Keyword: vulnerability

Brevity: Headers | « Text »
  • Don’t Let the Grinch Steal Christmas (Linux Vulnerability)

    12/18/2014 2:47:48 PM PST · by zeugma · 20 replies
    AlertLogic Blog ^ | December 16, 2014 | Stephen Coty
    Don’t Let the Grinch Steal Christmas December 16, 2014 Posted by: Stephen Coty, Chief Security EvangelistLeave a comment Blog Contributions by Tyler Borland, Sr. Security Researcher and Stephen Coty, Chief Security Evangelist, Alert Logic Since we are in the thick of the holiday season, we are analyzing which operating systems support the needs of e-commerce and brick and mortar retail shops. Due to the lower cost of ownership and efficiencies such as a non-resource heavy operating system that allow for applications to run more smoothly, we found that Linux is dominating when it comes to e-commerce site deployment. According...
  • New zero day vulnerability identified in all versions of IE

    04/27/2014 4:26:55 PM PDT · by dayglored · 95 replies
    Cnet ^ | Apr 27, 2014 | Steven Musil
    A new zero day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday. The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday. The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory...
  • Major security flaw threatens Linux users

    03/05/2014 10:20:50 AM PST · by ShadowAce · 56 replies
    Network World ^ | 4 March 2014 | Jon Gold
    A source code mistake in the GnuTLS library – an open-source software building block used in a large number of different Linux distributions to handle secure Internet connections – could prove a serious threat to the privacy of Linux users, as developers rush to patch the vulnerability. Nikos Mavrogiannopolous, the developer of GnuTLS, announced Monday in a mailing list message that he had implemented a fix to the source code that closes the loophole. The flaw would have enabled an attacker to spoof GnuTLS’ system for verifying certificates, exposing supposedly secure connections to stealthy eavesdropping. By creating a specific type...
  • Backdoor in mission-critical systems (Grid,etc controllers)

    04/26/2012 11:19:35 AM PDT · by dickmc · 5 replies
    Risks Digest ^ | April 25, 2012 | C Y Cripps
    Article regarding alarming major Ruggedcom (Siemens) controller BACKDOOR vulnerability. These controllers are used widely in the electric grid, military, and transportation systems!
  • A simple HTML tag will crash 64-bit Windows 7

    12/21/2011 10:18:07 AM PST · by ShadowAce · 55 replies
    The Register ^ | John Leyden
    An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash. The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in...
  • Whitehats pierce giant hole in Microsoft security shield

    04/18/2011 11:56:11 AM PDT · by ShadowAce · 9 replies
    The Register ^ | 18 April 2011 | Dan Goodin
    In late December, Microsoft researchers responding to publicly posted attack code that exploited a vulnerability in the FTP service of IIS told users it wasn't much of a threat because the worst it probably could do was crash the application. Thanks at least in part to security mitigations added to recent operating systems, attackers targeting the heap-overrun flaw had no way to control data that got overwritten in memory, IIS Security Program Manager Nazim Lala blogged. It was another victory for Microsoft's defense-in-depth approach to code development, which aims to make exploitation harder by adding multiple security layers. However, it...
  • How many names and emails wre stolen recently from CC companies?(vanity)

    04/04/2011 4:50:54 PM PDT · by dynachrome · 31 replies
    me ^ | 4-4-11 | The young and studly Dynachrome
    I have received notification of email breaches from Kroger, Best Buy and Home Depot so far. They seem legit as they are not asking for any info, just notifying me of probable phishing scams based on these breaches. so how many credit cards got info stolen recently?
  • Warning: E-mail virus spreading (DHS investigating?)

