IBM has made Firefox the company’s default Web browser. According to IBM’s vice president of Linux and open source software, company-wide Firefox adoption will accelerate IBM’s shift to cloud computing.

Via: ars technica

The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it… At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly.

Further details available at Wired’s Threat Level

The attack uses an electronic device as a “man-in-the-middle” in order to prevent the PIN verification message from getting to the card, and to always respond that the PIN is correct. Thus, the terminal thinks that the PIN was entered correctly, and the card assumes that a signature was used to authenticate the transaction.

“We think this is one of the biggest flaws that we’ve uncovered – that has ever been uncovered – against payment systems, and I’ve been in this business for 25 years,” said Professor Ross Anderson from the school’s Computer Laboratory.

More details are available at the University of Cambridgde Computer Laboratory Security Group website.

WeFi, a free wireless Wi-Fi broadband Hotspot locator website with a database of 47,000,000 access points around the world, has revealed that 40% of Hotspots in the USA are unlocked and do not require a security password. This compares with 25% in Europe.

According to WeFi’s data, a traveler would find a higher percentage of open hotspots in countries such as Thailand, Israel, Brazil, Argentina and the Bahamas as compared with both the US and Europe. Across the world, approximately 30% of recorded Wi-Fi access points are unlocked, while some 70% are locked

Full Article: ISPreview

Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that’s tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks.

Via: The Register

• Simplified installation process.
• Improved documentation and man pages.
• New versions of packages in ports (package management system). Over 5800 packages in total.
• Hardware driver updates: sensors, chipsets, video devices etc. New drivers, functionality and reliability updates.
• Network stack updates: stricter default settings. Wired interfaces are now preferred over wireless ones.
• Firewall changes: enabled by default, stricter checking of package formats.
• Routing daemon updates: mainly BGP daemon updates, fixes few bugs.
• New more secure smtpd (mail server).New OpenSSH released (5.3).

Grab a CD set or download from a mirror, and please support the project

The economic downturn has increased the risk organizations:

“The threat environment worsens because when the economy goes into a downturn, job losses mount, and as people leave the organization many often take data with them,” Mr. Hejazi said.

About 33 per cent of reported security breaches this year came from within companies, and unauthorized access by employees represented the fastest-growing threat area, according to TELUS Security Labs managing director and study co-author Alan LeFort.

Last year, about 17 per cent of Canadian organizations reported so-called “insider breaches.” This year, that number has more than doubled to 36 per cent.

The complete article can be read at The Globe and Mail

Most organizations are focusing their patching efforts and vulnerability scanning on the operating system — but 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools, according to actual attack data gathered for the report. Meanwhile, enterprises are taking twice as long to patch their applications than to patch their operating systems, the report says.

More at darkREADING

Sun Microsystems’ product plans are up in the air pending its acquisition by Oracle, but the company’s chip engineers continue to present new designs in the hope they’ll see the light of day. At the Hot Chips conference at Stanford University on Tuesday, Sun presented plans for a security accelerator chip that it said would reduce encryption costs for applications such as VoIP calls and online banking Web sites. The chip, known as a coprocessor, will be included on the same silicon as Rainbow Falls, the code name for the follow-on to Sun’s multithreaded Ultrasparc T2 processor.

Via: OSNews

ISC is reporting that a new, remotely exploitable vulnerability has been found in all versions of BIND 9. A specially crafted dynamic update packet will make BIND die with an assertion error. There is an exploit in the wild and there are no access control workarounds. Red Hat claims that the exploit does not affect BIND servers that do not allow dynamic updates, but the ISC post refutes that. This is a high-priority vulnerability and DNS operators will want to upgrade BIND to the latest patch level.

Via: Slashdot