Support Wars

From Tech Republic: The Washington Post reports in Defense official discloses cyberattack: The most significant breach of US military computers was caused by a flash drive inserted into a US military laptop on a post in the Middle East in 2008. A foreign intelligence agency managed to place malware on a USB flash drive that [...]

From SF Weekly: Terry Childs, the “rogue techie” who refused to disclose the passwords to a crucial city networking system for the better part of two weeks, has been sentenced to four years in state prison. He also may be stuck with up to $1.485 million in restitution payments. Since Childs has been jailed since [...]

From SANS ISC: As announced on Friday, Microsoft released an out-of-band bulletin to address the recent Shortcut/LNK exploits. As confirmed in Microsoft’s announcement, various malware is now attempting to exploit this vulnerability. The vulnerability is rather easy to exploit in particular given the tools available to craft necessary shortcuts. Clients are the main target but [...]

From Dark Reading: Adobe’s Reader and Acrobat PDF applications have been hit by a new attack exploiting an unpatched vulnerability in the pervasive tools. So far the exploit has been used mostly in targeted attacks, but researchers say it could soon spread now that the cat is out of the bag. Adobe late yesterday issued [...]

From SecurityFocus: The cybercriminals behind the Zeus botnet used Amazon’s Elastic Computing Cloud (EC2) to host the central server used to control a portion of the compromised machines, security firm CA stated on Thursday. The company found that infected machines would contact a server hosted in Amazon’s cloud to download updates and additional functionality to [...]

From Dark Reading: Keyloggers and spyware are the most commonly occurring attacks in companies that suffer major data breaches, according to a report published today by Verizon Business. The new report, “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” offers a look at the 15 most common security attacks and how [...]

From ISC SANS: The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air was upgraded as well to version 1.5.3. Read more about it in the apsb09-19 bulletin from adobe. The reason behind it are 7 vulnerabilities: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800 and, CVE-2009-3951 of which 6 lead [...]

From Dark Reading: An Israeli mobile security firm that a month ago offered $100,000 in gold to anyone who could hack its voice encryption technology has upped the ante to $250,000. Gold Lock posted a sample of an encrypted voice conversation on its Website and is offering the golden reward to any hackers who can [...]

Found a great article on network broadcasts today on ISC SANS: So Rob, you say, aren’t we done talking about protecting switches and the like at Layer 2 yet?  We talked about Man in the Middle Attacks in October, and Layer 2 remediation against Man in the Middle Attacks in November, that should cover it, [...]

From the Google Code Blog: Today, as part of our efforts to make the web faster, we are announcing Google Public DNS, a new experimental public DNS resolver. The DNS protocol is an important part of the web’s infrastructure, serving as the Internet’s “phone book”. Every time you visit a website, your computer performs a [...]