Forgot your password?
typodupeerror

Submission Summary: 0 pending, 2 declined, 1 accepted (3 total, 33.33% accepted)

Security

+ - Hundreds of Thousands of Microsoft Web Servers Hac-> 1

Submitted by
andrewd18
andrewd18 writes "According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and U.K. government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which uses another set of exploits to install a trojan on the client's computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection.

Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that has been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the 'net."

Link to Original Source
Software

+ - XenSource Inc. Aquired by Citrix

Submitted by
andrewd18
andrewd18 writes "Citrix Systems, Inc. announced on Friday a definitive agreement to acquire XenSource, Inc. The press release emphasizes Citrix' continued interest in the growing virtualization market, particularly in the desktop sectors, but also touches on their strong relationship with Microsoft. Is this another embrace, extend, exterminate tactic?"
Security

+ - New Tool Automates Webmail Account Hijacks-> 1

Submitted by
andrewd18
andrewd18 writes "According to the Washington Post's Security Fix blog, a tool was debuted at the Black Hat conference that makes it simple to hijack webmail services over a wireless network. While the dangers of unencrypted data transfer on a public wireless network have been around for some time, this tool presents the first example of an automated webmail hijack. Since the tool uses a cookie based attack, it works whether or not the user changes his or her password. This tool could potentially automate the attack of any user on a wireless network, so long as the website the user logs into does not encrypt its login information."
Link to Original Source

"Pay no attention to the man behind the curtain." -- Karl, as he stepped behind the computer to reboot it, during a FAT

Working...