Thursday, 20 December 2007

Access all areas...

Arbitrary code execution by simply opening an Access file:

Would you like some malware with your ad?

24/7 Real Media's ad server network was compromised, and every ad served had a script appended to it:

The smashing of the Shadowcrew

An article on the international cooperation between the US and SOCA to smash one of the largest international identity theft ring:

Monday, 17 December 2007

On a roll! Three million drivers details lost...

The Driving Standards agency is missing a hard drive containing names, addresses and phone numbers of up to three million "L" drivers:
At least there are far fewer records at stake here, and no financial data; however, it is a sign of systemic carelessness?

Nmap is 10 years old!

Fyodor et al celebrate by releasing a new major version 4.50, available at:

There a new GUI called Zenmap and a scripting engine.

Monday, 10 December 2007

Sky wants to share your details with outside companies

It seems that Sky wants to share its customers' details with outside companies. As if this is not bad enough, the onus is placed on the customers to opt out by calling them!

I am glad that I don't have Sky.

It now looks like they have decided to withdraw this notice in Ireland:

The UK site explains things differently:

A nice PR stunt!

Friday, 7 December 2007

A few more records of personal details go walkies...

Rather than millions, we are only dealing with 60,000.- here:

It sounds like they were encrypted this time, phew...

Whether encrypted or not, should anything so mobile carry so much personal data?

Wednesday, 5 December 2007

Only twenty grand?

HM Revenue and Customs is offering a reward for the 2 "misplaced" CDRs, that contain the financial details of up to 25 million UK parents and children.

Is the reward really commensurate with the value that could be realised from such as goldmine?

David Hartnett (acting head of HMRC) faced the Commons Treasury sub-committee and stated that there had been seven incidents of "some significance" involving data security breaches since April 2005. These "may well" indicate systemic failure.

I am feeling safer now...

Monday, 3 December 2007

Heads in the clouds

This was in the Guardian Magazine on Saturday:,,2218788,00.html

There are plenty of quotes from Bruce Schneier; and an interesting comparison of different approaches to airport security: El Al's psychology focused approch versus high-tech Heathrow Terminal five (opening next year):
  • Machines that can give a 3D view of a bag's content and identify liquids and explosives hidden,
  • Fingerprinting,
  • Faces scanned.
Will all this make air travel more secure?