Home Vulnerabilities Exploits Hacking IT Security Malware
Twitter
RSS

Archive for July 26th, 2010

« Older Entries

Pentagon Says Bradley Manning a Possible Suspect in Afghan Leak

By admin on Monday, July 26th, 2010 | No Comments

The Pentagon regards Army intelligence analyst Bradley Manning as a possible suspect in leaking a classified six-year history of the U.S.-led war in Afghanistan that Wikileaks published over the weekend, a spokesman said Monday.

“He is certainly one person that we would be looking at in terms of this leak,” said Col. Dave Lapan. “He’s not the only person. We’ve neither ruled in or ruled out PFC Manning. We’re still assessing the documents to see if we can determine the source of the leak.”

Manning, 22, was arrested in late May after he was turned in by a former hacker he befriended online. In chats with ex-hacker Adrian Lamo, Manning claimed he leaked a variety of classified documents, databases and videos to Wikileaks, and described having direct contact with the site’s founder, Julian Assange, beginning sometime after Thanksgiving, 2009. He also said he’d been digging through… Read the rest

Read More...

Free Sophos tool blocks Windows shortcut attacks

By admin on Monday, July 26th, 2010 | No Comments

Computerworld - The security firm Sophos released a tool on Monday that it claimed will block any attacks trying to exploit the critical unpatched vulnerability in Windows’ shortcut files.

The tool, dubbed “Sophos Windows Shortcut Exploit Protection Tool,” will protect users until Microsoft releases a permanent patch for the problem, said Chet Wisniewski, a senior security advisor at Sophos.

“The tool replaces Windows’ icon handler, so that anything that calls the handler, we’re going to intercept,” Wisniewski told Computerworld.

But Microsoft refused to condone the Sophos tool, a position it takes whenever third-party solutions to a Windows bug are introduced.

“Microsoft does not endorse third-party tools,” said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC). “We recommend that customers apply the workaround in Security Advisory 2286198, as it helps to protect customers from all known attack vectors.”

Read the rest

Read More...

Next step for Wikileaks: Crowdsourcing classified data

By admin on Monday, July 26th, 2010 | No Comments

Computerworld - WASHINGTON – The release on Sunday by Wikileaks of more than 90,000 documents about military operations in Afghanistan may just be the start of problems for the U.S. government.

The online publication of the documents, which offer an inside — and potentially embarrassing — look at the war in Afghanistan between 2004 and the end of 2009, represent a failure by the U.S. to control its classified data from insider threat. And it throws open to the whole world a chance to crowdsource the information the documents contain.

With that in mind, Wikileaks’ Editor-In-Chief Julian Assange on Monday urged intrepid researchers to cull the documents for information that the group — and three publications given access to them — have yet to uncover. Assange said that Excel, one of the formats in which the material was released, might be the best

Read the rest

Read More...

Talk On High-Speed Trading Hacks Pulled From Security Conference

By admin on Monday, July 26th, 2010 | No Comments

Just as important as what’s revealed each summer at the Black Hat hacker confab in Las Vegas may be what isn’t. Among the talks conspicuously absent from this year’s schedule: a presentation exposing security vulnerabilities in banks’ high-speed trading systems.

The talk, planned by security researchers Varun Uppal and Gyan Chawdhary, would have dealt with methods for hiding risky unauthorized trades in high-speed trading applications, as well as demonstrating a “sniffing” software tool capable of siphoning trading information to a faraway hacker to allow a high-tech form of real-time insider trading. But Uppal tells us that the talk has been cancelled after concerns were raised by a financial industry client of the security auditing firm he works for, Information Risk Management.

“One of our customers, a main Wall Street bank, wasn’t comfortable with what we were presenting,” says Uppal.

Uppal and Chawdhary were planning to

Read the rest

Read More...

Google rolls out Apps for Government

By admin on Monday, July 26th, 2010 | No Comments

IDG News Service - Google on Monday unveiled a new version of Google Apps designed to meet the rigorous security needs of U.S. government agencies.

Google Apps for Government includes Gmail, Talk, Groups, Calendar, Docs, Sites, Video and Postini. The service costs the same as Google’s existing Premier Edition offering: $50 per user per year.

Data in the apps will be stored only in the U.S., and servers that support the offering are segregated from those used by nongovernmental customers, Google said.

The service meets requirements for data security laid out in the Federal Information Security Management Act, so it can be used by agencies that are required to comply with the act.

The government service is available now and Google highlighted a couple of customers already using it. Berkeley Labs, which is part of the Department of Energy, started using

Read the rest

Read More...
« Older Entries