Security Port

Security Forums
Security Articles
Security Port Blog
Security Blogs
Security Books
Security Glossary
Security Definitions
Security Directories
Security Wikis
Security Tradeshows
Security Newsletters
Security Alerts
Buyers Guides
Security Newsgroups
Security Organizations
Submit Security Sites
Security Magazines
Security Feeds
Security News
Security Software
Security Products
Search Databases

Security Port
Contains relevant information that pertains to security related issues and solutions.

Security Port

A Security Port Blog
Security Start Up Fails to Buy

Ex-White House security adviser Richard A. Clarke, who became a high-profile critic of the Bush administration, has resigned as chairman of a Massachusetts blank check company that netted $55 million in an initial public offering, but failed to make good on its plans to buy security firms.

Clarke and other key officials at Good Harbor Partners Acquisitions Corp. resigned on June 16, according to a filing with the Securities and Exchange Commission. Earlier this year, the company returned nearly all of the money it raised in a 2006 IPO after failing to buy any companies.

There is Money to be Made In Cellular Security

The race is on to get businesses and consumers to pay for security for their cellphone the way they do for their PCs.

Tech security companies see a lucrative emerging market for cellphone security products. Researcher IDC predicts businesses and consumers will spend $958 million by 2011, up from $214 million in 2006 spent mostly by corporations. Symantec, Kaspersky Lab, Trend Micro and others have stepped up consumer marketing of anti-virus subscriptions for mobile devices. Typical annual cost: about $30.

Coffee is a Security Risk!

An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak.

Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow in the Internet Connection software that links his Jura F90 coffee maker to his PC.

complete article

Theft Tied to Basic Security Flaws

Many data thieves may not be so sophisticated after all, according to a study to be released today.

At a time when the theft of personal information is a growing problem for companies and consumers, the study by a consulting unit of Verizon Communications Inc. analyzed more than 500 data breaches since 2004 and found 87 percent could have been prevented with commonplace security practices.

Security Hole

Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday.

Experts with Boston-based Core Security Technologies, who discovered the deficiency and described it exclusively to The Associated Press before they issued a security advisory, said theres no evidence anyone else found or exploited the flaw.

Telecoms Patrolling the Internet

Forget that warm and fuzzy slogan about reaching out and touching someone. The biggest U.S. telephone company is increasingly pitching its ability to keep the bad guys away.

Every day, all over the Internet, computers are bombarded with spam and malware, forcing corporate information technology staffs into constant battle, and often overwhelming home users.

But help is emerging from an unlikely source. Telecommunication carriers, who for years have passively transported voice and data communications, are offering to patrol their giant networks - for a price.

Prepaid Debit Card for Social Security

More than 4-million Social Security and Supplemental Security Income recipients who do not have bank accounts now have the option of getting a prepaid MasterCard debit card with their benefits instead of a paper check. A pilot project in Illinois last year has been expanded to 10 Southern states, including Florida. Here's a look at it.

E-Tail Security

Software security breaches add up in recent headlines alone: $13 million in losses; 45.6 million credit cards stolen; recovery costs at $256 million dollars and mounting; and companies driven into bankruptcy or out of business. Financially motivated targeted attacks are becoming more prevalent, and new vulnerabilities continue to be reported, according to industry research firm Gartner.

Censorship: A Threat to the Stability and Security of the DNS?

Censorship practices by governments and other private actors are becoming more increasingly more sophisticated, and their effects are increasingly being felt globally.

A case in point, the YouTube incident in Pakistan was a recent example affecting both users and the DNS at a national and global level. Likely other incidents will occur in the near future. As such, I believe censorship should be considered as a threat to the stability and security of the DNS.

In the context of Internet governance discussions, I believe the issue should be raised both at ICANN and the Internet Governance forum. Do others agree?

Internet Banking Increases

The ease of accessing banking services after hours has seen a big jump in New Zealanders embracing online banking.

A Nielsen survey shows a 62 per cent jump in internet banking over the past three years. Telephone banking has also risen, up 13 per cent, while branch visits are down 23 per cent.

Printer Security Issues

Printers and copiers could be the weak link in many corporate cyber defenses, the European Unions information security agency warned Tuesday.

The EU said companies are often unaware of the dangers posed by printers that are connected to the Internet, which can serve as conduits to penetrate networks or a window to stored documents.

Australian Govt Launches E-Security Week

The Federal Government kicked-off National E-security week today with the launch of a new security alert service for internet users and small businesses.

The National E-security Awareness Week is a Government initiative aimed at boosting awareness of e-security risks.

The alert service, announced today, is a free subscription-based service that provides vulnerability and threat information while advising users how to manage outbreaks.

Protecting Fertilizer

Canadian farm-input retailers are looking for government financial help in upgrading security at their facilities to prevent fertilizer from falling into the hands of terrorists and makers of illegal drugs.

The Canadian Association of Agri-Retailers said Friday that its members and Canadian farmers will soon find themselves at an even greater competitive disadvantage compared to their American counterparts, as the new U.S. federal farm bill includes tax credits and grants to enhance security of crop nutrients, herbicides and pesticides.

The association notes that fertilizers have been used for sinister purposes by criminal and terrorist elements, notably in the Oklahoma City bombing in 1995 which killed 168 people and injured more than 800. Anhydrous ammonia is also used in making methamphetamine.

Body Imaging for Security

Airport security has been taken to a whole new level at Denver International Airport with a new passenger imaging technology that gives security officials a snapshot of what's underneath passengers clothes, the Transportation Security Administration (TSA) announced.

TSA started testing the new system -- that scans the body for weapons and explosives -- at DIA security checkpoints Friday.

DIA is the sixth airport in the nation to implement the technology which will be used randomly on passengers traveling through security.

TJX Security Talk Got Employee Fired

A low-level TJX employee has lost his job for speaking in public about information security problems he uncovered while working for the company.

The employee, Nick Benson, is a University of Kansas student who worked at T.J. Maxx Pine Ridge Plaza store in Lawrence, Kansas. In an e-mail interview, he said he was fired Wednesday for violating corporate policy by disclosing proprietary information.

Muslim Gangs Taking Power in UK Prisons

Muslim gangs are threatening to take control of one of Britain's top security prisons where inmates include Al-Qaeda terrorists, a report reveals. Staff at Whitemoor jail, Cambs, believe a serious incident is imminent as several wings become dominated by Muslim prisoners. There is an on-going theme of fear and instability among employees, says the Prison Services Directorate of High Security report. "There is much talk around the establishment about the Muslims,it says.

Some staff believe the situation has resulted in Muslim prisoners becoming more of a gang than a religious group. The sheer numbers, coupled with a lack of awareness among staff, appear to be engendering fear and handing control to the prisoners, the report says. The situation has become so bad that white prisoners are warned about the Muslim gangs by staff on arrival.

China Prepares Security for the Olympics

An anti-terrorist special team consisting of engineers and experts will shoulder the security work for the 2008 Beijing Olympics, according to the General Staff Headquarters of the Peoples Liberation Army (PLA).

The team from the PLAs engineering troop will be responsible for security checks, emergency rescues and anti-terrorist technology applications during the August Olympiad.

In addition, 10 engineering experts in anti-terrorist technology have been selected to provide technical support and information for the security troops during the Games.  

Olympic security has been the focus of the Chinese armys daily drills. Among them are activities preventing guns and explosives from nearing important targets, searching for and defusing explosives, rescuing victims stranded in damaged buildings and leading emergency evacuations, among others.

Facebook Agreement with Mass Attorney General

While schools in Lynn and across the country are fighting a war against Internet predators and bullying, Massachusetts Attorney General Martha Coakley announced a breakthrough safety and security agreement with one of the Internets most successful Web sites this month.

Coakley, along with her 49 counterparts from across the country, reached an agreement with this month to better protect children from predators and inappropriate content on the Web site. As part of the agreement, will also participate in the Internet Safety Technical Task Force that was established under a similar agreement reached between and the attorneys general in January.

NSA Knocked Off the Internet

The US National Security Agency (NSA) has been knocked off the Internet, thanks to a faulty server. However, website measurement company Netcraft said that the problem had now been fixed.

The website was temporarily unreachable because of a problem with the NSAs DNS servers, said Danny McPherson, chief research officer with Arbor Networks. DNS servers are used to translate things like the web addresses typed into machine-readable Internet Protocol addresses that computers use to find each other on the Internet. The agency's two authoritative DNS servers were unreachable last Thursday morning, McPherson said.

