Thursday, February 17, 2011

Microsoft downplays threat of new Windows zero-day

Computerworld - Microsoft yesterday downplayed the threat posed to Windows users by a recently-revealed vulnerability, saying that it was unlikely the bug could be exploited to compromise a computer.
The flaw in the Windows Server Message Block (SMB) network and file-sharing protocol was disclosed Monday by someone identified only as " Cupidon-3005" on the Full Disclosure security mailing list. Cupidon-3005 posted proof-of-concept code to the list.
French and Danish researchers later said hackers might be able to exploit the bug to hijack Windows PCs.
On Wednesday, Microsoft said that wasn't so.

Tuesday, February 15, 2011

How to crash the Internet

ZNET - In an Association for Computing Machinery (ACM) paper, Losing control of the Internet: using the data plane to attack the control plane, Schuchard describes the theoretical assault as “the Coordinated Cross Plane Session Termination, or CXPST, attack, a distributed denial of service attack that attacks the control plane of the Internet. CXPST extends previous work that demonstrates a vulnerability in routers that allows an adversary to disconnect a pair of routers using only data plane traffic. By carefully choosing BGP sessions to terminate, CXPST generates a surge of BGP updates that are seen by nearly all core routers on the Internet. This surge of updates surpasses the computational capacity of affected routers, crippling their ability to make routing decisions”

Full article:

Monday, February 14, 2011

Self-encrypting drive sales on the rise, claims Seagate

CSO — Disk maker Seagate claims it is finally making some headway in its attempts to get businesses to start buying its self-encrypting drive (SED) products, with a tripling in sales in the last two quarters.
The company is now quoting total sales figures of more than 1 million, which is not much of advance of a similar figure offered informally in May last year, but Seagate can still point to numbers heading in an upward direction. Laptop shipments have, Seagate said, doubled in each of the last three years.

Sunday, February 13, 2011

Report: Privacy worries many Facebook, Google users

Network World - A considerable number of Facebook and Google users worry about privacy and malware when using the social networking site and search engine, according to a survey from Gallup Poll and USA Today.
Almost 70 percent of Facebook users and 52 percent of Google users in the U.S. said they are "somewhat" or "very" concerned about privacy when using and Google's search engine, USA Today reported on Wednesday. Getting infected with malware worries 65 percent of Facebook users and 54 percent of Google users, the survey found.
However, these concerns don't seem to be driving people away from either site.
Facebook's U.S. unique visitors reached 153.9 million in December, up 38 percent year-on-year, while time spent on the site and total page views grew 79 percent and 71 percent, according to comScore.

Cloud security startup hopes it holds key for cloud encryption

February 10, 2011 — CSO —   When enterprises think about cloud computing they think about the benefits of paying as they go and not forking out a fortune for a new layer of infrastructure. They think about not having to worry about managing hardware, operating systems and vast arrays of storage. One thing they don't usually think about is the physical location where their data will be stored. That's one of the benefits of cloud computing, and one of the risks. 

For the full article:

Saturday, February 12, 2011

google lets users double-down on account security

wired - The net is getting a little safer for Google users Thursday, as the company unveils an option to lock down their accounts with more than just a password.
Starting Thursday all Google users can choose to turn on a so-called “two-factor authentication” feature, which will require them to type in a special, short-lived second password in addition to their normal password to get into their account. Users will be able to get the codes by text or a phone call, or use smart phone apps for Android, iPhone and Blackberry to generate the codes.

suggested reading.

Networking All-In-One Desk Reference For Dummies (2004)

by Doug Lowe

chrome unhackable?

computerworld – google’s chrome will likely survive the first day at next month’s pwn2own hacking challenge, but may fall the next when the rules change, the contest organizer predicted today.
the other three target browsers — apple’s safari,  microsoft’s internet explorer and mozilla’s firefox — will almost certainly tumble at pwn2own again this year, said aaron portnoy, the manager of hp tippingpoint’s security research team. but chrome is the wild card.
“‘i’m fairly certain that most, if not all, of the browsers will bei compromised,” portnoy said. “I suspect that ie, firefox and safari will all be hacked, but chrome won’t, not on the first day.”
tippingpoint is the sponsor of the fifth annual pwn2own contest, which runs march 9-11 at cansecwest, a vancouver, british columbia, security conference.

chrome will last longer than the other browsers — or maybe make it out of pwn2own unscathed for the third year running — because it’s the only one of the four that relies on a “sandbox.” a sandbox isolates system processes, theoretically preventing malware from escaping an application — like chrome — to infect the computer.

to exploit a sandboxed program like chrome — another is adobe reader x — hackers need not just one vulnerability but a pair: the first to escape the sandbox and a second to exploit the application itself.

“the sandbox in chrome is the big hurdle,” said peter vreugdenhil, a tippingpoint researcher and past winner of pwn2own. vreugdenhil will be one of the contest judges this year.

for the full article:

welcome to poor punctuation computer talk

copywasted will cover any and all things related to computers.  i use poor punctuation because i type like i talk.. informal.  the information is there... so sign up click back and enjoy!