    09/09/2010 1:57:15 PM PDT · by Rutles4Ever · 35 replies
    Twitter ^ | 09/09/2010 | Jason Ryan
    "Here You Have" Virus Email spreading. DHS US-CERT Computer Emergency Readiness Team looking into issue. will issue bulletin.
  • Unpatched kernel-level vuln affects all Windows versions

    08/07/2010 9:16:32 AM PDT · by dayglored · 20 replies · 2+ views
    The Register (Brit Tech) | Aug 6, 2010 | Dan Goodlin
    Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7. The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges. The bug resides in the “CreateDIBPalette()” function of a device driver known as “Win32k.sys.” It is exploited by pasting a large number of color values...
  • Obama's Nuclear Poser Review

    04/07/2010 3:34:56 AM PDT · by Scanian · 3 replies · 218+ views
    The American Thinker ^ | April 07, 2010 | Pamela Geller
    Barack Obama announced Monday what the New York Times called a "new strategy," his Nuclear Posture Review: he is narrowing the conditions under which the U.S. would use nuclear weapons. For the first time since the U.S. became a nuclear power, the President of the United States has explicitly vowed that we will not use nukes even against countries that use chemical or biological weapons against us, or take us down with a massive cyberattack -- as long as those states are obeying the provisions of the Nuclear Nonproliferation Treaty. He also overruled his own Secretary of Defense and said...
  • New poll: Now, signs of real vulnerability for California's Democratic Sen. Barbara Boxer

    02/15/2010 5:14:59 PM PST · by Nachum · 38 replies · 1,621+ views
    l.a. times ^ | 2/15/10 | staff
    So, is California's brittle Democratic Sen. Barbara Boxer about to become the next Harry Reid? Which is to say, embattled at home. As Reid worked the wallets of San Francisco on Presidents' Day to raise money for his endangered seat in Nevada, some stunning new Rasmussen Reports poll out today makes a compelling point: For the second straight month the three-term senator is unable to break the 50% mark against any potential Republican opponents, the historical measuring mark of vulnerability for an incumbent nine months before an election.
  • Flying the fiendish skies

    12/27/2009 3:41:55 AM PST · by Scanian · 18 replies · 1,009+ views
    NY Post ^ | December 27, 2009 | Editorial
    Islamist terror’s Christmas present to America — a deadly fireball over Detroit International Airport — failed to materialize late Friday morning, but not for lack of ingenuity or dedication on the terrorist’s part. The incendiary device carried aboard Northwest Airlines Flight 253 by a Nigerian national identified by authorities as Abdul Farouk Abdulmutallab didn’t work as designed — thus sparing 278 passengers and 11 crew members gruesome deaths. But he did manage to carry inflammable chemicals aboard the aircraft — and come perilously close to igniting them. Just how Abdulmutallab came to be on the aircraft is a compelling mystery....
  • Officers Warned of Flaw in U.S. Drones in 2004 (Predator vulnerability discussed 12/17)

    12/18/2009 11:57:45 AM PST · by markomalley · 9 replies · 409+ views
    Wall Street Journal ^ | 12/18/2009 | YOCHI J. DREAZEN, AUGUST COLE and SIOBHAN GORMAN
    Senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from drone aircraft in 2004, but the Pentagon didn't begin securing the signals until this year, according to people familiar with the matter. The disclosure came after The Wall Street Journal reported insurgents in Iraq had intercepted video feeds from drones, downloading unencrypted communications from the unmanned planes. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, said a person...
  • DNSSEC under attack?

    11/30/2009 1:11:45 PM PST · by ShadowAce · 5 replies · 317+ views
    Internet News ^ | 25 November 2009 | Sean Michael Kerner
    From the 'Mission Accomplished?' files: For more than a year now I've heard lots of people in the Internet industry proclaiming DNSSEC (DNS Security Extensions) as the long-term solution to DNS cache poisoning vulnerabilities. That may not necessarily be the case. A new vulnerability is now out that attacks DNS servers  WITH DNSSSEC installed. In the summer of 2008, security researcher Dan Kaminsky made the whole world aware of potential security issues with DNS, which could have undermined the integrity of the Internet itself. DNSSEC is supposed to be answer, with most of the world's major Internet registries moving to...
  • Disclosure of information vulnerability in Safari web browser

    01/14/2009 10:07:27 AM PST · by smokingfrog · 245+ views
    http://brian.mastenbrook.net/ ^ | Jan. 14, 2009 | Brian Mastenbrook
    Note: The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform. I have discovered that Apple's Safari browser is vulnerable to an attack...
  • Euthanasia Video, Turning the Tide, Incredibly Well Received

