Information Security News
Microsoft has plugged a hole in its Windows operating system that allowed attackers to use USB-connected drives to take full control of a targeted computer.
Microsoft said it classified the vulnerability as "important," a less severe rating than "critical," because exploits require physical access to the computer being attacked. While that requirement makes it hard for hacks to spread online, readers should bear in mind that the vulnerability in theory allows attackers to carpet bomb conferences or other gatherings with booby-trapped drives that when plugged in to a vulnerable computer infect it with malware. Such vulnerabilities also allow attackers to penetrate sensitive networks that aren't connected to the Internet, in much the way the Stuxnet worm that targeted Iran's nuclear program did.
"When you look at it in the sense of a targeted attack, it does make the vulnerability critical," Marc Maiffret, CTO of BeyondTrust, told Ars. "Because of things like Stuxnet raising awareness around the physical aspect of planting USB drives or having people to take these things into facilities, it does make it critical."
by Sean Gallagher
After a rash of attacks against US businesses and government agencies throughout the past few months, the White House is now putting the issue of Chinese state-backed hacking on the front burner. Many of these attacks have been tied by network security firms directly or indirectly to a unit of the Chinese People's Liberation Army (PLA), though Chinese officials still deny any link to the attacks (they claim that China's networks are victims being targeted as well). However, country officials signaled a willingness to talk with the US about cooperation on Internet security—even if it's not clear whether or not the Chinese civilian government is completely in control of the PLA's operations.
White House National Security Advisor Tom Donilon said yesterday that the ongoing alleged Chinese attacks and theft of data from US government and business networks has elevated "cyber" to the top of President Obama's priority list in policy toward China. "From the President on down, this has become a key point of concern and discussion with China at all levels of our government," Donilon told an audience at the Asia Society in New York. "And it will continue to be."
The Obama administration is seeking three things from China's leadership with regard to cyber-espionage, Donilon said. "First, we need a recognition of the urgency and scope of this problem and the risk it poses—to international trade, to the reputation of Chinese industry, and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace."
Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It's a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson.
The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported. Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn't challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively.
The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter, in which the title character says, "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve." The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as "doxxing," and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective.
TeleSign Honored With 2013 InfoSec Global Product Excellence Award for ...
Marketwire (press release)
TeleSign Honored With 2013 InfoSec Global Product Excellence Award for Fraud Prevention. Third Consecutive Win for the Security and Fraud-Prevention Company. LOS ANGELES, CA--(Marketwire - Mar 12, 2013) - TeleSign, an Internet security and ...
Career Watch: Master's of infosec students don't wait for degree to get jobs
IT-related academic programs tend to be judged on how well getting a degree correlates with getting a job. On that basis, Indiana University's Master of Science in Security Informatics program is beyond successful. Many of its students get job offers ...
UEFI IS VERY BAD SYSTEM . IT FORCES ALL BIOS DEVELOPERS, TO USE WINDOWS, NOW BEFORE - OPEN FREE SOURCES THAT WORK BETTER THAN THE WINDOWS IN ALL AREAS INCLUDING SECURITY
Posted by InfoSec News on Mar 11http://www.slate.com/articles/life/crime/features/2013/the_lock_pickers/alfred_c_hobbs_the_american_who_shocked_victorian_england_by_picking_the.html
Posted by InfoSec News on Mar 11http://english.peopledaily.com.cn/90778/8163468.html
Posted by InfoSec News on Mar 11http://www.nextgov.com/cybersecurity/2013/03/nist-hits-party-circuit-drum-cyber-standards-support/61802/
Posted by InfoSec News on Mar 11http://www.csoonline.com/article/730015/dna-hack-could-make-medical-privacy-impossible
Posted by InfoSec News on Mar 11https://www.networkworld.com/news/2013/031113-tripwire-ncircle-267572.html
China calls for global hacking rules
The Canberra Times
Chinese Foreign Minister of China Yang Jiechi (L) leans over to talk with Chinese Premier Wen Jiabao (R) during a summit. Photo: LEE JAE-WON. Hackers breach Reserve Bank. SHANGHAI: China issued a new call on Saturday for international "rules and ...