Latest Posts


From the Web

SSA employee convicted for unauthorized access to govt computer

August 01, 2009 from: Office of Inadequate Security

Roberto Rodriguez, 54, formerly of Fort Lauderdale, FL, was convicted by a jury on July 29, 2009 of seventeen counts of exceeding his authorized access to a government computer. Rodriguez is scheduled to be sentenced on October 9, 2009, before U.S. District Court Judge William J. Zloch.

Comments  (0)


From the Web

Tax-preparation docs found in dumpster

August 01, 2009 from: Office of Inadequate Security

WOIA in Texas reports that San Antonio police are investigating how boxes full of unredacted personal information including Social Security numbers and financial information were sitting in the in the open in a dumpster.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Adobe Releases Critical Patches for Flash Player

July 31, 2009 Added by:Infosec Island Admin

Today, Adobe released version 10.0.32.18 of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.

Comments  (4)


From the Web

Clarence employees criticized in audit

July 31, 2009 from: Office of Inadequate Security

The Clarence High School [Buffalo, NY] principal and other district employees repeatedly used district computers for personal use, the state comptroller’s office said.

Comments  (2)


From the Web

McAfee keeps leaked details to itself

July 31, 2009 from: Office of Inadequate Security

McAfee is yet to confirm with delegates to its recent Strategic Security Conference that their details were leaked in a bulk email, as reported on iTnews yesterday.

Comments  (0)


From the Web

Clampi Trojan stealing online bank data

July 31, 2009 from: Office of Inadequate Security

Hundreds of thousands of Windows computers are believed to be infected with a Trojan called “Clampi” that has been stealing banking and other login credentials from compromised PCs since 2007, a security researcher said on the eve of the Black Hat security conference.

Comments  (0)


From the Web

Carrell Clinic guard indicted

July 31, 2009 from: Office of Inadequate Security

A federal grand jury in Dallas has returned an indictment charging an Arlington, Texas, man, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, with felony offenses related to his compromising and damaging the hospital’s computer system, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas. Jesse William McGraw, a/k...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Extremely Sensitive US Secrets Found on P2P Networks

July 29, 2009 Added by:Infosec Island Admin

According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.

Comments  (0)


From the Web

URL bar spoofing vulnerability

July 28, 2009 from: Mozilla Security Blog

Firefox - The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.

Comments  (0)


From the Web

Locking up the valuables: Opt-in security with ForceTLS

July 28, 2009 from: Mozilla Security Blog

Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication.  A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...

Comments  (1)


From the Web

Network Solutions suffers crippling data breach

July 27, 2009 from: Office of Inadequate Security

Over half a million credit card holders may have had their account details captured by hackers, after web hosting firm Network Solutions revealed that more than 4,000 of the e-commerce sites it hosts could have been breached.

Comments  (1)


From the Web

Credit industry slow to protect customers from CreditMaster scam

July 25, 2009 from: Office of Inadequate Security

Recent cases in which people have been charged with online fraud for allegedly making purchases with illegally obtained credit card numbers have shed light on the lack of effective measures taken to frustrate the CreditMaster scam used in these incidents, even though the credit card industry was already aware of its existence.

Comments  (0)


From the Web

Network Solutions hacked

July 24, 2009 from: Office of Inadequate Security

Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.

Comments  (1)


From the Web

Ensuring Critical Patch Update Quality

July 24, 2009 from: The Oracle Global Product Security Blog

A commentary about Oracle's Critical Patch Update (CPU) program  works from Eric Maurice of Oracle

Comments  (0)


From the Web

Too much personal data released

July 24, 2009 from: Office of Inadequate Security

Personal information of almost 900 people was given to a public-housing resident [in Virginia] who requested a list of those who had been banned from Hampton Redevelopment and Housing Authority property.

Comments  (0)


From the Web

Leahy reintroduces data breach bill

July 23, 2009 from: Office of Inadequate Security

Senate Judiciary Chairman Patrick Leahy (D-Vt.) has reintroduced a data breach bill that would set tougher rules for government agencies and private sector firms regarding consumers’ personal information.

Comments  (0)


From the Web

Heartland breach felt in Bermuda

July 23, 2009 from: Office of Inadequate Security

Hundreds of Bermudians may have been the victims of credit card fraud stemming from a US security breach in January.

Comments  (1)


From the Web

Report: Shortage of cyber experts may hinder govt

July 22, 2009 from: hackyourself.net

Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

Comments  (2)


From the Web

wget DNS-rebinding and Weak Intranet Port Scanning

July 21, 2009 from: Rsnake's blog at ha.ckers.org

Albeit this a technical document, some interested points on browser technology in general (Linux's "wget" command) and DNS re-binding protection methods, this is an interesting read for you more saavy webappsec guys

Comments  (1)


From the Web

Firefox crash not exploitable (CVE-2009-2479)

July 19, 2009 from: Mozilla Security Blog

In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no ex...

Comments  (1)