Arbitrary code execution by simply opening an Access file:
http://www.computerweekly.com/Articles/2007/03/12/222373/us-cert-warns-of-windows-office-security-flaw.htm
Thursday 20 December 2007
Would you like some malware with your ad?
24/7 Real Media's ad server network was compromised, and every ad served had a script appended to it:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043418
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043418
The smashing of the Shadowcrew
An article on the international cooperation between the US and SOCA to smash one of the largest international identity theft ring:
http://news.bbc.co.uk/1/hi/uk/7084592.stm
http://news.bbc.co.uk/1/hi/uk/7084592.stm
Wednesday 19 December 2007
Another laptop goes walkies
According to the Daily Telegraph, a laptop containing the details of Westminster security system no less... Nothing too worrying then!
http://www.telegraph.co.uk/news/main.jhtml?view=DETAILS&grid=&xml=/news/2007/12/17/npols517.xml
http://www.telegraph.co.uk/news/main.jhtml?view=DETAILS&grid=&xml=/news/2007/12/17/npols517.xml
The Financial Services Authority fines Norwich Union £1.6 million for poor data security
http://www.fsa.gov.uk/pages/Library/Communication/PR/2007/130.shtml
Commentary at The Register:
http://www.theregister.co.uk/2007/12/17/norwich_union_life_fsa_fine/print.html
Hit them where it hurts! I wonder if policy premiums are going to increase next year? :-)
Commentary at The Register:
http://www.theregister.co.uk/2007/12/17/norwich_union_life_fsa_fine/print.html
Hit them where it hurts! I wonder if policy premiums are going to increase next year? :-)
Tuesday 18 December 2007
HM Revenue and Customs in Cardiff loses 6,500 people's data
Must be something in the U.K. water...
http://news.bbc.co.uk/1/hi/wales/7149767.stm
http://news.bbc.co.uk/1/hi/wales/7149767.stm
Monday 17 December 2007
On a roll! Three million drivers details lost...
The Driving Standards agency is missing a hard drive containing names, addresses and phone numbers of up to three million "L" drivers:
http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
At least there are far fewer records at stake here, and no financial data; however, it is a sign of systemic carelessness?
http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
At least there are far fewer records at stake here, and no financial data; however, it is a sign of systemic carelessness?
Nmap is 10 years old!
Fyodor et al celebrate by releasing a new major version 4.50, available at:
http://insecure.org/nmap/
There a new GUI called Zenmap and a scripting engine.
http://insecure.org/nmap/
There a new GUI called Zenmap and a scripting engine.
Monday 10 December 2007
Sky wants to share your details with outside companies
It seems that Sky wants to share its customers' details with outside companies. As if this is not bad enough, the onus is placed on the customers to opt out by calling them!
http://www.guardian.co.uk/money/2007/dec/08/personaldetails
I am glad that I don't have Sky.
It now looks like they have decided to withdraw this notice in Ireland:
http://www.sky.com/portal/site/ireland/products/article?contentid=2257910
The UK site explains things differently:
http://www.sky.com/portal/site/skycom/mysky/article?contentid=2257810
A nice PR stunt!
http://www.guardian.co.uk/money/2007/dec/08/personaldetails
I am glad that I don't have Sky.
It now looks like they have decided to withdraw this notice in Ireland:
http://www.sky.com/portal/site/ireland/products/article?contentid=2257910
The UK site explains things differently:
http://www.sky.com/portal/site/skycom/mysky/article?contentid=2257810
A nice PR stunt!
Friday 7 December 2007
A few more records of personal details go walkies...
Rather than millions, we are only dealing with 60,000.- here:
http://news.bbc.co.uk/1/hi/northern_ireland/7133194.stm
It sounds like they were encrypted this time, phew...
Whether encrypted or not, should anything so mobile carry so much personal data?
http://news.bbc.co.uk/1/hi/northern_ireland/7133194.stm
It sounds like they were encrypted this time, phew...
Whether encrypted or not, should anything so mobile carry so much personal data?
Wednesday 5 December 2007
Only twenty grand?
HM Revenue and Customs is offering a reward for the 2 "misplaced" CDRs, that contain the financial details of up to 25 million UK parents and children.
http://news.bbc.co.uk/1/hi/uk_politics/7128851.stm
Is the reward really commensurate with the value that could be realised from such as goldmine?
David Hartnett (acting head of HMRC) faced the Commons Treasury sub-committee and stated that there had been seven incidents of "some significance" involving data security breaches since April 2005. These "may well" indicate systemic failure.
I am feeling safer now...
http://news.bbc.co.uk/1/hi/uk_politics/7128851.stm
Is the reward really commensurate with the value that could be realised from such as goldmine?
David Hartnett (acting head of HMRC) faced the Commons Treasury sub-committee and stated that there had been seven incidents of "some significance" involving data security breaches since April 2005. These "may well" indicate systemic failure.
I am feeling safer now...
Monday 3 December 2007
Heads in the clouds
This was in the Guardian Magazine on Saturday:
http://www.guardian.co.uk/weekend/story/0,,2218788,00.html
There are plenty of quotes from Bruce Schneier; and an interesting comparison of different approaches to airport security: El Al's psychology focused approch versus high-tech Heathrow Terminal five (opening next year):
http://www.guardian.co.uk/weekend/story/0,,2218788,00.html
There are plenty of quotes from Bruce Schneier; and an interesting comparison of different approaches to airport security: El Al's psychology focused approch versus high-tech Heathrow Terminal five (opening next year):
- Machines that can give a 3D view of a bag's content and identify liquids and explosives hidden,
- Fingerprinting,
- Faces scanned.
