Blog.Ivacy.com

Organizations may be on the cusp of widespread real-world implementation of one of today’s most intriguing network security developments: Intel’s vPro processor technology. This hardware-based offering promises improved management and security of desktops, laptops and servers. But does vPro or any other type of security on a chip truly represent a chance for the good guys to pull ahead of the bad guys?

There’s a tried and true method for seeking out the maximum number of vulnerabilities possible when testing your Web applications for security flaws. No, it’s not a high-end Web application vulnerability scanner but rather a free “technique” that you can improve over time. You may not learn the methods overnight, but once you do, it’s virtually guaranteed to take your Web vulnerability testing to the next level. It’s stepping into the mindset of a malicious attacker and delving in to see what else in the Web application can be exploited.

BigTimOBrien writes to mention the EFF is reporting that self-proclaimed cyberlawyer, Eric Menhart, has decided to trademark use of the term “cyberlaw” and is threatening other lawyers with legal action over the term.

“I wish I could say I was surprised by this one, but such overreaching invocations of IP rights are all too common — even where, as in this case, there are no actual “rights” to speak of. But an IP lawyer should know that courts (and trademark examiners, and many tech companies that might be potential clients) don’t look kindly on efforts to abuse trademark law to control everyday language. Here’s hoping Menhart figures that out fast.”

Shneier wrote:

MySpace has has reached an agreement with the attorneys general of 49 states — Texas sat out — to protect children from sexual predators on the site.

The attorneys general are all congratulating themselves, as is MySpace — and there’s a lot of commentary out there. To me, this all seems like much ado about nothing.

The measures — details here — won’t do anything to stop child predators on MySpace. But, on the other hand, there isn’t really any problem with child predators — just a tiny handful of highly publicized stories — on MySpace. It’s just security theater against a movie-plot threat. But we humans have a well-established cognitive bias that overestimates threats against our children, so it all makes sense.

“Like most major corporations, it is our corporate responsibility to have systems in place, including software systems, to monitor threats to our network, intellectual property and our people,” Wal-Mart spokeswoman Sarah Clark said in a statement in April. Following the Gabbard firing, Wal-Mart said it conducted a review of its monitoring activities. “There have been changes in leadership, and we have strengthened our practices and protocols in this area,” Clark said.

Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

To me, it’s basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it’s both wrong and dangerous.

read this essay

A five-year-old boy was taken into custody and thoroughly searched at Sea-Tac because his name is similar to a possible terrorist alias.

Compromised accounts on Facebook have enabled criminals to try and entice people into logging in to the site from a fake login page.

The fake login page for Facebook cited by F-Secure resides at a domain in the top-level for China; the nameservers for the phishing site are also China-based.

“Phishers are apparently using hacked Facebook accounts to post links to a fake login page on other people’s ‘Wall posts’,” said F-Secure.

Going to the phishing site and logging in leads to someone else capturing those Facebook login credentials. TechCrunch wondered why someone would go to the trouble of doing that.

Read more…