Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Submission Summary: 0 pending, 7 declined, 4 accepted (11 total, 36.36% accepted)

Security

Submission + - New Controversy over Black Hat presentation

Submitted by
uniquebydegrees
uniquebydegrees writes: "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM. Read it here: http://www.infoworld.com/article/07/02/26/HNblackh atrfid_1.html"
Security

Submission + - Microsoft sponsors antiphishing bakeoff

Submitted by
uniquebydegrees
uniquebydegrees writes: "InfoWorld is blogging about the results (predictable) of a Microsoft sponsored antiphishing technology bake off (http://weblog.infoworld.com/techwatch/archives/00 8114.html.) From the TechWatch blog: "Microsoft's Phishing Filter (MPF) in IE 7 Beta 3 received the highest "composite score" at 172, followed closely by NetCraft's toolbar with a composite score of 168. But when you dig into the numbers, another story emerges. First of all, IE's MPF antiphishing toolbar doesn't top out any of the individual tests that make up the composite score...So how did MPF end up on top? ... Microsoft didn't do the best job of spotting phish sites, but it did do the best job of blocking the ones it did spot, and blocking was what garnered the most points. In contrast, GeoTrust found almost all the phishing sites that were thrown at it, but doesn't have a blocking capability, and only warns users. NetCraft blocked all %84 percent of the sites it correctly identified, and that was better than Microsoft's %83 block rate, but Microsoft warned on another %6 percent that NetCraft didn't so...Microsoft WINS!!!! Unfair — possibly. Blocking a phishing Web site earned you twice as many points as just warning about it in this test, but is blocking really twice as effective as just warning users? That's reasearch that needs to be done. It certainly seems like 3Sharp's study may have been an outcome in search of a method.""
Security

Submission + - DHS publishes report on Operation Cyberstorm

Submitted by
uniquebydegrees
uniquebydegrees writes: "InfoWorld reports that the Department of Homeland Security has released the findings of Operation Cyber Storm, a large-scale simulation of combined cyber-physical attacks on U.S. critical infrastructure. (See: http://weblog.infoworld.com/techwatch/archives/007 886.html). From InfoWorld: According to DHS, "observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis." Sound familiar?"
Security

Submission + - Microsoft re-re-rereleases IE patch

Submitted by
uniquebydegrees
uniquebydegrees writes: "Just thought you folks would like to know that InfoWorld is reporting that Microsoft quietly released an update for MS06-042 on Tuesday. (http://weblog.infoworld.com/techwatch/archives/00 7870.html.) MS06-042 is the cumulative patch for IE that actually introduced a new security hole onto systems that applied the update. Microsoft re-released the patch back in August, but it now turns out that the updated patch had yet another vulnerability, once again discovered by folks at eEyE Digital Security. As with the previous hole, it concerned handling of long URLs from Websites using HTTP 1.1 protocol with compression. According to a revision note, Version 3.0 of the patch, released Sept. 12, the update was "re-released to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow — CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately." (See: http://www.microsoft.com/technet/security/Bulletin /MS06-042.mspx.)"

Slashdot Top Deals

Nothing is faster than the speed of light ... To prove this to yourself, try opening the refrigerator door before the light comes on.

Close