Welcome to Montebello Partners' security home page. Here we include important current alerts, resources, and announcements. If this is your first visit here, you may want to browse:

• Our introduction to Internet Security,
• Description of our security services
• Monthly email news and updates
• The monthly meetings of the SDForum Internet Security SIG
• The FBI-sponsored bay area Infragard chapter
• Useful security links and tools
• Various presentations given by us.

December, 2004 Update

Hacks

• Petco left 500,000 customer credit card numbers vulnerable to hackers, due to an SQL injection vulnerability. Petco settled with the FTC, agreeing to certify their security with an independent professional every two years for the next 20 years.

• Phishing attempts tripled from August to September. About 3%-5% of phishing victims respond. The phishing industry was worth $1.2 billion last year. (see mediapost.)

• A "no-click" phishing attempts have been seen, where merely viewing an email can subvert your system, so your next on-line banking session can be intercepted. The technique relies on scripting vulnerabilities in Outlook and IE.

Holes

• Java version 1.4.2_05 and earlier may allow applets to take over your privileges. You should update your java.

• Microsoft Internet Explorer is vulnerable to another heap overflow if you view a malicious web page in your browser or email. A patch is available, and XP SP2 is not vulnerable.

• An automated cracker has been released on the web, for breaking weak wireless (WPA) consumer-level passwords. WPA is a new security standard for 802.11i that was supposed to improve security over the now-standard WEP security protocol. Moral: treat any wireless connection as you would a connection to the global insecure internet.

Other Updates

• June, 2006
• May, 2006
• November, 2005
• August, 2005
• June, 2005
• May, 2005
• April, 2005
• March, 2005
• January, 2005
• December, 2004
• November, 2004
• October, 2004
• September, 2004
• August, 2004
• April, 2003
• March, 2003