Through the magic of my forgetting to schedule posts, it appears that I missed a couple news posts. My bad.

Have a good day everyone!

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. The Beginning of the End of Data Retention | EFF
2. Thrivent Financial Suffers Breach Of Security | Life and Health Insurance
3. Staying in a Hotel? Watch Your Credit Cards | Credit Card Guide
4. All-American ‘Jihad Jane’ arrested in terror plot | The Gazette
5. Cryptome: PayPal a ‘liar, cheat and a thug’ | The Register
6. Nose scanning techniques could sniff out criminals | BBC (WTF?)
7. Man charged over bid to damage US security database | Reuters
8. Russian hacker scams free flights and flowers | The Moscow News
9. Police detain 23 PKK hackers in 13 provinces | Hurriyet Daily News
10. VA investigating security breach of veterans’ medical data | Next Gov
11. Breach hits hundreds of employees | Brown Daily Herald

Tags: News, Daily Links, Security Blog, Information Security, Security News

Sometimes you find yet another reason why people should be made to pass an intelligence test before they’re permitted to engage in social media.

Just saying.

(Thanks to attrition.org for pointing that one out)

How stupid is this? Last week Robert Maley was the CISO for the Commonwealth of Pennsylvania giving a presentation at the RSA conference. He was speaking about a hacking incident at PennDOT from last year.

This week? He’s on the pavement. It would appear that someone in PA overreacted.

From Patriot News/Penn Live:

Danielle Klinger, a spokeswoman for the state Department of Transportation, said the agency is not aware of any hacking or breach that occurred involving scheduling system for its driving test. However, she said that a few weeks ago, “we did discover an anomaly and we have actually turned that over to [the state police] for further investigation. We’re not sure what that anomaly is, but it is being investigated. Unfortunately, I can’t provide any more details on it.”

Maybe Maley didn’t have leave to speak publicly about this incident in question. Which is something that PennDOT appears to have developed an Ostrich complex over. Some myopic nitwit thought it merited removing Maley from his post? They claim however that his talk had nothing to do with his dismissal. I’m not sure I believe that. Timing seems rather odd.

So, what of the alleged hacking incident?

Maley is reported to have said the hacker was later found to be someone with a driving school in Philadelphia who exploited a vulnerability in PennDOT’s system to schedule more driving tests than there were allotted slots.

This situation seems muddy at best. For more on this story read the article at Penn Live from this morning.

Article Link

(Image used under CC from Olivander)

With the rising tide of threats it has become apparent to the powers that be in Ottawa that they need some help. Now, they’ve turned to private industry for help. If film is any indication that isn’t always the best route.

Sorry, couldn’t resist.

From The Globe and Mail:

CSIS’s corporate-outreach program, which started in the 1990s, largely fell by the wayside during the years after the Sept. 11 attacks in the United States, when fighting terrorism absorbed nearly all the spy service’s energies.

But emerging threats – including shadowy-but-powerful hacker networks based in China – are sparking a renewed federal interest in forging partnerships between the corporate and intelligence worlds.

“CSIS has and continues to speak with various corporations in Canada on potential security threats, which may have an impact on national security interests,” CSIS spokeswoman Isabelle Scott said in an e-mailed response to questions from The Globe and Mail. “CSIS alerts firms to common covert methods used by those who may target them.”

The real harm here is that organization such as CSIS don’t have the resources to hire and retain the talent required to handle emerging threats.

For more on this, read on.

Article Link

(Image used under CC from romulusnr)

There was a new vulnerability announced today in Apache webserver. This affects all versions of the popular webserver software platform running on Windows operating systems.

From ZDNet Australia:

“The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows,” Edelstein told ZDNet.com.au. “An attacker could gain access to, modify and take away data.”

Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company’s security advisory can be accessed here.

“Whilst in the past it was more overt and attackers would deface website pages, they’re more likely now to conceal their access to maintain their foothold,” said Edelstein, giving examples of attackers potentially exploiting the vulnerability by placing hidden pieces of code to capture credit card details from online transactions and install root kits on compromised websites.

