Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror

Submission Summary: 0 pending, 64 declined, 24 accepted (88 total, 27.27% accepted)

Security

Submission + - Apple and Microsoft Release Critical Patches (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Both Microsoft and Apple have released major security updates in the last 24 hours.

Microsoft's single update (MS09-017) addresses fourteen distinct vulnerabilities across all supported versions of PowerPoint, but it isn't how many vulnerabilities that are patched that is causing trouble. Instead, the decision to release the patch for Windows versions while OS X and Works versions remain vulnerable to the same remote code execution risks (including one that is currently being exploited) hasn't gone down well with some people. Microsoft have given various reasons why this is the case, but this mega-update-in-a-patch is still interesting for other reasons.

Apple have updated OS X 10.5 to 10.5.7 as part of the 2009-002 Security Update (available right here), as well as a cumulative update for Safari 3 and the Public Beta for 4. As well as addressing numerous significant security risks, the 10.5.7 update provides a number of stability and capability enhancements and incorporates the Safari 3 update patch. Probably the most surprising element of the Apple update is the overall size of it, 442MB for the point update, and 729MB for the ComboUpdate."
Security

Submission + - PDF Vulnerability Now Exploitable With no Clicking (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file.

There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."
Security

Submission + - Old Malware Tricks Still Defeat Most AV Scanners (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "A year ago Didier Stevens discovered that padding IE malware with 0x00 bytes would happily slip past most of the scanners in use at VirusTotal.com. Revisiting his earlier discovery, Didier found that detection on his initial samples had improved, but not by much.

For all the talk of AV companies moving away from signature based detection to heuristics, it is painfully obvious that not many of the tested engines can successfully handle such a simple and well known obfuscation method and the best of those that can detect the obfuscation can only detect it as a generic malware type. At least the scanning engines that can detect the presence of malware with the obfuscation aren't trying to claim each differential as a new variant."
Security

Submission + - Just how Effective is System Hardening? (arnnet.com.au) 1

Submitted by
SkiifGeek
SkiifGeek writes: "Recent Coverage of what the NSA went through to create SELINUX raises an interesting question as to just how effective system hardening is at preventing successful attack?

When Jay Beale presented at DefCon 14, he quoted statistics that Bastille protected against every major threat targeting Red Hat 6, before the threats were known. With simple techniques for the every day user which can start them on the path towards system hardening, just how effective have you found System and network hardening to be?

The NSA does have some excellent guides to help harden not only your OS but also your browser and network equipment."
Google

Submission + - Google's Audio CAPTCHA falls to Automated Attack (wintercore.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Early in March, Wintercore Labs published proof of a generic approach to defeating audio CAPTCHAs, using Google's as the case study for their demonstration. With claims of over 90% success rate and expectations that this can be significantly improved with the right mix of filtering algorithms, the in-house tool remains unreleased. With the information published, it shouldn't take long for other developers to create their own tools and start targeting not only Google, but other sites that use audio CAPTCHAs for the vision-impaired.

It isn't the first time that major sites (significantly major webmail providers) have had their CAPTCHAs broken, but it is the first reporting of defeating an audio CAPTCHA using a generic software approach. News about the discovery is slowly starting to spread."
Security

Submission + - DefCon Competition has Antivirus Vendors Upset (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Race to Zero, a sideline competition being set up at this year's DefCon has already got some Antivirus vendors steaming over the objectives of the contest. The basic gist of the competition is that it is a polymorphism competition. Competitors are given a set of malware samples that they must then modify such that they pass through a battery of antivirus scanners without detection and still have the payload viable.

Even if competitors ignore the published vulnerabilities and weaknesses affecting antivirus vendors, the competition should turn up some interesting results that will provide technical insight and concepts for further research similar to other recent controversial competitions."
Security

Submission + - FOSS Webservers more Likely to be Defaced than Win (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. Surprisingly, in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined.

