gondaba - Slashdot User

Submission + - Palm WebOS Hacked Via SMS Messages

Submitted by gondaba on Monday April 19, 2010 @12:33PM

gondaba writes: Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly validate input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over a SMS message).

Submission + - Dan Geer on Trusting PCs in Botnets (zdnet.com)

Submitted by walk*bound on Tuesday November 20, 2007 @12:41PM

walk*bound writes: In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal to trust the handshake between e-commerce sites and zombie computers. The suggestion is simple: Assume end users either always say "Yes" or "No" to security dialog boxes, then make the decision two ways: "When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say Yes and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."

IBM, Linden Labs Call For Portable Avatars 93

Posted by kdawson on Thursday October 11, 2007 @11:54AM from the door-from-sl-to-google-earth dept.

destinyland writes "IBM just announced a push for universal avatars with Second Life's creator Linden Labs. Then they joined Google, Cisco, Intel, Sony, Microsoft, and Motorola for the first planning session on how to make it happen. There's already speculation that Google is working on a 3-D social networking environment incorporating Google Earth and Google Maps." Virtual Worlds News has up a copy of the joint press release.

Submission + - Microsoft Does 180 on URI Protocol Handing Flaw (technet.com)

Submitted by a-twitter on Thursday October 11, 2007 @10:03AM

a-twitter writes: After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability, announcing in a security advisory that a Windows update will be released to revise URI handling code within ShellExecute() to be more strict. The MSRC blog explains the background and offers more details on this issue.

Bye Bye Spam and Phishing with DKIM? 134

Posted by Zonk on Thursday May 24, 2007 @06:35PM from the teflon-for-your-mailbox dept.

ppadala writes "While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"

Slashdot Top Deals