From ZDNet (Dancho Danchev)
Yesterday, a French hacker claimed to have gained access to Twitter’s administration panel, and based on the screen shots that he included featuring internal data [zataz.com] for accounts belonging to U.S President Barack Obama, Britney Spears, Ashton Kutcher, and Lily Allen, as well as a detailed overview of different sections behind the scenes of Twitter, his claims [mashable.com] seem pretty legitimate. Read the full story [zdnet.com].
From ZDNet (Dancho Danchev)
Mozilla’s “human shield” Johnathan Nightingale talks with Threatpost’s Robert Vamosi about secure software practices at RSA 2009.
Digital Underground podcast with Dennis Fisher
In this episode of the Digital Underground podcast, Dennis Fisher talks with David Mortman, CSO-in-residence at Echelon One and longtime security executive, about whether we’ve become too reliant on compliance, the changing nature of the CSO’s job and how network security is like baking artisan bread. Really.
Identity thieves are currently launching a massive attack on Facebook [techcrunch.com], using fake log-in pages to hijack usernames and passwords.
The attackers are using Facebook’s mail system to send a one-line message luring users to “fbaction.net,” a site that clones the social networking site’s log-in screen. Read the full story [zdnet.com]
A study conducted by the National Academy of Sciences found that the United States military needs to create an open, public dalogue to clarify its plans around using offensive weapons in cyberspace. The study also recommends that the military explain what offensive capabilities it has and how they might be used to counter conventional military attacks.
In this video from Dojosec, Matthew Watchinski from Sourcefire’s Vulnerability Research Team reveals the timeline, from discovery to sale to exploitation to disclosure to patch, of the Adobe JBIG PDF flaw.
Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.
According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials. Here’s the top-five list [zdnet.com]
In case you’ve missed it, there’s been a lot of talking in Washington lately about the need for major changes to the way that information security is handled in the federal government as well as the private sector. So far that talk hasn’t led to much in the way of action, but that may be on the horizon, as lawmakers and members of the Obama administration continue to look at the problems facing the country’s critical infrastructure. A Senate hearing on Tuesday laid out, again, how critical the problem is and what experts believe should be done to fix it.
The swine flu outbreak has inspired a flood of comparisons and false analogies to Conficker and other worms, most of which miss the many key differences between the Internet infrastructure and the human population. But there are lessons that security personnel can learn from the ways that health organizatons respond to and handle epidemics.
The pickings are slim in the job market and the time line of interviewing and then hiring new people is slow. But there are positions available in the security field, according to three veteran security recruiters that we spoke with recently.
If you get a call that you’ve got a shot at a job interview, every move counts. How can you have an edge over other candidates angling for the same position? Our experts weigh in on important steps to excel when you get your chance to wow a possible new employer. Read the full story [cio.com]