A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety levelled against them any time they disclose and mirror a reported defacement."
Security

Submission + - 2 Million new Websites serve Malware Annually (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "In news that was picked up by The Register, Sophos claims that they are detecting 6,000 new sites daily that have been compromised to serve malware to unsuspecting site visitors, with 80% of site owners not aware that they have been compromised (though this figure is probably on the low side).

With increasingly vocal arguments being put forward by security experts criticising the performance and capability of site validation tools (though many of these experts offer their own tools and services for similar capabilities) and rising levels of blended attacks, perhaps it is time you reviewed the security of your site and what might be hiding in infrequently used directories."
Security

Submission + - SquirrelMail Repository Poisoned (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).

After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.

The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.

Version 1.4.13 is now available."
Security

Submission + - Critical .mdb flaw Found - Microsoft may Never fix (beskerming.com) 4

Submitted by
SkiifGeek
SkiifGeek writes: "When independent security researcher cocoruder found a critical bug with the JET engine, via the .mdb (Access) file format, he reported it to Microsoft, but Microsoft's response came as a surprise to him — it appears that Microsoft are not inclined to fix a critical arbitrary code execution vulnerability with a data technology that is at the heart of a large number of essential business and hobby applications.

Where should vendors be required to draw the line when supporting deprecated file formats and technology? In this case, leaving a serious vulnerability active in a deprecated technology could have serious effects if an exploit were to target it, but it is a matter of finding the right balance of security and usability such that Microsoft's users are not exposed to too great a danger for continuing to use Microsoft products."
Privacy

Submission + - AntiSocial Response to OpenSocial (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Microsoft employees have already openly criticised Google's OpenSocial initiative (covered here), and now there's news that one of the first OpenSocial applications, emote — by Plaxo, was hacked within 45 minutes of appearing on the net (it was subsequently pulled while Plaxo looked into fixing the holes). Although coding errors can happen to anyone, leaving evidence of lax programming discipline when all it takes to view your code is 'View Source' is poor form.

It seems that the battle lines have been drawn between Microsoft and Google through their social networking proxies, with Facebook getting ready to fire the next salvo in the social networking battle."
Internet Explorer

Submission + - AntiVirus Products fail to find Simple IE malware (beskerming.com) 4

Submitted by
SkiifGeek
SkiifGeek writes: "Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against (courtesy of VirusTotals) failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code.

Whose responsibility is it to fix this behaviour? Both the antivirus / antimalware companies and Microsoft's IE team have something to answer for."
Networking

Submission + - Aussie Claims Copper Broadband now 200x Faster (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "Winner of Melbourne University's Chancellor's Prize for Excellence, Dr John Papandriopoulos could soon find himself the focus of a number of networking companies and government agencies interested in wringing more performance from existing network infrastructure.

Dr John developed a set of algorithms (US and Aussie patents pending) that reduce the impact of cross talk on data streams sharing the same physical copper line, taking less than a year to achieve the breakthrough. It is claimed that the algorithms can produce up to 200x improvement over existing copper broadband performance (quoted as being between one and 25 mbit/sec), with up to 200 mbit/sec apparently being deliverable. If the mathematical theories are within even an order of magnitude of the actual gains achieved, Dr John's work is likely to have widespread implications for future bandwidth availability across the globe."
Security

Submission + - 92% of Users Think They're Protected -Only 51% Are (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "A survey (PDF) carried out by McAfee and the NCSA found that while more than 90% of users believed that they were protected by antivirus or antimalware products that were updated at least once a week, only 51% actually were.

What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"
Security

Submission + - Chinese Security Site Under Unique Attack (beskerming.com)

Submitted by
SkiifGeek
SkiifGeek writes: "The main site for the Chinese Internet Security Response Team (CISRT) has been serving up infrequent attacks against site visitors through the use of an injected IFRAME tag that attempts to download and install numerous pieces of malicious software.

While the source of the attack has yet to be identified, suspicion is that it might be an ARP attack being hosted by the CISRT's hosting provider. Rather than a straight up infection attempt against all site visitors (as was the case with the Bank of India hack), it is an interesting evolution to see intermittent attack attempts against site visitors."

Slashdot Top Deals

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Close