| |
| "The future masters of technology will have to be lighthearted and intelligent. The machine easily masters the grim and the dumb." -- Marshall McLuhan, 1969 |
|
Microsoft Patch Tuesday for February 2010: 13 bulletins |
|
|
|---|
| Topic: Computer Security |
1:59 pm EST, Feb 5, 2010 |
Holy crap, the next Patch Tuesday is going to be major. # Bulletin 1: Critical (Remote Code Execution), Windows
# Bulletin 2: Critical (Remote Code Execution), Windows
# Bulletin 3: Critical (Remote Code Execution), Windows
# Bulletin 4: Critical (Remote Code Execution), Windows
# Bulletin 5: Critical (Remote Code Execution), Windows
# Bulletin 6: Important (Remote Code Execution), Office
# Bulletin 7: Important (Remote Code Execution), Office
# Bulletin 8: Important (Remote Code Execution), Windows
# Bulletin 9: Important (Denial of Service), Windows
# Bulletin 10: Important (Elevation of Privilege), Windows
# Bulletin 11: Important (Remote Code Execution), Windows
# Bulletin 12: Important (Denial of Service), Windows
# Bulletin 13: Moderate (Elevation of Privilege), Windows
Microsoft Patch Tuesday for February 2010: 13 bulletins |
|
Google China insiders may have helped with attack | InSecurity Complex - CNET News |
|
|
|---|
| Topic: Computer Security |
11:18 am EST, Jan 20, 2010 |
Google is looking into whether employees in its China office were involved in the attacks on its network that led to theft of intellectual property, according to CNET sources. Sources familiar with the investigation told CNET last week that Google was looking into whether insiders at the company were involved in the attacks, but additional details were not known at the time.
Google China insiders may have helped with attack | InSecurity Complex - CNET News |
|
Twitter / WikiLeaks: Several rumours from google ... |
|
|
|---|
| Topic: Computer Security |
6:31 pm EST, Jan 14, 2010 |
Decius :Several rumours from google sources that China accessed google's US-gov intercept system which provides gmail subjects/dates
This was my suspicion when I read that the attackers had accessed "subject lines" from emails but not the content. It sounds like they got access to a system designed for use by law enforcement when they have "trap and trace" authority but not a warrant. Personally, I think email subject lines are not "routing information" and should require a warrant, but the matter hasn't been litigated to my knowledge and of course, law enforcement disagrees. This is somewhat relevant to my Blackhat DC talk on lawful intercept vulnerabilities, but of course even if this is true, a totally different technology was involved...
Twitter / WikiLeaks: Several rumours from google ... |
|
Google China cyberattack part of vast espionage campaign, experts say - washingtonpost.com |
|
|
|---|
| Topic: Computer Security |
11:27 am EST, Jan 14, 2010 |
I'm glad to see this is finally getting some attention. As bad as these articles make the extent of the ongoing Chinese espionage sound, it's actually worse... Human rights groups as well as Washington-based think tanks that have helped shape the debate in Congress about China were also hit.
sigh... "Usually it's a group using one type of malicious code per target," said Eli Jellenc, head of international cyber-intelligence for VeriSign's iDefense Labs, a Silicon Valley company helping some firms investigate the attacks. "In this case, they're using multiple types against multiple targets -- but all in the same attack campaign. That's a marked leap in coordination."
The division of labor is what I think stands out the most. "This is a big espionage program aimed at getting high-tech information and politically sensitive information -- the high-tech information to jump-start China's economy and the political information to ensure the survival of the regime," said James A. Lewis, a cyber and national security expert at the Center for Strategic and International Studies. "This is what China's leadership is after. This reflects China's national priorities."
Google China cyberattack part of vast espionage campaign, experts say - washingtonpost.com |
|
Black Hat Technical Security Conference: DC 2010 // Briefings |
|
|
|---|
| Topic: Miscellaneous |
8:50 am EST, Jan 5, 2010 |
Exploiting Lawful Intercept to Wiretap the Internet Many goverments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks. //BIO: Tom Cross
Black Hat Technical Security Conference: DC 2010 // Briefings |
|
Heady Internet freedom in China as Great Firewall falls -- briefly - latimes.com |
|
|
|---|
| Topic: Surveillance |
4:39 pm EST, Jan 4, 2010 |
Web users reported an outage of China's strict Internet controls, known as the Great Firewall, for several hours this morning, allowing them brief access to banned websites such as YouTube, Facebook and Twitter. But by the time many woke up, strict restrictions had returned. Error messages once again flashed across computer screens for sites blocked by the nation's censorship filter.
Heady Internet freedom in China as Great Firewall falls -- briefly - latimes.com |
|
Thunder, Thunder, Thunder, ThunderSnow! » We Love DC |
|
|
|---|
| Topic: Local Information |
4:26 pm EST, Dec 18, 2009 |
"Thundersnow is a rare weather phenomenon, which is basically a thunderstorm that forms in weather that is cold enough for the precipitation to fall in the form of snow instead of rain. Thundersnow is rare because normally thunderstorms need warm and moist air to form. Cold and drier air, like what occurs during the wintertime, is not very conducive to the development of thunderstorms. The two things that are necessary for thundersnow are the presence of unstable air and a force that will push this unstable air upwards. This force of rising air is provided by strong low pressure. The low pressure will push the unstable air upwards, allow for clouds and thunderstorms to form, and provided that the atmosphere is cold enough, it is thundersnow. You couldn’t design a more perfect snowstorm for DC. It’s absolutely textbook perfect. It’s gonna be perfect."
According to the most recent reports, the will begin where I live around 7pm. Awesome. :) Thunder, Thunder, Thunder, ThunderSnow! » We Love DC |
|
MemeStreams problems (maybe) |
|
|
|---|
| Topic: Miscellaneous |
3:16 am EST, Dec 6, 2009 |
Earlier in the day we were investigating a possible database corruption problem with MemeStreams. No one found anything definitively, but it's possible there is a problem present... There was a problem we were unable to reproduce that involved double posts appearing in the system. Please let Decius or Rattle (me) know if you see any problems. At this late hour, the only problem with the site appears to be that no one is using it... Update: No, this isn't Noteworthy's fault. |
|