    09/11/2007 4:10:59 AM PDT · by monomaniac · 1 replies · 289+ views
    LifeSiteNews.com ^ | September 10, 2007
    Euthanasia Video, Turning the Tide, Incredibly Well Received September 10, 2007 (LifeSiteNews.com) - Turning the Tide, the powerful DVD on euthanasia and assisted suicide, has been incredibly well received. The Euthanasia Prevention Coalition has sold more than 700 copies of Turning the Tide since its release in April and Turning the Tide has received positive reviews from people across Canada and the US. Turning the Tide is produced by the Euthanasia Prevention Coalition and Salt and Light media foundation. Turning the Tide was designed to change the way secular society perceives the issues of euthanasia and assisted suicide. Secular society views the...
  • Critical vulnerabilities announced for all Adobe Flash platforms, including Linux and Solaris

    07/16/2007 9:22:01 AM PDT · by ShadowAce · 19 replies · 918+ views
    DaniWeb ^ | 13 July 2007 | Davey Winder,
    No less than three critical vulnerabilities have been identified by Adobe affecting upon users of Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier. The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player 8.0.34.0 and earlier which could result in a cross-site request forgery attack. Although...
  • Java flaw poses widespread security threat

    07/13/2007 10:15:13 AM PDT · by ShadowAce · 13 replies · 860+ views
    CNet News ^ | 13 July 2007 | Liam Tung
    Google's security team has discovered vulnerabilities in the Sun Java Runtime Environment that threaten the security of all platforms, browsers and even mobile devices. "This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking. "It's a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia. Australia's Computer Emergency Response Team analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. "Delivery of...
  • Attacks exploit Windows DNS server flaw

    04/16/2007 8:54:40 AM PDT · by ShadowAce · 11 replies · 991+ views
    The Register ^ | 13 April 2007 | Dan Goodin
    Attackers are targeting a flaw in the DNS service for Windows server OSes that could hijack the computers that run them, Microsoft warns. The software behemoth advises admins to employ workarounds pending completion of its investigation. The vulnerability affects Windows 2000 Server, Service Pack 4 and SP 1 and SP2 versions of Windows Server 2003, according to this Microsoft advisory. DNS functionality exposed over port 53 is not at risk. Nor are Windows 2000 Professional, Windows XP and Windows Vista. An attack can be carried out by executing a stack-based buffer overrun in the DNS Server's remote procedure call (RPC)...
  • Yahoo Patches IM Vulnerability

    04/06/2007 11:28:58 AM PDT · by bedolido · 483+ views
    baselinemag.com ^ | 4-5-2007 | Brian Prince
    Yahoo has patched a buffer overflow vulnerability in its instant-messaging tool that would have enabled attackers to potentially execute code on a compromised machine.
  • Remote Exploit Discovered for OpenBSD

    03/15/2007 10:23:10 AM PDT · by zeugma · 9 replies · 510+ views
    Core Security ^ | 2007-03-13 | Core Security labs
    Core Security is reporting a remote buffer exploit for the OpenBSD operating system. This is also being reported on /. Title: OpenBSD's IPv6 mbufs remote kernel buffer overflow Class: Buffer Overflow Remotely Exploitable: Yes Locally Exploitable: No   Advisory URL:http://www.coresecurity.com/?action=item&id=1703Vendors contacted:OpenBSD.org   Vulnerability Description The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in: 1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or; 2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)...
  • Rudy Giuliani's Vulnerabilities

    02/13/2007 12:21:51 PM PST · by Third Order · 14 replies · 583+ views
    The Smoking Gun ^ | Feb 12, 2007 | Smoking Gun
    FEBRUARY 12--As he campaigns for the Republican presidential nomination, Rudolph Giuliani will have to contend with political and personal baggage unknown to prospective supporters whose knowledge of the former New York mayor is limited to his post-September 11 exploits. So, in a bid to educate the electorate, we're offering excerpts from a remarkable "vulnerability study" that was commissioned by Giuliani's campaign prior to his successful 1993 City Hall run. The confidential 450-page report, authored by Giuliani's research director and another aide, was the campaign's attempt to identify possible lines of attack against Giuliani and prepare the candidate and his staff...
  • Smoking Gun publishes 1993 Giuliani campaign memo; cites "Wierdness Factor" among other weaknesses.

