Kevin's song of the week
news://msnews.microsoft.com/ObqRbplTFHA.2128@TK2MSFTNGP14.phx.gbl
------------------------------
Blogs of Interest:
What do blogs, Poker and SBS have in common?
http://blogs.msdn.com/canthe/archive/2005/04/29/413371.aspx
Security resources for small businesses
http://silverstr.ufies.org/blog/archives/000822.html
June 15th chat on SBS sp1
http://msmvps.com/bradley/archive/2005/04/29/45088.aspx
When backups are liabilities
http://blogs.ittoolbox.com/security/investigator/archives/004036.asp
Are you ready for 64 bit computing?
http://blogs.technet.com/efleis/archive/2005/04/25/404133.aspx
Gizmodo week in review
http://www.gizmodo.com/gadgets/gadgets/gizmodo-week-in-review-101735.php
How secure are your applications?
http://www.infosecwriters.com/texts.php?op=display&id=287
Microsoft Small Business Community Blog : Attention System Builders?
Help Microsoft build an online tool for you.:
http://blogs.msdn.com/mssmallbiz/archive/2005/04/28/413059.aspx
Microsoft Small Business Community Blog : Don?t Forget About the
?Alerts? feature in Windows SharePoint Services:
http://blogs.msdn.com/mssmallbiz/archive/2005/04/27/412676.aspx
Jeff Middleton and Anne Stanton in Wash DC
http://thenorwichgroup.blogs.com/fieldnotes/2005/04/may_19th_in_dc_.html
Email and Pot?
http://securityawareness.blogspot.com/2005/04/pot-is-better-than-e-mail.html
In other news
------------------------------------------------------------
Florida Uni on brown alert after hack attack
Students and staff at Florida International
University (FIU) were warned they are at risk
of identity fraud this week after techies
discovered hackers had broken into college
systems. A file found on a compromised
computer showed that an unknown hacker
had access to the username and password
for 165 computers at the University,
sparking a major security alert.
http://www.theregister.co.uk/2005/04/29/fiu_id_fraud_alert/
- - - - - - - - - -
China's anti-hacking alliance regrouped
The "Red Hacker Alliance," the largest
and earliest hacking legion in China,
was regrouped recently after a short
break. The alliance, attracting 20,000
hackers, once ranked the fifth in the
world in terms of the number of its
members. Its Web site, set up at the
end of 2000, had nearly 80,000
registered members at its peak.
http://news.xinhuanet.com/english/2005-04/26/content_2879866.htm
- - - - - - - - - -
Mass. Bill Targets Online Buzz Marketers
A Democratic state representative in Massachusetts
is introducing a bill aimed at shielding children
from so-called buzz marketing. The lawmaker,
Michael E. Festa of Melrose, calls for children
under 16 to obtain their parents' permission
to participate in online "word-of-mouth" sales
campaigns.
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=161601966
- - - - - - - - - -
Software police issues warning on IT staff
The Federation Against Software Theft (Fast)
has warned companies that their IT departments
might be leaving them open to court action.
In a recent investigation of a UK financial
services firm, the organisation found 5,800
illegal digital music files in a software
audit of 2,500 PCs. The vast majority of
these had been downloaded by members of
the firm's IT department.
http://www.vnunet.com/news/1162778
- - - - - - - - - -
Bagle Worm Seen As 'Blueprint' For Web Criminals
A pair of research reports have explored the
long-running Bagle worm and laid out a chronology
that points to a professional developer who,
like counterparts in the commercial software
world, is constantly testing, tweaking, and
improving his code for profit, not pride of
ownership.
http://www.internetweek.com/showArticle.jhtml?articleID=161601929
- - - - - - - - - -
Virus writers take spring break
Only one new virus, Mytob.Z, made it into the
top 10 list for April, according to antivirus
data from Sophos. Top of the list was Zafi.B,
which accounted for nearly half of all viruses
detected. This is the fifth month Zafi.B has
topped the charts.
http://www.vnunet.com/news/1162789
- - - - - - - - - -
Hackers to test U.K. lawmakers' systems
Hackers are to be employed to test the
effectiveness of the IT security defences
for the computer systems in the House
of Commons, home of the British parliament.
