bhsbulldozer writes: An IT security researcher and sys admin offers an interesting write-up on the shortcomings of current AV solutions, and how the Aurora attack that penetrated several large US corporations last year could have been prevented. The article also puts emphasis on how heuristics or signature scanning is almost impossible with the advanced obfuscation techniques of current generation malware. The post also includes a video demonstrating possible next-gen malware detection — and is worth a look.
from the someone-needs-a-little-hanging-before-bed dept.
tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia
carries similar information."
from the everyone-make-lasery-noises-now dept.
David Orenstein writes "Teams at Stanford and MIT have each reported getting
strong light signals from germanium-based diodes on silicon at room temperature. Engineers have long sought to do this because, with further refinement into lasers, such diodes would allow for optical interconnects on chips. Optical interconnects could operate much faster and with less power than electrical (metal) ones that are becoming bottlenecks on current chips."
from the wait-until-this-hits-your-block-committee dept.
itwbennett writes "A large number of Chinese parents are finding their teenagers to be exhibiting such psychological symptoms as depression, antisocial behavior, and slipping grades. The cause: Internet addiction. World of Warcraft and Counter-Strike rank beside Chinese role-playing games as those that hook the most patients, says Tao Ran, the founder of a youth rehabilitation center on a Beijing army base. Online chat programs more often hook girls, who make up a handful of Tao's current 70 patients. The teens are subjected to a 'strict regimen of military drills, martial arts training, lectures and sessions with psychiatrists.' And, most importantly: no Internet."
Okay, the story here is that it is once again possible to download a trojan merely by visiting a web page. All articles I've found have unfortunately focused on a single exploit of this vulnerability, and thus the articles are nearly irrelevant. The vulnerability is what matters. If it isn't patched soon, you could see millions of infections from more creative exploits in the very near future. If any hacker is able to smuggle the trojan onto even a single major website, he could net millions of victims.
Does anyone know which vulnerability is being used? Or what browser(s) are affected? Is it just Internet Explorer 6? IE7? How long has Microsoft known about this vulnerability, and when will they fix it (or have they already?) I can't find any useful articles on the net — they're all just clones of this one.
The Google maps bit is of course completely irrelevant — the ability to map IP addresses to physical locations has been widely and publicly available since before Google existed. Google has no culpability here, despite the misleading reporting done by the major news agencies.