The maker of Red Hat Enterprise Linux and Fedora said that hackers have gained access to key servers in what appear to be two separate incidents. Red Hat Inc. found last week that someone had compromised several Fedora servers, including one that is used to sign Fedora packages. The company said that although the server was accessed illegally, they don’t believe that the passphrase used to get to the key used to actually sign the packages was compromised.
Read More
Wednesday, August 27, 2008
Monday, August 18, 2008
Microsoft BlueHat Security Briefings: Fall 2008
The eighth edition of BlueHat will be held on October 16-17, 2008, at the Microsoft corporate headquarters. The Microsoft BlueHat conference is a twice-a-year event aimed at bringing internal Microsoft security professionals and external security researchers together in a relaxed environment to promote the sharing of ideas and social networking. The event highlights important emergent technologies, techniques, and industry best practices.
Sessions
BlueHat v8 will consist of two full days of great content from both internal and external security experts presented in a lecture theater environment. These presentations will offer speakers the opportunity to showcase ongoing research and collaborate with peers while educating and highlighting advancements in security products and techniques.
Day 1: Sessions will be a hybrid of content from deep-dive technical security issues to innovative techniques and best practices in the information security realm.
Day 2: Microsoft’s Security Development Lifecycle (SDL) team will host sessions emphasizing secure development and testing practices and how to develop with security in mind from the beginning of the software development lifecycle. The BlueHat SDL sessions will focus more on appropriate defense strategies and less on attack techniques. Sessions might include demonstrations of secure coding techniques or correct and incorrect methods of using various security tools.
http://technet.microsoft.com/en-us/security/cc748656.aspx
Sessions
BlueHat v8 will consist of two full days of great content from both internal and external security experts presented in a lecture theater environment. These presentations will offer speakers the opportunity to showcase ongoing research and collaborate with peers while educating and highlighting advancements in security products and techniques.
Day 1: Sessions will be a hybrid of content from deep-dive technical security issues to innovative techniques and best practices in the information security realm.
Day 2: Microsoft’s Security Development Lifecycle (SDL) team will host sessions emphasizing secure development and testing practices and how to develop with security in mind from the beginning of the software development lifecycle. The BlueHat SDL sessions will focus more on appropriate defense strategies and less on attack techniques. Sessions might include demonstrations of secure coding techniques or correct and incorrect methods of using various security tools.
http://technet.microsoft.com/en-us/security/cc748656.aspx
Thursday, August 14, 2008
Hackers spoof MSNBC alerts in new twist on malware ruse
Hackers trying to plant malware on PCs have switched from touting CNN news in come-on messages to pushing breaking stories said to be from rival network MSNBC, security experts said today.
The fake messages pose with subject headings that include the phrase "Breaking News," along with phony news story headlines, such as " Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heath Ledger's death," and "Plane crashes into prep school, hundreds of kids killed," said researchers at F-Secure Corp. and Sophos Plc
Read More
The fake messages pose with subject headings that include the phrase "Breaking News," along with phony news story headlines, such as " Jerry Yang relinquishes control over Yahoo," "Mary-Kate Olsen responsible for Heath Ledger's death," and "Plane crashes into prep school, hundreds of kids killed," said researchers at F-Secure Corp. and Sophos Plc
Read More
Thursday, August 07, 2008
From BLACK HAT 2008: Google gadget flaws
Google gadgets are small applications, such as a currency converter, calendar or weather forecast, that can be added to the iGoogle homepage or a computer's desktop. The problem lies in the fact that the mini-modules are created by third-party developers, who can embed malicious JavaScript to redirect users to hacker websites, security researcher Robert “RSnake” Hansen told several hundred people in attendance
Read More
Read More
Tuesday, August 05, 2008
Microsoft to give partners heads-up on security vulnerabilities
Microsoft will be giving companies that sell security software and services to its customers a sneak peek at the technical details of the vulnerabilities in Microsoft software before the company releases its monthly "Patch Tuesday" updates.
The new Microsoft Active Protection Program, set to be announced at the Black Hat security conference on Tuesday, is designed to give software vendors a change to prepare updates to their software before attackers have a chance to reverse engineer Microsoft's security patch and create an exploit.
"It's essentially a race between the attackers and the protectors," said Andrew Cushman, who runs the Microsoft Security Response Center. The program will "give a head start to software providers delivering security features to our mutual customers."
Read More
The new Microsoft Active Protection Program, set to be announced at the Black Hat security conference on Tuesday, is designed to give software vendors a change to prepare updates to their software before attackers have a chance to reverse engineer Microsoft's security patch and create an exploit.
"It's essentially a race between the attackers and the protectors," said Andrew Cushman, who runs the Microsoft Security Response Center. The program will "give a head start to software providers delivering security features to our mutual customers."
Read More
Switches are Supported by MS NAP 802.1x Enforcement
very Important article for implementing MS NAP 802.1x Enforcement
http://blogs.technet.com/nap/archive/2007/07/10/nap-802-1x-enforcement-switches-we-ve-tested-w-nap.aspx
http://blogs.technet.com/nap/archive/2007/07/10/nap-802-1x-enforcement-switches-we-ve-tested-w-nap.aspx
Sunday, August 03, 2008
MySpace and Facebook targeted by worm
Facebook users take care of this !!!
The worm variants are spread through the popular social networking sites, turning infected machines into zombies - PCs illicitly controlled by hackers to carry out tasks like denial of service attacks.The Net-Worm.Win32.Koobface.a is activated when a user accesses their MySpace account, and is spread when it automatically comments on linked friend's sites. Facebook is targeted by Net-Worm.Win32.Koobface.b, which sends messages to the infected user's contacts through the Facebook site.
Read More
The worm variants are spread through the popular social networking sites, turning infected machines into zombies - PCs illicitly controlled by hackers to carry out tasks like denial of service attacks.The Net-Worm.Win32.Koobface.a is activated when a user accesses their MySpace account, and is spread when it automatically comments on linked friend's sites. Facebook is targeted by Net-Worm.Win32.Koobface.b, which sends messages to the infected user's contacts through the Facebook site.
Read More
Subscribe to:
Posts (Atom)