Forgot your password?
typodupeerror
Cellphones

Palm WebOS Hacked Via SMS Messages 99

Posted by Soulskill
from the and-a-sausage dept.
gondaba writes "Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly perform input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over an SMS message)."

Comment: BlockHosts (Score 2, Informative) 497

by psychosis (#31385266) Attached to: Coping With 1 Million SSH Authentication Failures?

We started using BlockHosts to feed iptables rules, and our failure logs went from 30-50k per day to 100. Basically, with more than 'x' failed logins within 'y' time frame, the source IP is blocked for 'z' time period. Since it uses iptables, you could block it from just the ssh port, or the entire system (we do the latter).
All three variables are configurable, and we also have whitelisted a few select standby IPs for contingency use. (As another poster said, you **will** lock yourself out eventually.)

Security

+ - Report: 7 Years of Advanced Persistent Threat->

Submitted by psychosis
psychosis (2579) writes "Mandiant's "M-Trends" report highlights more than seven years of lessons learned while conducting computer and network intrusion investigations for the U.S. government, the defense industrial base, and commercial organizations. Recently, a number of device vendors and "security" shops have been attempting to surf the "APT PR wave," but Mandiant has been actively engaged in responding to the APT for longer than most in the industry have even acknowledged such a pervasive threat exists.
This report offers a comprehensive, FIRST HAND account, and includes several case studies.
Bottom line: if you run a computer network that is now or may someday be of interest to foreign governments or criminal organizations you should request and read this report.
Free registration required, but worth the 5sec of effort..."

Link to Original Source

Comment: Two must-do moves (Score 4, Informative) 593

by psychosis (#25936987) Attached to: Recourse For Poor Customer Service?

1) Dispute charge with your credit card issuer (as others have recommended)
2) Check out the consumerist blog (consumerist.com) and use their guidelines to get consumer satisfaction.

Don't let them BS you - put the beef out in public and you're more likely to get results. Dell and other large companies don't care about you, an individual consumer - make it public and affect thousands of buying decisions and you'll likely fare better.

Note: If they resolve this to your satisfaction, also post/email/whatever a follow-up showing that they made good on a bad situation. If they do not, of course you should let everyone know that as well.

Good luck!

FORTUNE'S FUN FACTS TO KNOW AND TELL: A guinea pig is not from Guinea but a rodent from South America.

Working...