Company Store
Chinese Edition
http://www.hkcert.org/chinese/nan/home.html?news&news.html
English Edition
http://www.hkcert.org/english/nan/home.html?news&news.html
(Source from HKCERT)
香港全城電腦清潔日 2009 - 公開研討會
主辦機構
香港電腦保安事故協調中心
政府資訊科技總監辦公室
香港警務處
日期及時間
2009年11月25日 (上午九時十五分至下午五時三十分)
地點 香港銅鑼灣高士威道66號 香港中央圖書館演講廳
語言 粵語 (輔以英文詞彙)
費用 免費
Form: Click here!
2009年10月30日
[Yahoo!奇摩] 網安/別急著重設Facebook帳號! 小心內藏木馬程式
[V3] Symantec reports growth exceeding estimates
2009年10月29日
[V3] Europe gets tough on UK data protection
[V3] Second phishing attack targets Facebook users
[ComputerWorld] Microsoft cleans up bugs after biggest patch release
[CNET] Kaspersky tool detects malware in Twitter links
2009年10月28日
[ZDNet] 假冒Facebook電子郵件內含木馬
[CNET] Twitter users warned about new phishing attack
[CNET] Bank Trojan botnet targets Facebook users
[CNET] Survey: Few companies addressing cyberterrorism
[ComputerWorld] FBI: National data-breach law would help fight cybercrime
[ComputerWorld] Amazon downplays report highlighting vulnerabilities in its cloud service
[V3] Security incidents costing mid-sized firms £26K a year
[V3] Halloween set to scare up more cybercrime
[V3] US CERT warns of malware attack against BlackBerry
2009年10月27日
[明報] 粵漢盜帳戶虧空10萬股本 惡意報復犯案沒獲利
[雅虎香港] 駭客入侵瑞士外交部電腦 資料遭竊
[CNET] Fake Facebook e-mail contains Trojan
[ComputerWorld] Mozilla fixes 16 flaws with Firefox 3.5.4
[The Register] Mass web infections spike to 6 million pages
[The Register] Gizmodo says sorry for malware suckerpunch
2009年10月26日
[CNET] Time Warner home routers still open to attack, blogger says
[ComputerWorld] CalOptima says data on 68,000 members may be compromised
[The Register] Guardian loses half a million CVs
[V3] Reported UK data breaches top 350 in past year
2009年6月26日
[蘋果日報] 男子盜網絡遊戲圖利
2009年6月25日
[蘋果日報] 要奪制網權 美設網絡司令部
[The Register] Crypto guru urges incentives for SSL cert recall
[The Register] UK.gov decides best form of cyber defence is attack
[The Register] Adobe re-patches Shockwave player
2009年6月24日
[Yahoo!奇摩] 登入個資要留意有木馬透過瀏覽器盜密
[CNET] VC's automated Twitter feed spreads malware
[ComputerWorld] Reporters find Northrop Grumman data in Ghana market
[The Register] UK police chiefs mull regional cybercrime squad plan
[The Register] US military cyberwar force will work with NSA
[V3] Security experts warn of insider threat timebomb
2009年6月23日
[ComputerWorld] Google fixes 'critical' security hole in Chrome
[The Register] Manchester council caned over school data breach
[The Register] Notorious spammer Ralsky pleads guilty to stock scam
[The Register] Nine-ball attack splits security researchers
2009年6月22日
[Yahoo!奇摩] 利用使用者心理 惡意郵件成網路超強駭客
[ComputerWorld] Exploits of unpatched Windows bug will jump, says Symantec
[ComputerWorld] Fraudsters try to scam security expert on eBay
[The Register] Iranian hacktivists hand-crank DDoS attack
[The Register] Facebook tackles potent click fraud scam
2009年6月21日
[VNUNET] Google clamps down on 'malvertising'
2009年6月20日
[The Register] Tiny-traffic DoS attack spotlights Apache flaw
[VNUNET] Nine ball attack was 'overstated'
For early June news, please click "Read More" 
Dear Readers,
I am glad to announce that Infosec Hong Kong web site is officially supporting SC Magazine which will host its second annual SC World Congress Enterprise Data Security Conference and Expo in New York City to bring together the top minds in the IT security industry once again. SC World Congress will take place on October 13-14, 2009 at the Sheraton New York Hotel and Towers, and will examine topics ranging from data theft and compliance to establishing partnerships between government and the private sector.
For more details, please reach http://www.scmagazineus.com/SC-World-Congress-2009/section/886/.
Again, I am thankful to Carl from SC Magazine who has made an invitation to us.
InfoSec Hong Kong
2009年5月27日
[Yahoo!奇摩] 小心垃圾郵件成釣魚誘餌
2009年5月26日
[蘋果日報] 英軍失藏敏感資料硬碟
[CNET] Report: Spam now 90 percent of all e-mail
[The Register] Obama to invent cybersecurity czar
2009年5月25日
[明報] 市民電話私隱網上賤賣 轉售保險代理電話促銷商圖利
[ZDNet台灣] Clickjacking:綁架你的網頁點閱
[VNUNET] Faster Payments milestone looms
2009年5月23日
[蘋果日報] 網上遊戲爭玩家致網絡癱瘓
[雅虎香港] 層壓式入侵 黑客可月賺230萬
2009年5月22日
[ComputerWorld] Malware knocks out U.S. Marshals Service network
[The Register] E-trade scammer pleads guilty to Office Space scam
[The Register] Dodgy McAfee update slaps viral warning on Spotify
[The Register] US military shows off hack-by-numbers battlefield gadget
2009年5月21日
[明報] 內地網絡大癱瘓 影音軟件缺陷致病毒肆虐
[ZDNet台灣] 報導:駭客利用IIS漏洞入侵大學伺服器
[CNET] Kaspersky impressed by botnet slickness
[CNET] Deja vu: New scams hit Facebook and Twitter
[ComputerWorld] DNS attack downs Internet in parts of China
[The Register] Undead deleted photos linger on social networking websites
[The Register] Microsoft IIS vuln played no role in server breach, uni says
[The Register] Missing: 1TB of Clinton White House data
[VNUNET] Security expert warns of virtual world risks
2009年5月20日
[ComputerWorld] Conficker still infecting 50,000 PCs per day
[The Register] Microsoft IIS hole fells university server
[The Register] Adobe convenes 'Come to Jesus' meeting for buggy Reader app
[VNUNET] Pirated Windows 7 RCs riddled with malware
[VNUNET] Java flaw lingers for OS X
2009年5月19日
[url=http://hk.apple.nextmedia.com/template/apple/art_main.phphttp://www.theregister.co.uk/2009/05/20/new_adobe_security_initiatives/?iss_id=20090519&sec_id=4104&subsec_id=11866&art_id=12775234][蘋果日報] 豬流感短訊 揭發防護中心假網站 [/url]
[ZDNet台灣] 微軟警告有新的伺服器弱點
[Yahoo!奇摩] Google遭駭客操控! 搜尋結果恐為惡意網站
[ComputerWorld] Wi-Fi hikes security for handoffs between Wi-Fi, 3G networks
[ComputerWorld] Cybersecurity groups pledge to work together
[ComputerWorld] New Windows netbooks may harbor malware
[The Register] Gut instinct no protection against net scams
[The Register] Ford crushes half-price hybrid hoax
[The Register] BBC asks nicely to run second hacking demo
[The Register] Six months on, Macs still plagued by critical Java vuln
[The Register] Deleted Tweets found living in the hereafter
[The Register] Gumblar Google-poisoning attack morphs
[The Register] OpenSSH chink bares encrypted data packets
2009年5月18日
[ComputerWorld] Web attack that poisons Google results gets worse
[ComputerWorld] Phishers harvest Facebook passwords for profit
[The Register] Microsoft IIS6 bug exposes sensitive files sans password
2009年5月16日
[蘋果日報] 黑客「釣魚」騙局攻 Facebook
[雅虎香港] 美七成青少年曾偷網上信息
For the news in early May, please click "Read More" :hammer"
天 仙 局 / 科 技 罪 案 - 殭 屍 網 絡
http://www.rthk.org.hk/rthk/tv/police_magazine/20090503.html
I have been interviewed on behalf of PISA (www.pisa.org.hk) to present how to remove botnet program (in general, it is deemed as a kind of worms and virus). My PISA fellow, SC Leung, presents on behalf of HKCERT was also being interviewed.
