2010 July 08 | Hack In The Box | Hacking and Computer security news

Archive for July 8th, 2010

Microsoft’s new 0 day flaws, upcoming patches and retirements

By admin on Thursday, July 8th, 2010 | No Comments

Microsoft Security Response Center logo

On the threat and vulnerability front Microsoft is dominating the headlines today. With patch Tuesday around the corner, new 0 day exploits being disclosed and the upcoming retirement of several major OS releases I figured it was a good time to do a news roundup.

Microsoft released details today for the July 13th, 2010 patch Tuesday release. In total there are two fixes for Windows, one Critical and one Important and two fixes for Office, both of which have a Critical severity rating.

Typically Microsoft does not provide specific information in advance of a monthly bulletin, but this month they are announcing that this release will address two high profile flaws.

First is the much debated SA 2219475, which is the 0 day exploit announced by Tavis Ormandy in the Windows… Read the rest

NSA to Spy on Critical Infrastructure, Says WSJ

By admin on Thursday, July 8th, 2010 | No Comments

The NSA has a new program called “Perfect Citizen” that lets it monitor the networks of utilities and other “critical” infrastructure to identify potential electronic attacks, The Wall Street Journal reported Wednesday.

Under the $100 million program, the nation’s top spying group will embed surveillance probes in privately-owned networks to look for suspicious behavior, the Journal’s Siobhan Gorman reports. The NSA, which has the dual responsibility for eavesdropping on other countries and defending .mil networks, has no authority to order companies to install its spying software, but cooperation can be achieved through a bit of arm-bending, according to the paper.

The NSA, part of the Department of Defense, is getting around a broad prohibition against the military operating on U.S. soil by pairing with Homeland Security on the program. The move to expand the NSA and government’s computer security defenses beyond the government’s own networks is… Read the rest

NSA says ‘Perfect Citizen’ is a research program

By admin on Thursday, July 8th, 2010 | No Comments

IDG News Service - The U.S. National Security Agency confirmed the existence of a controversial program aimed at protecting the country’s critical infrastructure Thursday, but disputed claims that the program would monitor network traffic on critical infrastructure networks.

The program, called Perfect Citizen, was first disclosed Thursday in a Wall Street Journal article that said the NSA “would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity.”

Raytheon won the US$100 million contract for the first phase of Perfect Citizen, which is funded by the Comprehensive National Cybersecurity Initiative, the Journal reported.

In a statement released late Thursday, the NSA confirmed that Perfect Citizen exists. But the spy agency called the newspaper’s description “inaccurate,” saying that the program is “purely a vulnerabilities-assessment and capabilities-development contract.”

“This is a research and engineering effort,” the

… Read the rest

Researcher cracks ‘secret’ code in U.S. Cyber Command logo

By admin on Thursday, July 8th, 2010 | No Comments

Computerworld -

A security researcher said on Thursday he was the first to crack the code embedded in the seal of the U.S. Cyber Command (Cybercom), the group responsible for protecting the country’s military networks from attack.

Sean-Paul Correll, a threat researcher with antivirus vendor Panda Security, said that the characters visible in a gold ring on Cybercom’s official seal represent the MD5 hash of the group’s mission statement. MD5 is a 128-bit cryptographic hash most often used to verify file integrity.

A representative of Cybercom confirmed that Correll had it right. ” Mr. Correll is correct…it’s a MD5 hash,” said Lt. Commander Steve Curry of the U.S. Navy, in an e-mail.

“It wasn’t very difficult,” said Correll, adding that it took him only two minutes to figure out that the characters — 9ec4c12949a4f31474f299058ce2b22a — were the hash value… Read the rest

Lawyers Who Won NSA Spy Case Demand $2.63 Million

By admin on Thursday, July 8th, 2010 | No Comments

How much does it cost to convince a federal judge your clients were victims of President Bush’s once-secret warrantless spy program? $2.63 million.

That’s the combined payment a team of eight lawyers is demanding from the government after proving their clients were illegally wiretapped under a once-secret National Security Agency spy program adopted in the wake of the 9/11 terror attacks. The hourly rates range from $506 an hour to $296, and are based on generally accepted billing schedules.

The legal fee request (.pdf) Wednesday came three months after U.S. District Judge Vaughn Walker of San Francisco ruled the former administration wiretapped phone calls between a Saudi charity and its U.S. lawyers without a warrant, in violation of federal law.

It was the first ruling addressing how Bush’s spy program was carried out against American citizens. Other lawsuits considered the program’s overall constitutionality — absent any… Read the rest

Archive for July 8th, 2010

Microsoft’s new 0 day flaws, upcoming patches and retirements

NSA to Spy on Critical Infrastructure, Says WSJ

NSA says ‘Perfect Citizen’ is a research program

Researcher cracks ‘secret’ code in U.S. Cyber Command logo

Lawyers Who Won NSA Spy Case Demand $2.63 Million

Meta

Archives

Categories

July 2010
M	T	W	T	F	S	S
« Jun				Aug »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31