    02/13/2007 12:01:22 PM PST · by OldGuard1 · 61 replies · 1,363+ views
    The Smoking Gun ^ | Feb 12, 2007 | The Smoking Gun
    FEBRUARY 12--As he campaigns for the Republican presidential nomination, Rudolph Giuliani will have to contend with political and personal baggage unknown to prospective supporters whose knowledge of the former New York mayor is limited to his post-September 11 exploits. So, in a bid to educate the electorate, we're offering excerpts from a remarkable "vulnerability study" that was commissioned by Giuliani's campaign prior to his successful 1993 City Hall run. The confidential 450-page report, authored by Giuliani's research director and another aide, was the campaign's attempt to identify possible lines of attack against Giuliani and prepare the candidate and his staff...
  • Another good reason to stop using telnet (Major hack against Solaris)

    02/12/2007 10:35:07 PM PST · by zeugma · 22 replies · 549+ views
    SANS ^ | 2007-02-12 | donald smith
    There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination. It has been verified. In my opinion NOBODY be should running telnet open to the internet. Versions of Solaris 9 and lower do not appear to have this vulnerability. The issue: The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins. Telnet should be disabled. Since 1994 the cert.org team has recommended...
  • Firefox Popup Blocker Allows Reading Arbitrary Local Files

    02/06/2007 6:04:30 PM PST · by zeugma · 18 replies · 1,160+ views
    securiteam ^ | 2/5/2007 | securiteam
    Firefox Popup Blocker Allows Reading Arbitrary Local Files There is an interesting vulnerability in the default behavior of Firefox built-in popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information Vulnerable Systems:  * Firefox version 1.5.0.9 For security reasons, Firefox does not allow Internet-originating websites to access the file:// namespace. When the user chooses to manually allow a blocked popup however, normal URL permission checks are bypassed. The attacker may fool the browser to parse a chosen HTML document stored on the local...
  • Browser crashers warm to data fuzzing

    04/13/2006 10:37:32 AM PDT · by ShadowAce · 21 replies · 853+ views
    The Register ^ | 13 April 2006 | Robert Lemos
    Last month, security researcher HD Moore decided to write a simple program that would mangle the code found in web pages and gauge the effect such data would have on the major browsers. The result: hundreds of crashes and the discovery of several dozen flaws. The technique - called packet, or data, fuzzing - is frequently used to find flaws in network applications. Moore and others are now turning the tool on browsers to startling results. In a few weeks, the researcher had found hundreds of ways to crash Internet Explorer and, to a lesser extent, other browsers. In another...
  • Mac OS X File Association Meta Data Shell Script Execution - Another security hole found in OSX

    02/22/2006 7:42:43 AM PST · by Axlrose · 9 replies · 361+ views
    Secunia ^ | 2/22/06 | Secunia
    Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive or in a mail attachment. This can also be exploited automatically via the Safari browser when visiting a malicious web site.
  • Smoot Hawley, Chinese Style

    02/08/2006 9:39:34 AM PST · by Paul Ross · 13 replies · 456+ views
    The Discovery Institute ^ | May 20, 2005 | George Gilder
    Smoot Hawley, Chinese Style By: George Gilder Forbes.com May 20, 2005 Original Article In his insightful new book, The World Is Flat, Tom Friedman of The New York Times, though generally disdainful of anything conservative, somehow brings himself to cite an exemplary Heritage Foundation study of U.S. companies with facilities in China. These firms are not an unhealthy set of "Benedict Arnolds," as they were quaintly dubbed by Sen. John Kerry during the last presidential campaign. They are the heart of the U.S. economy and the spearhead of global economic growth. As Friedman explains, these manufacturing outsourcers together generate...
  • Windows PCs face ‘huge’ virus threat

    01/02/2006 3:54:03 PM PST · by Swordmaker · 204 replies · 7,105+ views
    Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco
    Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...
  • Worm hole found in Windows 2000

    08/04/2005 6:09:10 AM PDT · by ShadowAce · 56 replies · 1,518+ views
    CNet ^ | 3 August 2005 | Dawn Kawamoto
    A serious flaw has been discovered in a core component of Windows 2000, with no possible work-around until it gets fixed, a security company said. The vulnerability in Microsoft's operating system could enable remote intruders to enter a PC via its Internet Protocol address, Marc Maiffret, chief hacking officer at eEye Digital Security, said on Wednesday. As no action on the part of the computer user is required, the flaw could easily be exploited to create a worm attack, he noted. What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said. "You...
  • Windows flaw reaches beyond XP [Remote crash attack.]

    07/18/2005 4:38:07 PM PDT · by familyop · 23 replies · 1,278+ views
    CNET News.com by way of ZDNet ^ | 18JUL05 | Joris Evers
    A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP. Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday. RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said. The advisory was released after the security researcher...
  • CHINESE GENERAL WARNS U.S.

    07/15/2005 1:28:05 PM PDT · by Robert Drobot · 34 replies · 1,290+ views
    CNEWS ^ | 15 July 2005 | Joe McDonald
    BEIJING (AP) - A Chinese general said Beijing might respond with nuclear weapons if the United States attacked China in a conflict over Taiwan, news reports said Friday. While the general has no policy-making role in China, his comments could add to tensions with Washington at a time of U.S. worries about China's military buildup and the proposed takeover of the oil company Unocal Corp. by a Chinese state-run company. "If the Americans draw their missiles and position-guided ammunition into the target zone on China's territory, I think we will have to respond with nuclear weapons," Maj.-Gen. Zhu Chenghu, a...
  • IT'S THE TERRORISM - (suicide bombings inevitably coming to the United States!)

    07/13/2005 4:09:29 PM PDT · by CHARLITE · 15 replies · 911+ views
    NYPOST ONLINE.COM ^ | JULY 13, 2005 | EDITOR
    Save for the 9/11 attacks that leveled the World Trade Center, the United States has not had to confront the reality of suicide bombings. But for how much longer? If Americans fail to halt the partisan ankle-biting that has come to characterize most discussions of the War on Terror, and instead present a united front to the world, they will soon find out. That Saddam Hussein's Iraq was a key element in the worldwide terrorist network of which Osama bin Laden and al Qaeda were the kingpins is largely now beyond dispute. Stephen F. Hayes and Thomas Joscelyn, writing in...
  • Islamic Jihadists Send Us a Reminder - (to be taken with the utmost seriousness; this IS war!)

    07/09/2005 6:23:12 PM PDT · by CHARLITE · 10 replies · 593+ views
    CHRONWATCH.COM ^ | JULY 9, 2005 | ALAN CARUBA
    If anyone still thinks that the worldwide Islamic Jihad is going to go away simply because we have had some success in Afghanistan and are paving the way for a democratic government in Iraq, the attack in London as the G-8 meeting was to convene should dispel such notions. Most revealing was the G-8 agenda, devoted to so-called global warming and forgiving African debt, two examples of wishful thinking based on neither scientific, nor economic evidence either would accomplish anything. More to the point, the Islamic Jihadists took the opportunity to remind us who and what the real enemy is....
  • Will we Segway into oblivion? - (eye opening report on misuse of Homeland Security funds)

    04/14/2005 6:59:08 PM PDT · by CHARLITE · 37 replies · 939+ views
    DCEXAMINER.COM ^ | APRIL 14, 2005 | EDITOR
    Tax Day is a good time to take a hard look at the way government spends your tax dollars - if you have the stomach for it. Since Sept. 11, 2001, Congress has poured nearly $6 billion into homeland security, and this year's $1.7 billion appropriation represents a 306 percent increase over last year's. But Congress has also ignored the 9/11 Commission's recommendation to use this colossal sum primarily to protect the nation's most vulnerable and strategic targets - including Washington. Instead, hundreds of millions of dollars have been squandered on political pork, according to House Homeland Security Committee Chairman...
  • Symantec (Norton) details flaws in its antivirus software

    03/30/2005 9:50:57 AM PST · by holymoly · 36 replies · 1,623+ views
    Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005. The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the...
  • Phishers (misnomer) target Microsoft security initiative