收 看 電 視 節 目 乃 香 港 市 民 生 活 的 一 部 分 。 作 為 警 民 合 作 的 橋 樑 , << 警 訊 >> 自 一 九 七 三 年 以 來 , 一 直 向 市 民 宣 揚 滅 罪 信 息 , 披 露 最 新 的 犯 案 手 法 和 趨 勢 , 並 呼 籲 觀 眾 提 供 案 件 消 息 ; 此 外 , 節 目 亦 介 紹 警 隊 各 個 部 門 及 其 最 新 動 態 , 務 求 讓 市 民 對 警 務 工 作 有 更 深 入 的 了 解 和 認 識 。
http://www.police.gov.hk/hkp-home/chinese/pprb/polrpt/intro.htm
I do suggest you to watch it to keep your awareness and alert high. Don't BELIEVE you are not easily cheated or make any assumption.
- No money loaning to others.
- No sensitive information is shared with knowing the real identity of the visitor
- Not trusting some "Jetso".
If you feel doubtful, dial and contact the company and police force directly, they are feeling more scary than you!
There will be a local information security conference held on 21 May 2009. Please visit the following URL for registration and read the agenda:
Infosec Hong Kong and OWASP (Hong Kong Chapter) are the supporters of this conference programme.
http://www.infosecurityproject.com
Regards,
Anthony Lai
Founder
2009年4月23日
[蘋果日報] 美設網絡司令部嚴防黑客
[蘋果日報] 黑客攻陷微軟新西蘭網站
[Yahoo!奇摩] 提高網路使用安全 要訣:勤掃毒、定期換密碼
[Yahoo!奇摩] 小心被駭!7成合法網站有毒
[VNUNET] RSA 2009: FBI agent discusses big bust
2009年4月22日
[蘋果日報] 網絡地址來自中國 黑客盜美王牌 F35 戰機機密
[蘋果日報] 捍衛互聯網安全 華府擬設網絡沙皇
[ZDNet台灣] 漏洞太多 專家呼籲停用Adobe Acrobat Reader
[ZDNet台灣] 警政署:詐騙集團盯上社交網站、部落格
[Yahoo!奇摩] 小心!一舉一動全都錄 七成五惡意程式目的在鍵盤側錄
[CNET] Botnet expert suggests hitting cybercriminals in pocket book
[CNET] Public-private security cooperation at RSA
[ComputerWorld] One bot-infected PC = 600,000 spam messages a day
[ComputerWorld] Researchers turn Conficker's own P2P protocol against itself
[The Register] One third of workers open to bribes for data theft
[The Register] Turks hijack Kiwi MSN via DNS cracks
[The Register] Cache-poisoning attack snares top Brazilian bank
[VNUNET] RSA 2009: Apple users at risk as Mac malware mushrooms
[VNUNET] RSA 2009: Concern as Microsoft fails to patch PowerPoint flaw
[VNUNET] RSA 2009: Cryptography experts wax poetic on digital catastrophe
2009年4月21日
[Yahoo!奇摩] 垃圾郵件成長驚人!去年比前一年爆增192%
[CNET] Finjan finds botnet of 1.9 million infected computers
[CNET] F-Secure says stop using Adobe Acrobat Reader
[ComputerWorld] Mozilla patches 12 Firefox bugs, a third of them critical
[The Register] Teenage hacking menace jailed for 11 months
[VNUNET] RSA 2009: Government needs industry's help to secure the internet
[VNUNET] RSA 2009: Symantec boss pushes “reputational security”
[VNUNET] Verisign expands VIP mobile service
[VNUNET] Users not patching third party apps
2009年4月20日
[蘋果日報] 醫局擬嚴懲遺失 USB 手指 建議停職兩周 最嚴重可被炒
[ZDNet台灣] 報告:台北殭屍電腦數量為亞太第一
[Yahoo!奇摩] Web2.0網站漏洞安危多 網路惡意活動更創新高
[Yahoo!奇摩] 垃圾郵件減 釣魚網站增
[ComputerWorld] Notorious adware vendor Zango shuts its doors
[ComputerWorld] Criminals pay top money for hackable Nokia phone
[The Register] Music industry sites DDoSed after Pirate Bay verdict
[The Register] Twitter riddled with worms and scams (again)
[The Register] FBI docs out home-brewed spyware probes
[The Register] Google boffins unveil new 'What's UP?' CAPTCHA
[VNUNET] Top 10 privacy beefs
[VNUNET] Soaring online crime hits consumer confidence
2009年4月19日
[CNET] SMS messages could be used to hijack a phone
2009年4月18日
[ComputerWorld] 6 things that could ruin Twitter (and 5 that won't)
2009年4月17日
[明報] 10萬電腦中殭屍毒 「手指」成元兇
[CNET] Teen Twitter worm writer gets job, spreads new worm
[The Register] Rogues besmirch F-Secure with dodgy ad campaign
[The Register] Dixon of Threadneedle Street plan threatens confusion
[The Register] Conficker botnet wake up call only pinged zombie minority
[The Register] Football lottery scam targets UK punters
[The Register] Brutish SSH attacks continue to bear fruit
[The Register] Hackers stuff ballot box for Time Magazine's top 100 poll
2009年4月16日
[蘋果日報] 醫局嚴懲遺失病人資料
[蘋果日報] 電盈洩前客戶通話紀錄
[明報] 偷閱舊同事電郵 女會計判社服令
[CNET] The hype factor at the RSA conference
[ComputerWorld] Microsoft: The Internet needs more trust to grow
[The Register] Mac and Linux Bastilles assaulted by new attacks
[The Register] Researchers dissect world's first Mac botnet
[The Register] Hackers develop 'memory-scraping malware' to steal PINs
[The Register] Fake SMS snoop utility turns spies into zombies
[The Register] Hacking internet backbones - it's easier than you think
[VNUNET] Conficker: the worm that may just turn the world
[VNUNET] Jericho Forum offers cloud computing security tips
[VNUNET] Spyware levels said to be climbing
2009年4月15日
[ComputerWorld] VMware bug allows Windows hack to attack Macs
[ComputerWorld] 'Mebroot' rootkit slides further under the security radar, researcher says
[The Register] Scammers use Ford to drive users to scareware sites
[The Register] Microsoft Office for Mac fix falls at first hurdle
[The Register] Microsoft supplies Interpol with DIY forensics tool
[VNUNET] Oracle patches critical vulnerabilites in major update
For Mar and Feb news, please click "Read More".
