Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Aurora Attack — Resistance Is Futile, Pretty Much 268

eldavojohn writes "Do you have branch offices in China? iSec has published a new report (PDF) outlining the severity of the attacks on, allegedly by the Chinese government, dubbed 'Aurora' attacks. Up to 100 companies were victims, and some are speculating that resistance to such attacks is futile. The report lays out the shape of the attacks — which were customized per-company based on installed vulnerable software and antivirus protection: '1. The attacker socially engineers a victim, often in an overseas office, to visit a malicious website. 2. This website uses a browser vulnerability to load custom malware on the initial victim's machine. 3. The malware calls out to a control server, likely identified by a dynamic DNS address. 4. The attacker escalates his privilege on the corporate Windows network, using cached or local administrator credentials. 5. The attacker attempts to access an Active Directory server to obtain the password database, which can be cracked onsite or offsite. 6. The attacker uses cracked credentials to obtain VPN access, or creates a fake user in the VPN access server. 7. At this point, the attack varies based upon the victim. The attacker may steal administrator credentials to access production systems, obtain source code from a source repository, access data hosted at the victim, or explore Intranet sites for valuable intellectual property.' The report also has pages of recommendations as well as lessons learned, which any systems administrator — even those inside the US — should read and take note of."

Easing the Job of Family Tech Support? 932

DarkDevil writes "Ever since I was introduced to computers at a very young age, I've been the resident tech support for a household of 7 users. I've been in a cycle for the last ~8 years where something happens to my parents' computer, I spend a week or two trying to non-destructively fix the problem (and try to explain to the users what caused it and how to avoid it), and then if it's not easily fixed I'll reformat and start from scratch. Most often, the level of infection warrants a reformat, which usually ends up taking even more time to get the computer back to how my parents know how to use it. 4-8 months later, it happens again. Recently, I found ~380 instances of malware and 6 viruses. I only realized something was wrong with their computer after it slowed down the entire network whenever anyone used it. My question for Slashdot is: are there any resources out there that explain computer viruses, malware, adware, and general safe computer practices to non-technical people in an easy-to-digest format? The security flaws in my house are 9, 26, and ~50 years old, with no technical background aside from surfing the internet. Something in video format would be ideal as they are perfectly happy with our current arrangement and so it'll be hard to get them reading pages and pages of technical papers."

iPhone 3.1 Update Disables Tethering 684

jole writes "The newest iPhone 3.1 update intentionally removed tethering functionality from all phones operating in networks that are not Apple partners. This is not limited to hacked or jailbroken phones, but also includes expensive 'officially supported' factory-unlocked phones. To make the problem worse, Apple has made it impossible to downgrade back to a working 3.0 version for iPhone 3GS phones."

Anti-Virus Effectiveness Down from Last Year 201

juct sends us Heise Security's summary of an article detailing the abilities of 17 current anti-virus solutions. German computer magazine c't has found that, compared to last year, the virus scanners are having a more difficult time recognizing malware. Quoting Heise: "For real protection, however, in view of the flood of new malware, the way these programs cope with new and completely unfamiliar attacks is more important. And that's where almost all of the products performed significantly worse than just a year ago. The typical recognition rates of their heuristics fell from approximately 40-50 per cent in the last test - at the beginning of 2007 - to a pitiful 20-30 per cent."

Exploit Found to Brick Most HP and Compaq Laptops 294

Ian Lamont writes "A security researcher calling himself porkythepig has published attack code that can supposedly brick most HP and Compaq laptops. The exploit uses an ActiveX control in HP's Software Update. It would 'let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection.' The same researcher last week outlined a batch of additional vulnerabilities in HP and Compaq laptops, for which HP later issued patches."

Slashdot Top Deals

Old programmers never die, they just become managers.