    02/07/2005 11:01:51 AM PST · by holymoly · 1 replies · 447+ views
    ComputerWeekly ^ | Monday 7 February 2005 | Antony Savvas
    Phishers are taking advantage of Microsoft’s new software anti-piracy initiative by launching a wave of phishing e-mails in an attempt to get credit card numbers from Microsoft customers. The rogue e-mails also allow phishers to install spyware and adware on users’ machines. Last month Microsoft said it would not allow users in some countries install software updates online unless they could prove that their Microsoft software was legitimate. Security company Websense said it has received several reports of two new versions of spoofed e-mails that are being used to install spyware/adware onto end-user's machines and steal credit card details. The...
  • Proposition 200 and Mexico's War on Arizona

    02/04/2005 8:52:37 PM PST · by CHARLITE · 76 replies · 1,446+ views
    CHRONWATCH.COM ^ | FEBRUARY 5, 2005 | CHRISTOPHER ADAMO
    By far the most dramatic menace to this nation’s future and safety emanates from the cauldrons of Islamist extremism. But Americans are also in danger of losing their country on another front. A far larger incursion into the American homeland is being carried out via its southern border. Though an ongoing problem for many years, its instigators now apparently believe they are ready to take their attack to the next level. During a January 28 radio interview, Mexican Foreign Secretary Luis Ernesto Derbez has threatened the State of Arizona with legal action through the international courts in order to overturn...
  • Expert: Flaw still dogs Windows patch

    01/24/2005 5:32:12 PM PST · by holymoly · 30 replies · 769+ views
    C|Net News ^ | January 24, 2005 | Matt Hines
    Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows. The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers. GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not...
  • Windows Media Player Vulnerability Info (MUST READ!!!)

    12/31/2004 3:14:06 AM PST · by goldstategop · 65 replies · 3,523+ views
    Spyware Warrior Blog ^ | 12/31/04 | Eric L. Howes
    Hi All: PC World has a pair of articles about a potentially dangerous new development on the spyware/adware front: WMA (Windows Media) files being used to install adware and spyware. See: Risk Your PC’s Health for a Song? http://www.pcworld.com/news/article/0,aid,119016,00.asp Protect Yourself From Audio Adware http://www.pcworld.com/news/article/0,aid,119063,00.asp In short, the well-known copyright management/protection firm Overpeer has figured out how to install adware through Windows Media files. The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the...
  • JOHN KERRY: THE SCOTT PETERSON OF POLITICS

    10/28/2004 9:06:22 PM PDT · by CHARLITE · 7 replies · 410+ views
    THE RANT.US ^ | OCTOBER 28, 2004 | FRANK SALVATO
    October 26, 2004 - There is one thing John Kerry is consistent on: his propensity for manipulating the truth. From Vietnam to the floor of the senate to the halls of the United Nations, Kerry has stretched and exaggerated to create “the truth” and has done so without compunction. His latest “over the top” invention is his “two-hour meeting with the entire UN Security Council.” The crafting of this tale should tarnish his image in the eyes of his supporters, if not we should consider their intelligence highly suspect. Throughout his campaign he has embraced the mantra “Bush lied.” Starting...
  • John F. Kerry's Worst Nightmare

    10/25/2004 12:09:49 AM PDT · by Seaplaner · 43 replies · 2,384+ views
    NewsMax ^ | Monday, Oct. 18, 2004 | Geoff Metcalf
    The growing conventional wisdom (in military circles) is that Kerry GOT a discharge but it was other than honorable. He subsequently got Clinton to sign the fix in 2001.
  • Call for Voter-System Research and Reform, Warning of Broad Vulnerability

    09/22/2004 3:33:25 AM PDT · by Teflonic · 144+ views
    AAAS ^ | 21 September 2004 | Peter Gwynne
    Experts Convened by AAAS Call for Voter-System Research and Reform, Warning of Broad Vulnerability A panel of top experts on election technology and administration warned Tuesday that the American system of voting is broadly vulnerable to error and abuse, and called for a crash-course of study and reform to make results more reliable and to promote better access by voters, especially those who have historically encountered serious impediments to exercising their right to vote. In findings released after a weekend conference convened by AAAS, the 18-member panel concluded that research into new voting technology and the behavior of voters, election...
  • Microsoft Plugs IE; Warns All Browsers At Risk (Test Your Browser Here)

