Hola mis amigos!

Great weekend all around, I hope. Screw Monday, let’s… oh yes, personal ethics and a desire to pay the bills sway us back to work, don’t they? Make the best of it!

Signed,

The Intern

p.s. 23 days to DefCon – woot!

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Security Automation Developers Conference Slides – Guerilla CISO
2. McAfee false-positive glitch fells PCs worldwide – The Register
3. The Curious Case of Asset Valuation – RiskAnalys.is
4. Web traffic shaping comes under CRTC microscope – The Globe and Mail
5. Apple fixing iPhone SMS security hole – C|NET
6. “Luxembourg attacks” on AES encryption – Heise
7. You’ve Got Blackmail: The AOL Account That Wouldn’t Die – Wall Street Journal
8. Sysadmin Sunday: Guard against file corruption with PAR – HiR Information Report
9. Wife exposes chief spy’s personal life on Facebook – C|NET

And finally, @shrdlu goes for a fictional (or is it?) little walk on Fantasy Island…

10. BSOFH: All’s fair in security and war. – Layer 8

Tags: News, Daily Links, Security Blog, Information Security, Security News

Sarah Palin resigned providing for an inadvertent early holiday present. Now, as she goes off in search of a speech writer (she REALLY needs one), we would like to wish a very happy July 4th to our American cousins from all of us at Liquidmatrix Security Digest (well, the Canadian part of the gang).

Enjoy!

Hmm. Wondering if there is an impending scandal about to break in the Palin camp.

A few days ago the news came out that Apple is working to fix a new problem with the iPhone SMS that will permit code to be passed rather than simply text messages.

From Ars Technica:

Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. Miller hasn’t yet detailed the flaw, citing an agreement with Apple, though he and partner Vincenzo Iozzo plan to detail their discovery later this month at the Black Hat Security Conference in Las Vegas.

During a presentation at the SyScan security conference in Singapore, Miller explained that a vulnerability in the iPhone’s handling of SMS messages makes it possible to send code instead of strictly text.

“(W)hen it executes the code it does so with root privileges”. As root? Um, whoops.

I am really looking forward to this preso at Black Hat.

Article Link

Not entirely sure what the thought process was of John Roth who, after being warned, still travelled to China with a laptop containing military data relating to drones…and then shared said information with a Chinese and Iranian student.

Um, yeah.

From Scientific American:

John Reece Roth, 71, a prominent plasma physicist was sentenced to four years in prison for 18 counts of conspiracy, wire fraud and violations of the Arms Export Control Act, after he allowed a Chinese graduate student to see sensitive information on Unmanned Air Vehicles (UAVs), also known as drones.

“The illegal export of restricted military data represents a serious threat to national security,” David Kris of the U.S. Department of Justice, said in a statement, “We know that foreign governments are actively seeking this information for their own military development. Today’s sentence should serve as a warning to anyone who knowingly discloses restricted military data in violation of our laws.”

Only 4 years? I think he got off easy.

Article Link

Morning all! Hope you are all recovering from your *wild* Canada Day parties.

I’m sleepy. I had some dream about Scarlett Johansson last night, hmmm I wonder why?

Thanks for reading!

Signed,

Matt

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Facebook URLs Reveal Browsing History – fbhive
2. Kremlin may tighten up internet use in Russia – Guardian
3. GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 1) – McGrew Security
4. New AES Attack Documented – SlashDot
5. Hospital Hacker Arrested – The Register
6. Suspected Rolling Stones DDoS – The Register
7. Malzilla: Exploring scareware and drive-by malware – Hollistic InfoSec
8. Mozillas Content Security Policy – ha.ckers
9. Live Blog: The Facebook Privacy Conference Call – TechCrunch
10. InfoSex Sells – Developing Security
11. China Fears Us As We Fear Them – FCW

Tags: News, Daily Links, Security Blog, Information Security, Security News

The storm clouds are gathering over the Clear debacle. Someone woke up Congress and now they want answers.

From Wired:

Clear subscribers paid $200 annually to skip to the front of security lines at 20 of the countries largest airports, but they had to undergo a background check and turn over social security numbers, fingerprints and iris prints to get the card.

That data trove left a lot of unanswered questions after Clear closed abruptly last Monday night. The company, which was founded by journalist-cum-entrepreneur Steven Brill, belatedly told members it was seeking to sell its data to another fast-lane company. If a buyer wasn’t found, it would destroy the data, according to the company’s website.

