The Glider

“Creating RFPs for security solutions and processing the responses is not an easy task. Having responded to a fair number of such RFPs, I found that many of them are created hastily, and don’t allow the issuer to benefit from quality responses. Here’s my list of the top 10 mistakes organizations…

We’ve previously covered the TJX compromise. It appears one of the attackers involved is going to prison.”Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court. Yastremskiy – or ‘Maksik’ as…

“An IT expert sacked for lying on his CV hacked into his company’s computer system to spy on his former colleagues – and deleted vital information which led to the loss of jobs. Julius Oladiran, 46, was dismissed from after his employers discovered his boasts of a master’s degree, and top…

“A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing…

“Tolley wouldn’t say what banks were affected by the hack, but the majority of these five million customers were CheckFree’s own users, she said. In total, about 42 million customers access CheckFree’s bill payment site, she said. Customers who went to CheckFree’s Web sites between 12:35 a.m. and 10:10 a.m. on…

“Whew! This is our final post in this series on Building a Web Application Security Program (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7), and it’s time to put all the pieces together. Here are our guidelines for designing a program that meets the needs…

“MacRumors, one of the many sites which cover Apple’s annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs’s death to the blow-by-blow reports.”Here’s the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-death

“After the Mumbai terror strikes, anti-India elements in Pakistan are now planning an attack on Indian computer networks, intelligence agencies have warned. Already Pakistani hackers are trying out a dry run against Indian networks through popular websites registered there after the Mumbai terror strikes, Home Ministry sources told PTI here today….

The following was sent to the Full Disclosure mailing list last yesterday.”In August 2008 the UK CPNI (United Kingdom’s Centre for the Protection ofNational Infrastructure) published the document “Security Assessment of theInternet Protocol”. The motivation of the aforementioned document isexplained in the Preface of the document itself. (The paper is availableat:…

“Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. The hijack of the Al-Aqsa television station last weekend represents the latest phase in a war in cyberspace that has accompanied the ongoing conflict in Gaza. Al-Aqsa is known for featuring allegedly antisemitic childrens’ cartoons as part…