The US Office of Personnel Management has admitted that the widely-publicised data breach in June was more wide-reaching than at first thought.
An entire US department program is to be suspended in order to fix vulnerabilities discovered during a security audit.
Concern over the security of Windows in China has led to a ‘gold rush’, as Chinese firms race to fill the gap left by Microsoft’s operating system, reports Reuters.
Make sure you are running a half-decent browser, don’t ignore browser security warnings, and enable two-factor authentication.
That appears to be the lesson to learn from the latest attack on Chinese internet users.
ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.
A top internet security official in China has said that his organization has “mountains of data” on U.S. cyber attacks against the country. Huang Chengqing, the director of the National Computer Network Emergency Response Technical Team Coordination Center of China (CNCERT), made the comments in the state-run China Daily newspaper, calling for greater cooperation between the two states on hacking.
Hace unos días se dio a conocer una grave vulnerabilidad que afectaba a aquellos servidores que interpretan PHP mediante interfaz de entrada común o CGI. Esta vulnerabilidad fue analizada en detalle a lo largo de dos post y se explicó el alcance que podía tener y cuál eran los métodos para solucionarlo. Es por esto que
According to a report from the New Zealand Herald, the US government is formally requesting China release more details on its censorship activities. The action, being pursued under World Trade Organization rules, is purportedly aimed at leveling the playing field of foreign websites trying to compete in China. The idea is that if the US
At a time where the West is, generally speaking, not at the top of its game economically, I can see why defence contractors, like anyone else, are anxious to save money, but outsourcing critical systems purely for economic advantage in the hope of submitting the lowest tender is a risky strategy.
…poachers turned gamekeeper are not uncommon in the security industry as a whole, and it’s all too common for aspirant virus-writers whose notoriety is not necessarily matched by their technical skill to be hired by companies on the remote borders of malware detection and filtering, but the “real” AV industry goes out of its way to avoid hiring the ethically challenged….
UPDATE: Kurt Wismer has just reminded me of a very apposite blog he posted in 2007: http://anti-virus-rants.blogspot.com/search/label/single%20sign-on.] A little more information further to my earlier blog. The H (Heise) gives us a number of links to its earlier stories about the Google compromise and tells us that Google have declined to comment on the New
A bit of news this week dealt with Cyberwarfare. Far from becoming part of the tinfoil hat crowd, cyberwarfare has been growing in real world relevance in the past eighteen months and is the primary impetus for pending legislation. While in the Cold War, detente could be measured in the megatonnage of nuclear weapons, the
Well, hopefully my power sockets are not leaking computer viruses and keyloggers, but who knows? Quite a few news outlets have picked up on a story in the Wall Street Journal claiming that spies from China and Russia have "penetrated the U.S. electrical grid". Scary… A little too scary and not enough detail to convince some
I thought I’d blogged myself to a standstill over the weekend, but it seems there’s plenty of life left in the Tibet/China story, even if it’s only the East and the West exchanging accusations. A China Daily headline claims that "Analysts dismiss ‘cyber spy’ claims", though in fact the quotes in the article talk about exaggeration
I’ve mentioned here before that targeted malware, often delivered by "spear phishing" carried by apparently "harmless" documents such as PDFs, .DOCs and spreadsheets rather than overt programs, can have much more impact than the raw numbers of such attacks suggest. In fact, some sources now use the term "whaling" rather than "spear phishing" to reflect the