Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 2 declined, 1 accepted (3 total, 33.33% accepted)

Security

Submission + - Hundreds of Thousands of Microsoft Web Servers Hac-> 1 1

andrewd18 writes: "According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and U.K. government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which uses another set of exploits to install a trojan on the client's computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection.

Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that has been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the 'net."

Link to Original Source
Software

Submission + - XenSource Inc. Aquired by Citrix

andrewd18 writes: "Citrix Systems, Inc. announced on Friday a definitive agreement to acquire XenSource, Inc. The press release emphasizes Citrix' continued interest in the growing virtualization market, particularly in the desktop sectors, but also touches on their strong relationship with Microsoft. Is this another embrace, extend, exterminate tactic?"
Security

Submission + - New Tool Automates Webmail Account Hijacks-> 1 1

andrewd18 writes: "According to the Washington Post's Security Fix blog, a tool was debuted at the Black Hat conference that makes it simple to hijack webmail services over a wireless network. While the dangers of unencrypted data transfer on a public wireless network have been around for some time, this tool presents the first example of an automated webmail hijack. Since the tool uses a cookie based attack, it works whether or not the user changes his or her password. This tool could potentially automate the attack of any user on a wireless network, so long as the website the user logs into does not encrypt its login information."
Link to Original Source

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...