February 2009
5 posts
Move to http://hocksun.wordpress.com
Alleged Cohorts of Israeli Hacker Cleared of Fraud... →
Two suspects who were arrested in Canada last year with Israeli hacker Ehud Tenenbaum have been cleared of all the charges against them.
A third suspect, Tenenbaum’s girlfriend, is…
Heartland Breach Affects 135 Banks and Credit... →
At least 135 banks and credit unions are reporting that their customer credit and debit cards were among those breached by intruders who hacked Heartland Payment Services last year. …
2 tags
January 2009
42 posts
2 tags
McAfee estimated businesses loss $1 Trillion to...
In the report, Unsecured Economies: Protecting Vital Information, it warned that “the global recession is putting vital information at greater risk than ever before”, McAfee announced its research findings in Davos today.
The research which gathers responses from CIOs in US, UK, Germany, Japan, China, India, Brazil and Dubai, examined where vital information resides, how it is...
1 tag
1 tag
1 tag
1 tag
Consumer wants more responsibility for their own...
Every year on Jan 28 we celebrate Data Privacy Day. This day is to increase the awareness of privacy and data protection issues among consumers, companies and government.
In 2007 there were 361 incidents and some 163 million records were affected. While in 2008, the total incidents gone up to 487 but only 83 million records were affected. This month alone, 28 incidents were recorded and some 149...
1 tag
1 tag
US Military files stored in MP3 player
ABC News reported that a $15 MP3 player bought from an Oklahoma thrift shop contains 60 pages of US military data.
The data that may be as old as 2005 contained details of military personnel deployed in Afghanistan and Iraq among other sensitive things.
Link to full article:
http://www.abc.net.au/news/stories/2009/01/26/2474662.htm
Securing a President's Blackberry
There were many speculation of whether President Barrack Obama will get to continue to use his Blackberry or to ditch it and replaced with General Dynamics Sectra Edge smart-phone.
Since we all know now that Blackberry was retained to be the preferred messaging tool, what is the technology behind used to ensure that the communication is highly secure?
Curiously, in the same week, a piece of...
4 tags
1 tag
White House IT Security in the Dark Ages?
WashingtonPost reported that new Obama staffs encountered 6 year-old Microsoft software and few laptops when they reported to work.
Interesting to note is, there are also no access to:
1/ Facebook
2/ Instant Messaging
3/ No outside email
Obviously, they can’t expect to have access to all this since security is surely a high priority in a place like the White House. Having said that,...
1 tag
2 tags
3 tags
4 tags
Heartland Payment Systems Network Security Breach
As investigation is still on going on the recent security breach occured at HPS, and since little data is yet available, I can only attempt to state some of the facts gleaned from the various sources and try to analyze from there.
Apparently there are two key parts to the breach, one of it involved a keylogger malware being planted in a PC. This keylogger is used to capture specific username and...
1 tag
Myspace on the news again for underage sex...
Was using twitscoop after reading a post from CiscoIT on twit spam and stumbled upon another recent case, this time in Australia.
The worst thing is, apparently it’s the girl who initiated the meeting in the first place, read more here.
This shows that the problem of how to make the Internet safer can be complex and needs to be attacked from different angle.
And doing nothing is not an...
15-yo British girl, missing, after meeting 49-yo...
The latest incident that happened in England involved a 15 year old girl, Laura Stainforth who allegedly met a Robert Williams, a 49 year old man on-line and communicated with him over a 6 months period on MSN.
The danger of the Internet is pretty much still prevalent despite whether the girl is from a broken home or not. This is a case of “grooming”, where an older adult slowly...
1 tag
2 tags
Malwarebyte's Anti-Malware
The last time I installed and run a so-called malware scanner was really quite awhile ago. And one of the popular tool I rely on was Spybot’s Search & Destroy.
However, with most anti-virus software Norton AV, I have found such specific tool rather unnecessary. Or I would prefer to simplify the process and rely on as little tools as possible to make sure the PC is free from trojans,...
1 tag
2 tags
3 tags
Fri,16 Jan Notes: Conficker, ISTTF report, Bartz's...
The year hardly just started & already there are plenty of interesting news flying in the Infosec space that is worthy to take note of.
Firstly, many reports from security companies like F-secure, Microsoft & security blogs have been drumming up the fast spreading of the worm Conficker. To date, the estimate is 3.5m and counting.
If we are to dive a little deeper, this worm...
2 tags
1 tag
Secure web-browser, are we there yet?
