put_it_down writes: "A large number of spam emails are currently prompting their recipients to verify an alleged Wikipedia account by clicking on a link that appears to point to the official Wikipedia site. The emails contain such texts as "Someone from the IP address 126.96.36.199 has registered the account 'iamjustsendingthisleter' with this e-mail address on the English Wikipedia", where the IP address corresponds to that of the spamming computer (bot), and the alleged Wikipedia account is the spam recipient's email account."
put_it_down writes: "The National Institute of Standards and Technology has released two draft publications as part of its Cryptographic Key Management Project, an effort to help agencies in their adoption of more advanced cryptographic algorithms and the management of stronger keys.
The publications are part of a 10-year-old effort by NIST to provide guidance for the adoption of strong cryptography and for key management to agencies that increasingly rely on cryptography to ensure the security and authenticity of data, both in transit and at rest."
put_it_down writes: "In mid-2009, an employee at the California firm clicked on a link in an e-mail message and ended up at a malicious website. The site, run by online thieves, used a vulnerability in Internet Explorer to load a Trojan horse on the employee's system. With control of the machine, which was used for much of the firm's accounting, the thieves gathered data on the firm and its finances. A few days later, the thieves used 27 transactions to transfer $447,000 from Ferma's accounts, distributing the money to accounts worldwide."
put_it_down writes: ""Many of the most widely used third-party software applications for Microsoft Windows do not take advantage of two major lines of defense built into the operating system that can help block attacks from hackers and viruses, according to research released today.
Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system's memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) first introduced with Windows XP Service Pack 2 back in 2004 attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they're seeking, the code placed there will not execute or run.""