27 Mar 06 EMI releases Brazilian DRM CDs that totally hose their customers
Brazilian mega-star Marisa Monte’s new CDs from EMI (“Infinito Particular” and “Universo ao Meu Redor”) come with DRM that can’t be uninstalled, and requires you to “agree” to a contract that isn’t published in Portuguese. Even if you disagree, the malware is installed.
read more | digg story
27 Mar 06 Check Point drops plans to acquire Sourcefire
Check Point Software Technologies Ltd. said Thursday that it’s pulling its application relating to its acquisition of Sourcefire Inc., a company that offers commercial support of the popular Snort open source IDS tool.
read more | digg story
27 Mar 06 Trojan intercepts bank tokens
A newly discovered Trojan is intercepting the TAN codes used as security tokens by customers of two major German banks, Postbank and Deutsche Bank, according to antivirus experts.
read more | digg story
24 Mar 06 Movies About – V for Vendetta Review
You’ll Long Remember, Remember V for Vendetta
read more | digg story
24 Mar 06 FBI and Pentagon trying to stop sale of Snort to checkpoint
The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as “Snort,” which guards some classified U.S. military and intelligence computers.” – Redmondmag
read more | digg story
24 Mar 06 How to create a torrent and share your seed
Bittorrent is great, But surprisingly enough, not many people create torrents when they need to share something although it can save a lot of time and even bandwith. Read this tutorial and share your seed.
read more | digg story
23 Mar 06 Better explanation of UMASK
The octal level for Linux starts at 666. The magic numbers to remember are-
4 2 1
r w x
4+2+1 = 7 = rwx
4+0+1 = 5 = r-x
hence
4+2+0 = 6 = rw-
If you have a file with -rwx rwx rwx then you must have the octals 777 to match.
If your file is -rwx r-x r-x then the octals that match are 755
Now that we understand that we look at umask.
We start with a base figure of
666
-022
644 = rw- r– r–
You will see your default umask level or setting in the /etc/profile file … most of the time.
Some sysadmins will alter it to something stricter to help ensure more privacy between users ie 066 or 026
kjteoh
23 Mar 06 Intel: Apple Made us "Think Different"
“That’s really what’s interesting about Apple, is they look at our technology in a very Apple way,” said Deborah Conrad, vice president and director of Team Apple at Intel, speaking to a group of CNET editors and reporters Thursday at Intel’s Santa Clara campus. Conrad’s team is helping Apple make the transition to Intel’s chips.
read more | digg story
23 Mar 06 Return on Investment for Information Security
Pesquisa realizada pelo Governo da Austrália sobre Retorno de Investimento em Segurança da Informação, link retirado da lista CISSP-BR.
This Guide and research report is intended to assist government agency IT managers evaluate and quantify the potential Return On Security Investment (ROSI) from implementing perimeter security systems.
The ROSI Guide started as a research project in early 2003, examining available approaches to measuring the cost-benefit of information security. The first version of the Guide proposed a hybrid tool, implemented as an Excel spreadsheet, combining the Annualised Loss Expectancy method with an Australian-standard Threat & Risk Assessment framework.
This latest version of the ROSI Guide describes an extension to the tool introducing “Monte Carlo” statistical analysis of the possible spread in cost-benefit results arising because security incidents vary randomly in their rate of occurrence and their severity. A prototype extended spreadsheet is attached, incorporating freeware Monte Carlo add-ins. Users are able to insert their own values for the expected ranges of incidence and costs for different grades of security incidents, drawing on the actual experience of their respective departments.
This report includes a discussion of how and why statistical variability should be injected into the ROSI model, instructions for running the chosen Monte Carlo tools, example simulations drawn from actual TRA, and an updated reference list to aid with further research into statistical cost-benefit analysis.
23 Mar 06 Publicitário paulista desvenda mistério da propaganda indesejada
Jornal Nacional
SÃO PAULO – Um publicitário de São Paulo parece ter encontrado a resposta para um mistério irritante. Ele descobriu como tantas empresas conseguem descobrir seu endereço e enviar milhares de correspondências indesejadas. Ao inventar um código e um endereço de email, chegou ao responsável pelo vazamento das informações – a Receita Federal.
Desconfiado, Aílton Tenório da Silva começou a investigar ao enviar a sua declaração de imposto de renda de 2003. Ele acrescentou as letras ‘B’, ‘I’ e ‘R’ ao seu endereço e criou também um endereço eletrônico exclusivo, pelo qual deveria receber toda e qualquer correspondência da Receita Federal.
O que era uma simples suspeita virou confirmação.
- Houve um vazamento, não duvida nenhuma disso. E veio de lá – afirma Aílton.
A confirmação veio quando um dia o publicitário recebeu em casa uma oferta de cartão de crédito. O banco enviou a proposta para o endereço só fornecido à Receita Federal.
Também a caixa postal criada exclusivamente para Receita Federal foi vazada e se encheu de propagandas diversas, de revistas a pacotes de turismo e propostas de emprego.
- Se saiu de dentro da Receita Federal meu endereço e a minha conta de email, podem ter saído também os meus dados financeiros, pessoais, qualquer outra coisa – suspeita Aílton.
No centro de São Paulo, esses dados são mercadoria valiosa. Não é difícil encontrar CDs com os chamados ‘mailing list’ pelas badaladas ruas de comércio popular do centro. Nas banquinhas de camelôs nas calçadas, um CD pode chegar a R$ 100.
Um vendedor explicou à reportagem do Jornal Nacional o que o comprador encontra quando abrir o CD com os dados de 2004 do contribuinte:
- Aparece nome, endereço, bairro, CEP, telefone e CPF, cidade e estado – disse ele, sem saber que estava sendo gravado.
Quem trabalha no ramo admite: o negócio é arriscado.
- Isso aí é proibido, meu. Você sabe que é proibido isso aí, né? – diz outro ambulante, também sem desconfiar da filmagem.
http://oglobo.globo.com/online/economia/plantao/2006/03/22/194006423.asp