A three-year IT security contract is up
for grabs to conduct internal and external
penetration testing on routers, firewalls
and critical servers using a range of
independent vulnerability assessment
techniques.
http://news.com.com/Hackers+to+test+U.K.+lawmakers+systems/2110-7355_3-5690318.html
- - - - - - - - - -
F-Secure pros issue hacker challenge
DEVELOPERS AT F-Secure have issued a challenge
to hackers to find an embedded message in
a .EXE file. The challenge looks quite tricky,
and the winner gets a free ticket to the T2'05
info sec conference in Finland, but unfortunately
only if she or he lives in Finland.
http://www.theinquirer.net/?article=22879
http://news.com.com/This+week+in+Net+attacks/2100-7349_3-5689805.html
- - - - - - - - - -
Fraud propels demand for forensics training
In the 'if you can't beat 'em, join 'em stakes',
computer-based crime is driving more and more
IT professionals to study the skills and tools
needed to unravel and reveal the inner workings
of cyber fraudsters. The general upsurge in
computer skills in the population is reflected
equally amongst criminals and malcontents and
law enforcement agencies frequently confiscate
computers to search for evidence of alleged
misdeeds.
http://www.computerworld.com.au/index.php/id;263054876;fp;16;fpid;0
- - - - - - - - - -
Wireless leaders hook up to address security
Cisco and Intel announced a formal alliance
at InfoSec Europe to promote better security
for users of wireless networks. The trio are
concerned that fears about security will harm
the rollout of wide-scale wireless networks,
and have produced advice sheets for businesses,
homes and public Wi-Fi access points. "Wireless
moves security beyond physical boundaries so
organisations need to protect their complete
working environment, especially as they
collaborate more," said David Lacey, director
of information security at Royal Mail, and
working group leader of the Jericho Forum.
http://www.pcw.co.uk/news/1162761
- - - - - - - - - -
InfoSecurity show proves anything but
The InfoSecurity show may have ended, but
exhibitors were left with red faces after
two companies highlighted major security
lapses among attendees. Kensington, manufacturers
of laptop security devices, conducted regular
sweeps of the hall and found less than half
of the computers on stands with any kind of
physical lock to keep them from being stolen.
http://www.vnunet.com/news/1162794
- - - - - - - - - -
Backup tapes are backdoor for ID thieves
Large companies are reconsidering their
security and backup policies after a handful
of financial and information-technology
companies have admitted that tapes holding
unencrypted customer data have gone missing.
Last week, trading firm Ameritrade
acknowledged that the company that handles
its backup data had lost a tape containing
information on about 200,000 customers.
http://www.theregister.co.uk/2005/04/29/backup_tapes_are_backdoor_for_id_thieves/
- - - - - - - - - -
Citrix Program Agent Buffer Overflow Vulnerabilities
Two vulnerabilities were identified in Citrix
Program Neighborhood Agent, which may be
exploited by remote attackers to execute
arbitrary commands. The first flaw is due
to a stack overflow error in the client
code responsible for handling the caching
of information received from the server,
which may be exploited via a malicious
server to execute arbitrary code on the
client host.
http://www.frsirt.com/english/advisories/2005/0390
MySQL MaxDB Webtool Remote Stack Overflow Vulnerabilities
Three vulnerabilities were identified in
MySQL MaxDB, which may be exploited by
remote attackers to execute arbitrary
commands. The first flaw is due to a stack
overflow error that occurs when processing
specially crafted HTTP GET requests
containing a percent sign (%) followed by
a long string, which may be exploited by
a remote attacker to execute arbitrary
commands with SYSTEM privileges.
http://www.frsirt.com/english/advisories/2005/0389
eGroupWare SQL Injection and Cross Site Scripting Vulnerabilities
http://www.frsirt.com/english/advisories/2005/0387
MailEnable Enterprise/Professional Buffer Overflow Vulnerabilities
http://www.frsirt.com/english/advisories/2005/0383
HP Security Update Fixes Multiple Mozilla Vulnerabilities
http://www.frsirt.com/english/advisories/2005/0394
Sun Solaris Multiple libtiff Vulnerabilities
http://secunia.com/advisories/15113/
Oracle Products Contain Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA05-117A.html
- - - - - - - - - -
Criminal legal description of computer-facilitated crimes
Among top-priority steps of state policy
in sphere of counteraction to computer
criminality is an appearance of new
Criminal Code dated September 1, 2001.
Its new Section 16 in the Criminal Code
of Ukraine - "Crimes in Sphere of Computers,
Systems and Networks". Having recognized
information as a subject of theft,
assignment, extortion and other criminal
acts, criminal law has confirmed status
of information as an object of the property
right that is coordinated with substantive
regulations of information legislation.
http://www.crime-research.org/articles/Golubev0305-2/
- - - - - - - - - -
Giants offer WLAN security tips
Concerns that the perceived security problems
of wireless networks of all sizes could cause
companies to delay deployment has prompted
three industry giants - BT, Cisco and Intel -
to issue Wireless Security Guidelines for
organisations.
http://www.pcw.co.uk/news/1162771
- - - - - - - - - -
Combating Gadget Theft
As electronic products shrink in size, they
grow in allure, not only to consumers but
also to thieves. Lightweight and easy to
conceal hand-helds, laptops and music players
are sleek, valuable and often carried around
as casually as a set of keys
http://www.nytimes.com/2005/04/28/technology/circuits/28theft.html
- - - - - - - - - -
--
An open letter to the Security Community::
http://msmvps.com/bradley/archive/2004/12/12/23540.aspx