HNNCast.2010.06.11
HNNCast for the second week of June, 2010
Lead Stories
- GoatSec’s Finding, Digital Dribble, Another Flash-hole, IIS and PHP Attacks, Lamos Labeled
News
- Hardware Slammer, Olympic Goof, Gaza Fallout
- Courtnee: HacKid Con
- HP Helps Bletchey, These Are Not the Droids but this Is the Talk, B-Sides Multiplies
Tool Time
- Spiderpig, PDF Dissector, OllyDbg 2.0, POET, WhitePhosphorus, ArpOn, SysInternals Updates, Android Blue-box
Quickies
- NATO Needs C.A.L.T., Billionaire Polluters, DHS Mergers, Stay Smart Down Under – Mmk? Batches of Patches, unLucky Greeks, ScaMS, University of Breach, the Weekly Cons Call
Stack of Shame
- count: 133
Posted: June 13th, 2010
at 7:44am by tan
Tagged with "cross-site scripting", "Dan Kaminsky", "New York Times", "These are not the Droids you are looking for", Acrobat, Adobe, Adrian Lamo, andriod, Apple, ArpOn, ASP, AT&T, autorun, AutoRuns, B-Sides, Bletchey Park, bluebox, BP, breach, CanSecWest, Canvas, CAPTCHA, CBC-mode encryption, Chrome, CS&C, Defcon 18, Dept. of Homeland Security, DHS, Digital River, ExcaliburCon, Facebook, Fake Anti-Virus, FBI, Flash, FRYOM, Gaza, Glassfish, Goatse, GoDaddy, Gogle, Google, HacKid Con, Hashdays, holistic infosec, Hotel Pennsylvania, HP, IBM, ICCID, IDF, IIS, Immunity, iPad, Israel, javascript, Jerusalem Post, JSF, Julian Assange, Linux, Lucky, Mac, Macedonian Dark Security, malware, microSD, National Cyber Security Awareness Week, NATO, OIP, OllyDbg 2.0, Olympus, PDF, PDF Dissector, Penn State University, PHP, POET, ProcDump, Process Explorer, Re-Con, Reader, rootkit, Safari, Samsung, SigCheck, SMS, Solaris, Specialist Brad Manning, Spiderpig, sql injection, Stay Smart Online, Strathcycle Police Dept., Stylus Tough 6010, Sun, SysInternals, TechNet, the Next HOPE, Trojan, Tufts University, Turkey, virus, Wall Street Journal, Wave, WHitePhosphorus, WikiLeaks, Windows, Wordpress, XSS, ZDI, Zero Day Initiative, Zynamics
Comments: 1 comment
DHS May Merge Infrastructure Protection and Cybersecurity Units
Seems reasonable to me – get them all in 1 “room” so the talented one can get their hands into more stuff. Telecom is way behind and needs some infusion of critique like they can get from web app testers. Your automated telephone attendant systems for example – it’s like they were invented before we realized you collect username and password *TOGETHER* so an attacker can’t tell WHICH is wrong. The whole is indeed stronger than the sum of it’s parts and these telecom guys need to be welcomed to the 21st century 
The Department of Homeland Security (DHS) may formally merge its units that oversee critical infrastructure protection and cybersecurity in light of their closely intertwined missions, a senior agency official told Security Management.
Todd M. Keil, assistant secretary of homeland security for infrastructure protection, said that his office, the Office of Infrastructure Protection (OIP) already collaborates heavily with the Office of Cybersecurity and Communications (CS&C) based on the fundamental interdependence between the IT and communications…
OIP, part of DHS’s National Programs and Protection Directorate, is responsible for identifying the nation’s critical infrastructure and working with owner-operators to assess and mitigate risk. OIP may be best known to the private sector through its protective security advisors (PSAs) and its site assistance visits (SAVs) during which PSAs and other DHS experts assess vulnerabilities at critical infrastructure sites and offer owner-operators protection options to mitigate risk.…
CS&C consists of three separate units: The Office of Emergency Communication, which oversees programs to improve first-responder communications; the National Communications System, which supports priority national communication during crises; and the National Cyber Security Division.
via DHS May Merge Infrastructure Protection, Cybersecurity Units, Official Says | Security Management.
HNNCast021910
HNNCast for the Third Week of February, 2010
Lead Stories
- Reality Shockwave: Government to Intrude Further and Ask for More Money, Russian Porno Prankster Faces 2 Years in the Pokey, Floyd Landiself in Trouble Over Drug Tester Breach, Badware BSOD Bug Fixed Faster than MS Responds, The Big Filmowski – the Dudes Abide
News
- Google:CanSec as K-12:Ivy League, Cash Grass or *ss – Nobody Passes for Free, Logic Bomb Blows 800 Boxes, Would You Like Some Identity Theft with that Shake Mate?
Quickies
- European PIN Bypass, Twitter Grader Fails with Grace, Acrobatics Are Unsafe Kids, Georgia Compromises, Conficker Burrows through Leeds to Middlesex, Paint Me Vuln, the Weekly Cons Call
Stack of Shame
- Count: 149
- Turning 1 Year Old This Week:
- ZDI-CAN-438 Cisco High 2009-02-24, 360 days ago Discovered by: Anonymous
- ZDI-CAN-434 RealNetworks High 2009-02-24, 360 days ago Discovered by: Anonymous , Hossein Lotfi
Posted: February 21st, 2010
at 12:45am by tan
Tagged with "Credit card", "Dan Kaminsky", #cybershockwave, 0day, Acrobat, Adobe PDF, Alureon, APEX Online Learning System, Australia, authentication, billboard, botnet, Broward School District, BruCon, BSOD, Bug Bounty, Cambridge university, CanSecWest, Card Skimming, Chip and PIN, Chrome, Cisco, City of Norfolk, Columbia, Conficker, data breach, Defcon 18, DHS, drug testing, Filmowisko.net, Floyd Landis, Foundation for the Protection of Audiovisual Creativity, Georgia, Google, grades, HD Moore, Hossein Lotfi, HubSpot, IOActive, JPEG, Kneber, Leeds HNS, Logic Bomb, maleware, Manchester Police Department, McDonald's, metasploit, Microsoft, MitM, Moscow, MS10-015, Open Security Foundation, operation cyber shockwave, OPFOR, OSF, OSVDB, Paint, passwords, Perth, porn, POS, pwn20wn, Quahog Con, rapidshare, Real Networks, Russia, Safari, ScanSafe, Security B-Sides Boston, Source Boston, teacher, Twitter Grader, wargame, West Middlesex University Hospital, ZDI, Zero Day Initiative, Zeus
Comments: 1 comment
