DIR has published their Cyber Security column for May. The topic is cloud computing. You can access the document at – http://www.dir.state.tx.us/security/reading/2010/201005cybersec.pdf
Archives for April 2010
Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks or potentially compromise a user’s system.
1) An unspecified error exists in the type handling related to forms.
2) An unspecified error in the handling of HTTP requests can potentially be exploited to conduct cross-site request forgery attacks.
3) An unspecified error exists related to local file references through developer tools.
4) An unspecified error related to “chrome://net-internals” can be exploited to conduct cross-site scripting attacks.
5) An unspecified error related to “chrome://downloads” can be exploited to conduct cross-site scripting attacks.
6) An unspecified error may cause pages to load with privileges of the “New Tab” page.
7) An unspecified error in V8 bindings can be exploited to corrupt memory.
Update to version 18.104.22.1689.
When ISC reader Josh realized that only five people at his firm had received the “legal threat” malware email that we reported on earlier, he started digging. The targeting of the bad guys had been spot on, all five recipients were in fact involved in the handling of money for Josh’s employer, a large real estate firm. Two were in cash operations, two in accounts payable, and one in treasury/finance. After a couple minutes of googling, one potential culprit was found: All five staff members were maintaining profiles on LinkedIn, and had their profile proudly proclaim a job title that made it patently obvious that they had access to the firm’s banking information.
Can any other of our readers corroborate this finding? If last week’s “Legal Threat” email also only targeted 2-5 specific users in your firm, and the targeting was very precise, please let us know if you have any indication on where and how the bad guys could have gotten their intel.
The period between April 2 and May 31 each year Risk Assessment time for University and System applications. Please use one of the following applications to access the Risk Assessment web application to submit your annual risk assessment. The ISAAC-S application will require you provide an IP address to the AgriLife ISO before you can obtain access.
University Risk Assessment – https://isaac.tamu.edu
System Risk Assessment – https://isaacs.tamu.edu/
A new version of Java has been released. Everything I am seeing indicates it was released in the last 12 hours. Please make sure your Java Control Panel is set to download updates automatically.
Link for the version 20 download is http://java.sun.com/javase/downloads/index.jsp?cid=928338