Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Countries With High WinOS Piracy Not Most Infected (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Microsoft have released Volume 5 of their Security Intelligence Report, covering data reported from January to June 2008. Using data drawn from Microsoft security tools on end user systems, breach data from datalossdb.org, and data from a number of online service providers, Microsoft has compiled a very detailed security picture that few others can come close to matching.

While the report suffers from a self-selection bias and only covers Microsoft operating systems and software it is still a quality report and filled with valuable insight and data about how Microsoft views the threats and vulnerabilities targeting Microsoft-based systems globally. Of special interest is how Microsoft has observed the breakdown of malware on a per-country basis. For countries like South Korea and Brazil this breakdown can reflect how the online environment has evolved in those countries. Another inferred outcome is the discovery that increased software piracy (pick any number of sources for piracy rates) doesn't mean increased rates of system compromise.

If it doesn't already, Microsoft's SIR should take it's place alongside annual and semi-annual reporting from OWASP and ISC as a key bellwether of global Information Security in practice."
Security

Submission + - Microsoft Issues Security Report for Jan-Jun 2008 (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Microsoft have released Volume 5 of their Security Intelligence Report, covering data reported from January to June 2008. Using data drawn from Microsoft security tools on end user systems, breach data from datalossdb.org, and data from a number of online service providers, Microsoft has compiled a very detailed security picture that few others can come close to matching.

While the report suffers from a self-selection bias and only covers Microsoft operating systems and software it is still a quality report and filled with valuable insight and data about how Microsoft views the threats and vulnerabilities targeting Microsoft-based systems globally. Of special interest is how Microsoft has observed the breakdown of malware on a per-country basis. For countries like South Korea and Brazil this breakdown can reflect how the online environment has evolved in those countries.

If it doesn't already, Microsoft's SIR should take it's place alongside annual and semi-annual reporting from OWASP and ISC as a key bellwether of global Information Security in practice."
Security

Submission + - Old Malware Tricks Still Defeat Most AV Scanners (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "A year ago Didier Stevens discovered that padding IE malware with 0x00 bytes would happily slip past most of the scanners in use at VirusTotal.com. Revisiting his earlier discovery, Didier found that detection on his initial samples had improved, but not by much.

For all the talk of AV companies moving away from signature based detection to heuristics, it is painfully obvious that not many of the tested engines can successfully handle such a simple and well known obfuscation method and the best of those that can detect the obfuscation can only detect it as a generic malware type. At least the scanning engines that can detect the presence of malware with the obfuscation aren't trying to claim each differential as a new variant."
Security

Submission + - Flashy 2008 Olympic Ticket Scam Site Traps Many (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "News is rapidly spreading of a number of Beijing ticket scams that have trapped hundreds, if not thousands of people across the globe. In an age when the P-p-p-powerbook incident should be read and understood by anyone with a credit card before they go online, and there is greater awareness of 419 scammers, it seems that all you need to do to separate people from their money is to claim to have desirable items that you can't actually send them for a few months, and a pretty website (that's the scam site).

It makes for an interesting case study on how we allocate trust to sites that we may not have seen before, based on how other sites relate to them (a bit like search engines used to work). When MSNBC silently fixed their article that initially pointed to the scam site it took away the evidence of how many people would have come to trust the malicious site, but we can thank cache for the truth.

If you think you might have been affected by such a scam, or just want more information on what is being done to hunt down those behind the scams, a good clearinghouse for this information is over at Beijing Ticket Scam."
Businesses

Submission + - Outsourcer Steals Data, Sells to Competitors (computerworld.com.au)

Submitted by
SkiifGeek
SkiifGeek writes: "When an Indian outsourcing firm had their contract with an American client cancelled, rather than look at what they could do to improve their service delivery or retain their customers, the firm was closed and the owner is accused of taking the internal data belonging to his ex-client and selling it to the ex-client's American competitors.

While the case represents a risk that many who outsource some of their operations would prefer not happen, it does highlight what can happen when things go wrong with any business relationship and the need to keep a tight control over information being passed outside of a company. It is somewhat ironic that the affected US company was engaged in the selling of mailing and email lists as its core business as it has now experienced what it is like to have private data sold for profit by someone else."
Security

Submission + - Attack Code Surfaces Targeting Debian SSH Keygen (computerworld.com.au)

Submitted by
SkiifGeek
SkiifGeek writes: "It's been only a couple of day since the discovery (and patching) of the weak SSH key generation affecting Debian and Debian-derived distros, but already there are a number of exploit samples available that are targeting the entire keyspace (possibly as low as 9,500 keys) for key lengths up to 8192-bit RSA.

There is a good article over at Computerworld summarising the available exploits, keys that have been blacklisted, and the sorts of systems that could be affected that might not initially appear to be Debian-related."
Security

Submission + - Just how Effective is System Hardening? (arnnet.com.au) 1

Submitted by
SkiifGeek
SkiifGeek writes: "Recent Coverage of what the NSA went through to create SELINUX raises an interesting question as to just how effective system hardening is at preventing successful attack?

When Jay Beale presented at DefCon 14, he quoted statistics that Bastille protected against every major threat targeting Red Hat 6, before the threats were known. With simple techniques for the every day user which can start them on the path towards system hardening, just how effective have you found System and network hardening to be?

The NSA does have some excellent guides to help harden not only your OS but also your browser and network equipment."
Security

Submission + - Recovering Redacted PDF Documents now Easier (computerworld.com.au)

Submitted by
SkiifGeek
SkiifGeek writes: "The dangers associated with Track Changes in Word documents are well known, as is the ease by which redacted information can be retrieved from a PDF document when black rectangles are being used for redaction. Recent work by Didier Stevens has uncovered techniques that allow anyone armed with a text editor (or a hex editor in the worst case) to recover the original form of a PDF document.

It is nothing that can't be gained from reading the PDF specification, but who takes the time to read in depth the technical specification for the data format that they are using?"
Google

Submission + - Google's Audio CAPTCHA falls to Automated Attack (wintercore.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Early in March, Wintercore Labs published proof of a generic approach to defeating audio CAPTCHAs, using Google's as the case study for their demonstration. With claims of over 90% success rate and expectations that this can be significantly improved with the right mix of filtering algorithms, the in-house tool remains unreleased. With the information published, it shouldn't take long for other developers to create their own tools and start targeting not only Google, but other sites that use audio CAPTCHAs for the vision-impaired.

It isn't the first time that major sites (significantly major webmail providers) have had their CAPTCHAs broken, but it is the first reporting of defeating an audio CAPTCHA using a generic software approach. News about the discovery is slowly starting to spread."
Security

Submission + - DefCon Competition has Antivirus Vendors Upset (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Race to Zero, a sideline competition being set up at this year's DefCon has already got some Antivirus vendors steaming over the objectives of the contest. The basic gist of the competition is that it is a polymorphism competition. Competitors are given a set of malware samples that they must then modify such that they pass through a battery of antivirus scanners without detection and still have the payload viable.

Even if competitors ignore the published vulnerabilities and weaknesses affecting antivirus vendors, the competition should turn up some interesting results that will provide technical insight and concepts for further research similar to other recent controversial competitions."
Security

Submission + - FOSS Webservers more Likely to be Defaced than Win (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. Surprisingly, in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined.

A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety levelled against them any time they disclose and mirror a reported defacement."
The Internet

Submission + - World's Largest web Defacement Archive may Close (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "It appears that the operators of the largest web defacement archive, Zone-H, may soon be closing the archive down. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety levelled against them any time they disclose and mirror a reported defacement.

With such a large repository of archived data, Zone-H have shown some interesting statistics about the changing nature of website attacks, such as more Linux servers were compromised in 2007 than all Windows servers combined. Apache suffered the same ignominious problem when compared to the combined reported IIS compromises (historical data here)."
Security

Submission + - 2 Million new Websites serve Malware Annually (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "In news that was picked up by The Register, Sophos claims that they are detecting 6,000 new sites daily that have been compromised to serve malware to unsuspecting site visitors, with 80% of site owners not aware that they have been compromised (though this figure is probably on the low side).

With increasingly vocal arguments being put forward by security experts criticising the performance and capability of site validation tools (though many of these experts offer their own tools and services for similar capabilities) and rising levels of blended attacks, perhaps it is time you reviewed the security of your site and what might be hiding in infrequently used directories."
Security

Submission + - Another QT RTSP Vuln == poor Patching by Apple? (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "In the past Microsoft and Apple have been criticised for failing to adequately patch vulnerabilities with Security patch releases — often requiring the rapid release of subsequent patches to address the holes that weren't properly closed off the first time. Most recently, Apple were forced to disable support for certain mDNSResponder functionality in OS X after repeated patches failed to address core security problems.

The disclosure of a new QuickTime RTSP remote code execution vulnerability, discovered by Luigi Auriemma, could point to a similar situation developing with the way that Apple is patching QuickTime's handling of RTSP data streams, given that Apple has patched RTSP issues no less than four times in the last twelve months and there have been at least two 0-day releases in the last three months for RTSP vulnerabilities."
The Internet

Submission + - Baidu's CFO Drowns While on Holiday (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Baidu's CFO, Shawn Wang, died while swimming while on Christmas holiday with his family on Hainan Island. Although only one trading day was available following news of his death (27th of December), it has seen more than 2% of Baidu's NASDAQ value wiped out.

While Wang's sudden death is not likely to impact the daily operations of the Chinese search engine giant, it is likely to impact the plans to list on the Hong Kong exchange, and China's 'A-Share' market, given Wang's role in getting Baidu listed on NASDAQ.

The loss of any key employee can have a major effect on a company, even if the employee is not an executive. The tragedy being faced by Baidu and the Wang family should serve as a reminder that succession planning and effective disaster management can be tested in many ways and it is important to ensure that there is always a way to continue normal operations in case of such tragedies."

Slashdot Top Deals

The rule on staying alive as a program manager is to give 'em a number or give 'em a date, but never give 'em both at once.

Close