2006.10.23 Daily Security Reading

US court denies request to suspend Spamhaus domain

Spam roadblock remains in place A US judge has denied a request to order internet registrars to suspend Spamhaus’s domain, easing concerns that the spam blocking service might be interrupted.

Spam Trojan Installs Own Anti-Virus Scanner

SpamThru Trojan uses P2P technology to send commands to hijacked computers and an anti-virus scanner that introduces a never-before-seen level of complexity and sophistication. Also SpamThru trojan analysis.

2006.10.20 Daily Security Reading

The threat posed by portable storage devices (pdf)

In a society where the use of portable storage devices is commonplace, the threat that these devices pose to corporations and organizations is, more often than not, ignored. This paper examines the nature of the threat that these devices present and the counter-measures that organizations can adopt to eliminate them.

IE7 is already vulnerable

Microsoft has just released the final version of IE7 for Windows XP and security research firm Secunia has already found a security vulnerability in newly unleashed IE7.

Instant messaging: Problems and solutions

You’ve heard about the benefits and the drawbacks of allowing instant messaging on your network, but have you heard them all? John takes the view that it’s best to lay all the IM security cards on the the table — and then plan how you’re going to trump them.

2006.10.19 Daily Security Reading

Security Suite Smackdown, Part I

Eight of the biggest names in security go head-to-head in this roundup of the best–and worst–of the apps that aim to keep you safe.

Study – Workers often jot down passwords

One in three people write down computer passwords, undermining their security, and companies should look to more advanced methods, including biometrics, to ensure their systems are safe.

How well do you know your network?

Content control products tell of leaks, misuse. The information security officer for a network of healthcare centers in New York found an employee sending confidential payroll information to a recruiter. A California-based semiconductor manufacturing technology provider caught a worker e-mailing PowerPoint slides detailing product plans to a former colleague at a competitor to show off the “cool things” he was working on.

Network Security – Not With a Peer-to-Peer Network!

Most small business networks are setup in a peer-to-peer (P2P) format. In contrast, large corporate networks are setup in a domain format. What does this mean to you?

New Hacker Toolkit Cloaks Browser Exploits

Designed to disguise any browser exploit from detection by signature-based defenses.

2006.10.18 Daily Security Reading

IE Security Tweaks with GPO

If you check Microsoft’s IE security web site, the first thing you’ll see is Microsoft’s statement regarding IE security: Internet Explorer comes with improved security features that help online users protecting their computer and information. This security tweak will introduce the reader to a different side of IE security.

Lawsuit threatens Spamhaus with shutdown

After winning a US$11.7 million judgment against the Spamhaus Project Ltd., e-mail marketer e360 Insight LLC is asking a federal court to shut down the anti-spam service.

Hacking Tor, the anonymity onion routing network (pdf)

A worrying analysis of what appeared to be traffic modification on the part of the Tor network.

2006.10.17 Daily Security Reading

Penetration Testing Made Easy

In this week’s OnSecurity podcast, eWeek Senior Writer Matt Hines speaks with Katie Moussouris, founder and leader of Symantec’s Vulnerability Research group, about her work subverting companies’ physical and network security protections, and new developments in the bug detection arena.

MySpace Predator Caught By Code

Wired News editor and former hacker Kevin Poulsen wrote a 1,000-line Perl script that checked MySpace for registered sex offenders. Sifting through the results, he manually confirmed over 700 offenders, including a serial child molester in New York actively trying to hook up with underage boys on the site, and who has now been arrested as a result. MySpace told Congress last June that it didn’t have this capability.

Microsoft Caves on Vista Security

Will the security companies making trouble for Microsoft be appeased by the changes the company has agreed to make? They should be, but that’s no guarantee.

Latest release of Firefox 2.0 browser code out

The latest release candidate 3.0 (RC3) for the new Mozilla Firefox 2.0 Web browser has been posted for free download as the project’s developers finish last-minute code checks and tie up loose ends.