Apple Flaws

After attempting to work with Apple for several months on what it claims are serious security flaws in iCal, security firm Core Security Technologies (CST) published the flaws late on Wednesday. The company published notice of the bugs, and a log of contacts between Apple that debate the severity of the flaws and threaten publication unless Apple commits to a date for fixing the flaws

Software Alert System

Use PageGate integrated with existing applications to notify IT staff on wireless devices about outages or system problems. Alerts can be sent to PageGate from network monitoring, HVAC or other systems. There is a free trial version of PageGate available and a step by step tutorial detailing how the software can be integrated to add another layer of notification.

Avoid Duplicate Content Penalties in the Search Engines

While it may still be debatable whether all the major search engines currently employ a duplicate content penalty, all have made it abundantly clear that they do not have any desire to provide search results that rehash the same content over and over. Actively avoid any potential penalties by taking a proactive approach to building unique content.

Avoid Duplicate Content Penalties in Search

eBay Seller Convicted Pirate

A 23-year-old Oregon man has pleaded guilty to charges that he used identity theft to set up bogus accounts on eBay, where he sold counterfeit software with a retail value of more than US$1 million, the U.S. Department of Justice said.

Jeremiah Joseph Mondello of Eugene, Oregon, pleaded guilty Wednesday to one count each of criminal copyright infringement, aggravated identity theft and mail fraud before Judge Ann Aiken in U.S. District Court for the District of Oregon. He faces up to 27 years in prison and a fine of $500,000, the DOJ said.

Software Security Hole in Power Plants

Boston-based security firm Core Security has discovered a serious hole in the Suitelink software that is used to automate operations at power stations, oil refineries and production lines, according to a report in New Scientist.

Attackers exploiting the vulnerability could crash the software by transmitting an outsize packet data to a certain port on the computer running Suitelink, the article says.

Fortunately, Wonderware, the company that makes Suitelink, has issued a software patch for the vulnerability. Now it is up to the plants to update their software.

Cyber Security Flawed

Major elements of the Bush administration's proposed $17 billion cyber security initiative have little to do with protecting government networks, and a lot to do with spying, according to a budget report released by the Senate Armed Services Committee this week.

The so-called National Cyber Security Initiative is also wrapped in unnecessary secrecy, and would spend billions on unproven, embryonic technology, and possibly illegal or ill-advised projects, according to the analysis -- which is part of a broad look at the proposed 2009 defense budget.

Drink Up for Security

Workers in some subway stations in Olympic host city Beijing have started asking passengers carrying bottled drinks to take a swig to prove they are not carrying banned liquids like petrol, local media reported on Friday.

China last year said terrorist attacks posed the biggest threat to the Games and has intensified security measures at airports, train and subway stations after the government said a flight crew foiled an attempt to blow up a plane over the countrys restive northwest region of Xinjiang in March.

Subway workers were asking passengers to take a drink if security equipment was unable to detect the content of the fluids in their bottles, the Beijing News said.

Prolific Hackers Arrested

Spanish police have arrested five hackers they describe as being among the most active on the internet.

The hackers, who include two 16-year-olds, are accused of disrupting government websites in the United States, Asia and Latin America.

Police say they co-ordinated attacks over the internet and hacked into 21,000 web pages over two years.

Cyberbully Indicted

This cyberbullying case could have significant implications:

A Missouri woman who allegedly used a fake MySpace profile to bully a girl who later committed suicide has been indicted by a federal Grand Jury.

Lori Drew, 49, allegedly posed as a boy on the website to befriend Megan Meier, 13, who hanged herself after he broke off the virtual relationship.

Extremists Get Technical

Al Qaeda and other radical groups have dramatically increased their use of the Internet in recent years to lure and train recruits worldwide, a U.S. Senate report warned on Thursday.

The report by the Senate Homeland Security Committee found that these groups run production houses and distribution centers that digitally send anti-American messages to thousands of Web sites around the globe.

FaceBook Puts Controls In Place

Top US state attorneys announced Thursday that Facebook has agreed to get tougher on keeping its young website users safe from bullies, porn, pedophiles and other online hazards.

Facebook has agreed to a child protection pact similar to the one sealed with leading social-networking website MySpace in January, according to Connecticut attorney general Richard Blumenthal.

TorrentSpy Fights Back

A TorrentSpy lawyer vowed Thursday to appeal a 110-million-dollar legal judgment against the website for directing people to unauthorized online copies of films and television shows.

Valence Media shut down its TorrentSpy website in March and filed for bankruptcy last week in the face of a lawsuit brought against it by the Motion Picture Association of America.