Friday 30 November 2007
Faces come out of the rain
To Facebook or not to Facebook (or MySpace)! Cory Doctorow is clearly playing his hand with this article.
http://informationweek.com/shared/printableArticle.jhtml?articleID=204203573
It is no doubt that security and privacy concerns are rife.
http://news.independent.co.uk/sci_tech/article3191510.ece
http://news.independent.co.uk/sci_tech/article3187110.ece
So remember kids don't Facebook! Parents can get an account too you know, and do you want them seeing the photos of you at that crazy party last week over at Ron's house doing shots of tequila when you were meant to be doing an essay on the life cycle of a chinchilla? I didn't think so.
http://informationweek.com/shared/printableArticle.jhtml?articleID=204203573
It is no doubt that security and privacy concerns are rife.
http://news.independent.co.uk/sci_tech/article3191510.ece
http://news.independent.co.uk/sci_tech/article3187110.ece
So remember kids don't Facebook! Parents can get an account too you know, and do you want them seeing the photos of you at that crazy party last week over at Ron's house doing shots of tequila when you were meant to be doing an essay on the life cycle of a chinchilla? I didn't think so.
Dry Roasted Bots!
The FBI stoke up their fires, roast 1 million bots and grind 8 botherders! What I find interesting is the fact that these guys' (Anybody know of any female botherders being arrested?) personal details have been posted on the blog below. Not one for the CV chaps!
http://www.networkworld.com/community/node/22413
FBI press release about Operation: Bot Roast
http://www.fbi.gov/page2/june07/botnet061307.htm
Also whilst researching the blog entry I found the term botmaster, which made me chuckle!
http://www.networkworld.com/community/node/22413
FBI press release about Operation: Bot Roast
http://www.fbi.gov/page2/june07/botnet061307.htm
Also whilst researching the blog entry I found the term botmaster, which made me chuckle!
Thursday 29 November 2007
The Russian Business Network (RBN): legitimate business or cybercrime service provider?
David Bizeul has written a real eye opening report, which is available at:
http://www.bizeul.org/files/RBN_study.pdf
http://www.bizeul.org/files/RBN_study.pdf
Firefox security extensions: FireCat 1.3 released
FireCAT is a mind map collection of useful Firefox security oriented extensions. Version 1.3 was released this week:
http://www.security-database.com/toolswatch/FireCAT-Firefox-Catalog-of,302.html
Download the browsable HTML version, or use the free mind mapping software Freemind:
http://en.wikipedia.org/wiki/FreeMind
http://www.security-database.com/toolswatch/FireCAT-Firefox-Catalog-of,302.html
Download the browsable HTML version, or use the free mind mapping software Freemind:
http://en.wikipedia.org/wiki/FreeMind
Mandiant Tools
Some great free tools:
http://www.mandiant.com/software.htm
http://www.mandiant.com/software.htm
- First Response: Gathers information for forensics purposes.
- Web Historian: Reviews browser history from most common browsers: Microsoft’s Internet Explorer, Mozilla, Firefox, Netscape, Opera and Safari
- Red Curtain: Examines executable code and gives it a "suspicious" rating.
Fiddling Web requests...
Fiddler allows the inspection of HTTP Traffic, set breakpoints, "fiddle" with incoming or outgoing requests and responses, as well as a scripting environment:
http://www.fiddlertool.com/fiddler/
http://www.fiddlertool.com/fiddler/
Hackers hijack web search results
News fresh in from BBC's news site, Criminals poisoned search results:
http://news.bbc.co.uk/1/hi/technology/7118452.stm
I wonder if this was timed for "Cyber Monday". The Monday after Thanksgiving in the U.S. is meant to be the day which sees the highest amount of goods purchased online:
http://redmondmag.com/reports/article.asp?EditorialsID=615
http://news.bbc.co.uk/1/hi/technology/7118452.stm
I wonder if this was timed for "Cyber Monday". The Monday after Thanksgiving in the U.S. is meant to be the day which sees the highest amount of goods purchased online:
http://redmondmag.com/reports/article.asp?EditorialsID=615
Wednesday 28 November 2007
Hacking as a service?!
There is a three part article:
http://www.cio.com/article/135500/
http://www.cio.com/article/135550/
http://www.cio.com/article/135551/
The first one includes a video actually showing the 76service itself.
There are some details on how Don Jackson from SecureWorks gathered information on the Gozi Trojan at:
http://www.secureworks.com/research/threats/gozi/
If you want to read more about iFrame and how they are being used see:
http://www.cio.com/article/135452/
http://www.cio.com/article/135500/
http://www.cio.com/article/135550/
http://www.cio.com/article/135551/
The first one includes a video actually showing the 76service itself.
There are some details on how Don Jackson from SecureWorks gathered information on the Gozi Trojan at:
http://www.secureworks.com/research/threats/gozi/
If you want to read more about iFrame and how they are being used see:
http://www.cio.com/article/135452/
Hi and welcome to Decipher Dump
Hi and welcome to Decipher Dump,
We feel passionate about most things related to computer security. We are always sharing with each other links, news, articles, research papers, etc... We decided to create a blog instead, to house stuff as and when we come accross it. We may also decide to post our own opinionated ramblings.
We feel passionate about most things related to computer security. We are always sharing with each other links, news, articles, research papers, etc... We decided to create a blog instead, to house stuff as and when we come accross it. We may also decide to post our own opinionated ramblings.
Subscribe to:
Posts (Atom)