Are Borderless Networks Possible?

I attended SC World Congress in New York this week and a keynote from Cisco caught my attention: Securing the Cloud: Building the Borderless Network. I became fixated on the words used over and over by Joel McFarland. Borderless this, borderless that, borderless everything. This campaign started to bother me as this was [...]

NSA.gov Site Defacement

It appears, according to the site defacement archive hosted at Zone-H, that on or around October 5th an NSA web site application was the victim of an SQL injection exploit resulting in a web site defacement. A web application loading a list of recruitment events at colleges was compromised on the careers section of nsa.gov.

Sometimes you get the bear, sometimes the bear gets your iPhone

Does your mobile device policy cover bear attack? Kris Rowley would tell you it should. Over the summer, the CISO for the state of Vermont was hiking through the woods when she was approached by a young bear, walking out from behind an evergreen.

Adobe to release critical update on patch Tuesday

A new zero-day vulnerability in Adobe Reader and Acrobat 9.1.3 has been identified by Chia-Ching Fang and the Taiwanese Information and Communication Security Technology Service Center that allows an attacker to remotely execute arbitrary code. The attack is seeded by providing via e-mail or download a specially crafted PDF file which in current examples will then drop a malware executable as well as an unaffected pdf file.

Colbert’s Human DDOS

Stephen Colbert launched an impromptu human distributed denial of service (DDOS) by instructing his viewers, or the Colbert Nation, to make edits to the collaborative wiki encyclopedia Conservapedia. Specifically he wants to be added as a character in the Conservapedia translated version of the bible, an ongoing crowd sourcing project of the web site.

[...]

A Message from Hal Finey

Hal Finney, one of the original programmers on PGP version 2 among other things, has published an open letter regarding his health that is worth a read:

Operation Phish Phry

A phish phry is a social gathering, and early Wednesday the FBI, US Attorney’s Office, the LA Electronic Crimes Task Force, and Egyptian authorities started working towards arranging the largest gathering of suspects indicted in connection with a single phishing scam to date. Dubbed “Operation Phish Phry”, this two year inter-agency inter-country investigation is rounding up 100 suspects including 53 from North Carolina, Las Vegas, and Los Angeles as well as 47 in Egypt accused of stealing more than a million dollars from two U.S. banks.

Server 2008 R2: Active Directory Functional Levels

Windows Server 2008 R2 was released in August, and it introduced new functional levels for Active Directory. This article takes a look back at the different functional levels of the past and what is new in the latest release of the server operating system for Active Directory (yes, a recycle bin for AD objects!).

Functional levels [...]

Facebook’s Faith: A New Scareware Attack

On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image (seen at left) but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs.