Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - SquirrelMail Repository Poisoned (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).

After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.

The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.

Version 1.4.13 is now available."
Security

Submission + - Major QuickTime Vulnerability in Latest Version (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Less than a month after news of active OS X fake codec malware, a major vulnerability in the latest version of QuickTime (7.3, only released two weeks ago) has been discovered and has already gone from proof-of-concept exploit code to two readily available exploit samples.

With the ease by which this exploit can be integrated with media streams, it marks a greater threat for end users than a fake codec. At this stage, about the best mitigation recommended is to disable support for RTSP via the File Type / Advanced -> MIME Settings option in QuickTime's Control Panel / PreferencePane. Even though the exploit is only for Windows systems (including Vista — QuickTime apparently doesn't utilise ASLR), OS X users could be at threat from related problems, given historical RTSP vulnerabilities."
Security

Submission + - Critical .mdb flaw Found - Microsoft may Never fix (beskerming.com) 4

Submitted by
SkiifGeek
SkiifGeek writes: "When independent security researcher cocoruder found a critical bug with the JET engine, via the .mdb (Access) file format, he reported it to Microsoft, but Microsoft's response came as a surprise to him — it appears that Microsoft are not inclined to fix a critical arbitrary code execution vulnerability with a data technology that is at the heart of a large number of essential business and hobby applications.

Where should vendors be required to draw the line when supporting deprecated file formats and technology? In this case, leaving a serious vulnerability active in a deprecated technology could have serious effects if an exploit were to target it, but it is a matter of finding the right balance of security and usability such that Microsoft's users are not exposed to too great a danger for continuing to use Microsoft products."
The Courts

Submission + - WabiSabiLabi Founder Arrested in Italy (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Noted Italian Information Security expert, Roberto Preatoni (co-founder and noted member of WabiSabiLabi, Zone-h, and Domina Security) has been arrested in Italy in relation to an ongoing spy scandal associated with Telecom Italia.

It is claimed that a pen-testing team engaged in spying, unauthorised hacking and wiretapping against a number of commercial targets, including the CEO of Brasil Telecom, an investigative firm, and two journalists. While it is not known at this stage whether Roberto is being seen as a suspect or merely assisting with investigations, a presentation that he delivered with the already-arrested Telecom Italia Chief Technology Officer at the HiTB 2006 security conference ("The Biggest Brother"), and his 2005 CCC presentation on industrial espionage, although they establish his capability and skills, they probably aren't going to help his situation much."
Privacy

Submission + - AntiSocial Response to OpenSocial (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Microsoft employees have already openly criticised Google's OpenSocial initiative (covered here), and now there's news that one of the first OpenSocial applications, emote — by Plaxo, was hacked within 45 minutes of appearing on the net (it was subsequently pulled while Plaxo looked into fixing the holes). Although coding errors can happen to anyone, leaving evidence of lax programming discipline when all it takes to view your code is 'View Source' is poor form.

It seems that the battle lines have been drawn between Microsoft and Google through their social networking proxies, with Facebook getting ready to fire the next salvo in the social networking battle."
Google

Submission + - Has Google's PageRank Algorithm been Devalued? (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "In late October, a number of large Internet sites, including Forbes, the Washington Post, Engadget, Joystiq, and others, found that their public Google PageRank had been reduced significantly for what initially appeared to be no reason whatsoever. It turns out that the reason behind the PageRank adjustment was the presence of paid links on these sites — links that it was believed were poisoning / gaming Google's search results. Google has been warning about this practice for some time, though previous action against link farms and some smaller sites went fairly unnoticed. Because major sites were affected, it has drawn the attention of traditional media outlets. While there has been a mix of reactions to the changes, from calls for more openness from Google about site ranking (weighed against giving too much information to the SEO black hats) to claims of double standards — by effectively marking all other Internet advertising as a negative weighting.

Whether the changes in PageRank will mean anything as far as traffic to the sites is concerned, it is too early to tell. Early reporting from some of the site administrators concerned suggest that the traffic difference is not significant. Historically this wasn't the case, as there would be significant differences in the levels of traffic received for even a minor change in PageRank. At this time, it seems that the only change has been in the publicly reported PageRank level, and not the behind-the-scenes PageRank that actually determines the positioning within the search results returned."
Google

Submission + - Has Google's PageRank Algorithm been Devalued? (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "In late October, a number of large Internet sites, including Forbes, the Washington Post, Engadget, Joystiq, and others, found that their public Google PageRank had been reduced significantly for what initially appeared to be no reason whatsoever. It turns out that the reason behind the PageRank adjustment was the presence of paid links on these sites — links that it was believed were poisoning / gaming Google's search results. Google has been warning about this practice for some time, though previous action against link farms and some smaller sites went fairly unnoticed. Because major sites were affected, it has drawn the attention of traditional media outlets. While there has been a mix of reactions to the changes, from calls for more openness from Google about site ranking (weighed against giving too much information to the SEO black hats) to claims of double standards — by effectively marking all other Internet advertising as a negative weighting.

Whether the changes in PageRank will mean anything as far as traffic to the sites is concerned, it is too early to tell. Early reporting from some of the site administrators concerned suggest that the traffic difference is not significant. Historically this wasn't the case, as there would be significant differences in the levels of traffic received for even a minor change in PageRank. At this time, it seems that the only change has been in the publicly reported PageRank level, and not the behind-the-scenes PageRank that actually determines the positioning within the search results returned."
Security

Submission + - (Not the) First OS X Malware Spreading in the Wild (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Many sites are now carrying the news of the latest OS X trojan to have been discovered in the wild, a DNS Changer that changes where DNS queries from an infected machine are sent. According to Intego, the company responsible for identifying the malware, it has been discovered on a growing number of fake codec sites and seeks to infect OS X users who are searching for porn movies (yet another example of how the desire to view adult entertainment is driving technology forward).

With a number of Windows antimalware developers crowing about OS X users no longer being able to feel smug about their security, other 'security experts' are calling OS X the new Windows 98 as far as security environments go (though it has stood for over 6 years).

Linux and *nix users should pay attention to this malware, as it achieves its goals using techniques that will work equally well on their systems."
Internet Explorer

Submission + - AntiVirus Products fail to find Simple IE malware (beskerming.com) 4

Submitted by
SkiifGeek
SkiifGeek writes: "Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against (courtesy of VirusTotals) failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code.

Whose responsibility is it to fix this behaviour? Both the antivirus / antimalware companies and Microsoft's IE team have something to answer for."
Networking

Submission + - Aussie Claims Copper Broadband now 200x Faster (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Winner of Melbourne University's Chancellor's Prize for Excellence, Dr John Papandriopoulos could soon find himself the focus of a number of networking companies and government agencies interested in wringing more performance from existing network infrastructure.

Dr John developed a set of algorithms (US and Aussie patents pending) that reduce the impact of cross talk on data streams sharing the same physical copper line, taking less than a year to achieve the breakthrough. It is claimed that the algorithms can produce up to 200x improvement over existing copper broadband performance (quoted as being between one and 25 mbit/sec), with up to 200 mbit/sec apparently being deliverable. If the mathematical theories are within even an order of magnitude of the actual gains achieved, Dr John's work is likely to have widespread implications for future bandwidth availability across the globe."
Security

Submission + - The Race to Secure Citrix Gateways (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "After recent posts to the GNUCitizen blog, it seems that some in the Information Security industry have started to pay attention to the inadvertent risks posed by poorly secured and managed CITRIX gateway systems.

While some of the techniques in use are nothing new, it is disturbing that they are still functional after such a long period of time (going on 5 years) and so many systems offer up information so easily. With a number of .mil, .edu, and .gov sites identified as highly likely candidates for successful attack, the race will be on to secure them before the hackers start knocking."
Security

Submission + - Microsoft Security Evangelist Eschews Antivirus (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "With October being Cyber Security Awareness Month (recognised here, amongst other places), news that one of Microsoft's chief Security Evangelists intentionally avoids running any Antivirus software is an interesting statement of faith in the capabilities of the Windows Firewall, Vista's UAC, and end user education.

Making such a bold statement is not without it's risks."
Security

Submission + - 92% of Users Think They're Protected -Only 51% Are (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "A survey (PDF) carried out by McAfee and the NCSA found that while more than 90% of users believed that they were protected by antivirus or antimalware products that were updated at least once a week, only 51% actually were.

What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"
Security

Submission + - Chinese Security Site Under Unique Attack (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "The main site for the Chinese Internet Security Response Team (CISRT) has been serving up infrequent attacks against site visitors through the use of an injected IFRAME tag that attempts to download and install numerous pieces of malicious software.

While the source of the attack has yet to be identified, suspicion is that it might be an ARP attack being hosted by the CISRT's hosting provider. Rather than a straight up infection attempt against all site visitors (as was the case with the Bank of India hack), it is an interesting evolution to see intermittent attack attempts against site visitors."
Security

Submission + - Is the Storm Botnet Much Smaller than Predicted? (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "After finally adding detection for the Storm / Nuwar family of Trojans to the Malicious Software Removal Tool, Microsoft have published information about the number of affected systems identified, and the apparent botnet change that followed the update to the MSRT.

The numbers aren't what most people would expect, with Microsoft estimating the Storm botnet at only half a million machines."

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close