Tuesday, October 5, 2010

TR Dojo: Lock down Windows 7 to run only specified applications



src: http://video.techrepublic.com.com/2434-13789_11-167680.html

Stop the Internet Blacklist!


How could US government come up with things like that banning and censorship of websites which could lead to a Internet blackout across the world . What really Concerns President Obama and his congress men to be upto such a decision ?

Will that really mean a total monitored internet access with no privacy?

What does that mean to other nations of the World?


Just the other day, President Obama urged other countries to stop censoring the Internet. But now the United States Congress is trying to censor the Internet here at home. A new bill being debated this week would have the Attorney General create an Internet blacklist of sites that US Internet providers would be required to block.
This is the kind of heavy-handed censorship you'd expect from a dictatorship, where one man can decide what web sites you're not allowed to visit. But the Senate Judiciary Committee is expected to pass the bill this week -- and Senators say they haven't heard much in the way of objections! That's why we need you to sign our urgent petition to Congress demanding they oppose the Internet blacklist.
PETITION TO THE SENATE: Censoring the Internet is something we'd expect from China or Iran, not the U.S. Senate. You need to stop this Internet blacklist in its tracks and oppose S. 3804.



Details of the Petition :http://demandprogress.org/blacklist/coica
source : http://demandprogress.org/blacklist

Stuxnet Trojan attacks could serve as blueprint for malware writers

The Stuxnet Trojan remains a danger to a small minority of firms that run specialized control equipment, but security experts say it could serve as a guide for copycat malware writers, who can reproduce parts of its processes and take better aim at other companies.


"How do you know that the software you are using to support sophisticated manufacturing processes, ranging from uranium centrifuges to automobiles, is not being targeted by some cyberweapon, throwing off your tolerances and measurements?" asked Paul B. Kurtz, managing partner at Arlington, Va.-based GoodHarbor Consulting LLC. "It's something that can be very costly to private industry and ultimately very disruptive to economies."
The worm surfaced in July when it was discovered exploiting a Microsoft Windows file sharing zero-day vulnerability, spreading using the AutoPlay feature for USB sticks and other removable drives. Microsoft issued an emergency update to close the hole, but researchers discovered several other methods used by Stuxnet, including a printer sharing vulnerability, which was patched this month by Microsoft.
Stuxnet was unique in that it contains code that could identify Siemens' Supervisory Control and Data Acquisition (SCADA) software and then inject itself into programmable logic controllers, which automate the most critical parts of an industrial facility's processes -- temperature, pressure and the flow of water, chemicals and gasses. Kurtz, who served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Bill Clinton and George W. Bush, is convinced that the Trojan's end game is to wreak havoc or even destroy critical infrastructure facilities by altering their vital processes.
"When you get into some of the other manufacturing processes today, the fault tolerance is so miniscule that it doesn't take much for a targeted piece of malware to cause problems," Kurtz said. "They can produce products that are inherently flawed and that can have disastrous effects."
Dave Marcus, director of security research at McAfee Avert Labs, draws parallels to the Google Aurora attacks, which surfaced in January. Like the Aurora attacks, which exploited a zero-day vulnerability in Internet Explorer to infiltrate Google and dozens of other firms, the cybercriminals behind Stuxnet had specific knowledge of their target environment, Marcus said. Those behind both attacks had a level of financing that enabled intelligence gathering prior to the attacks.