Global Security Watch

Summary of June 2008 Data Breaches

admin — 2008-07-05T14:32:57+00:00

[Compare Lifelock, loudsiren and Trusted Id Identity Theft Protection Services] Data breaches in June were a bit slower than this years previous months but still left far too many Americans seeking identity theft protection. In fact, if the 2.2 million billing records, which included 1.3 million Social Security .

No-Fail Identity Theft -- Live and In Person

admin — 2008-07-05T14:31:44+00:00

[Privacy Digest - News that can impact your privacy.] No-Fail Identity Theft - Live and In Person - Via Slashdot: Your Rights Online:. ancientribe writes "A researcher performing social-engineering exploits on behalf of several US banks and other firms in the past year has 'stolen' .

Bogus Apple Phishing E-Mails Spotted in the Wild

admin — 2008-07-03T14:33:36+00:00

[The Mac Security Blog] Bogus e-mails purporting to be from Apple have been spotted in the wild. They feature a subject line of “Important : Billing Problem”

How to detect Phishing ?

admin — 2008-07-03T14:32:58+00:00

[CrazyEngineers Forum] Click on the cnn link and see where you land. Now on that link if you host same page like cnn then you wont realize the difference.

Protection from identity theft

admin — 2008-07-01T14:02:07+00:00

[BLOGOSPHERE] Using lifelock promotion code can keep you, your wife, your children safe from identity theft. Am sure it would be a horrible experience if your child is lost and 3 months later you saw him from somewhere, the same him, .

Cracking Physical Identity Theft

admin — 2008-07-01T14:01:15+00:00

[PC Sympathy] Joshua Perrymon, hacking director for PacketFocus Security Solutions and CEO of RedFlag Security, says organizations typically are focused on online identity theft from their data resources, and don’t think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman. He once walked out of a client site carrying their U.S. mail tray with 500 customer statements inside it, he says.

Malicious Web Site / Malicious Code: ICANN Web Site Compromise

admin — 2008-06-28T14:34:15+00:00

[Latests Alerts From Websense Security Labs] The ICANN and IANA web sites were defaced and left the following message: “You think that you control the domains but you don’t! Everybody knows wrong.

Reports Detail Progress in Afghan Security, National Forces

admin — 2008-06-28T14:32:30+00:00

[Afghan Regional Security Integration Command- South] The Report on Progress Toward Security and Stability in Afghanistan depicts a “fragile” security environment in much of the country. It concludes, however, that coalition forces’ counterinsurgency approach has demonstrated how a hybrid of military and nonmilitary resources can create stability and connect Afghan citizens to their government.

Security Tip: Blocking Access to ASP.NET MVC Views Using ...

admin — 2008-06-26T14:32:08+00:00

[you've been HAACKED] When you create a new ASP.NET MVC project using our default templates, one of the things you might notice is that there is a web.config file within the Views directory. This file is there specifically to block direct access to a view.

BUG: XSS Security flaw in BaseCamp Messages

admin — 2008-06-26T14:31:13+00:00

[Untitled] BaseCamp lets users include HTML and JavaScript in messages, on the basis that anyone with a BaseCamp account is a trusted party. I’m not convinced: you could use this to circumvent .

Improving OS X Security

admin — 2008-06-24T14:06:07+00:00

[securosis.com] These are fully exploitable on Macs and other Apple products until Apple issues an update. I realize this is a very tough issue, because Apple needs to run through extensive evaluation and testing before releasing updates, but they can mitigate this timeline by engaging deeply with those various open source teams to reduce the windows where users are exposed to the vulnerabilities.

New ID Requirements: The First 48

admin — 2008-06-24T14:05:20+00:00

[Evolution of Security] What these folks aren't getting is that by requiring ID, you're closing that old loophole that allowed (up until Saturday) anyone, good or bad, to show up with any boarding pass (theirs or someone else's), say they lost their ID, get a pat-down and bag check and be on their way. Now, no self respecting terrorist is going to subject him or herself to all the additional attention the new procedures brings.

Trend Micro announces email encryption solution portfolio

admin — 2008-06-21T14:32:26+00:00

[Digg / Security / upcoming] Trend Micro Inc., a provider of Internet content security, announced Wednesday its entry into the email encryption marketplace, with the launch of Trend Micro Email Encryption Client 5.0 and Trend Micro Email Encryption for InterScan Messaging Hosted Security (IMHS).

Product Review: IronKey USB Memory and Encryption

admin — 2008-06-21T14:31:41+00:00

[Full text legal articles - Content for Reprint] IronKey offers the following features: drive contents encrypted using AES CBC-mode encryption, a true random number generator for the maximum protection generates encryption keys in hardware, securely stores passwords, fast (30MBPS) read, fast (20MBPS) write, encased in a potted metal case- not plastic which makes it one of the strongest USB keys around, exceeds military waterproofing standards, and has the ability to safely tunnel through insecure wireless networks.

Obama Announces Senior Working Group on National Security

admin — 2008-06-19T14:32:22+00:00

[Obama HQ] Senator Obama today announced the formation of his Senior Working Group on National Security, a group of advisors that he will consult on a regular basis between now and the election. Obama will meet with the group for the first time today in Washington, DC for a wide-ranging discussion of the immense challenges faced by the United States in the wake of the disastrous foreign policies of George Bush.