http:///newsroom/news/cvss.html CVSS proposes an open and universal vulnerability scoring system to address and solve the lack of cohesion and interoperability among vendor-specific ones, resulting on the promotion of a common language to discuss vulnerability severity and impact. FIRST.org, Inc. © 1995-2008 by FIRST.org, Inc. Mon, 07 Jul 2008 18:43:00 -0500 Mon, 06 Feb 2012 23:42:11 -0600 Tecnodesign (http://tecnodz.com) en-us 20 http:///newsroom/news/cvss.html/_images/first-news.png http:///cvss/meeting_agenda_20080623.html firstnews:40330 The Common Vulnerability Scoring System Special Interest Group (CVSS- SIG) had a very busy and successful working meeting during the 20th annual FIRST conference in Vancouver. We covered many of the CVSS use cases post v2 deployment - namely PCI and S-CAP - thanks for all the great participation. Wed, 31 Dec 1969 18:33:28 +0100 http:///meetings/cvss/ firstnews:40262 The Common Vulnerability Scoring System Special Interest Group (CVSS-SIG) has scheduled a working meeting during the 20th annual FIRST conference in Vancouver (June 22-27,2008). This meeting will take place on Monday, June 23rd 08:30-10:30 PST Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191934.html firstnews:34376 Passport cards for Americans who travel to Canada, Mexico, Bermuda and the Caribbean will be equipped with technology that allows information on the card to be read from a distance. The technology was approved Monday by the State Department and privacy advocates were quick to criticize the department for not doing more to protect information on the card, which can be used by U.S. citizens instead of a passport when traveling to other countries in the western hemisphere. linuxinsider Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191932.html firstnews:34377 New year greetings cards used by cyber criminals to lure workers in the holiday spirit into opening links to malware sites warns Sophos. IT security and control firm Sophos is warning workers returning from the New Year holidays to be wary of internet attacks taking advantage of the celebrations. New versions of the Dorf worm (W32/Dorf-AE, also known as Storm) have stopped using the lure of Santa Claus’s wife doing a striptease and in recent days posed as Happy New Year ecards. prosecurityzone Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191930.html firstnews:34378 The bronze statue in Estonia’s Tallinn Military Cemetery depicts a Soviet Red Army soldier with a war-weary face and a helmet in his hand. It is a memorial to those who fought in the Second World War, but this year it became a symbol of how international conflicts are fought in the Information Age. In April, Estonia removed the two-metre monument from its original perch at Liberators’ Square in central Tallinn and placed it in the more inconspicuous cemetery, sparking Russian outrage. Canada Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191928.html firstnews:34379 Problems in democratic governance don’t always arise from the clash between a good idea and a bad idea, a desirable and a undesirable outcome. Those ones are generally pretty easy to negotiate. What makes life tricky is when two good ideas/outcomes/ends clash. Thus, for instance, a right to privacy clashes with a right to free speech. The freedom of the individual to do something he or she personally wants to do and that is legal can clash with the notion of the “greater good”, as with smoking in restaurants, or whatever. It’s political theory 101, or maybe 102. News Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191926.html firstnews:34380 Thousands of customers are paying almost $120 USD per year to Microsoft for an Internet subscription service that includes e-mail, security, and other features. But Microsoft gives away almost identical services absolutely free in Windows Live and the Windows operating system itself, while neglecting to inform those who pay through the nose. WindowsSecrets Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191922.html firstnews:34381 U.K. prosecutors have received guidance on interpreting amendments to a computer crime law that introduce stronger penalties for computer hacking. A six-page document published on Monday by the Crown Prosecution Service (CPS) gives prosecutors pointers for handling offenses under soon-to-change provisions of the Computer Misuse Act (CMA) of 1990. The amendments were passed into law in November 2006 but have not yet come into force. itworld Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191920.html firstnews:34382 This is an advance notification of two security bulletins that Microsoft is intending to release on January 8, 2008. This bulletin advance notification will be replaced with the January bulletin summary on January 8, 2008. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Bulletin Information: Executive Summaries The security bulletins for this month are as follows, in order of severity: Critical (1) Bulletin Identifier Microsoft Security Bulletin 1 Maximum Severity Rating Critical Impact of Vulnerability Remote Code Execution Affected Software Windows Important (1) Bulletin Identifier Microsoft Security Bulletin 2 Maximum Severity Rating Important Impact of Vulnerability Local Elevation of Privilege Affected Software Windows Microsoft Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191906.html firstnews:34383 IT professionals worried about new attack techniques in 2007 as well as potential data breaches and the growing likelihood that their most valuable security tools would pass from the management of one vendor to another. Here is an unscientific look at what we considered the biggest stories of 2007: 1) Estonia wilts beneath blistering cyber assault 2) ’Month-of’ disclosure projects under fire 3) Beware of dangling pointers