08-17-00
|
|
contributed by Weld Pond
A flaw in Verizon's online service request and tracking tool allows a user
to view the details behind any phone number in their northeastern service
region. While the flaw was reported Sunday, as of Monday afternoon it was
still exploitable. The hole is based on a JavaScript application that loads
data (including whether or not the given phone number is unlisted) into the
user's PC, all of which is easily viewable in the page's source code.
SecurityFocus.com
MSNBC
|
|
contributed by Pyle
Extortionists who threatened to expose sensitive Bloomberg corporate data to
the world if they weren't paid $200,000 were arrested yesterday in a sting
operation involving Michael Bloomberg himself. The alleged attackers broke
into Bloomberg's New York systems and demanded payment for notifying the
company of the security weakness.
USA Today
The
New York Times
ZDNet
Boston.com
|
|
contributed by Pyle
The FBI and Canadian Mounties are cooperating in the investigation of a DOS
attack on a Canadian ISP. The attack occurred Sunday evening and appeared to
originate in Chicago. Canadian authorities want to extradite anyone
suspected of conducting the attack.
Cnews
|
|
contributed by Weld Pond
In the last month I have heard about more people starting to use encryption
in their email than ever before. The wide publicity of the FBI's Carnivore
has finally woken people up to the fact that the government is watching
clear text email and now it is necessary to encrypt. I predict in a few
years carnivore will be blind to all but the most naive criminals.
SF
Gate
|
|
contributed by Apocalypse Dow
Q: How do you keep your employees from wasting time on the web while at
work? A: Use web filtering tools designed to keep children from visiting
forbidden zones (i.e. treat your employees like children). A increasing
number of companies are doing just that in an effort to curb web related
slack time.
Upside Today
|
|
contributed by Apocalypse Dow
Georgi Guninski, a noted vulnerability researcher, recently notified
Microsoft with regard to a possible exploit of the folder viewing mechanism
inherent to Windows 2000 and later versions of Internet Explorer.
Apparently, Microsoft was less than pleased with Guninski for publicizing
the flaw "so soon" after its discovery.
CNET
|
|
contributed by Weld Pond
Bruce Schneier, noted author and cryptography expert, has a new book on the
stands. Secrets and Lies, Digital Security in a Networked World takes
a look at network security and the associated risks that businesses face in
an increasingly electronic environment.
Book Site
|
|
|