Conficker.C 蠕蟲對資訊保安所產生的影響 (香港電腦保安事故協調中心)
Conficker (又名 Downadup, Kido) 是一種針對微軟視窗系統的電腦蠕蟲。自 2008年11月首次發現後,仍在不斷變化。
在2008年11月至2009年2月期間發現了變種 A,B及B++。香港電腦保安事故協調中心在 2009年2月號的資訊保安報 已發表了一份事故分析去介紹
Conficker 蠕蟲。在過去數星期,新聞報導 (1) 都非常關注在3月初發現的 Conficker.C 蠕蟲變種的發展。由於新變種的域名產生方法會
在 2009 年4月1日啟動,因此有可能產生一些新的保安威脅。有見及此,香港電腦保安事故協調中心亦對 Conficker.C 蠕蟲提升了警告級別並發佈這個忠告。
URL: http://www.hkcert.org/chinese/salert/advisory/home.html?advisory&sa090325_information_security_impact_advisory.html
Information security impact arising from Conficker.C worm (From HKCERT)
Conficker (also known as Downadup, Kido) is a computer worm that targets the Microsoft Windows operating system. It keeps on evolving since its first appearance in November 2008. Variant A, B, B++ were reported in from November 2008 to February 2009. HKCERT had published an incident analysis
on the February 2009 issue of Newsletter to introduce the Conficker worm. In the past week, news reports (1) revolved around the development of the new Conficker.C variant which appeared in the beginning of March.
The new variant is set to activate the domain generation algorithm on April 1, 2009 and may generate certain new security threat. Conficker.C worm has caused HKCERT to elevate the alert level and issue an advisory.
URL: http://www.hkcert.org/chinese/salert/advisory/home.html?advisory&sa090325_information_security_impact_advisory.html
1. DiskDigger - It can recover files from any type of media that your computer can read. This includes USB flash drives, memory cards (SD, CompactFlash, Memory Stick, etc), and of course your hard drive. The types of files that it recovers includes photos, videos, music, documents, and other formats.
URL: http://dmitrybrant.com/diskdigger
2. Freeraser -
A free file eraser
URL: http://codyssey.com/
The user manual could be found from here:
http://www.codyssey.com/manuals/Freeraser/v.1/en/
Dear Readers,
I am sorry for my late update as lives are hard recently and job is demanding.
However, I have got a few useful software from recent computer magazines for your reference and hopefully, they could be helpful to you.
DocShield - Protect your document with version (Free for home user)
DocShield is a software program for Microsoft Windows operating systems that is designed to prevent or remedy the catastrophic loss or accidental modification of important electronic documents. It protects these documents by continually monitoring them for changes, then creating and storing compressed snapshots of those documents as they change through time.
URL: http://www.docshield.com/overview.html
K9 Protection from Bluecoat - Web filtering (Free for home user)
It is helpful to monitor and filter your childen's Internet traffic.
URL: http://www1.k9webprotection.com/
SuperAntiSpyware Free
SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms.
SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove.
SUPERAntiSpyware Free Edition does not include real-time blocking or scheduled scanning.
URL: http://www.superantispyware.com/download.html
Free Hide Folder 2.1
Free Hide Folder is a free computer security software to hide your private folders. It is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view them. You can hide folders simply with a few mouse clicks. Free Hide Folder is protected by a password that you can change or remove at any time.
URL: http://www.cleanersoft.com/hidefolder/free_hide_folder.htm
Comodo Company:Free Firewall, Anti-spam, backup, anti-virus, fake site identification...etc
http://www.comodo.com/products/free_products.html
Meanwhile, there is a software called Comodo i_Vault is a password management software. There is an awesome feature that once you have installed it, even your computer is unluckily installed with Keylogger, the password typed by keyboard is still protected!
http://www.comodo.com/products/i-vault/index.html
Regards,
Anthony Lai
Founder
P.S. Please read the system specification requirement and see whether it fits to your computer.
2009年1月30日
[The Register] Novell GroupWise bug threatens mass email theft
2009年1月29日
[CNET] 'Obama worm' probably a student prank, experts say
[CNET] Conficker spreads as Waledec delivers mal-entine
[CNET] Chrome, Firefox face clickjacking
[ComputerWorld] Former prosecutor: Mayor's plea for UFO hacker is off base
[The Register] IE8 Suggested Sites suggested to be snoopy
[The Register] Indian embassy website hack part of wider assault
[VNUNET] Police bust attempt to wipe out Fannie Mae
[VNUNET] Online retailers hit hard by fraud in 2008
2009年1月28日
[蘋果日報] 求職網遭入侵 失 450 萬人資料
[蘋果日報] 二手 MP3 機內藏美軍資料
[ComputerWorld] Cookie use in YouTube videos on WhiteHouse.gov prompts privacy concerns
[ComputerWorld] Russian 'cybermilitia' knocks Kyrgyzstan offline
[The Register] ICANN freezes over fast flux fury
[The Register] Why conventional protection fails against web threats
[The Register] Anonymous pwns Digital Camera Mag website
[The Register] Kaspersky Labs denies panic mongering
[VNUNET] ICO launches Personal Information Promise
2009年1月27日
[The Register] Spammers target Twitter
[The Register] Kiwi finds US military secrets on 'MP3 player'
[The Register] Easy updates best for browser patching
2009年1月26日
[Yahoo!奇摩] 告別硬碟 GDrive 個資保密引疑慮
[CNET] User data stolen from job site Monster
[ComputerWorld] Hackers exploit Obama site to spread malware
[ComputerWorld] Spam's resurgence continues in aftermath of McColo takedown
[The Register] Conficker botnet growth slows at 10m infections
[The Register] Rogue contractor admits Oz gov hack attacks
[The Register] Mac malware tide on the rise
[VNUNET] Small firms to get specific e-crime advice
2009年1月25日
[蘋果日報] 虛報喬布斯死訊 黑客大整蠱
2009年1月23日
[蘋果日報] 美 1 億信用卡交易資料或被竊
[蘋果日報] 黑客圖竊日銀行 24.6 億
[ZDNet 台灣] 盜版蘋果 iWork 軟體含木馬程式
[ComputerWorld] Amazon cloud could be hijacked to harvest BitTorrent files, researcher says
[ComputerWorld] Researchers wait for Downadup worm's second act
2009年1月22日
[CNET] Trojan found in pirated Apple iWork software
[Computerworld] Microsoft parries US-CERT alert on Autorun
[The Register] There's a right and wrong way to disable Windows Autorun
[The Register] OcUK puts ¢G10K bounty on the heads of DDoS varmints
[Vnunet] Web site infections continue to rise
2009年1月21日
[香港雅虎] 駭客也搭歐巴馬熱 小心別中毒
[香港雅虎] 駭客疑散佈惡意病毒 全球逾900萬電腦受害
[Computerworld] Downadup worm now infects 1 in every 16 PCs, says Panda Security
[Computerworld] Microsoft's advice on Downadup leaves users open to attack, says US-CERT
[The Register] Airline ticket receipt scam spreads malware
[The Register] New OS X research warns of stealthier Mac attacks
[Vnunet] Apple updates Quicktime
Parental control internet filtering software (Free for all individuals, organizations and companies)
http://www.naomifilter.org/oldindex.html
家長控制網絡過濾軟件(免費提供給所有個人,組織和企業)
http://www.naomifilter.org/oldindex.html
Parental control internet filtering software (Free for home use ONLY)
http://www1.k9webprotection.com/
家長控制網絡過濾軟件(免費提供給所有個人)
http://www1.k9webprotection.com/
Dear Infosec Hong Kong readers,
Wish you merry christmas and happy new year for coming 2009.
Even we deal with economics downturn, lost money in this year, we could be down for a while but should be kicked out. Having a healthy living and mind are much more important. Please forward my blesses to your family and friends.
