Cisco Issues 7 Security Advisories for IOS
Networking giant Cisco has published a total of 7 security advisories that address 11 individual vulnerabilities for its Internetwork Operating System (IOS) software. Read the full article. [The H Security]
Cryptography
TJX Hacker Gets 20-Year Jail Sentence
Hacker mastermind Albert Gonzalez was sentenced Thursday in U.S.
District Court to two concurrent 20-year stints in prison for his role
in what prosecutors called the “unparalleled” theft of millions of credit card numbers from major U.S. retailers.//
U.S. District Court Judge Patti B. Saris announced the concurrent
sentences in two 2008 cases against Gonzalez, 28, a Cuban-American, who
was born in Miami, where he lived when the crimes were committed. Read the full story [IDG News Service]
Lights, Lasers Can Keep Hackers Out: Research
A new invention developed by Dr. Jacob Scheuer of Tel Aviv University’s
School of Electrical Engineering promises an information security
system that can beat today’s hackers — and the hackers of the future —
with existing fiber optic and computer technology. Transmitting binary
lock-and-key information in the form of light pulses, his device ensures
that a shared key code can be unlocked by the sender and receiver, and
absolutely nobody else. Read the full article. [ScienceDaily]
Google has added a nifty new security feature to warn GMail users when there are suspicious log-ins to their e-mail accounts.The feature, now being rolled into Firefox and Internet Explorer, will flag GMail log-ins from multiple locations and flash the following warning to an affected user:
A computer security professional who sold Internet Explorer exploit
code to credit card hacker Albert Gonzalez was sentenced Tuesday to three years probation and a $10,000 fine. Jeremy Jethro, 29, was paid $60,000 by Gonzalez for a zero-day
exploit against Microsoft’s browser, “the purpose and function of which
was to … enable the conspirators to unlawfully gain access to, and
redirect, individual’s computers,” according to court records. Read the full article, [Wired]
Researchers from Indiana University and Microsoft were able to
infer sensitive data by analyzing the distinct size and other
attributes of each exchange between a user and a website interaction. Using man-in-the-middle attacks, they could glean the
information even when transactions were encrypted using the Secure
Sockets Layer, or SSL, protocol or the WPA, or Wi-fi Protected Access
protocol. Read the full article. [The Register]
Criminal hacker organizations are operating with increasing corporate-life efficiency, specialization and expertise, said the FBI at FOSE conference. Here are the top ten operational positions in a cybercrime group. Read the full article. [Computerworld]
Computer hacker Albert Gonzalez deserves a quarter-century behind bars
for leading a gang of cyberthieves who stole tens of millions of credit
and debit card numbers from a transaction processor and several giant
retail chains, federal prosecutors argued in a recent court filing. Read the full article. [Wired]
Here are four techniques and related technologies several cited as
underrated in today’s security fight. Since one security pro’s miracle
tool is another’s waste of budget, it’s no surprise that a couple of
the technologies panned earlier are praised here. Read the full article. [CSO]
Internet service providers have the ability to wipe nearly all malicious activity in their network without stepping on individual privacy and civil liberties, said Adam Rice, chief security officer at Mumbai-based Tata Communications. Read the full article. [TechTarget]