SearchSecurity Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191902.html firstnews:34384 The government has undertaken to give the information commissioner the power to spot check all public sector bodies for data security gaps. It will also publish data security breaches and steps taken to prevent them as part of its annual reporting arrangements at departmental and ministerial levels. The government will also consider stiffening penalties for "the most serious breaches" of the Data Protection Act. Computer Weekly Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191899.html firstnews:34385 Individual privacy is under threat around the world as governments continue introducing surveillance and information-gathering measures, according to an international rights group. "The general trend is that privacy is being extinguished in country after country," said Simon Davies, director of London-based Privacy International, which released a study on the issue Saturday. "Even those countries where we expected ongoing strong privacy protection, like Germany and Canada, are sinking into the mire. USA Today Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191897.html firstnews:34386 Your mobile phone is a potential gold mine for marketers: It can reveal where you are, whom you call and even what music you like. Considering the phone is usually no more than a few metres away, these are powerful clues for figuring out just the right moment to deliver the right coupon for the store just around the corner. But first marketers will have to wrest the personal profiles from mobile carriers worried that annoyed subscribers might defect to rivals. ZDNet Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191896.html firstnews:34387 Your cellphone is a potential gold mine for marketers: It can reveal where you are, whom you call and even what music you like. Considering the phone is usually no more than a few metres away, these are powerful clues for figuring out just the right moment to deliver the right coupon for the store just around the corner. eventpub Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191895.html firstnews:34388 According to a new international privacy report, governments around the world are increasingly invading the privacy of citizens with surveillance, identification systems, and archiving of private data. Driven by concern over immigration and border control, countries have been quick to implement database, identity, and fingerprinting systems, according to the 2007 International Privacy Ranking report. There was also an increase in the trend of governments archiving data on the geographic, communications, and financial records of citizens, as well as enacting legislation intended to increase the reach into individuals’ private lives, the report found. ZDNet Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191878.html firstnews:34389 The increased use of barcodes in a wider variety of applications has made them a suitable, if unlikely, target for hacking attacks. Having started out as a means to label cans of food in supermarkets, one-dimensional barcodes and two-dimensional matrix codes are now found in systems from pre-paid postage labels and airline tickets. Instead of serving as simple tags, 2D matrix barcodes are featuring as authentication, authorisation and payment method. FX of hacker group Phenoelit undermined these assumptions with a presentation on Toying with barcodes at last week’s Chaos Communication Congress hacker fest in Berlin. 24th Chaos Communication Congress - Toying with barcodes: http://events.ccc.de/congress/2007/Fahrplan/events/2273.en.html The Register Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191869.html firstnews:34390 A group of MPs wants to see tougher sanctions for government bodies that commit serious breaches of data-protection law. A report published on 3 January, 2008 by the Commons Justice Committee also calls for new reporting requirements under the Data Protection Act (DPA), as well as greater enforcement powers and improved funding for the Information Commissioner’s Office (ICO). Under current law, neither government departments nor agencies can be held criminally responsible for data-protection breaches. ZDNet Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191868.html firstnews:34391 An erroneous McAfee update definition file causes the antivirus software to mistakenly report that certain sites are running malicious code when they are not. It caused a stir over at Ars Technica, where readers wrote in en masses about their antivirus software setting off an alert upon visiting the popular tech destination. It led site owner Ken Fisher to suspect that his site was hacked. Thankfully, it was not so. TechRepublic Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191863.html firstnews:34392 Interestingly, a few days before Christmas, some of the security blogs were noting with surprise that no new Christmas-themed Storm Worm variations had yet appeared. Turns out it was the calm before the Storm, so to speak. First, a new variant of Storm featuring Christmas-themed strippers hit e-mail inboxes. By New Year’s day, the message changed again, this time with an e-mail featuring a executable files named "happy-2008.exe" and "happynewyear2008.exe". NetworkWorld Wed, 31 Dec 1969 18:33:28 +0100 http:///newsroom/globalsecurity/191859.html firstnews:34393 Efficiency, shared services and information security are the key concerns of council IT bosses, according to Socitm’s latest survey of IT trends The Society of IT Management’s (Socitm’s) annual IT trends survey, published in December 2007, forecasts a 9% increase in ICT spend to £3bn in 2007/08. But the cost of securing information held on local government computers has increased sharply since 2006. Kablenet Wed, 31 Dec 1969 18:33:28 +0100