Hopefully, we could tacklet the difficulties and have a wonderful Y2009.
祝願大家聖誕快樂新年進步!
In addition, I need to be thankful to the hero on maintaining this web site and server - Mr. Manson Siu. He is really a great system architect.
Regards,
Anthony LAI
Founder and Editor
Have you updated your windows yet with the latest security update yet?
Chinese: http://www.hkcert.org/chinese/salert/2008/s081210_ms_ie_xml_vule.html
English: http://www.hkcert.org/english/salert/2008/s081210_ms_ie_xml_vule.html
Please follow the instruction from HKCERT to install the update.
2008年12月30日
[Yahoo!奇摩] 2009年網路安全五大隱憂:資料庫、廣告、社交網站、Mac、iPhone
[The Register] Google Calendar phishing scam surfaces
2008年12月29日
[CNET] Microsoft denies vulnerability in Windows Media Player
[ComputerWorld] Amazon warns customers of infected digital photo frames
[The Register] CA issues no-questions asked Mozilla cert
[The Register] CastleCops shuts up shop
2008年12月28日
[Yahoo!奇摩] 垃圾郵件轟炸 1個月101億封
[Yahoo!奇摩] 點「不想收請按我」 引狼入室
2008年12月26日
[ZDNet台灣] [08年度回顧懶人包] 詐騙猖獗 大型網路攻擊退卻
[Yahoo!奇摩] 沒錢就騙盜取門號玩線上 高職生依詐欺移送
[Yahoo!奇摩] 資安監控平台 首度進駐大學
2008年12月24日
[明報] 專家﹕必須致電確認 電郵真偽難辨
2008年12月23日
[明報] 新刑法嚴打黑客傳銷
[Yahoo!奇摩] 電子聖誕卡藏病毒 自己受害親友也遭殃
[Yahoo!奇摩] 零日攻擊漏洞增多 惡意程式感染也增多
[CNET] Looking ahead at security trends for 2009
[ComputerWorld] Fake antivirus peddlers helped by Microsoft, IRS
[ComputerWorld] Internet needs global regulation, says researcher
[The Register] Datacash tracks down the 3rd Man
[The Register] MS (finally) confirms unpatched SQL Server flaw
[The Register] Oil software exec pleads guilty to hacking charges
2008年12月22日
[ComputerWorld] Microsoft explains how it missed critical IE bug
[ComputerWorld] Researchers sound alarm about bug in free antivirus scanner
[The Register] US cybersecurity defences fail to thwart mock cyberattack
[The Register] Transit agency to work with hackers who found vulns
[The Register] Prolific penis-pill pusher gets slap on wrist
[VNUNET] 2008 year in review: Security
2008年12月20日
[The Register] Florist kicks up a stink about false phish alarm
[The Register] American Express bitten by XSS bugs (again)
2008年12月19日
[明報] 微軟發布修補程式 籲IE用戶盡快下載
[Yahoo!奇摩] 微軟漏洞 200萬網站受駭
[ZDNet台灣] Mozilla更新修補重大安全漏洞
[ComputerWorld] Mozilla re-issues Firefox 2 update, includes missing patch
[ComputerWorld] State Department worker gets probation for passport snooping
2008年12月18日
[蘋果日報] 中國黑客被指襲微軟 IE
[Yahoo!奇摩] 雅虎宣布網友個人資料將只保留三個月
[ComputerWorld] Hackers exploit IE bug with 'insidious' Word docs
[The Register] Royal laptop theft 'will expose picture'
[VNUNET] Security fixes released for IE7 and Firefox
2008年12月17日
[蘋果日報] IE7 保安漏洞 專家籲停用
[ZDNet台灣] 重大IE 7惡意程式網上蔓延 微軟今日釋出緊急更新
[ZDNet台灣] 資訊安全威脅趨烈!駭客伺機入侵社交網站
[Yahoo!奇摩] 瀏覽器出現嚴重安全漏洞 微軟緊急更新
[Yahoo!奇摩] 電腦幫忙記密碼 小心被駭偷光光
[ComputerWorld] Mozilla plugs 13 holes in Firefox, retires older 2.0 browser
[ComputerWorld] 2009 security predictions: Deja vu all over again
[ComputerWorld] 5 ways to secure your BlackBerry
[ComputerWorld] IT staff taught how to hack computer systems
[The Register] Microsoft issues emergency IE patch as attacks escalate
[VNUNET] Authorities urged to step up scareware crackdown
Spam to hit record levels in 2009
[VNUNET] Yahoo cuts data retention times
2008年12月16日
[明報] 1/4病毒攻擊網上遊戲
[CNET] Critical IE 7 exploit making the rounds
[ComputerWorld] Auditor: IRS doesn't check cyberaudit logs
[The Register] Nine in ten emails now spam
[The Register] Opera releases update for 'extremely severe'
[The Register] American Express web bug exposes card holders
[The Register] Google sponsored links caught punting malware
Please click "Read Me" for the past news
2008年9月30日
[明報] 網上發現 香港郵政假網
2008年9月29日
[CNET] Yahoo's Zimbra e-mail program exposes passwords
[CNET] Microsoft, Washington state sue over 'scareware' pop-up ads
[CNET] How 'carders' trade your stolen personal info
[ComputerWorld] Gartner: Security risks rise as smart phones get smarter
[The Register] Adobe cache snafu delivers free movie downloads
[The Register] MoD prays RAF disk thieves aren't data savvy
[The Register] Cybersecurity holes exposed in Los Alamos nuke lab
[VNUNET] CSOs urged to dispel security myths
2008年9月28日
[蘋果日報] 牙科診所電腦失竊恐慌
[Yahoo!奇摩] 騙術熱滾滾 想看百萬美元被燒?中毒了
[Yahoo!奇摩] 分享軟體出包?/防外洩 基警要警刪除家中資料
2008年9月26日
[CNET] Security Bites 115: Inside ID fraud's underground forums
[CNET] VoIP system users can be targeted in attacks
[ComputerWorld] Limbo malware grabs personal banking data
[ComputerWorld] Microsoft, Washington state to sue 'scareware' pushers
[ComputerWorld] Mozilla rushes to fix Firefox password bug
[ComputerWorld] Security researchers warn of new 'clickjacking' browser bugs
[The Register] Brits happy to hand over password details for £5 gift voucher
[The Register] Net pariah Intercage back among the dead
[VNUNET] Experts warn of new PDF attacks
[VNUNET] Egham named spam capital of the UK
2008年9月25日
[CNET] Behind the scenes of online fraud
[CNET] Encryption key management: Critically important, frighteningly immature
[ComputerWorld] Apple patches months-old Java bugs
[ComputerWorld] Hackers resurrect notorious attack tool kit
[The Register] World's electrical grids open to attack
[VNUNET] BlackBerry users neglecting security
[VNUNET] IBM targets SMBs with security upgrades
[VNUNET] Barracuda opens up spam blocking list
2008年9月24日
[CNET] Firefox update fixes a dozen flaws
[CNET] Skype spam on the rise
[ComputerWorld] Cisco releases bundle of router security patches
[ComputerWorld] Controversial 'cybercrime ISP' Intercage now back online
[The Register] Net sleuths spot poker site cheat code
[VNUNET] Firms ignoring risk of security breaches
[VNUNET] Kentucky seizes gambling site URLs
[VNUNET] Police arrest alleged Maserati hacker
2008年9月23日
[ComputerWorld] California hacker charged with data theft, extortion over Maserati breach
[The Register] Study: Vast number of cyber attacks 'Made in the USA'
[The Register] Scarborough Building Society pulls insecure 'print' form