Hmm. $200 dollar subscriptions for over 165,000 people. So, $33 mil per annum and they’re not filing for bankruptcy? This smells all wrong.

Not only am I curious as to the fate of the data but, where did all the money go?

Article Link

A new law that went into effect today. A DNA sample buffet of anyone charged with a felony in Florida.

From The News Herald:

The new law, which went into effect today, will require anyone arrested on a felony charge submit a DNA sample to be added to a state database. Previously, DNA samples were taken only from those convicted of felonies.

“This is common sense and the right thing to do,” said Crist, flanked by uniformed state troopers at the June 17 bill signing.

Under the new law, however, thousands of people who are arrested on felony charges but later have those charges dropped or reduced could have their DNA swept into the statewide offender database.

So, is this to say that folks that are innocent can find their DNA in this database as well? Seems a touch sketchy on the surface. Of the people charged with a felony in 2008, 26 percent had their charges reduced, dismissed or were found innocent.

Can the innocent have a say?

“People can get their DNA purged from it if they have their charges dropped or are found innocent, stuff like that,” said Rep. Marti Coley, R – Marianna.

Strickland said the removal process is flawed.

“The process does not occur automatically,” she said. “We advocated for an automatic expungement program, and it failed.”

This has all the hallmarks of an absolutely horrid piece of…legislation.

Article Link

Morning all! Happy Canada Day to all of our Canadian readers (and writers )! Happy July to everybody else.

Busy week for me, and by busy I of course mean busy waiting for the nice weather to show up. (WTH New York?!)

Thanks for reading!

Signed,

Matt

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. ATM Vendor Halts Talk at Black Hat – Threat Level
2. Cybercrime spreads on Facebook – Reuters
3. BSOFH: Alls Fair in Security and War – Layer8
4. July 1st is Twittersec Day – I-Hacked
5. Backtrack 4 Pre-Release with persistence on an SD card – Pauldotcom
6. Adobe Shuts Down July 4th Week to Ride Out Recession – PC World
7. UK ‘has cyber attack capability’ – BBC
8. Top 10 Signs You Are A Security Twit – Developing Security
9. Texas man accused of hacking into clinic computers – Associated Press
10. ‘Mafiaboy’: Cloud Computing Will Cause Internet Security Meltdown – Dark Reading
11. Hacker pleads guilty to stealing 1.8 million credit card numbers – Post-Gazette

Finally, if you are headed to Defcon find some time to stop by the Podcasters Meetup

12. 2nd Annual Podcasters Meetup at Defcon – Podcasters Meetup

Tags: News, Daily Links, Security Blog, Information Security, Security News

/me sighs happily. I have a mad crush on Scarlett Johansson.

I’ve always wanted to do that. I’ve accomplished everything I ever wanted in this job. Whatever shall I do next?

Have a great day!

Signed,

The Intern

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. Juniper Networks Gags “ATM Jackpot” Researcher – Risky Biz
2. Mitnick site targeted in DNS attack on webhost – The Register
3. Is It Time to Stop Password Masking? – Threat Post
4. New Trojan stealing FTP credentials, attacking FTP websites – Search Security
5. Web Filtering Company Reports Cyber Attack To FBI – Information Week
6. Hackers blamed for wave of fake death tweets – C|NET Of course it’s a hacker, a bored teenager couldn’t possibly guess the security questions, right?
7. Metasploit Framework as a Payload – Room 362
8. Notorious phone phreaker gets 11 years for swatting – The Register
9. Hole in VLC Media Player – Heise
10. ‘Iceman’ pleads guilty in credit card theft case – C|NET

Tags: News, Daily Links, Security Blog, Information Security, Security News

The EFF has sent out a call to arms to help the protesters in Iran.

From the EFF:

As turmoil over the disputed election in Iran continues, many techs are trying to find ways to help Iranian citizens safely communicate and receive information despite the barriers being established by Iranian authorities. One tactic that even moderately tech-savvy Internet users can employ is to set up a Tor relay or a Tor bridge.

More sophisticated users can skip this paragraph, but for the rest, here’s the basic outline. Tor (an acronym of “The Onion Router”) is free and open source software that helps users remain anonymous on the Internet.

Read on for full article and lend your support.

Article Link