Apr 23 2009

Researchers Show How To Take Control of Windows 7

alphadogg writes “Security researchers demonstrated how to take control of a computer running Microsoft’s upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday. Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. ‘There’s no fix for this. It cannot be fixed. It’s a design problem,’ Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it’s not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim’s computer. The attack can not be done remotely.” Which makes me wonder why I’m posting this :)

Read more of this story at Slashdot.

Share

Apr 23 2009

Firefox 3.0.9. Fixes A Bunch of Security Problems

FirefoxFirefox reviewsFirefox reviews has a new version out, 3.0.9., which fixes several stability and security issues. Given how fast security issues are exploited (just remember the onslaught of Twitter worms from a couple of days ago), if you don’t have automatic updates enabled in Firefox you should download and install the new version…

Share

Apr 22 2009

Congress Debates Fresh Investigation Of Interrogations – Washington Post


MiamiHerald.com

Congress Debates Fresh Investigation Of Interrogations
Washington Post
By Dan Balz and Perry Bacon Jr. The legacy of George W. Bush continued to dog President Obama and his administration yesterday, as Congress divided over creating a panel to investigate the harsh interrogation techniques employed under Bush's
Video: DC On Obama Torture Remarks CBS
Democrats, Republicans spar over possible torture prosecutions Globe and Mail
AFP – The Associated Press – FOXNews – Independent
all 2,337 news articles  Langue : Français
Share

Apr 22 2009

Canada slams new comments from US security boss – CTV.ca


FOXNews

Canada slams new comments from US security boss
CTV.ca
The US Homeland Security chief has made controversial comments about Canada's immigration policy that are being slammed as "factually inaccurate" and "wrong" north of the border.
Atlantic truckers group frustrated by US Homeland Security secretary CBC.ca
US security czar stops blaming Canada Toronto Star
FOXNews – National Post – Truck News – Macleans.ca
all 411 news articles
Share

Apr 22 2009

Firefox 3.0.9 targets 12 security vulnerabilities

Web browser’s third update this year fixes 12 vulnerabilities–four rated critical–and comes as its open-source developers ready the fourth beta.

Share

Apr 22 2009

F-Secure Suggests Ditching Adobe Reader For Free PDF Viewers

hweimer writes “Yesterday at RSA security conference, F-Secure’s chief research officer recommended dropping Adobe Reader for viewing PDF files because of the huge amount of targeted attacks against it. Instead, he pointed to PDFreaders.org, a website maintaining a list of free and open source PDF viewers.”

Read more of this story at Slashdot.

Share

Apr 22 2009

Pentagon Cyber-Command In the Works

An anonymous reader sends word of a new cybersecurity project to defend US networks from attacks and strengthen the government’s “offensive capabilities in cyberwarfare.” Right now, the most likely candidate to lead the project is the Director of the NSA, Keith Alexander, who was quick to assert that the NSA itself wouldn’t try to run the whole show (something they’ve been criticized for in the past). Quoting the Wall Street Journal: “Cyber defense is the Department of Homeland Security’s responsibility, so the command would be charged with assisting that department’s defense efforts. The relationship would be similar to the way Northern Command supports Homeland Security with rescue capabilities in natural disasters. The NSA, where much of the government’s cybersecurity expertise is housed, established a similar relationship with Homeland Security through a cybersecurity initiative that the Bush administration began in its final year.”

Read more of this story at Slashdot.

Share

Apr 22 2009

Botnet Expert Wants ‘Special Ops’ Security Teams

CWmike writes “Criminal cybergangs must be harried, hounded and hunted until they’re driven out of business, a noted botnet researcher said as he prepared to pitch a new anti-malware strategy at the RSA Conference in SF. ‘We need a new approach to fighting cybercrime,’ said Joe Stewart, director of SecureWorks’ counterthreat unit. ‘What we’re doing now is not making a significant dent.’ He said teams of paid security researchers should set up like a police department’s major crimes unit or a military special operations team, perhaps infiltrating the botnet group and employing a spectrum of disruptive tactics. Stewart cited last November’s takedown of McColo as one success story. Another is the Conficker Working Group. ‘Criminals are operating with the same risk-effort-reward model of legitimate businesses,’ said Stewart. ‘If we really want to dissuade them, we have to attack all three of those. Only then can we disrupt their business.'”

Read more of this story at Slashdot.

Share

Apr 22 2009

Government Shuts Down BitTorrent Tracker

Today the Malaysian government ordered prominent webhosting provider Shinjiru to close down BitTorrent site LeechersLair.com. The order came from the Content, Consumer and Network Security Division of the Malaysian Communications and Multimedia Commission.

Share

Apr 22 2009

4 Reasons It’s Getting Harder to Fight Botnets

As user-friendly but insecure applications continue to become available hackers have an ever growing number of security holes to choose from. They’re also getting smarter about building resilient architectures. Here are four reasons the botnet fight is getting harder, and what to do about it:

Share