[The Register] Second TJX hack suspect cops a plea
[The Register] Grey hat hair hacker suspect charged in Maserati extortion case
[VNUNET] Sarah Palin email hack raises new security concerns
[VNUNET] Study shows pop up warnings ineffective
2008年9月22日
[Yahoo!奇摩] 名流動態》小布 網路最「毒」名人
2008年9月20日
[CNET] Defending instant messaging
[The Register] FoxNews commentator Bill O'Reilly's website hacked
[VNUNET] Identity theft bill set for approval
2008年9月19日
[明報] 黑客攻陷佩林電郵 聯絡人紀錄家人照片外泄
[Yahoo!奇摩] 垃圾郵件仍佔八成 遇有免費版IE7請小心
[ComputerWorld] Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack
[The Register] Firm threatens action against CCTV whistleblower
[The Register] Texas National Guard site disappears after malware attack
[The Register] VMware patches remote execution vulns
2008年9月18日
[Yahoo!奇摩] 奇摩帳號被盜頻傳 專家:業者態度要更積極
[CNET] If Palin's e-mail can be cracked, yours can too
[ComputerWorld] Security researchers ponder possible Palin hacks
[ComputerWorld] Hacked Texas National Guard site serves up malware
[The Register] Memo to US Secret Service: Net proxy may pinpoint Palin email hackers
[VNUNET] iPhone game brings Windows malware
[VNUNET] World's largest prime numbers found
2008年9月17日
[Yahoo!奇摩] 垃圾電子郵件占8成 小心木馬偽裝安全軟體
[ComputerWorld] Hacker posts QuickTime zero-day attack code
[ComputerWorld] Update: Hackers claim to break into Palin's Yahoo Mail account
[The Register] Watchdog: US Computer Emergency Readiness Team isn't ready
2008年9月16日
[Yahoo!奇摩] 防毒軟體抓出美國「商業週刊」遭駭客入侵
[CNET] McAfee: Brad Pitt fan sites may be bad for your computer
[The Register] Black hats target Windows Media Encoder bug
[The Register] Apple releases bumper patch batch
[The Register] Adobe yanks speech exposing critical 'clickjacking' vulns
[VNUNET] Fake antivirus attacks rise
2008年9月15日
[CNET] Mac OS 10.5.5 packs fixes for slew of security flaws
[CNET] 'BusinessWeek' site hacked in potential malware attack
[VNUNET] Web site hacks continue through Q2
2008年9月13日
[蘋果日報] 邀收件人瓜分商人遺產 3.5 億 冒牌恒生執行董事電郵套料
[The Register] Virginia de-convicts AOL junk mailer Jeremy Jaynes
2008年9月12日
[明報] 社交網站黑客 扮朋友播毒
[Yahoo!奇摩] 冒稱歐巴馬情色照片的病毒電郵已在散播
[CNET] Anatomy of a botnet
[ComputerWorld] Hackers hit Large Hadron Collider Web site
[VNUNET] Spammers warn of local nuclear meltdowns
2008年9月11日
[明報] 醫局加強病人私隱 倡委保安總管統籌
[CNET] New tool creates fake YouTube pages for spreading malware
[CNET] Acrobat 9 crashes with malformed URLs
[CNET] iPhone iSpy? Hacker says device captures it all
[The Register] CookieMonster nabs user creds from secure sites
[The Register] 'UK's Chernobyl' spam spreads Trojan
[VNUNET] New group to tackle economics of security
[VNUNET] Hacker gets two years for stock manipulation
2008年9月10日
[url=http://www.theregister.co.uk/2008/09/10/critical_apple_patches[/url]
2008年10月28日
[ZDNet台灣] Windows 7還沒出 安全修補先上
[ComputerWorld] Former sysadmin sentenced for wrecking corporate servers
[ComputerWorld] Hackers publish attack code for last week's Windows bug
[The Register] Parcel mules scam exposed
[The Register] London consumers trounce corporates in wireless security
[The Register] Immature tech likely to get lucky in credit crunch
[The Register] Student charged after alerting principal to server hack
[VNUNET] Quarter of law firms admit to losing confidential data
[VNUNET] Latest tactics for fighting e-crime could backfire
[VNUNET] First Android flaws surface
2008年10月27日
[CNET] Report: Yahoo jobs site used in phishing attack
[ComputerWorld] New Windows bug differs from 2006 flaw, Microsoft says
[The Register] Opera scrambles to quash zero-day bug in freshly-patched browser
[VNUNET] Malware and compliance issues swamp firms
[VNUNET] Spam targets economy and election
2008年10月26日
[The Register] New address spoofing flaw smudges Google's Chrome
2008年10月25日
[Yahoo!奇摩] 駭客又強力入侵了!微軟發紅色警戒,民眾善用防毒抑止
[VNUNET] Financial malware gets smarter
2008年10月24日
[The Register] Trojan attacks Microsoft's emergency patch vuln
[Vnunet] Security firms look within for patches
2008年10月23日
[CNET] Microsoft RPC exploit could be a packaged deal
[CNET] Microsoft's urgent security update: What it means
[CNET] Microsoft patches potential 'worm hole'
[CNET] Microsoft issues 'critical' patch outside normal cycle
[The Register] Google reports itself for aiding and abetting malware distribution
2008年10月21日
[VNUNET] Sarkozy falls prey to bank hacker
2008年10月20日
[ComputerWorld] IT security guide: Understanding cyber-risks means knowing what questions to ask
[ComputerWorld] Hackers renew airline-ticket scam spam
[The Register] Home Office mulls fighting hacking with corporate ASBOs
[The Register] Swiss boffins sniff passwords from (wired) keyboards 65 feet away
2008年10月17日
[Yahoo!奇摩] 病毒藏郵件 小心預覽就中標
[CNET] Internet-scale 'man in the middle' attack disclosed
[ComputerWorld] Two new IRS systems have major security weaknesses, federal report says
[ComputerWorld] Up next: Cellular botnets, cybermilitias
[The Register] FBI's fraud site spawns UK arrests
[The Register] US teen admits to 'Anonymous' DDoS attack on Scientology
[VNUNET] Early alarms over new Mac malware
2008年10月16日
[Yahoo!奇摩] 電腦「毒患」 一台電腦一年中毒八十六次
[CNET] Botnets on cell phones in 2009?
[CNET] Microsoft Host Integration Server flaw exploited
[ComputerWorld] Update: Security vendors blocking some Obama campaign e-mails
[The Register] Scammers making '$15m a month' on fake antivirus
[The Register] Adobe redirects web surfers to nefarious links
[The Register] Ralsky confidant agrees to rat out notorious spam gang
[The Register] Warezov botnet rises from the grave
[VNUNET] Poor backup policies leaving huge security holes
[VNUNET] Security industry falling behind hacking technology
2008年10月15日
[CNET] AVG flags ZoneAlarm as malware
[CNET] Has Storm stopped sending spam?
[ComputerWorld] Adobe patches Flash clickjacking and clipboard-poisoning bugs
[ComputerWorld] Oracle issues 36 patches, but is anyone applying them?
