Google patches Chrome file-stealing bug Google has patched its Chrome browser to prevent attackers from stealing files from PCs running the open-source app. Read more...
Apple plays catch-up, ads anti-fraud safeguard to Safari
Apple yesterday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites.
Data pain: University of Florida warns 333,000 dental school patients of breach
Storage, security raises issues for telepresence
Telepresence, the high-end form of videoconferencing now coming from several vendors, is the first technology that might let enterprises easily record high-quality versions of all their meetings, essentially with the press of a button.
Though recording and playback features for these systems are still emerging, some issues are already being raised, including storage capacity, liability and playback quality. Those problems may grow as more enterprises seek to cut back on travel and bring dispersed teams together through telepresence.
Sysadmin under house arrest for blackmailing finance company
New US travel security measure takes effect Jan 12AP - Fri Nov 14, 7:40 AM ET
BRUSSELS, Belgium - U.S. officials say Europeans and others who travel visa-free to the United States must start registering their trips electronically as part of a new online security screening process which takes effect Jan. 12, 2009.
AVG Offers Free Subscription for Deleting Key File PC Magazine - Thu Nov 13, 6:40 PM ET
Security vendor AVG said Thursday that the company will offer a free year of service, after its antivirus software misidentified a key Windows system file as malware.
Despite Risks, Employees Still Holiday Shop at Work
As Cyber Monday approaches, research suggests a majority of workers will use their work computer to shop this holiday season. But despite the continued growth in online shopping, employees and business still don't understand the risk.
One Million UK Kids Make Illicit Online Purchases
Parents unaware kids are using their credit cards.
Researchers Find Flaws In Microsoft VoIP AppsNov 14,2008
Vulnerabilities could lead to denial of service attacks, researchers say
Widespread Account-Sharing Threatens Corporate Security, RevenuesNov 13,2008 Many users break security defenses by simply handing over their credentials to colleagues, friends, experts say
MS08-068: SMB credential reflection defense
Today Microsoft released a security update, MS08-068, which addresses an NTLM reflection vulnerability in the SMB protocol. The vulnerability is rated Important on most operating systems, except Vista and Windows Server 2008 where it has a rating of Moderate. This blog post is intended to explain why the issue is less severe on Vista and Windows Server 2008, and provide some additional details to help people determine the risk they face in their environment.
This vulnerability allows an attacker to redirect an incoming SMB connection back to the machine it came from and then access the victim machine using the victim’s own credentials. (Hence the term “credential reflection”). In typical Windows XP configurations where SMB sharing is enabled and the user is a member of the Administrators group, this allows the attacker to easily take over the machine. Public tools, including a Metasploit module, are available to perform this attack.
Typical attack vectors for this vulnerability will leverage HTML either via a web browser or e-mail. Resources within the HTML document (such as IMG tags) can be used to reference a file on the attacker’s machine, and these file are then retrieved using the SMB protocol. The attacker’s machine prompts the victim for credentials and then reflects these credentials to the victim’s machine, gaining access. In cases where the attacker is on the same network as the victim, even “trusted” websites can be leveraged to perform this attack – since network data can be modified before the victim receives it.
"Monty Python's 'Dead Parrot sketch' — which featured John Cleese — is some 1,600 years old. A classic scholar has proved the point, by unearthing a Greek version of the world-famous piece. A comedy duo called Hierocles and Philagrius told the original version, only rather than a parrot they used a slave. It concerns a man who complains to his friend that he was sold a slave who dies in his service. His companion replies: 'When he was with me, he never did any such thing!' The joke was discovered in a collection of 265 jokes called Philogelos: The Laugh Addict, which dates from the fourth century AD. Hierocles had gone to meet his maker, and Philagrius had certainly ceased to be, long before John Cleese and Michael Palin reinvented the yarn in 1969."
Exploit-MS08-067 Bundled in Commercial Malware Kit
Probably the most widely reported topic in the Chinese Security community this month will be the availability of a commercial MS08-067 attack pack, customized for Chinese users. On October 26th, 2008, exploit code was posted on to a well-known public repository site. In a few days, malware kit author, WolfTeeth, was quick to sell a MS08-067 port scanning tool with attack capability to his “customers”, using free code from the Internet.
New attack targeting Windows Mobile phones
Angela Moscaritolo November 13, 2008
The attack on Windows mobile devices combines two old techniques used in the PC world.
Net Neutrality Advocates In Charge Of Obama Team Review of FCC
Palin 'Hacker' Trial Pushed Back to May
Chinese hacker attack flowchart
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment