[ISN] InfoSec News Mailing List

Spencer Pratt Leaves The Hills to Fight Cyber Crime

InfoSec News: Spencer Pratt Leaves The Hills to Fight Cyber Crime: http://www.people.com/people/article/0,,20351567,00.html
By Jennifer Garcia People.com March 15, 2010
People Exclusive
Spencer Pratt made his name as the guy audiences loved to hate on The Hills, but now says he's leaving the show to take his career in a totally new . and unexpected . direction. [...]

[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released

InfoSec News: [HITB-Announce] HITBSecConf2010 - Dubai Agenda Released: Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>
Conference agenda for HITBSecConf2010 - Dubai has been announced!
Welcoming Address by H.E Mohammed Nasser Al-Ghanim (Director General, UAE Telecom Regulatory Authority - TRA) -- TBC
Keynote 1: John Viega (CTO, SaaS, McAfee Inc. [...]

[Dataloss Weekly Summary] Week of Sunday, March 7, 2010

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, March 7, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 7, 2010
6 Incidents Added.
======================================================================== [...]

Iran Arrests 30 for Endangering National Security through Cyber War

InfoSec News: Iran Arrests 30 for Endangering National Security through Cyber War: http://english.farsnews.com/newstext.php?nn=8812230838
Fars News Agency 15 March 2010
TEHRAN (FNA)- Iran announced that it has arrested 30 individuals on charges of waging a US-backed cyber war against the country.
A statement issued by Tehran's Public and Revolutionary Court on [...]

Security Pros With Written Career Plans Make More Money

InfoSec News: Security Pros With Written Career Plans Make More Money: http://www.darkreading.com/security/management/showArticle.jhtml?articleID=223800256
By Kelly Jackson Higgins DarkReading March 15, 2010
Most security professionals who officially map out their career plans make higher salaries than those who don't. [...]

Routt County government Web site hacked

InfoSec News: Routt County government Web site hacked: http://www.steamboatpilot.com/news/2010/mar/15/routt-county-public-web-site-hacked/
By Mike Lawrence Steamboat Today March 15, 2010
Steamboat Springs -- Routt County’s information systems director said no personal or sensitive information was accessed when hackers posted [...]

SSD tools crack passwords 100 times faster

InfoSec News: SSD tools crack passwords 100 times faster: http://www.theregister.co.uk/2010/03/12/password_cracking_on_crack/
By John Leyden The Register 12th March 2010
Password-cracking tools optimised to work with SSDs have achieved speeds up to 100 times quicker than previously possible.
After optimising its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Scurit was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. Objectif Scurit's Philippe Oechslin told Heise Security that the result was 100 times faster than possible with their old 8GB Rainbow Tables for XP hashes.
The exercise illustrated that the speed of hard discs rather than processor speeds was the main bottleneck in password cracking based on password hash lookups.
Objectif's test rig featured an ageing Athlon 64 X2 4400+ with an SSD and optimised tables containing 80GB of password hashes. The system supports a brute force attack of 300 billion passwords per second, and is claimed to be 500 times faster than a password cracker from Russian firm Elcomsoft that takes advantages of the number crunching prowess of a graphics GPU from NVIDIA.
[...]

GCHQ staff lost 35 laptop computers, report says

InfoSec News: GCHQ staff lost 35 laptop computers, report says: http://www.guardian.co.uk/uk/2010/mar/11/gchq-mislaid-laptop-computers-report
By Richard Norton-Taylor Guardian.co.uk 11 March 2010
Staff at GCHQ, the government's electronic eavesdropping centre, mislaid 35 laptops and it was not known whether the computers contained top [...]

Hancock Fabrics Hackers Switch Stores' PIN Pads

InfoSec News: Hancock Fabrics Hackers Switch Stores' PIN Pads: http://blogs.forbes.com/firewall/2010/03/12/hancock-fabrics-hackers-switch-stores-pin-pads/
By Andy Greenberg The Firewall Forbes.com March 12, 2010
Targeting point-of-sale devices with malicious software is standard practice, as the wave of retail hackings over the last few years have shown. [...]

