Arbitrary code execution by simply opening an Access file:
http://www.computerweekly.com/Articles/2007/03/12/222373/us-cert-warns-of-windows-office-security-flaw.htm
Thursday 20 December 2007
Would you like some malware with your ad?
24/7 Real Media's ad server network was compromised, and every ad served had a script appended to it:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043418
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043418
The smashing of the Shadowcrew
An article on the international cooperation between the US and SOCA to smash one of the largest international identity theft ring:
http://news.bbc.co.uk/1/hi/uk/7084592.stm
http://news.bbc.co.uk/1/hi/uk/7084592.stm
Wednesday 19 December 2007
Another laptop goes walkies
According to the Daily Telegraph, a laptop containing the details of Westminster security system no less... Nothing too worrying then!
http://www.telegraph.co.uk/news/main.jhtml?view=DETAILS&grid=&xml=/news/2007/12/17/npols517.xml
http://www.telegraph.co.uk/news/main.jhtml?view=DETAILS&grid=&xml=/news/2007/12/17/npols517.xml
The Financial Services Authority fines Norwich Union £1.6 million for poor data security
http://www.fsa.gov.uk/pages/Library/Communication/PR/2007/130.shtml
Commentary at The Register:
http://www.theregister.co.uk/2007/12/17/norwich_union_life_fsa_fine/print.html
Hit them where it hurts! I wonder if policy premiums are going to increase next year? :-)
Commentary at The Register:
http://www.theregister.co.uk/2007/12/17/norwich_union_life_fsa_fine/print.html
Hit them where it hurts! I wonder if policy premiums are going to increase next year? :-)
Tuesday 18 December 2007
HM Revenue and Customs in Cardiff loses 6,500 people's data
Must be something in the U.K. water...
http://news.bbc.co.uk/1/hi/wales/7149767.stm
http://news.bbc.co.uk/1/hi/wales/7149767.stm
Monday 17 December 2007
On a roll! Three million drivers details lost...
The Driving Standards agency is missing a hard drive containing names, addresses and phone numbers of up to three million "L" drivers:
http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
At least there are far fewer records at stake here, and no financial data; however, it is a sign of systemic carelessness?
http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
At least there are far fewer records at stake here, and no financial data; however, it is a sign of systemic carelessness?
Nmap is 10 years old!
Fyodor et al celebrate by releasing a new major version 4.50, available at:
http://insecure.org/nmap/
There a new GUI called Zenmap and a scripting engine.
http://insecure.org/nmap/
There a new GUI called Zenmap and a scripting engine.
Monday 10 December 2007
Sky wants to share your details with outside companies
It seems that Sky wants to share its customers' details with outside companies. As if this is not bad enough, the onus is placed on the customers to opt out by calling them!
http://www.guardian.co.uk/money/2007/dec/08/personaldetails
I am glad that I don't have Sky.
It now looks like they have decided to withdraw this notice in Ireland:
http://www.sky.com/portal/site/ireland/products/article?contentid=2257910
The UK site explains things differently:
http://www.sky.com/portal/site/skycom/mysky/article?contentid=2257810
A nice PR stunt!
http://www.guardian.co.uk/money/2007/dec/08/personaldetails
I am glad that I don't have Sky.
It now looks like they have decided to withdraw this notice in Ireland:
http://www.sky.com/portal/site/ireland/products/article?contentid=2257910
The UK site explains things differently:
http://www.sky.com/portal/site/skycom/mysky/article?contentid=2257810
A nice PR stunt!
Friday 7 December 2007
A few more records of personal details go walkies...
Rather than millions, we are only dealing with 60,000.- here:
http://news.bbc.co.uk/1/hi/northern_ireland/7133194.stm
It sounds like they were encrypted this time, phew...
Whether encrypted or not, should anything so mobile carry so much personal data?
http://news.bbc.co.uk/1/hi/northern_ireland/7133194.stm
It sounds like they were encrypted this time, phew...
Whether encrypted or not, should anything so mobile carry so much personal data?
Wednesday 5 December 2007
Only twenty grand?
HM Revenue and Customs is offering a reward for the 2 "misplaced" CDRs, that contain the financial details of up to 25 million UK parents and children.
http://news.bbc.co.uk/1/hi/uk_politics/7128851.stm
Is the reward really commensurate with the value that could be realised from such as goldmine?
David Hartnett (acting head of HMRC) faced the Commons Treasury sub-committee and stated that there had been seven incidents of "some significance" involving data security breaches since April 2005. These "may well" indicate systemic failure.
I am feeling safer now...
http://news.bbc.co.uk/1/hi/uk_politics/7128851.stm
Is the reward really commensurate with the value that could be realised from such as goldmine?
David Hartnett (acting head of HMRC) faced the Commons Treasury sub-committee and stated that there had been seven incidents of "some significance" involving data security breaches since April 2005. These "may well" indicate systemic failure.
I am feeling safer now...
Monday 3 December 2007
Heads in the clouds
This was in the Guardian Magazine on Saturday:
http://www.guardian.co.uk/weekend/story/0,,2218788,00.html
There are plenty of quotes from Bruce Schneier; and an interesting comparison of different approaches to airport security: El Al's psychology focused approch versus high-tech Heathrow Terminal five (opening next year):
http://www.guardian.co.uk/weekend/story/0,,2218788,00.html
There are plenty of quotes from Bruce Schneier; and an interesting comparison of different approaches to airport security: El Al's psychology focused approch versus high-tech Heathrow Terminal five (opening next year):
- Machines that can give a 3D view of a bag's content and identify liquids and explosives hidden,
- Fingerprinting,
- Faces scanned.
Subscribe to:
Posts (Atom)