PCI-DSS 1.1 points to outdated OWASP Top 10   02 Jul 2008 17:12 GMT
OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining.  My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...
Source: ZDNet

Microsoft to ratchet IE8 security another notch in Beta 2   02 Jul 2008 17:05 GMT
Sometime in August, Microsoft plans to release Beta 2 of Internet Explorer 8. Yesterday, I spoke with Austin Wilson, Director of Windows Client Product Management at Microsoft, about some of the security-related changes due in this milestone, and got a preview of the changes announced today. Here are some details...
Source: ZDNet

Sony PlayStation's site SQL injected, redirecting to rogue security software   02 Jul 2008 16:10 GMT
The latest high trafficked web site to fall victim into the continuing waves of massive SQL injection attacks courtesy of copycats and the ASProx botnet, is Sony's PlayStation U.S site according to a recent post at SophosLabs's blog : "Researchers at IT security firm Sophos have warned lovers of...
Source: ZDNet

Blizzard introducing two-factor authentication for WoW gamers   02 Jul 2008 13:37 GMT
Password stealing malware targeting popular MMORPGs such as World of Warcraft for instance, has become so prevalent, that video game developers are taking their authentication model a step further, by introducing two-factor authentication into play. And while marketable, is the new authentication layer actually useful in a real life situation?...
Source: ZDNet

Trojan lurks, waiting to steal admin passwords   02 Jul 2008 11:34 GMT
Coreflood Trojan program has used a Microsoft administration tool to infect corporate networks.

Source: Computerworld

Microsoft Hyper-V and Spin Marketing - Symantec's take   02 Jul 2008 10:00 GMT
Microsoft's announcement of Hyper-V, as with other Microsoft announcement, brings out the spin-miesters in the marketing departments at Microsoft's partners and competitors alike. Over the past few days I've been posting a summary of some of the converstions I've been having about Hyper-V. This time, I spoke with Sean Derrington...
Source: ZDNet

McAfee S.P.A.M. experiment and more ridiculous HackerSafe failures   02 Jul 2008 05:40 GMT
Stay with me here readers, I'm stringing two stories about McAfee together here, a little out of the ordinary, so I hope it makes sense.  If you aren't interested in the tech details of which there are very little, please do read for a good laugh. Network World reported...
Source: ZDNet

Researcher claims thousands of identities stolen during Social Engineering pentests   02 Jul 2008 04:43 GMT
Kelly Jackson Higgins of Dark Reading, reported on research conducted by Joshua Perrymon, hacking director for PacketFocus Security Solutions and CEO of RedFlag Security, who has been performing social engineering exploits for numerous clients in the past year and has apparently stolen thousands of identities with a 100 percent success rate. ...
Source: ZDNet

Google ships open-source Web security assessment tool   02 Jul 2008 01:35 GMT
The Google security team has released a free, open-source Web app security assessment tool capable of flagging vulnerabilities and potential security threats in Internet-facing applications. The tool, called Ratproxy, is described as a passive Web application security audit tool designed to analyze legitimate, browser-driven interactions with tested Web...
Source: ZDNet

Snort Security Platform (Snort SP) 3.0 beta released   01 Jul 2008 15:01 GMT
Congrats to Martin Roesch and crew for delivering the next in a long line of well respected open source security products.  From Snort's site: Snort Security Platform SnortSP 3.0 Beta We're pleased to introduce our first beta release built on the new Snort 3.0 architecture. The Snort 3.0...
Source: ZDNet