http://www.strongholdnet.com The Network and Computer Security Blog Tue, 13 Nov 2007 09:32:26 +0000 http://backend.userland.com/rss092 en The september 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out. Tons of very insightful articles that help us to understand the current security threats. First Responders Basketball Referees and Single Points of Failure Interview with National Intelligence Director Mike McConnell Home Users: A Public Health Problem? News Vague Threat Prompts Overreaction Stupidest Terrorist Overreaction? Wholesale Automobile Surveillance ... http://www.strongholdnet.com/security/september-2007-issue-of-bruce-schneier%e2%80%99s-crypto-gram-newsletter/ The may 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out. As usual, plenty of very insightful articles that help to get a better grasp at the security threats we are currently facing. A Security Market for Lemons Is Big Brother a Big Deal? ... http://www.strongholdnet.com/security/may-2007-issue-of-bruce-schneier%e2%80%99s-crypto-gram-newsletter/ The january 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out. Automated Targeting System Surveillance Cameras Catch a Cold-Blooded Killer Crypto-Gram Reprints Auditory Eavesdropping Tracking Automobiles Through their Tires Licensing Boaters Wal-Mart Stays Open During Bomb Scare News NSA Helps Microsoft with Windows Vista Microsoft Anti-Phishing and Small Businesses Not Paying Attention at the Virginia DMV More on the Unabomber's Code BT Counterpane ... http://www.strongholdnet.com/security/january-issue-of-bruce-schneier%e2%80%99s-crypto-gram-newsletter/ The december issue of Bruce Schneier’s CRYPTO-GRAM Newsletter is out. I didn't have time to read it yet, but there's no good reason to believe it's not as interesting than the previous issues :-) Here are the topics covered: Revoting Real-World Passwords Crypto-Gram Reprints Tracking People by their Sneakers Notary Fraud News Separating Data Ownership and Device Ownership BT ... http://www.strongholdnet.com/security/december-issue-of-bruce-schneier%e2%80%99s-crypto-gram-newsletter/ The November 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out. In those mid-terms voting times, this newsletter appropriately contains 4 very good and comprehensive (as usual) articles about electronic votes and voting in general. Here’s the full newsletter summary: Voting Technology and Security More on Electronic Voting Machines The Inherent ... http://www.strongholdnet.com/security/november-15th-edition-of-bruce-schneier%e2%80%99s-crypto-gram/ A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system. The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website ... http://www.strongholdnet.com/security/microsoft-xmlhttp-activex-control-code-execution-vulnerability/ Microsoft today released ten patches to fix at least 26 separate security holes, including a whopping 16 flaws in Microsoft Office and its constituent apps. According to Washingtonpost.com's Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack. Also of note, six ... http://www.strongholdnet.com/security/microsoft-plugs-a-record-26-security-holes/ The September 15th issue of Bruce Schneier’s Crypto-Gram newsletter is out. As usual, it's a very good read. This issue is very much targetted to security in general and not only computer security. In particular terrorist threats and the current paranoia in the airports are very well described, as well ... http://www.strongholdnet.com/security/september-15th-edition-of-bruce-schneier%e2%80%99s-crypto-gram/ Less than 1 month after the discovery of a very serious vulnerability in Internet Explorer, EEyes has just published an advisory concerning a very similar (through different) vulnerability in the lastest IE. Here's the overview: "eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update ... http://www.strongholdnet.com/security/internet-explorer-compressed-content-url-heap-overflow-vulnerability-2/ Michael Sutton has up an interesting post on the security vulnerabilities that we really need to be concerned about. According to Sutton, it's not the new ones that are scary, it's the old ones that have long since been forgotten. He illustrates his point by walking through an example where he uses ... http://www.strongholdnet.com/security/why-all-the-hype-about-0day/