[ComputerWorld] FTC, New Zealand hit one of world's largest spam operations
[The Register] Security vendors cry foul over exploit tests
2008年10月14日
[明報] 木馬病毒襲Facebook
[CNET] Microsoft fixes 20 flaws with 11 patches
[The Register] Storm botnet blows itself out
[The Register] Feds hamstring world's largest spam gang
[VNUNET] MoD data loss total could hit 1.7 million
2008年10月13日
[Yahoo!奇摩] Eee PC外接硬碟中毒 華碩:不影響台灣產品
[ZDNet台灣] 隱身滑鼠之後的Clickjacking攻擊
[CNET] Network security makes a quantum leap
[ComputerWorld] 'Experimental' security fix is malware, Microsoft says
[The Register] Deloitte loses hundreds of thousands of pension details
[The Register] SSL covers security embarrassments with EV figleaf
[The Register] CastleCops nemesis gets two-year sentence
[VNUNET] Blackmailing hacker hijacks hotel emails
2008年10月10日
[VNUNET] Hackers barely responsible for corporate data loss
2008年10月9日
[Computerworld] Firefox add-on blocks 'clickjacking' attacks
[CNET] Apple's October update fixes 20 security flaws
[CNET] Microsoft to issue 11 security patches on Tuesday
[VNUNET] Sarah Palin email hacker indicted
[VNUNET] Adobe warns of 'clickjacking' attacks
2008年10月8日
[CNET] Being smart about webmail
[CNET] How botnets use 'bullet-proof' domains
[CNET] 'Clickjacking' attack hides behind the mouse
[The Register] Asus admits Eee Box mini PC shipped with virus
[The Register] Son of state lawmaker charged with Palin email hack
[The Register] $236m judgment lands on mom and pop spam shop
[VNUNET] T-Mobile loses 17 million customer details
[VNUNET] Banking crisis putting data at risk
[VNUNET] Bank buyouts trigger new phishing scams
[VNUNET] SilentBanker Trojan gets stealth mode
2008年10月7日
[CNET] Another iPhone bug?
[ComputerWorld] Court orders spammers to pay $236M to Iowa ISP
[ComputerWorld] Obama beats McCain in 'spam-off' by landslide
[The Register] Net game turns PC into undercover surveillance zombie
[VNUNET] Facebook flooded with fake profiles
2008年10月6日
[CNET] Data breaches best 2007 record
[CNET] Study: Uptick in spam-sending zombie PCs in September
[ComputerWorld] O.J. Simpson guilty verdict could lead to malicious spam
[The Register] Crypto attack unveils hidden backups
[The Register] BSA flashes gums at 'online software scams'
[The Register] Jesus Phone vuln delivers fanboys to phishermen
2008年10月4日
[CNET] Report: Palin, Obama lead in election-related spam
2008年10月3日
[CNET] Hack and tell: Teen hacker Mafiaboy writes memoir
[ComputerWorld] Grand jury indicts two Europeans over denial-of-service attacks in 2003
[ComputerWorld] Vendors rush to fix bug that could crash Internet systems
[ComputerWorld] Researcher finds evidence of massive site compromise
[The Register] Skype admits Chinese privacy breach
[The Register] Spam swine break next-gen CAPTCHAs
[The Register] Brit, German indicted for stateside satellite TV attacks
2008年10月2日
[Yahoo!奇摩] 侵入購物台網站 駭客詐騙消費者
[Yahoo!奇摩] 無〝毒〞有偶 小心隨身碟毒到你
[Yahoo!奇摩] 網民力量大! 齊力防堵電腦病毒成新趨勢
[CNET] Report: Adware supplies one third of all malware
[CNET] Estonia posts its cybersecurity strategy
[CNET] New phishing attempt targets bank customers
[CNET] All the news that's fit to exploit--Google Trends
[ComputerWorld] Frustrated researcher details iPhone security bugs
[ComputerWorld] Many computer users lack basic security precautions, survey says
[VNUNET] Malware masquerades as YouTube video
2008年10月1日
[The Register] UK banking fraud losses rise to £301.7m
[The Register] Ransomware author tracked down, but not nicked
[The Register] DoS attack reveals (yet another) crack in net's core
[The Register] Hackers penetrate South Korean missile manufacturer
[VNUNET] US pushes security awareness month
[VNUNET] Security firms fail on Windows Server
2008年11月30日
[蘋果日報] 美軍方網站疑遭俄入侵
2008年11月28日
[蘋果日報] 難保私隱 電子病歷跨科易洩漏
[明報] 警查電腦資料 系統會留紀錄
[The Register] Rootkit unearthed in network security software
2008年11月27日
[ZDNet台灣] 網路蠕蟲利用Windows弱點
[Yahoo!奇摩] 隨身碟方便用 卻也成病毒流竄途徑
[ComputerWorld] Estonian ISP cuts off control servers for Srizbi botnet
[The Register] Anti-fraud site targeted in Joe Job attack
[The Register] Russian WebMoney hacker cuffed over Trojan scam
[The Register] WordPress update kyboshes XSS flaw
2008年11月26日
[明報] Facebook告垃圾信息蟲獲賠68億 收400萬封垃圾信息 賠償創紀錄
[明報] 邀看短片 黑客乘機偷資料
[明報] 妒忌女主播高薪 男主播盜電郵密碼罪成
[ZDNet台灣] Gmail漏洞 原來是釣魚詐騙
[CNET] Internet worm exploits Windows vulnerability
[ComputerWorld] Massive botnet returns from the dead, starts spamming
[The Register] Facebook spams social networkers with phishy email
[The Register] Google silences Gmail security blogorumors
2008年11月25日
[CNET] Microsoft ranked fifth worst spam service ISP
[ComputerWorld] Spam levels fluctuate as crooks try to revive botnets
[The Register] Tax break phishing scam aims to harvest details
[The Register] Unofficial fix issued for Vista networking flaw
2008年11月24日
[ZDNet台灣] Vista核心被發現安全漏洞
[ZDNet台灣] Gmail出現安全漏洞
[ZDNet台灣] 倫敦數家醫院被病毒感染 三天還沒修復
[Yahoo!奇摩] 外掛網提升功力? 植木馬盜遊戲幣
[CNET] Report: U.S. vulnerable to Chinese cyber espionage
[ComputerWorld] Apple updates Safari for second time in two weeks
[The Register] Booming cybercrime economy sucks in recruits
[The Register] Smut pop-up teacher case finally resolved with misdemeanor plea
[The Register] Security breach gives PayPal phish the personal touch
[VNUNET] Pentagon recalls USB sticks over virus fears
2008年11月23日
[CNET] Gmail exploit may allow attackers to forward e-mail
2008年11月22日
[Yahoo!奇摩] 收到自己寄來的電郵 小心有毒
[CNET] Kernel vulnerability found in Vista
[The Register] Google Analytics — Yes, it is a security risk
[VNUNET] Apple releases iPhone update
2008年11月21日
[Yahoo!奇摩] 駭你外加塞爆你 圖像式垃圾郵件大復活
[The Register] London Hospital back online after computer virus shutdown
[VNUNET] Alarms sounded over flash drive infections
2008年11月20日
[明報] 美國會指中國加強電腦入侵
[明報] 港垃圾電郵比例全球第一
[CNET] Phishing, e-mail money laundering scams on the rise
[The Register] Cybercrooks making easy money from virtual worlds
[The Register] Phisher-besieged PayPal directs users to faux log-in page
[The Register] Congratulations, Barack - Now fix your websites
[VNUNET] Healthcare workers putting patient data at risk
[VNUNET] Google opens up for mashup security
[VNUNET] Firefox warns users off China add-on
2008年11月19日
[明報] 入侵麥當勞網頁 科大生判服務令
[url=http://www.theregister.co.uk/2008/11/19/visa_credit_card/][The Register] Visa's digital credit card could raise legal stakes
[url=http://www.theregister.co.uk/2008/11/19/mac_trojan/][The Register] Lame Mac Trojan limps into view
[The Register] US teen hacker 'DShocker' confesses three-year crime spree
[VNUNET] Microsoft scraps OneCare security suite
[VNUNET] UK citizens ready for biometrics
[VNUNET] BNP membership details leaked online
[ComputerWorld] How much does spam cost you? Google will calculate
2008年11月18日
[明報] 子女網上活動 增資料外泄風險
[CNET] Safari 3.2 includes antiphishing tools
[CNET] Computer virus infects three London hospitals
[CNET] Unisys survey looks beyond cybersecurity
[Computerworld] Hosting firm takedown bags 500,000 bots
[The Register] Feds shutter one-stop stalker shop
[The Register] Dead network provider arms Rustock botnet from the hereafter
[The Register] EC slams national cybercrime responses as inadequate
[The Register] SSH sniffer attack poses minor risk
[The Register] Feds prep gov domains for net address server swap
[VNUNET] Global firms ignoring web-based threats
2008年11月18日
[明報] 子女網上活動 增資料外泄風險
2008年11月17日
[CNET] District court halts keylogger spyware sales
[CNET] British site focusing on online scams targeted in DDoS attack
[ComputerWorld] Spam drop could boost Trojan attacks
[ComputerWorld] Opinion: What has happened to storage security?
