Security Bytes
October 2008
-
Hoff and Citrix’s Crosby to go all sumo at RSA
- R.I.S.C. Associates 31 Oct 2008 -
ICANN terminates alleged malware hosting provider EstDomains
- R.I.S.C. Associates 29 Oct 2008 -
The three-ring security circus
- R.I.S.C. Associates 28 Oct 2008
Security vendors and doomsayers have been using the specter of virtualized rootkits, undetectable malware worming its way into virtualized environments, and all manner of other bogeymen to warn ...
ICANN, the organization that controls the top-level domains, has pulled the accreditation of EstDomains, a hosting provider that has been under fire for months from the security community for ...
There's an interesting post on the Wall Street Journal's Business Technology blog today about security vendors resorting to gimmicks and publicity stunts in order to sell more stuff and, allegedly, ...
-
Security flaw exposes Google G1 phone to attacks
- R.I.S.C. Associates 27 Oct 2008 -
Trojan exploiting MS08-067 RPC vulnerability
- R.I.S.C. Associates 24 Oct 2008 -
Microsoft RPC flaw could be worm bait
- R.I.S.C. Associates 23 Oct 2008 -
Critical out-of-band Microsoft patch coming today
- R.I.S.C. Associates 23 Oct 2008 -
Attacks show vulnerability of keyboards to eavesdropping
- R.I.S.C. Associates 20 Oct 2008 -
FBI takes down DarkMarket cybercrime ring
- R.I.S.C. Associates 17 Oct 2008 -
Alleged operators of HerbalKing spam gang indicted
- R.I.S.C. Associates 15 Oct 2008
If you're planning to bring a new smartphone to market anytime soon, you might want to check with the guys at Independent Security Evaluators first. For the second time in about 15 months, ISE ...
There are reports emerging Friday morning of a new Trojan exploiting the MS08-067 RPC vulnerability in Windows that Microsoft patched with an emergency fix yesterday. Known as Gimmiv.A, the Trojan ...
The vulnerability that Microsoft patched today with an out-of-band patch is about as serious as they come, allowing remote code execution on every supported version of Windows. The rare emergency ...
Microsoft on Thursday will issue a rare out-of-band patch for a critical flaw that affects all versions of Windows from 2000 forward, including Vista and Server 2008. It's not known exactly what ...
A pair of security researchers in Switzerland have found several new ways to eavesdrop on the keystrokes from a number of different keyboards from a distance of up to several meters. The methods ...
The FBI says it has taken down a popular site used by carders and other criminals to exchange stolen information and credit card data, the result of a two-year-long investigation by the bureau and ...
The FTC on Tuesday dropped the hammer on a group of alleged spammers who are notorious in the antispam community for their persistence and prolificness. The commission was successful in getting a ...
-
Haxdoor malware circulating via fake Microsoft patch
- R.I.S.C. Associates 15 Oct 2008 -
Can Kaminsky prevent partial disclosure?
- R.I.S.C. Associates 07 Oct 2008 -
Mike Rothman hangs up analyst hat for new vendor job at eIQnetworks
- R.I.S.C. Associates 06 Oct 2008 -
More attacks on SSH passwords
- R.I.S.C. Associates 03 Oct 2008 -
Data breach study shows errors, not hacks, are the big problem
- R.I.S.C. Associates 02 Oct 2008
There is a fake Microsoft patch email making the rounds, timed nicely to coincide with the release of the latest set of updates from the software giant yesterday. Known as Haxdoor, the malware ...
The past few months have seen a lot of activity around some really serious Internet-level vulnerabilities, starting with the problems in the DNS system that Dan Kaminsky found, and continuing with ...
Things in the security industry are getting curiouser and curiouser. Up is down. Black is white. Cats and dogs are living together. Mike Rothman, a ferociously independent security analyst and ...
It appears that SSH attacks are becoming the go-to move for lazy attackers looking to victimize lazy admins. A couple of weeks ago I wrote about some ongoing brute-force attacks against SSH ...
Anytime there is a notification of another data breach -- which is essentially every day at this point -- the details of the event tend to get washed away, and the breach is reduced to basically ...