security, windows 7 | posted in technical news
Apr
23
2009
FirefoxFirefox reviewsFirefox reviews has a new version out, 3.0.9., which fixes several stability and security issues. Given how fast security issues are exploited (just remember the onslaught of Twitter worms from a couple of days ago), if you don’t have automatic updates enabled in Firefox you should download and install the new version…
Comments Off on Firefox 3.0.9. Fixes A Bunch of Security Problems | tags: security, twitter | posted in technical news
Apr
22
2009
Comments Off on Congress Debates Fresh Investigation Of Interrogations – Washington Post | tags: democrats, google, news, obama, security, youtube | posted in technical news
Apr
22
2009
Comments Off on Canada slams new comments from US security boss – CTV.ca | tags: google, Mac, network, news, security, tv | posted in technical news
Apr
22
2009
Web browser’s third update this year fixes 12 vulnerabilities–four rated critical–and comes as its open-source developers ready the fourth beta.
Comments Off on Firefox 3.0.9 targets 12 security vulnerabilities | tags: developer, open source, security, web | posted in technical news
Apr
22
2009
hweimer writes “Yesterday at RSA security conference, F-Secure’s chief research officer recommended dropping Adobe Reader for viewing PDF files because of the huge amount of targeted attacks against it. Instead, he pointed to PDFreaders.org, a website maintaining a list of free and open source PDF viewers.”
Read more of this story at Slashdot.
Comments Off on F-Secure Suggests Ditching Adobe Reader For Free PDF Viewers | tags: google, open source, security, web | posted in technical news
Apr
22
2009
An anonymous reader sends word of a new cybersecurity project to defend US networks from attacks and strengthen the government’s “offensive capabilities in cyberwarfare.” Right now, the most likely candidate to lead the project is the Director of the NSA, Keith Alexander, who was quick to assert that the NSA itself wouldn’t try to run the whole show (something they’ve been criticized for in the past). Quoting the Wall Street Journal: “Cyber defense is the Department of Homeland Security’s responsibility, so the command would be charged with assisting that department’s defense efforts. The relationship would be similar to the way Northern Command supports Homeland Security with rescue capabilities in natural disasters. The NSA, where much of the government’s cybersecurity expertise is housed, established a similar relationship with Homeland Security through a cybersecurity initiative that the Bush administration began in its final year.”
Read more of this story at Slashdot.
Comments Off on Pentagon Cyber-Command In the Works | tags: cap, google, network, news, security | posted in technical news
Apr
22
2009
CWmike writes “Criminal cybergangs must be harried, hounded and hunted until they’re driven out of business, a noted botnet researcher said as he prepared to pitch a new anti-malware strategy at the RSA Conference in SF. ‘We need a new approach to fighting cybercrime,’ said Joe Stewart, director of SecureWorks’ counterthreat unit. ‘What we’re doing now is not making a significant dent.’ He said teams of paid security researchers should set up like a police department’s major crimes unit or a military special operations team, perhaps infiltrating the botnet group and employing a spectrum of disruptive tactics. Stewart cited last November’s takedown of McColo as one success story. Another is the Conficker Working Group. ‘Criminals are operating with the same risk-effort-reward model of legitimate businesses,’ said Stewart. ‘If we really want to dissuade them, we have to attack all three of those. Only then can we disrupt their business.'”
Read more of this story at Slashdot.
Comments Off on Botnet Expert Wants ‘Special Ops’ Security Teams | tags: google, malware, security | posted in technical news
Apr
22
2009
Today the Malaysian government ordered prominent webhosting provider Shinjiru to close down BitTorrent site LeechersLair.com. The order came from the Content, Consumer and Network Security Division of the Malaysian Communications and Multimedia Commission.
Comments Off on Government Shuts Down BitTorrent Tracker | tags: network, security, web | posted in technical news
Apr
22
2009
As user-friendly but insecure applications continue to become available hackers have an ever growing number of security holes to choose from. They’re also getting smarter about building resilient architectures. Here are four reasons the botnet fight is getting harder, and what to do about it:
Comments Off on 4 Reasons It’s Getting Harder to Fight Botnets | tags: security | posted in technical news