[Owasp-cincinnati] Selected OWASP, InfoSec, Data Loss News For Last Week 8/21-9/1/2010

Marco M. Morana marco.m.morana at gmail.com
Fri Sep 3 08:45:45 EDT 2010


OWASP News

 

Developer's choices to attend Appsec  USA 2010

http://www.owasp.org/index.php/AppSec_US_2010,_CA/Attending_Owasp_Leaders

InfoSec News

 

Pentagon's cybersecurity plans have a Cold War chill

With little fanfare, the Pentagon is putting the finishing touches on a new
strategy that will treat cyberspace as a domain of potential warfare

http://www.washingtonpost.com/wp-dyn/content/article/2010/08/25/AR2010082505
962.html

 

 

China policy could force foreign security firms out 

China is stepping up efforts to keep the security systems that protect its
critical infrastructure in the hands of local firms, and that could be bad
news for companies based outside the country.

 

http://www.computerworld.com/s/article/9182218/China_policy_could_force_fore
ign_security_firms_out

Researcher Creates Clearinghouse Of 14 Million Hacked
Passwords

The "Wall of Sheep" has become a cherished tradition at the annual Defcon
hacker conference in Las Vegas: Anyone foolish enough to use the local
wireless network at the hotel will likely have his or her username and
password stolen..

http://blogs.forbes.com/andygreenberg/2010/08/26/researcher-creates-clearing
house-of-14-million-hacked-passwords/ 

 

Hackers accidentally give Microsoft their code

When hackers crash their systems while developing viruses, the code is often
sent directly to Microsoft, according to one of its senior security
architects, Rocky Heckman.

http://www.zdnet.com.au/hackers-accidentally-give-microsoft-their-code-33930
5548.htm

 

Rustock botnet ditches encryption to ramp spam

The Rustock mega-botnet appears to have ditched the experimental use of TLS
(transport layer security) to obscure its activity, Symantec has reported.

http://news.techworld.com/security/3236787/rustock-botnet-ditches-encryption
-to-ramp-spam/

 

Sticks and stones: Picking on users AND security pros 

Johnston, a member of the Vulnerability Assessment Team at Argonne National
Laboratory. In the presentation, he gave examples of surprising (or not)
examples of what he has seen as a vulnerability assessor: 

security devices, systems and programs with little or no security -- or
security thought -- built in. There are the well-designed security products
foolishly configured by those who buy them, thus causing more vulnerability
than before the devices were installed.

http://www.csoonline.com/article/605764/sticks-and-stones-picking-on-users-a
nd-security-pros

 

 

California Legislation Would Require Companies To Specify The Data Exposed
In Breaches

A privacy breach notification bill recently passed by the California
legislature would expand the state's existing law for how organizations
notify consumers of a data breach.

http://www.darkreading.com/database_security/security/attacks/showArticle.jh
tml?articleID=227001108

 

FSA fine Zurich UK over data security breach 

Zurich UK suffered the £2.28million fine after losing a disk containing the
details of 46,000 customers.

http://www.metro.co.uk/money/838932-fsa-fine-zurich-uk-over-data-security-br
each

 

Data Loss News

Source: dataloss at datalossdb.org

 

Title: Bank of America Settles Data Theft Claims
http://www.dailyfinance.com/story/credit/bank-of-america-settles-data-theft-
claims/19605617/

 

Title: Bank of America settles Countrywide data theft case
http://feeds.latimes.com/~r/latimes/business/~3/YBHBpTOdFwc/la-fi-countrywid
e-20100824,0,5710799.story

 

Regards

 

Marco Mirko Morana

OWASP Cincinnati USA Chapter Lead

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20100903/362ecb2a/attachment.html 


More information about the Owasp-cincinnati mailing list