Rodney Campbell's Blog

SANS Top-20 Internet Security Attack Targets (2006 Annual Update)

Six years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. The SANS Top-20 2006 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts.

Thumb drives are too often the victims of convenience

USB flash drives, also known by many other names, seem to be everywhere — and that’s the problem. Last year, vendors sold 85 million of the drives, according to market research firm Gartner, but few of those buyers thought about the drives’ security implications.

Vista pranks possible via voice commands

Windows Vista, could have system commands activated by audio files running on a Web site… In order for an attack to be successful, the user would have to have a microphone and speakers.

Software security vulnerabilities to grow

Security research company, Internet Security Systems, anticipates a continued rise in profit-motivated attacks, including an increased focus on the Web browser and image-based spam. See the full IBM ISS X-Force 2006 Trend Statistics report (pdf).

Script wreaks havoc on MySpace

A handful of enterprising people – at least one of them a teen – has devised a Javascript that allows its owner to temporarily access the browser’s MySpace account.

Why Anti-Virus Profiling is inadequate and Why Anti Virus is Dead (pdf)

There are two techniques that AV products use to try to spot viruses.

Internet Explorer at Zero-Day Risk

A security research firm is warning that all versions of Microsoft’s Internet Explorer are at risk from a vulnerability that could trigger a denial of service attack on end-users.

Spam Made Up 94% Of All E-Mail In December

Legitimate e-mail now constitutes a rounding error when compared with spam, thanks to a standing army of more than a million zombie PCs waging war on in-boxes worldwide on any given day. At a local level I can confirm this – at the gateways I look after for the company I work for we saw 96% incoming attempted messages as spam in both Dec 2006 and Jan 2007.

Vista DRM Cracked by Security Researcher?

Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called ‘Protected Media Path’ (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system.

Real-ID: Costs and Benefits

The argument was so obvious it hardly needed repeating. Some thought we would all be safer — ­from terrorism, from crime, even from inconvenience — ­if we had a better ID card. A good, hard-to-forge national ID is a no-brainer (or so the argument goes), and it’s ridiculous that a modern country like the United States doesn’t have one.

Don’t buy Vista for the security

Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade.

The year hacking became a business

IT was the year when cyber-criminals targeted everything from MySpace to Wikipedia, and even a website maintained by a local boy scout troop wasn’t safe. Computer security experts say 2006 was also the year hacking stopped being a hobby and became a lucrative profession practiced by an underground of computer software developers and sellers.

New zero-day Microsoft Word vulnerability

Hackers are exploiting a new, zero-day vulnerability in Microsoft Word that could allow remote code execution on the victim’s machine, says security vendor Symantec.

Vista, security and viruses

Anti-virus software vendor Kaspersky Lab, has published an article about Windows Vista and security, in which it provides an analysis of various aspects of IT security with specific reference to Windows Vista.

Malware vs. virtual machines (pdf)

As virtual machines and various emulators have become commonplace in analysis of malicious code, malicious code has started to fight back. This hot topic was recently covered at AVAR 2006 conference by Peter Ferrie, a researcher at Symantec anti-virus research center.

Ultimate Guide to Enterprise Wireless LAN Security (pdf)

Enterprise wireless LAN security is a persistent concern for every system administrator and CIO. This TechRepublic ultimate guide will give you the information you need to secure all of the wireless connections in your enterprise.

AACS hack blamed on bad player implementation

A month after the first signs appeared online that AACS—the content protection scheme shared by HD DVD and Blu-ray—had been circumvented, the AACS Licensing Authority has verified the hack. According to a statement from the AACS LA, AACS has not been seriously compromised. Instead, the statement said, the attack is "limited to the compromise of specific implementations" and "indicate[s] an attack on one or more players sold by AACS licensees."

Online Safety Of Your Children Starts With You As A Parent

Parental control software is far from perfect and your kids are smarter than you may think, they will always find a way around them. Companies developing this software make millions out of parents neglecting their responsibility as a parent. What is the use of restricting the access on their computer, if they can find other ways of accessing the sites they want?

Time to Reboot the Internet Again

Cisco Systems Inc… today issued patches to fix at least three very serious security holes in its products.

Minor Google Security Lapse Obscures Ongoing Online Data Risk

Finjan confirmed earlier reports that Google’s anti-phishing blacklist, containing private user names and passwords, was accessible without protection on Google’s servers.

Blu-ray DRM defeated

The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month.

Norway Ombudsman Says iTunes DRM Is Illegal

Norway’s Consumer Ombudsman has ruled that Apple’s FairPlay digital rights management technology violates the country’s laws by locking songs downloaded from the iTunes Store to the iPod.