    07/03/2004 9:46:15 PM PDT · by Eagle9 · 206 replies · 10,215+ views
    TechWeb ^ | July 2, 2004 | Gregg Keizer
    As if to prove the point that security is like the Dutch boy at the dike, Microsoft on Friday released a stop-gap fix for one of several vulnerabilities that have plagued its Internet Explorer just as a security firm warned that virtually every browser -- not just IE -- can be spoofed by hackers. The update, which Microsoft tagged as “Critical,” isn't a patch per se, but rather an change to Windows that disables the ADODB.Stream object within the operating system's Data Access Components (DAC). Last week, an innovative attack launched by a Russian hacker group from previously-infected Microsoft Internet...
  • Microsoft Releases Update for Browser [More info here.]

    07/03/2004 12:43:52 AM PDT · by familyop · 31 replies · 490+ views
    Washington Post ^ | 03JUL04 | Mike Musgrove
    Microsoft Corp. released a free software update yesterday to close vulnerabilities that left users of its Internet Explorer browser open to attacks by hackers. The security breach, discovered last week, made it possible for users of Microsoft's ubiquitous Web browser to have their passwords and private account information stolen when they logged on to banking sites.
  • Core Internet technology found vulnerable

    04/20/2004 4:13:02 PM PDT · by steve86 · 9 replies · 146+ views
    MSNBC ^ | April 20, 2004 | Ted Bridis
    WASHINGTON - Researchers found a serious security flaw that left core Internet technology vulnerable to hackers, prompting a secretive effort by international governments and industry experts in recent weeks to prevent global disruptions of Web surfing, e-mails and instant messages. Experts said the flaw, disclosed Tuesday by the British government, affects the underlying technology for nearly all Internet traffic. Left unaddressed, they said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.
  • Heads UP! Security problems in Ethereal 0.9.16

    01/08/2004 10:47:36 AM PST · by Noumenon · 1 replies · 146+ views
    http://www.ethereal.com ^ | 01/08/04 | Ethereal dev group
    Name: Security problems in Ethereal 0.9.16 Docid: enpa-sa-00012 Date: December 12, 2003 Severity: High Description: Serious issues have been discovered in the following protocol dissectors: Selecting "Match->Selected" or "Prepare->Selected" for a malformed SMB packet could cause a segmentation fault. It is possible for the Q.931 dissector to dereference a null pointer when reading a malformed packet. Impact: Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code. Resolution: Upgrade to 0.10.0. If you are running a version prior...
  • 'Buy America' Defense Manufacturing

    10/27/2003 12:22:50 PM PST · by Paul Ross · 6 replies · 89+ views
    NewsMax ^ | 10/27/03 | Paul Weyrich
    Reprinted from NewsMax.com 'Buy America' Defense ManufacturingPaul WeyrichMonday, Oct. 27, 2003 Great Britain once prided itself on being the "workshop of the world." During Operation Iraqi Freedom the British army found itself at the mercy of the Swiss government, which stopped a shipment of 25,000 grenades from a manufacturer, RUAG Munitions, based on their opposition to the invasion. British troops were forced to fight under-equipped. One British military analyst argued that the British government was foolish to depend on a manufacturer whose government was outspoken in its opposition to the Iraq war. Should the United States feel confident that, unlike...
  • Oi! *Nix admin, get patching

    09/18/2003 8:48:11 PM PDT · by FourPeas · 27 replies · 176+ views
    The Register ^ | September 18, 2003 | John Leyden
      Oi! *Nix admin, get patching By John Leyden, The RegisterSep 18 2003 5:58AM It's become a busy week for *Nix sysadmins with the release of patches over the last few days to resolve vulnerabilities with popular applications including Sendmail, openSSH and DB2. Those *Nix techies enjoying a sense of schadenfreude as their Windows sysadmin colleagues toiled to defend Windows systems against Blaster, Sobig, Nachi et all over the last month now have some work on their hands. -------------------------------------------------------------------------------- First, users of the popular OpenSSH security package need to upgrade to version 3.7.1 because of a buffer overflow flaw....
  • Windows Update Site FUBAR'ed - direct link to get latest patch.

    09/11/2003 4:24:04 AM PDT · by epluribus_2 · 15 replies · 211+ views
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp is where you can get the latest patch if your windows update just goes to lala land like mine did this morning.