DARPA National Challenge

Police officers practice their firearm skills on a shooting range, so why should government computer security experts not have the same kind of training ground?

The Defense Advanced Research Projects Agency, or Darpa, on Monday issued a call for research proposals to develop the National Cyber Range, or NCR, a virtual network environment for cyberwar simulation.

Pirate Takes on Microsoft

software dealer who Microsoft charged with engaging in the sale of pirated software is vowing to fight back. Next week he plans to file a complaint with the European Commission alleging abuse of power and anti-trust violations.

Microsoft this past Monday filed a legal complaint against Samir Abdalla, an entrepreneur from The Netherlands, claiming that he illegally sold software in the U.S. that was intended for educational markets outside the United States. He is alleged to have made US$3.6 million from the business. The suit was filed in Los Angeles, together with seven complaints against other software dealers from Canada, Egypt and the U.S.

The software maker is asking for damages as well as an injunction that prevents Abdalla from importing software that is intended for students.

Internet Assault

Internet security experts say the Web has become so overrun with identity thieves that users have no way of knowing which sites are safe.

The San Francisco Chronicle said last Wednesday that even the largest and most-familiar destinations are vulnerable to thieves who swipe identification numbers, business e-mails and medical records.

FBI Loses To Internet Archive

The Internet Archive revealed Wednesday that the FBI dropped an effort to secretly obtain information about the online activities of one of the digital librarys users.
The Archive revealed that it had been served a National Security Letter by the FBI last year about one of its patrons. The San Francisco-based nonprofit organization prevailed after enlisting the help of the Electronic Frontier Foundation and the American Civil Liberties Union.

China To Spy on Guests

U.S. senator accused the Chinese government on Thursday of ordering U.S.-owned hotels in China to install Internet filters that can spy on international visitors coming to see the summer Olympic games.

Sen. Sam Brownback, a Kansas Republican, made the charge at a Capitol Hill news conference where he and other lawmakers denounced Chinas record of human rights abuses and urged President Bush not to attend the Olympics opening ceremonies in Beijing.

Criminals Try to Copyright Malware

Even criminal hackers want to protect their intellectual property, and they have come up with a method akin to copyrighting — with an appropriate dash of Internet thuggery thrown in.

Professional virus writers are now selling a suite of software on the Internet with an unusual attachment: a detailed licensing agreement that promises penalties for redistributing the malicious code without permission.

30 Months for Piracy

A Woodbury, Connecticut, man has been sentenced to 30 months in prison for operating Web sites where users could download unauthorized copies of movies, music and software titles, the U.S. Department of Justice announced.

David M. Fish, 26, was sentenced Monday on criminal copyright infringement and circumvention charges in U.S. District Court for the Northern District of California in San Jose, the DOJ announced late Tuesday.

Internet Crime Matures

Pack up the image of the lone hacker. Internet crime is highly organized -- outsourcing complex work and using sophisticated pricing, like bulk discounts for stolen credit cards.

What should be particularly worrisome to legitimate businesses is a shift in tactics. Rather than targeting computer networks, which have strengthened defenses considerably, Internet criminals now try to get to individual computers and customers of Internet services and sites with Web-based attacks. One reason: Few Web sites address their vulnerabilities, and the few that do, react slowly.

Microsoft Denies That They Are Security Concern

Microsoft Corp. denied the recent incident, in which more than half a million websites were hacked, was caused by vulnerabilities in its Web and SQL Server software, according to U.S. media reports Monday.

Earlier last week, more than 500,000 websites, including several hosted by the United Nations and the UK government, were hacked and modified in order to download malware to visitors computers, according to Finnish anti-virus maker F-Secure, which caused numerous governmental and commercial Web pages were shut down. Security researchers said those websites were hacked by SQL injection attacks.

HP Updates Open Security Concerns

A dangerous flaw in Hewlett-Packard Software Update, a tool that automatically updates HP software and drivers, could be exploited by an attacker to read sensitive information or gain access to a system.

The tools contain several ActiveX flaws that could be exploited by tricking Internet Explorer users into visiting a malicious website.

China Taking Piracy Seriously

Chinese police have seized $750 million worth of pirated computer software and broken up a piracy ring in southern China, state media said as Beijing vows to crack down on a problem which has soured trade ties.

Current Blog

2008 Security Blog Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive

2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive

Security Alerts
Locate security alerts, and security feeds via a security rss feed directory.