07-05-2009 23:02 Večernje novosti: Rat oko "Stožica" Večernje novosti Maketa budućeg centra DELTA Holding je najavio sudsku zaštitu ugleda i interesa posle objavljivanja informacija u medijima da je umesto njih u posao sa slovenačkim "Grepom" uskočio austrijski holding "Supernova". Radi se o realizaciji projekta sportsko-trgovačkog centra "Stožice" u čijem izvođenju je Delta trebalo da učestvuje. Beogradskoj kompaniji se nije dopalo što je novi investitor pronađen, iako preduzeće "Grep", koje u ime gradskih [...] Vaš komentar Naslovi :: Naslovi Povezani zapisi: 03-09-2010 23:31 GeoIPgen v0.4 – Country-to-IPs generator Version 0.4 (07/03/2010) Faster and smaller memory usage. It now uses the fast-random algorithm by default instead of the bit-field method Re-wrote README file Simplified usage instructions Video: Geo (...) - Security Tools / Enumeration, Information Gathering, Network Discovery, GeoIPgen security-database 03-06-2010 20:38 Integration and the Security of New Technologies, (Sat, Mar 6th) The topic of deployment of new technology in an enterprise, and how to prepare to secure that technology is one that has come up for discussion recently. Part of the discussion was a question asked by a reader today as to the deployment of a new system, offering a number of services via the web, and the security of those systems and services. So my question for comment is How do we secure this? In my experience, it is a combination of the Engineering, Testing Installation with the Site Security team(s) working together during the deployment and initial operational phases of any system. The Security teams are often times the firsthand and best source of knowledge for the system, or systems, being deployed. If the Security teams are contracted for the installation and testing of the new technology, then they typically have a reliable way of getting information to/from the developers. The Site Security teams need to be involved early on in the engineering phase, to ensure the sites current Information Security Infrastructure will readily support the incoming technologies. Most vendors today can supply deployment and integration guides that the Security teams can provide the site early on as well. I welcome your comments, tony d0t carothers @t isc.sans.org ISC 03-05-2010 8:21 Mariposa Botnet Perpetrators Captured  Following the shutdown of the Mariposa botnet recently, three alleged members of the group behind the said botnet were finally arrested last week by the Spanish Police, although they are still pursuing another suspect that may still be at large somewhere in South America. The Mariposa botnet was one of the largest botnets to date. It was reportedly responsible for attacking millions of businesses around the world, including Fortune 1000 companies, in a mission to steal online banking, business, and personal information from compromised systems. Mariposa was discovered in 2009 by the Mariposa Working Group, an informal group of volunteers from the security industry and law enforcement agencies, formed to specifically investigate and to eventually eliminate the said botnet. The group was also responsible for giving out pertinent information on the botnet, which led to the arrest of three of its perpetrators. Throughout its lifetime, Mariposa was able to launch several bot variants that were able to compromise up to 12.7 million computers from all over the world. Trend Micro detects malware related to this botnet as WORM_AUTORUN.ZRO. This worm spreads copies of itself through physical and removable drives as well as through the popular instant-messaging application, MSN Messenger. It also propagates via known peer-to-peer (P2P) file-sharing applications, particularly Kazaa, BearShare, iMesh, Shareaza, DC++, Emule, and LimeWire. It can also perform denial-of-service (DoS) attacks against targeted systems. The take-down of the Mariposa botnet may mean less zombies for cybercriminals to operate with. However, there are still other infamous botnets that have not been caught yet and even new ones that are gaining notoriety once again such as ZeuS, SDBOT IRC, Chuck Norris, and DOWNAD/Conficker botnets. Trend Micro™ Smart Protection Network™ already protects product users from these threats by detecting and preventing the file’s execution on affected systems via the file reputation service. Non-Trend Micro product users, on the other hand, can use free tools like RUBotted, which monitors computers for suspicious activities and regularly checks with an online service to identify behaviors associated with bots. Upon discovering potential infections, it prompts users to scan and clean their computers. Post from: TrendLabs | Malware Blog - by Trend Micro trendmicro 03-03-2010 14:36 Federal Support for Federated Login  Posted by Eric Sachs, Senior Product Manager, Google SecurityLast November, we discussed the progress that account login systems operating via standards-based identity technologies like OpenID have achieved across the web. As more websites seek to interact with one another to provide a richer experience for users, we're seeing even more interest in finding a secure way to enable that kind of information sharing while avoiding the hassle for users of creating new accounts and passwords. Excitement for technology like OpenID is not limited to the private sector. President Obama's open government memorandum last year spurred the creation of a pilot initiative in September to enable U.S. citizens to more easily sign in to government-run websites. Google joined a number of other companies to explore ways to answer that call. Now, several months later, some interesting things are taking shape. The Open Identity Exchange (OIX), a new organization and certification body focused on online identity management, today named Google among the first identity providers to be approved by the U.S. Government as meeting federal standards for identity assurance. This means that Google's identity, security, and privacy specifications have been certified so that a user can register and log in at U.S. government websites using their Google account login credentials. The National Institute of Health (NIH) is the first government website ready to accept such credentials, and we look forward to seeing other websites open up to certified identity providers so that users will have an easier and more secure time interacting with these resources. Our hope is that the work of the OIX and other groups will continue to grow and help facilitate more open government participation, as well as improve security on the Internet by reducing password use across websites. Feedproxy Security |