Recently I wrote about subscribing to a service that permits me to use a secure web-browser so that we can do financial transaction safely and this piece of news from Symantec just got published today (read more here)
Symantec has been prototyping a product call Vibes that uses virtualization technology that comes with 3 flavours - playground, user and trusted.
Depending on the user’s web...
1 tag
MSRT - after download, then what?
In the latest Microsoft Patch Tuesday bundle, it includes the latest Microsoft Windows Malicious Software Removal Tool v2.6.
I suspect once this is downloaded and installed, most people will have no clue what happens next.
A few questions that arises are:
1/ What is the result of the scan? Did it find any malicious malware?
2/ What files or which directories did the default MRT.exe scanned?...
1 tag
2 tags
It is not easy to remove MD5 certs from Firefox v3
For the past few weeks after the disclosure of SSL certs signed with MD5 hash is no longer secure, I have been trying to remove this certs from some browsers manually and the result is pretty different coming from different browsers.
The Firefox built-in certs are found to be almost impossible to remove, if it is possible in the first place. Until today I have not come across any how-to guide in...
3 tags
2 tags
2 tags
Recent Twitter Hack, what can we learn from this?
I tried counting how many articles or blogs that has given space on this recent high profile & embarrassing hacking incident on Twitter, I gave up after the number hit 5.
Apparently Wired magazine broke the news and this was picked up by others in relative short time. See the original post here.
Apparently, the 18 year-old hacker that goes with the nick, GMZ, was actually doing Twitter a...
All good after the posting below
Mark from OpenDNS, support lead responded to my support request and shed some light how this recent snafu I had with my OpenDNS configuration.
Apparently he said, I have selected Webmail as a category to block in my filter setting. Hmm…
Anyway, the initial setting I selected was “high” and I customized it by removing certain categories like social networking, visual search...
2 tags
Classic own-self created Denial of Service
A couple of days ago, I was about to blog how smooth is my usage of OpenDNS and to recommend the tool as an additional layer of protection from phishing etc.
But behold today, as I wanted to get into my Gmail account, I hit a problem, which is, OpenDNS deny me access to Gmail because it’s classified as a Webmail. Huh?
So I tried my Hotmail and Yahoo Mail but both is working, thank...
Different websites but same username/password?
It seems that for the sake of convenience, it’s a very common practice to use the same email ID & password when registering an account of various web services.
Now, that practice is not just plain dumb but incredibly stupid.
Reason being is, if a website like Twitter or Tumblr (for that matter), were compromised, you actually put all the other services that were registered with the...
Update - removed RSS feed aggregation from here
Over the new year, I have been exploring new ways to aggregate more security related news into a single huge mega feed and found that Yahoo! Pipes is able to provide me a better platform to do this job much better.
So, I have moved a lot of my RSS feed collections from Google Reader and consolidated them there. There are about 35 different sources to date.
The good thing about Pipes is that you...
'Curse of Silence' Hack Kills SMS Text Message... →
text messaging hack
SSL Crack Shows You Must Advance Your Security →
The successful creation of a rogue certificate authority by researchers using a colliding certificates attack demonstrates that if you’re not moving forward with your security-related standards then…
Microsoft Urges Organizations Patch Vulnerability... →
Microsoft is again urging users to apply a patch for a vulnerability in the Windows Server service. The company reported earlier this week that a new variant of the Conficker worm has surfaced to…
SMS bug: Nokia's Conversation goes mute →
Not a word, so far Comment Did you have a quiet Christmas? What about New Year? While New Years Eve is the busiest time for text messages, maybe you didn’t get any. And if you’re a Nokia user,…
Nokia 'Curse of Silence' SMS exploit uncovered →
Old bug, new tricks Mobile phone security vendors were rejoicing last night when it emerged that an obscure bug in an old version of the Symbian OS could allow an attacker to crash a target’s…
Quotes of note from 2008 →
So many notable quotes, so little space to recount them — that’s the annual conundrum as we think back on the year and recall comments that stuck with us long after they were uttered. We’ve…
December 2008
267 posts
Lockheed, Boeing Tap $11 Billion Cybersecurity... →
Cybersecurity market hotting up, what more with the recent recommendation to have a top CSO in the new US Administration.
Four Threats For '09 That You've Probably Never... →
lesser-known security threats for 2009
2009 security predictions: Deja vu all over again →
The security industry is fueled largely by FUD (Fear Uncertainty and Doubt.) So it’s not unusual for most forecasts in the industry to be full of grim prognostications of imminent chaos and…
Microsoft: MD5 hack poses no major threats to... →
In reaction to the news today that security researchers have come up with a way to spoof the digital certificates that secure many Web sites, Microsoft downplayed the threat to users.