The IT Security Blog Roundup » Blog Archive » Weekend edition: Members of the military targeted, ID theft scare at Los Alamos and Oracle turns on the flashlight

Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ

RSS | Login | Register

The IT Security Blog Roundup

Weekend edition: Members of the military targeted, ID theft scare at Los Alamos and Oracle turns on the flashlight

Author: admin

Filed under: Breaches, Browser flaws, Email Security, Finance, Government, Lawbreakers, Microsoft, Non-Microsoft Patches, Patch Management, Patch Tuesday, Phishing, Privacy, Spam, Vulnerabilities

Technology news is sort of like food; if you leave it out too long, it’s only a matter of time until it goes bad.

If breaking news isn’t covered within a few days, it’s going to be passed over for the next juicy steak of a story to come along. And with ever-changing technology, and bad guys who never seem to sleep, nowhere in the media is this as clear as than with tech news.

So with that in mind, here are a few blog items to much on over the weekend.

As if they don’t have enough to worry about…
When doing business overseas, a road warrior is likely to check his or her bank account information via the web instead of running up an expensive phone bill or strolling the streets of Tokyo or London looking for a Chase Bank ATM.

So imagine being stationed in a foreign country for months on end, with few urban centers nearby to check account balances.

That’s the rationale behind a new man-in-the-middle phishing scheme that traps members of the U.S. Armed Forces into visiting a website that logs their keystrokes. F-Secure’s research team has a good description on its blog.

Warning: The scam websites, which pretend to be official Bank of America pages and require check card numbers, expiration dates and PIN numbers, look quite real.

Keep it classified
Here’s an another scary item.
Privacy blog PogoWasRight.org, named after a cartoon character famous for saying, “We have met the enemy and he is us,” (must’ve been before my time) has picked up an Associated Press story on Los Alamos workers being warned about identity theft.

Moving towards disclosure
Finally, patch distribution is a tricky business. Most months, Microsoft can’t seem to make anyone happy, no matter what it fixes or how many patches it releases.

With Oracle’s latest patch release just in the rearview mirror, Eric Maurice, the company’s manager for security in the Business Technology Unit, blogged about the latest distribution.

It’s worth reading because public disclosure about patch distributions is an even trickier business than releasing the fixes. It’s a tightrope walk above malicious users and IT pros, and both groups want as much information as possible.

It’s also worth noting that Oracle has made strides in recent months to release patches on a more selective basis and rank vulnerabilities on a clearer scale.

The flavor of the month
It’s getting pretty easy to forget what month it is, and not on account of the inconsistent weathe...
IT security term of the day: whaling
One of the best parts of IT security is the often silly-sounding terms used commonly. Phishing, in...
Moore unleashes iPhone exploits
Mega-hype = increased attention from hackers. Researchers have proven that one since late July, si...
Who’s really to blame for Ohio breaches?
IRS, Better Business Bureau phishing scams have Chinese roots