Google News Alert for: computer hack

Google News Alert for: computer hack

SIM card hack suspect released on bail Register The computer science student allegedly accessed Digicel's system via another firm he was working at during at the time of the alleged hack, the Jamaican ... See all stories on this topic

The Money Times Hacker to plead gulity, forfeit possessions The Money Times The 28-year-old computer hacker has been charged with stealing millions of debit and credit card numbers of major retail chains and carrying out fraudulent ... See all stories on this topic

High Position (blog) The Inevitable Social Media Hack Scare High Position (blog) First we need to understand what a worm is: in a normal environment a computer worm is a self-replicating code or program that tries to spread itself ... See all stories on this topic

Microsoft Security Advisory Notification - September 17, 2009

Title: Microsoft Security Advisory Notification
Issued: September 17, 2009
******************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (975497)
- Title: Vulnerabilities in SMB Could Allow Remote
Code Execution
- http://www.microsoft.com/technet/security/advisory/975497.mspx
- Revision Note: V1.1 (September 17, 2009): Clarified the
FAQ, What is SMBv2? Added a link to Microsoft Knowledge Base
Article 975497 to provide an automated Microsoft Fix it
solution for the workaround, Disable SMB v2.

Unpatched Microsoft Vulnerabilities

These following vulnerabilities have been around for a while with no patches… Come on Microsoft…

Microsoft Internet Explorer Window Injection Vulnerability

Microsoft Windows XP GDI+ .ICO Handling DoS Vulnerability

Microsoft Internet Explorer FTP Access Information Disclosure

Microsoft Foundation Class Library FileFind Method Buffer Overflow

Microsoft Windows Web Proxy Automatic Discovery (WPAD) Vulnerability

Microsoft Internet Explorer Cross-Zone Scripting Vulnerability

Microsoft Windows GDI+ EMF Stack Overflow Vulnerability

Microsoft Windows Desktop Wallpaper Code Execution Vulnerability

Microsoft Internet Explorer Cookie Session Fixation

Microsoft Internet Explorer Cookie Session Fixation

Description:

A vulnerability is present in Microsoft Internet Explorer that may allow for sensitive information disclosure.

Recommendation:

Securityorb.com is not aware of a vendor supplied patch/update at this time.

Observation:

Microsoft Internet Explorer is an industry standard Web browsing application.

A vulnerability exists in Microsoft Internet Explorer that may allow for sensitive information disclosure. Web sites with special domain names can set cookies and hijack HTTP sessions. A user would have to visit a malicious Web site for an attack to occur.

Common Vulnerabilities & Exposures (CVE) Link:

CVE-2008-3173

IAVA Reference Number

IAVA-REF-NUMBER-NOMATCH

VMWare Fusion: How to shutdown Windows when it is hung

I have been running VMWare Fusion with Windows XP as my guest OS for some time. The other day, Windows XP while shutting, just hung as it seems to do from time to time on regular PC-based installed. I spent 2-days, waiting for it to complete. I even used the:

VMware Fusion menu bar > Virtual Machine > select Power Off

But it seem by using:

VMware Fusion menu bar > Virtual Machine > press the option key and select Power Off

It is the equivalent of pulling the plug out of the wall and it worked. Hope this will help someone out as it did me.

Kellep

Cloud Computing and Security Concerns

Cloud Computing

Cloud computing has been receiving a lot of press in the IT mainstream media lately and all indications points to it continuing to be a hot topic for some time. Gartner.com stated in an article “Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.

The concept of cloud computing pertains to an entity that involves delivering hosted services over the Internet. These services can be private or public and are divided into three categories:

• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• Software-as-a-Service (SaaS)

Infrastructure as a Service (IaaS) is a service in which an organization outsource the equipment used to support operations, including storage, servers and networking components. The service provider owns the equipment and is responsible for the operation and maintenance of it.

Platform as a Service (PaaS) is a service for which the development tool itself is hosted in the cloud and accessed through a browser. Developers can build web applications without installing any tools on their computer and then deploy those applications without any specialized systems administration skills.

Software as a Service (SaaS) is a software service application that allows users to purchase a software service to be used over the Internet that is developed and managed by an independent or third party. The software is not downloaded onto the user's computer, but is simply accessed via an Application Programming Interface (API) over the World Wide Web with a login and a password.

Cloud Security

Due to the nature of cloud computing, many security concerns have been raised as researchers, security professional and management examines the models. Cloud computing does not allow the organization to physically possess their data on site unless it is backed up on a secondary storage device. Customers of the cloud-computing model need to be aware the service provider is conducting regular backups, have an incident response plan and have a disaster recovery plan in place. This is for continuity of business functions as well as the need for meeting regulatory compliance such as FISMA and HIPPA to name a few.

Cloud computing has the ability to assist many organizations, but intensive research, review and audits should be conducted before doing so. The organizations that choose to rely on using a cloud service model will have to consider additional responsibility to be able to understand the services being offered in order to understand the effects on their operations and security.

Source: http://www.securityorb.com/kellep_Cloud_Computing.html

Cybersecurity Act of 2009 2nd Version Still Controversial

The new draft of the Cybersecurity Act of 2009 appears to be causing as much controversy as the original proposal, which may give the President power to shut down the Internet in the case of an emergency.

The bill seeks to determine when and how the President could intervene in public and private information systems by limiting internet traffic to critical networks for national security reasons or in the case of an emergency.

It has come under scrutiny from a range of first amendment advocacy groups which have raised alarm about government interference.

More information on the Cybersecurity Act of 2009 can be located here:

http://www.eff.org/deeplinks/2009/09/cybersecurity-act-returns-with-a-fresh-coat-of-paint

http://www.huliq.com/7504/85556/senate-cybersecurity-act-2009-could-shut-down-internet

http://www.foxnews.com/politics/2009/08/28/senate-president-emergency-control-internet/

Kellep Charles IT Security Related Videos

Interesting security videos on various topics, I hope you enjoy...

Mac OS X 10.6 Snow Leopard Review

SecurityOrb.com's Kellep Charles has conducted a review of Mac OS X 10.6 code named Snow Leopard. This version of Mac OS X is an Intel-Based OS and has an Anti-malware application built in.