Enclave Security "A Leader in Data Protection Services"

• Home
• Auditing
• Services
• Blogs
• Resources
• About Us

Subscribe to This Feed

Recent Posts

• Malware hosted on Google Code project site: Cyber Security Highlights September 3rd
• BadB now charged in RBS WorldPay ATM case: Cyber Security Highlights Sept 2, 2010
• HP holds Navy network Hostage for $3.3 billion: Cyber Security Highlights
• Nuclear plants prepare for cyber attacks: Cyber Security Highlights August 31, 2010
• iPad spam: Cyber Security Highlights August 27th

Categories

• 20 Critical Controls
• 44th Presidency Cybersecurity efforts
• Advanced Persistent Threat
• Assurance
• Audit
• Background Checks
• CISA
• Cyber Warfare
• Cybercrime
• Data Leakage Protection (DLP)
• DHS Infrastructure Reports
• Encryption
• Free Audit Checklists
• Health Information Technology
• Information Security Awareness
• Legal & Privacy
• Malware
• Medical Identity Theft
• Microsoft Windows
• Policy
• Progressive Reforms
• SANS Institute
• Secure Development Lifecycle (SDL)
• Sharpen the Saw
• Social Engineering
• Tools
• Training
• Web 2.0
• Writing Secure Code

Attend an Event

Enclave on Twitter

« Info Sec Highlights from the DHS Open Source Report 12-29-2009 | Main | IT Security Highlights from DHS Report 1-4-2010 »

Info Sec Highlights from the DHS Open Source Report 12-30-2009

By Kelli Tarala | December 31, 2009

2010 Security Predictions: Adobe will be Hacker’s Favorite Targets
In its “2010 Threat Predictions,” security vendor McAfee said Adobe Systems’ Flash and Acrobat Reader products will become the preferred targets for criminal hackers. Adobe’s CTO acknowledged recently that his company’s software is being attacked more frequently, and said the company has stepped up its efforts to respond. Amount other predictions; McAfee expects more sophisticated attacks next year against social networking sites Twitter and Facebook. It also sees a new vehicle for attacks in the form of HTML 5, an update to the Web markup language.

Full Story:
http://ow.ly/RqmN

Read McAfee’s 2010 Threat Predictions:
http://mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf

New IIS Flaw Deemed Low Risk in Proper Configurations
According to Microsoft, IT administrators following secure configuration best practices should not be at risk to a new, zero-day vulnerability in Microsoft’s Internet Information Services (IIS). Patrick Nolan, a handler at the SANS Internet Storm Center site, said Sunday that administrators still must be careful because they could unknowingly be running a vulnerable web server due to a webmaster’s mistake.

Microsoft’s next round of patches are due out Jan. 12.

Full Story:
http://www.scmagazineus.com/new-iis-flaw-deemed-low-risk-in-proper-configurations/article/160283/

Nolan’s SANS Internet Storm Center Post:
http://isc.sans.org/diary.html?storyid=7816

Hackers Prove Easy to Snoop on GSM Calls
GSM phones used by the majority of the world’s mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. Researcher Karsten Nohl has compiled 2 terabytes worth of cracking tables that can be used to determine the encryption key used to secure a GSM (Global System for Mobile communications) telephone conversation or text message. “The flaw lies in the 20-year-old encryption algorithm used by most carriers. It’s a 64-bit cipher called A5/1 and it is simply too weak,” according to Nohl.

Full Story:
http://www.computerworld.com/s/article/9142819/Hackers_show_it_s_easy_to_snoop_on_a_GSM_call?taxonomyId=16&pageNumber=1

Researcher Karsten Nohl’s Presentation:
http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html

To Read the Complete DHS Report:

www.enclavesecurity.com/blogresources/cdr_123009.pdf

 

Topics: DHS Infrastructure Reports, Data Leakage Protection (DLP), Web 2.0 |

Comments are closed.