Forgot your password?
typodupeerror

Submission Summary: 0 pending, 4 declined, 0 accepted (4 total, 0.00% accepted)

Security

+ - WikiPhish->

Submitted by
put_it_down
put_it_down writes "A large number of spam emails are currently prompting their recipients to verify an alleged Wikipedia account by clicking on a link that appears to point to the official Wikipedia site. The emails contain such texts as "Someone from the IP address 112.135.3.205 has registered the account 'iamjustsendingthisleter' with this e-mail address on the English Wikipedia", where the IP address corresponds to that of the spamming computer (bot), and the alleged Wikipedia account is the spam recipient's email account."
Link to Original Source
Encryption

+ - How To: Moving to advanced crypto->

Submitted by
put_it_down
put_it_down writes "The National Institute of Standards and Technology has released two draft publications as part of its Cryptographic Key Management Project, an effort to help agencies in their adoption of more advanced cryptographic algorithms and the management of stronger keys.

The publications are part of a 10-year-old effort by NIST to provide guidance for the adoption of strong cryptography and for key management to agencies that increasingly rely on cryptography to ensure the security and authenticity of data, both in transit and at rest."

Link to Original Source
Security

+ - Small - Medium businesses need security focus->

Submitted by
put_it_down
put_it_down writes "In mid-2009, an employee at the California firm clicked on a link in an e-mail message and ended up at a malicious website. The site, run by online thieves, used a vulnerability in Internet Explorer to load a Trojan horse on the employee's system. With control of the machine, which was used for much of the firm's accounting, the thieves gathered data on the firm and its finances. A few days later, the thieves used 27 transactions to transfer $447,000 from Ferma's accounts, distributing the money to accounts worldwide."
Link to Original Source
Microsoft

+ - Third-party MS application dev's ignore security->

Submitted by
put_it_down
put_it_down writes ""Many of the most widely used third-party software applications for Microsoft Windows do not take advantage of two major lines of defense built into the operating system that can help block attacks from hackers and viruses, according to research released today.

Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system's memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) first introduced with Windows XP Service Pack 2 back in 2004 attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they're seeking, the code placed there will not execute or run.""

Link to Original Source

Two is not equal to three, even for large values of two.

Working...