Web wanderers are more likely to get a computer virus by visiting a religious website than by peering at porn, according to a study released on Tuesday.
via Religious sites ‘riskier than porn for viruses’.
“We hypothesize that this is because pornographic website owners already make money from the Internet and, as a result, have a vested interest in keeping their sites malware-free; it’s not good for repeat business.”
The goal of the SSL Labs surveys is to measure the effective security of SSL. After some experimentation with an assessment of substantially all public SSL sites (about 1.5 million of them), we settled on a smaller list of about 200,000 SSL-enabled web sites, based on Alexa’s list of most popular sites in the world. Working with a smaller list is more manageable and allows us to conduct the surveys more often. It also allows us to conduct more thorough analysis to look for application-layer issues that may subvert SSL security. In addition, focusing on popular sites – we believe – gives us more relevant results and also excludes abandoned sites.
Earlier this week, it was revealed that aerospace firm Boeing was working on a high security mobile device for the various intelligence departments. This device will most likely be released later this year, and at a lower price point than other mobile phones targeted at the same communities. Typically, phones in this range cost about $15,000-$20,000 per phone, and use custom hardware and software to get the job done. This phone will most likely use Android as its main operating system of choice, which lowers the cost per phone, since Boeing’s developers don’t have to write their own operating system from scratch
via Boeing prepares an ultra-secure smartphone – Denver Computers | Examiner.com.
HP has warned of a security vulnerability associated with its ProCurve 5400 zl switches that contain compact flash cards that the company says may be infected with malware. The company warned that using one of the infected compact flash cards in question on computer could result in the system being compromised.
via HP Ships Network Switches With Malware Infected Flash Cards | SecurityWeek.Com.
In March 2012, a consortium of experts published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products. The standards are the work of The Open Group, and are supported by companies ranging from Boeing to Oracle to IBM. The document has been dubbed the Open Trusted Technology Provider Standard (O-TTPS) Snapshot. The standards are being aimed at providers, suppliers and integrators with the goal of enhancing the security of the supply chain and allowing customers to differentiate between providers who adopt the standard’s practices and those who don’t.
So what should you do if you want to get rid of your Xbox 360 but you don’t want your personal information compromised? Podhradsky recommends detaching your 360’s hard drive, hooking it up to your computer, and using a sanitization program like Darik’s Boot & Nuke to wipe everything out. Just reformatting the system isn’t enough.
via Hackers Can Steal Credit Card Information From Your Old Xbox, Experts Tell Us.
Analysis of the exploit’s JAR file demonstrated that it exploits a Java vulnerability (CVE-2011-3544). Cybercriminals have been exploiting this vulnerability since November in attacks targeting both MacOS and Windows users. Exploits for this vulnerability are currently among the most effective and are included in popular exploit packs.
via A unique ‘fileless’ bot attacks news site visitors – Securelist.
After successfully injecting and launching the malicious code (dll), Java begins to send requests to third-party resources, which look like Google search requests: “search?hl=us&source=hp&q=%s&aq=f&aqi=&aql=&oq=”…
These requests include data on the browsing history taken from the user’s browser, as well as a range of additional technical information about the infected system.
Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, Qualys CTO Wolfgang Kandek opined.
via Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately | SecurityWeek.Com.
RDP will always be a vector into a machine if running. The simplest solution would be to figure out a way so that you never have to run rdp.
The problem boils down to an oversight in the regulations for government software set by the National Institute of Standards and Technology, says Wysopal. NIST’s rules outline security standards for network security–systems like firewalls and intrusion detection systems–as well as endpoint security like antivirus programs. But only the latest round of its regulations included standards for coding secure applications, and even those didn’t extend to most of the government’s web applications.
via Study Confirms The Government Produces The Buggiest Software – Forbes
“We’re zeroing in on the application layer, but that’s something that’s been pretty much ignored in the government space,” says Wysopal. “They don’t take a risk-based approach. They take a compliance-based approach. If it’s not in the regulations, it doesn’t get done.”
Voice over IP (VoIP) can be a complex subject. Network security professionals may find the terminology foreign, and VoIP vulnerabilities are often misunderstood. This paper provides an overview of the H.323 protocol suite, its known vulnerabilities, and then suggests twenty rules for securing an H.323-based network.
via H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation | Symantec Connect Community.
The primary components of an H.323 network include: endpoints, gateways, gatekeepers, and MCUs (Multipoint Control Units). Endpoints (telephones, softphones, IVRs, voicemail, video cameras. etc.) are the devices typically used by end-users in the normal use of the system. Gateways (gateways and controllers) handle signaling and media transport, and typically serve as the interface to other types of networks such as ISDN, PSTN and or other H.323 systems. Gateways which focus primarily on converting between IP and other forms of media (such as PSTN) are termed Media Gateways. Gatekeepers are the logical entity with which endpoints register and are administered. They also manage call setup, teardown, and status and can assist in address resolution. MCUs are designed to support multi-party conferencing.
The researchers demonstrated how easy it was to track down a cellular device within a 10-block area in Minneapolis using a T-Mobile G1 smartphone and open source technology. They never contacted the service provider to conduct the test.
via Attackers have all they need from leaky cellphone networks to track you down.
PDF can be had here.