Security News Curated from across the world
The security researcher, a student in the information systems program at Missouri State University, is currently working with Metasploit founder HD Moore to find flaws in Internet Explorer and other browsers using data fuzzing techniques. Murphy and others also took issue with the lack of details about Microsoft’s other security enhancements, including defense-in-depth changes and changes to how ActiveX controls are run.
http://www.securityfocus.com/brief/187?ref=rss
Any statewide policy, however, would not apply to the legislative and judicial branches or to the state’s constitutional officers, although they could adopt it, the executive order states.
Other state governments have enacted similar P2P use policies.
http://www.fcw.com/article94067-04-13-06-Web
Internet Relay Chat (IRC) and chat-based attacks continue to dominate, but their share of all attacks dropped in favor of an increasing number of P2P attacks.
In February, Waltham, Mass.-based IMlogic Inc. and San Diego-based Akonix Systems Inc. released reports showing a dramatic spike in IM threats last year and an IT community that has yet to achieve an adequate defense.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1180006,00.html
The TPM is commonly used in enterprise workstations and laptop computers to enable security features and securely store encryption keys. Apple also uses the chip to limit the OS X operating system to Mac hardware, preventing consumers from running it on generic x86 computers.
Privacy advocates have criticised the chips because they could potentially be used to enforce digital rights management technology and prevent users from accessing certain applications or services.
http://www.vnunet.com/2153898
CompTIA also noted that in the last several years, organizations have equipped themselves with sophisticated security infrastructure that better detect and prevent attacks.
The study found that 96 percent of respondents use antivirus software while 91 percent have firewalls and proxy servers, in addition to disaster recovery plans, intrusion detection systems and information security policies.
http://www.zdnetasia.com/news/security/0,39044215,39350700,00.htm
To guarantee that the SA notification e-mails are received, institutions should ensure that their network spam filters are set to accept all e-mails from fdic.gov.
Institutions without Internet access may request to continue receiving SAs through the mail by completing the attached paper-delivery request form and faxing it to the FDIC at (703) 465-4314. The FDIC also offers electronic distribution of SAs through its online subscription service. Since this service is not secure, confidential SA attachments of fraudulent and genuine instruments are not included.
To decrease the number of unnecessary e-mails, institution users of this on-line subscription service may wish to discontinue receiving SAs through this mechanism.
http://www.bankinfosecurity.com/regulations.php?reg_id=220&PHPSESSID=0c468c65f2007d6227f7a3a2c3db0faf