[The Register] Agile fraudsters prey on clueless UK surfers
2008年11月14日
[ComputerWorld] Google patches Chrome file-stealing bug
[The Register] DoS and distributed hacking tools finally criminalised
[The Register] Half Life hacker refused FBI sting bait
[The Register] AVG slaps Trojan label on Adobe Flash
[VNUNET] vnunet.com analysis: Online security war is social not technical
[VNUNET] Human error becomes biggest security fear
[VNUNET] New mobile virus goes 'old school'
[VNUNET] Federal Reserve spam attack emerges
2008年11月13日
[Yahoo!奇摩] 信用卡網購保安全 簡訊動態密碼來認證
[CNET] Apple updates Safari with 11 security fixes
[CNET] Microsoft explains seven-year patch delay
[ComputerWorld] Data pain: University of Florida warns 333,000 dental school patients of breach
[ComputerWorld] Mozilla fixes 11 new flaws in Firefox, six critical
[The Register] Over-feeding phishers struggle to make ends meet
[The Register] Drug dealing sysadmin cops to hacking and burglary offences
[The Register] Attorneys for Palin email hacker: 'Don't call him hacker'
[VNUNET] F-Secure warns of mobile malware growth
[VNUNET] Microsoft SharePoint security concerns surface
2008年11月12日
[ZDNet台灣] 微軟發佈網路安全警訊
[Yahoo!奇摩] 最危險的網站!情色影音排第一
[CNET] Report: Insiders a greater threat to data leaks
[ComputerWorld] Spam plummets after Calif. hosting service shuttered
[ComputerWorld] IBM's ISS blasts security rival Trend Micro over bugs
[The Register] DNS inventor blames wrangling for insecure interweb
[VNUNET] LA engineers admit traffic-light hack
2008年11月11日
[Yahoo!奇摩] 秒殺中文病毒碼 網路安全新軟體增瀏覽器防護技術
[Yahoo!奇摩] 灌票 電腦軟體難防堵
[CNET] Energy industry at risk of cyberattack, survey says
[CNET] AVG update cripples some Windows XP systems
[CNET] Microsoft fixes four flaws with two patches
[CNET] Study: DDoS attacks threaten ISP infrastructure
[ComputerWorld] Microsoft security patch was seven years in the making
[The Register] US Navy hacker avoids Romanian jail
[VNUNET] ISPs fear IPv6 security threats
2008年11月10日
[CNET] Apple fixes three iLife flaws
[CNET] Nigerian scammers hit Facebook
[CNET] Google starts fixing Android 'reboot' bug
[ComputerWorld] ActiveX poses threat to Vista, Microsoft says
[The Register] Buffer overflow bug bites Linux wireless component
[The Register] Visa trials PIN payment card to fight online fraud
[The Register] Drive-by download attack mows down thousands of websites
[The Register] Researchers hijack botnet for spam study
[The Register] One in ten DNS servers still vulnerable to poisoning
[The Register] Denial, exposure and online security
[VNUNET] Anti-malware testing standard proposed
2008年11月9日
[蘋果日報] 中國黑客屢次入侵白宮電腦
[Yahoo!奇摩] 電腦病毒倍增 使用者全面戒備
2008年11月8日
[Yahoo!奇摩] 蠕蟲手法翻新 知名網站分享新聞影片當餌
[The Register] Inmate hacked prison network, broke into employee database
[The Register] Researchers find more flaws in wireless security
2008年11月7日
[CNET] Report: White House e-mail system attacked
[CNET] Security expert talks Russian gangs, botnets
[ComputerWorld] Thousands hit in broad Web hack
[The Register] Miscreants hijacking machines via (freshly patched) Adobe flaw
[VNUNET] Data losses hit 280 million people
2008年11月6日
[Yahoo!奇摩] 當心別亂點 歐巴馬成垃圾攻擊主題
[ComputerWorld] Microsoft plans puny patch slate next week
[ComputerWorld] Adobe fixes 6 flaws in Flash
[ComputerWorld] Once thought safe, WPA Wi-Fi encryption is cracked
[The Register] Fake site punts Trojanised WordPress
[The Register] McCain 'dead' email ruse punts penis pills
[The Register] L.A. engineers cop to traffic system sabotage
2008年11月5日
[蘋果日報] 更改比賽得獎者電郵 冒領四手機 科大生黑客呃麥當勞獎品
[CNET] Campaign PCs of Obama, McCain cyberattacked
[CNET] Obama-themed malware on the rise
[ComputerWorld] After laptop theft, Baylor Health warns of possible data compromise
[The Register] Opera update plugs bug brace
[The Register] Hackers jailbreak T-Mobile's Googlephone
[The Register] NY man charged with boosting TJX credit hijack
2008年11月4日
[明報] 市民如何防止 個人資料外泄
[Yahoo!奇摩] 麒迅網 (Oyesgo) 提醒:網絡訂票謹防釣魚網站
[Yahoo!奇摩] 微軟安全情報報告:惡意軟件增加,Windows 漏洞減少
[ZDNet台灣] 微軟:木馬是最大威脅 瀏覽器攻擊在中國最普遍
[ComputerWorld] Adobe patches 8 bugs in popular PDF apps
[The Register] US kicks off secure hash competition
[The Register] McCain pulls ahead in pharmaceutical spam
[The Register] Cocaine addicted IT manager hacks ex-employer's mail servers
[VNUNET] Corporate bloggers urged to tighten security
2008年11月3日
[明報] 英稅務資料外泄
[CNET] Bots exploiting Microsoft's latest RPC flaw
[ComputerWorld] Spam surges as Google's CAPTCHA falters
[ComputerWorld] Three ways Internet crime has changed
[VNUNET] Government Gateway secured and back online
2008年11月1日
[Yahoo!奇摩] 《病毒資訊》以CNN之名賣威而剛 讓你電腦變僵屍
SiteMon minimizes downtime with a free monitoring service for your website.
* Checks that your web site is up and available to the public every ten minutes
* Monitors user-selected keywords to ensure page content loads correctly and has not been modified
* Identifies slow websites by providing detailed server response times
Comodo SiteMon automatically checks your website content, page titles and web server availability every ten minutes, 24/7. If there are any problems, you are alerted immediately via email - your support team doesn’t have to wait for angry customers to complain that they can’t access your web site.