GDC: Developers Vs. Cybercriminals

InfoSec News: GDC: Developers Vs. Cybercriminals: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=223800002
By Thomas Claburn InformationWeek March 12, 2010
Cybersecurity is a serious issue for any online business, but for online gaming companies it's doubly so. [...]

Linux Advisory Watch: March 14th, 2010

InfoSec News: Linux Advisory Watch: March 14th, 2010: +----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 14th, 2010 Volume 11, Number 12 | | | [...]

Help wanted: Agencies expect to hire more info security pros in 2010

InfoSec News: Help wanted: Agencies expect to hire more info security pros in 2010: http://gcn.com/articles/2010/03/12/info-security-hiring-survey.aspx
By William Jackson GCN.com March 12, 2010
Federal government is a good place for information security professions during the current economic downturn, with relatively stable budgets, [...]

USENIX HotSec '10 Call for Papers Now Available

InfoSec News: USENIX HotSec '10 Call for Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
The Call for Papers for the 5th USENIX Workshop on Hot Topics in Security is now available.
On behalf of the program committee, we invite you to submit position papers on new directions of research, non-traditional approaches, [...]

Microsoft races to plug IE hole after exploit code released

InfoSec News: Microsoft races to plug IE hole after exploit code released: http://news.cnet.com/8301-27080_3-20000392-245.html
By Elinor Mills InSecurity Complex CNet News March 12, 2010
Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet. [...]

Change in Focus

InfoSec News: Change in Focus: http://www.securityfocus.com/news/11582
By SecurityFocus Staff SecurityFocus 2010-03-10
Since its inception in 1999, SecurityFocus has been a mainstay in the security community. From original news content to detailed technical papers and guest columnists, we've strived to be the community's source for all things security related. SecurityFocus was formed with the idea that the community needed a place to come together and share its collected wisdom and knowledge.
At the time, the security community was fairly fragmented with mainstream security information in its infancy. If you worked in security, it was difficult and frustrating to find the information you were looking for because it was scattered across a small number of mailing lists, sites and publications. There was no single place where a community of security professionals could go to get the information they needed and there was a unique opportunity to build a community portal that would provide its users with a destination and voice.
At SecurityFocus, the community has always been our primary focus. We knew then as we know now that providing the community with a place to share information, discuss new ideas and share technologies was critical to staying in touch with the constantly evolving threat landscape. With its purchase of SecurityFocus in 2002, Symantec became one of the first vendors to recognize the importance of maintaining a close relationship with the security community to the point where they made a commitment to its founders to continue to operate SecurityFocus as an independent company with the same mandate -- "It's all here - and it's all free."
The threat landscape has changed significantly over the past 10 years and so has the community. What was once a dispersed though vocal collection of users, researchers and analysts has become a much larger and more cohesive community of experts who have endeavored to make security more than just an after-thought. Vendors have also changed significantly, to the point where entire divisions are devoted to security research and education. Today, more information is shared openly within the community than ever before through the use of blogs, threat analysis, and whitepapers as vendors increasingly work with the community to solve today's security challenges. The enormous growth in dedicated portals and alternative news sources such as social networking sites allows us to get our security news and information from a variety of sources and as a result, it makes sense for SecurityFocus to evaluate how best to serve its readers.
With this in mind, the time is right for SecurityFocus to focus more on its core components. Beginning March 15, 2010 SecurityFocus will begin a transition of its content to Symantec Connect. As part of its continued commitment to the community, all of SecurityFocus. mailing lists including Bugtraq and its Vulnerability Database will remain online at www.securityfocus.com There will not be any changes to any of the list charters or policies and the same teams who have moderated list traffic will continue to do so. The vulnerability database will continue to be updated and made available as it is currently. DeepSight and other security intelligence related offerings will remain unchanged while Infocus articles, whitepapers, and other SecurityFocus content will be available off of the main Symantec website in the coming months.
While the news portal section of SecurityFocus will no longer be offered, we think our readers will be better served by this change as we combine our efforts with Symantec Connect and continue to provide a valuable service to the community. As always, if you have any questions or concerns you can reach us at editor-at-securityfocus-dot-com.