Although, I do find it odd that people would be running Apache on Windows for anything other than a lab instance. But, that’s just me.

Article Link

(Image used under CC from Hans Gerwitz)

Back to the daily grind. It will be an interesting week and less than easy to get my head wrapped around non-conference mode. I hope everyone has a great weekend.

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. CIA technician arrested on theft charges | Washington Times
2. Cloudy with a chance of rain | The Economist
3. Hundreds of Twitter Accounts Hacked | Mashable
4. Date set for UFO hacker Gary McKinnon’s judicial review | Welwyn Hatfield
5. Event Data Visualization | interrupt 0×13
6. Is your site hacked? New Message Center notifications for hacking and abuse | Google Webmaster Central
7. Health authority slammed again for privacy lapse | CBC News
8. Federal Support for Federated Login | Google Online Security
9. Back Door Found in Energizer DUO USB Battery Charger Software | Symantec
10. Google gripe shows Ottawa’s cybersecurity ‘vacuum’ | CTV
11. Security And Privacy Certification Service Nailed For Misleading Customers | Dark Reading

Tags: News, Daily Links, Security Blog, Information Security, Security News

…um

…yeah

And I did have a chance to spot Jack Daniel when I was wandering along Ellis Street.

And of course the real star of the show when the exhibition floor opened for business on Tuesday evening…

Mmmm.

Back from RSA and I’m finally feeling human. Nothing sucks worse than trying to travel across country on a plane with sinus issues. Great time at RSA, albeit brief.

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Security Pros Question Deployment of Smart Meters | Wired
2. In 2004, Mark Zuckerberg Broke Into A Facebook User’s Private Email Account | Business Insider
3. ‘Uncrackable’ DRM lasts 24 hours | ZDNet
4. RSA Conference 2010 and Security B-Sides Recap | CSO Online
5. CISOs rain on cloud-computing parade at RSA | Network World
6. Narus develops a scary sleuth for social media | IT World
7. Horizontal scrollbar prompts EU gripe from 6 browser makers | Ars Technica

Tags: News, Daily Links, Security Blog, Information Security, Security News

Here’s Dave (with Net Sec Podcasters Martin and Rich) at RSA – have to say he looks all super professional. (Thanks to @kriggins for the pic, and sorry you’re not in it @securityincite!)

Well done Dave!

When the cats away, at RSA… *evil smile*

Good morning, sunshine!

I’m going to dust off the template and see if I can breathe some life back into my news gathering habits. I miss the routine and I miss the feedback.

Also, I was thinking about doing an article about Security or IT podcasts that our readers might find useful. I have a handful that I listen to, but would like more. If you host one and would like to email me with the name, url and a short paragraph about what you’re up to, please do so to: infosecintern@gmail.com. If you’re a big fan of one in particular, please leave that in the comments. I appreciate it.

See you again soon,

The Intern

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Data protection extends beyond electronic data – Andy, ITGuy
2. Service announcement for vendors – Kees Leune
3. The Economist on Breach Disclosure – New School of Information Security
4. RSA: Microsoft Tries To Turn Shady Internet Trustworthy – Information Week
5. Apple is suing HTC – The Reg
6. Botnets cause surge in February spam – C|NET
7. Hackers-for-hire get the good seats – The Globe and Mail
8. RSA: Cisco Retools Security For Mobile Workforce – Information Week
9. Buffer overflow in Lotus iNotes – Heise
10. Cloud Security Alliance releases top cloud computing security threats – Search Security
11. Hacker Report ‘High Risk’ Flaws in Safari Browser – Threat Post
12. Talking Bots with Japan’s ‘Cyber Clean Center’ – Krebs on Security

Friend of Liquidmatrix, Rob Fuller has started a new site www.practicalexploitation.com. Give it a whirl.

Tags: News, Daily Links, Security Blog, Information Security, Security News





]]> http://www.liquidmatrix.org/blog/2010/03/02/security-briefing-march-2nd-2/feed/ 0 http://www.liquidmatrix.org/blog/2010/03/02/security-briefing-march-2nd-2/