Crucially, as an external testing service, SiteMon connects to your website from the same perspective as your customers. If SiteMon discovers any problems with your website, it is likely that your customers will be experiencing the same.
This essential continuity monitoring tool is simple to configure, completely free of charge and requires no downloads or software installation. 
SiteMon:
http://www.hackerguardian.com/hackerguardian/learn/sitemon.html
Someone said it is a low risk item, for me, it is a high risk item. If you could play Flash in your browser. If a bad guy made a URL inside the flash, once you click into it, it may help the attacker to search your submitted URLs in browser and re-submit or append something the attacks want to. For example, money transfer, email deletion...etc.
Affected Software: Adobe Flash Player 9.0.124.0 and earlier
How to know your installed Flash player version? Please go to here:
(If you are worried about the link, please type it in the browser)
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507
Please upgrade your Adobe flash player to 10.0.12.36. 
http://www.adobe.com/support/security/advisories/apsa08-08.html
To reduce the cost of purchase numerous IT magazines, I always stand and read them at least for 5 minutes on every newly issued magazines at 7-11.
I have found a good service and tool (FREE!) which could help to track your location (provided with IP address and location map) about your USB/Portable device, once it is lost, you could track them out.
http://www.ihoundsoftware.com/
However, it is still in a beta testing stage (not officially launched) and the location map may not be accurately given, it is very useful to you and me to protect our device. Hopefully, they will tune it after it is officially released.
Regards,
Anthony Lai
Founder & Editor
InfoSec Hong Kong
Dear readers,
This year, it is my first time to join the election of IT division of LEGCO election. The successful elected candidate is Mr. Samson Tam and he won over Mr. Charles Mok with 35 more votes.
There are over 100 votes are blank or abolished. This time, our IT professionals give birth an evil and please should not complain later.
I have met Charles Mok for several years and he is one delicating himself to IT industry nearly in Full-Time mode. He is not the one with "sudden appearing" before election. Meanwhile, his knowledge and openness to technologies development, regulations understanding and industry issues are solid and practical.
However, for Mr. Samson Tam, his view is rogue and impractical and most of the IT professionals could not be beneficial from it. For example, inviting Microsoft to HK to set up research center could help to increase employment opportunities; Setting up lowest salary of IT professionals; Appeal to government to get back all the outsourcing task; Promoting IT industry with his nonsense TV program on Cable TV and it is under investigation whether he has violated the election expenediture rule; Misusing HKCS and HKPC logo on his facebook promotion:Violating intellectual properties rights and misusing i-Phone design for his election web site; He has not attended to various debate forums organized by various channels and IT associations. He just appeared in some of the forums held by associations in which he has the EXCO position.
People are willing to vote with blank forms and give birth an evil rather than picking the one with continuous commitment. It really impacts and discourages those who would like to contribute to IT industry. Of course, the strike and pressure from China government and vote seeding cannot be ignored.
Be frank, my motivation to set up this site is also a kind of contribution to IT industry and help our society to understand more about the importance of security awareness. My efforts are really relatively small compared with the contribution from Charles.
8 Sept 2008 or and the following years is the Black Day of IT industry in Hong Kong.
Regards,
Anthony Lai
Founder and Editor
InfoSec Hong Kong
When you use Gmail, facebook, yahoo or hotmail, your login session cookie may be easily "cloned" via Sidejacking via Wireless network. If you do want to know more about Sidejacking, go to Youtube.com and type in "SideJacking" or simply click this URL: http://www.youtube.com/watch?v=nFNFa-48lpI
Recently, Google has release a logging records to users to monitor
URL: http://erratasec.blogspot.com/2008/07/gmail-now-shows-ip-address-log.html
After you login Gmail, you could find there is a link to "More details". Once you click into it, you will find the following screen with logs.
Please regularly check the log so that you could guarantee no other guys from other IP address to access your Gmail account, if yes, it will be shown up. If it happens on you, capture the log screen first (with IP address) and log off ALL the sessions to prevent from further information exposure.
If you want to know why Google Gmail's cookie could be sniffed, you could refer this URL:
http://erratasec.blogspot.com/2008/08/google-vs-sidejacking-round-7.html
Recently, Google is working hard to fix this, people could set SSL even after logging into Gmail and it is hard to sniff the session cookie. lol:
Regards,
Anthony Lai
What is Privnote?
Privnote is a web tool that you can use to send private notes over the Internet.
What makes Privnote different from sending a regular email or instant message?
You get a link to the note, and once that link is clicked the note is destroyed so it can only be seen once. If someone intercepts the link and sees the note before the person who's intended to read it, that person will know that the note has been eavesdropped, and can tell you about it.
If you want to be notified when your note gets read you can do it by checking the notify box located below the note. Neither email nor instant messaging provides a reliable way to know if, let alone when, your messages are read.
If you send a note and suddenly regret having done so, you can click the link yourself which will destroy the note and prevent the receiver from reading it.
Sending links in emails is as easy as writing the note in the email itself, so why not add a little extra privacy at zero cost? Besides, everybody knows how to click on a link so you won't have to explain anything new in your email.
URL: https://privnote.com/
Dear readers,
I have set up a Facebook account and a group for Infosec Hong Kong for you to join.
Please feel free to add me at anthonation@gmail.com or Anthony Lai
For your information, there are some famous security fellows has devoted and shared their ideas. There is no longer a "One Man Bank".
Let's promote privacy and information security!
Regards,
Anthony Lai
Founder and Editor
InfoSec Hong Kong
仁濟醫院遺失約3000名申請病歷紀錄人士的姓名、身分證號碼及處理情況資料。
仁濟醫院發言人表示,他們於6月30日得悉,病歷紀錄服務部員工在替一批備份3.5吋軟式磁碟進行加密工作時,發現並沒有其中一個時段的軟碟,該批軟碟是員工過往的工作流程紀錄副本,儲存了2005年1月16日至2006年1月15日期間約3000位申請病歷紀錄人士的姓名、身分證號碼,與及員工處理有關申請的登記日期、處理日期及完成日期等。
URL: http://www.mpinews.com/htm/inews/20080708/gb21830a.htm
My comment:
I have already told you all once a corp/company leaks information, they will uncover themselves. However, I am the most worried about the SMEs and retail shops.
How about protect your privacy? For example, last week, I bought a shirt from Ken & Curwen in Ocean Terminal in TST. The sales ladies asked me to have a signature and then made a carbon copy with the pencil. I have told you all that the shop has NO rights to do that. As I was in hurry, I have made a phone to request back the signed receipt with credit card carbon copy. I have asked them to discuss with the back office as PCO (www.pco.org.hk) has proven such case. They returned it to me with an envelope. Otherwise, they could be sued.
Another case is that there are many young girls carry out interview in the street, will you disclose the information and privacy information to them?
Meanwhile, will you apply broadband and credit card in the street? HKMA (www.hkma.gov.hk) also comments many banks have not trained those Part-Time credit card promoters how to secure the information, do you still seek for convenience and sacrifice your privacy?
Lastly, you coud advise and discuss with your mum, daddy and grandma and grandpa, did they complain themselves or speak to themselves in the street? Some bad guys listened to it and sold medicine and asked your relatives to trust a god by paying some money?
All of them are about privacy but who cares?
Remember: Never disclose your privacy unless it is needed. Meanwhile, you should know you have the rights to ask:
What is the purpose to use my information and how do you handle my private information? Don't feel annoyed and scared. You are the data owner!
Be smart, my friends.
Regards,
Anthony Lai
