…is going to be worse.
Year: 2006
Vavada - это онлайн-казино, предоставляющее широкий выбор азартных игр, включая слоты, рулетку, блэкджек и другие. Vavada привлекает игроков разнообразными бонусами и акциями.
…should include some funding for better IT security . As if Santa Claus hasn’t got enough to do this week, it turns out he’s fighting off some very, very nasty elves. The consumer advocacy group stopbadware.org said it was approached this week by an Incline Village, Nev., man who has legally changed his name to Santa Claus, who asked them to help figure out why his Web site was being flagged by Google Inc.‘s Web site filters. It turned out that Santa’s Web site, Santaslink.net had been hacked. On Friday, the Web site was still downloading malicious software, according to Roger Thompson, chief technology officer at Exploit Prevention Labs Inc. It exploits a bug in Internet Explorer that Microsoft Corp.[…]
There’s a proof-of-concept Vista exploit (actually works against Windows 2000 and XP as well) for privilege escalation on a russian language site, as reported by eWeek. Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server. More interesting is the other quote later on in the article, describing the economics working against Microsoft these days… The Microsoft confirmation comes hard on the heels of a claim by anti-virus vendor Trend Micro that underground hackers are selling zero-day exploits for Windows Vista at $50,000 a pop.[…]
I first noticed this phenomena when ING started it a few months ago. It was a minor annoyance then because only one of my banks was doing it, but now, others have started following suit, and it’s getting very annoying. I’m talking about the new login procedures that some banks are using – enter your account/user name/number, then you’re shown a butt ugly picture that you chose, and then you can type your password/passphrase in. I’m just glad they haven’t changed the way Quicken accesses my accounts (yet). I’m put through extra inconvenience for something that ultimately isn’t any securer than my standard username/password. This is supposedly to mimic two-factor authentication, but since I’m still only typing in my username[…]
One more: Facing a possible layoff from his job as an IT systems administrator, a 50-year-old New Jersey man was charged yesterday with planting malicious “logic bomb” code into the company systems where he worked that could have damaged more than 70 servers. The government alleges that Lin then modified the inserted logic bomb code in November 2003, but that it was still scheduled to deploy on his birthday on April 23, 2004. Due to an error in the code, however, it didn’t deploy as scheduled. In September 2004, Lin allegedly corrected the code error and changed the deployment date to April 23, 2005. Just because attacks involve computers doesn’t mean the attackers are any smarter. Lucky for us…
A recent Linux.com article highlights how configuration is important to security. Many times, when I’m visiting a site, and I ask if they have a configuration standard, or kickstart, or build image, I get blank stares. Many companies do not have a configuration standard – whether merely a document or otherwise. This standard is useful in two ways: 1) to set up the system initially, and 2) to document how the system is configured for later reference (change management comes in to play here as well). It also frees non-security minded IT folks from having to think about it all the time – most IT folks are not as paranoid as security folks. We actively look for holes in things,[…]