TJX Hacking Conspirator Gets 4 Years

InfoSec News: TJX Hacking Conspirator Gets 4 Years: http://www.wired.com/threatlevel/2010/03/tjx-conspirator-sentenced-to-46-month/
By Kim Zetter Threat Level Wired.com March 11, 2010
Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined [...]

Final CFP: TrustBus'10-- Deadline Extended

InfoSec News: Final CFP: TrustBus'10-- Deadline Extended: Forwarded from: "M. Carmen Fernández Gago" <mcgago@ (at) cc.uma.es>
** Apologies for multiple copies **
*Final Call for Papers*
7th International Conference on
*TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS (TrustBus'10) * Bilbao, Spain
30 August -- 3 September 2010
http://www.isac.uma. [...]

State Web site breach tied to foreign attacker

InfoSec News: State Web site breach tied to foreign attacker: http://www.desmoinesregister.com/article/20100311/NEWS10/3110351/-1/networking/State-Web-site-breach-tied-to-foreign-attacker
By William Petroski The Des Moines Register March 11, 2010
A hacking incident on an Iowa homeland security Web site last week has [...]

ZeuS botnet code keeps getting better... for criminals

InfoSec News: ZeuS botnet code keeps getting better... for criminals: http://www.networkworld.com/news/2010/031110-zeus-botnet.html
By Ellen Messmer Network World March 11, 2010
New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in [...]

Secunia Weekly Summary - Issue: 2010-10

InfoSec News: Secunia Weekly Summary - Issue: 2010-10: ========================================================================
The Secunia Weekly Advisory Summary 2010-03-04 - 2010-03-11
This week: 63 advisories [...]

Why Bob Maley's Firing is Bad for All of Us

InfoSec News: Why Bob Maley's Firing is Bad for All of Us: http://threatpost.com/en_us/blogs/why-bob-maleys-firing-bad-all-us-031110
By Dennis Fisher Threatpost March 11, 2010
The news that Pennsylvania CISO Bob Maley lost his job for publicly discussing a security incident at last week's RSA Conference really shouldn't come as a surprise, but it does. [...]

Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident

InfoSec News: Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident: http://www.pennlive.com/midstate/index.ssf/2010/03/pennsylvanias_web_security_off.html
By JAN MURPHY The Patriot-News March 10, 2010
Last week, Pennsylvania's chief information security officer Robert Maley was at an information security conference in San Francisco talking [...]

The FBI supply chain illustrated

InfoSec News: The FBI supply chain illustrated: http://blogs.csoonline.com/the_fbi_supply_chain_illustrated
By Robert McMillan Security Blanket 2010-03-09
While FBI Director Robert Mueller was talking about possible threats to the U.S. supply chain at the RSA Conference last week, staffers at the [...]

Colorado Springs man allegedly sabotaged TSA computers

InfoSec News: Colorado Springs man allegedly sabotaged TSA computers: http://www.denverpost.com/ci_14648083
By Howard Pankratz The Denver Post 03/10/2010
A former employee of the Transportation Security Administration has been indicted by the Denver federal grand jury for attempting to sabotage TSA computers that enable TSA airport personnel to spot potential terrorists before they board airliners.
Douglas James Duchak, 46, of Colorado Springs, worked for the TSA from August 2004 through October 2009.
According to the indictment, Duchak sent a code or virus into computers at the TSA's Colorado Springs Operations Center in the attempt to disable the TSA computer system, which receives information from the government's Terrorist Screening Database and the U.S. Marshal's Service Warrant Information Network.
The indictment said that the TSA computer system is critical in "vetting of individuals" who are attempting to gain access to "secure areas of the nation's transportation system."
The indictment said that Duchak's duties included updating the databases with new information.
He allegedly inserted a virus programmed to spread on a specific date to destroy the computer system.
[...]

Zeus botnets suffer mighty blow after ISP taken offline

InfoSec News: Zeus botnets suffer mighty blow after ISP taken offline: http://www.theregister.co.uk/2010/03/10/massive_zeus_takedown/
By Dan Goodin in San Francisco The Register 10th March 2010
At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend [...]