Sophos beams up free Klingon antivirus app to Star Trek fans' PCs
Computerworld - Hard on the heels of the success of the revamped Star Trek franchise, security company Sophos has released a Klingon-language version of a free malware scanning tool it uses to show Earth-bound customers how its technology stacks up against rivals' software.
Dubbed Klingon Anti-Virus (KAV), the software is actually a tweaked version of Sophos' Threat Detection Test translated into the language spoken by Klingons in the fictional Star Trek universe.
Downloads of KAV have been "through the roof," said Carole Theirault, a senior security consultant with Sophos. "It's been huge. I'm just shocked."
----------
Facing criticism, Adobe rethinks PDF security
Blasted in February for being slow to fix a zero-day vulnerability in its popular PDF viewer, Adobe today pledged to root out bugs in older code, speed up the patching process and release regular security updates for Adobe Reader and Acrobat. Read more...
----------
Wi-Fi hikes security for handoffs between Wi-Fi, 3G networks
...
The newly added protocols, EAP-AKA (Authentication and Key Agreement) and EAP-FAST (Flexible Authentication via Secure Tunneling), are designed to better secure enterprise Wi-Fi LANs.
...
----------
CA unveils Compliance Manager for z/OS for mainframe policy control
----------
Hard drive with Clinton-era data missing from National Archives
Drive holds Social Security numbers, addresses of White House employees
----------
One in four mobile users admits driving while texting
While texting is on the rise, 83% back laws against the practice
----------
Craigslist fires back, sues South Carolina attorney general
Turning the legal tables, Craigslist Inc. this morning filed a lawsuit against the attorney general of South Carolina for threatening to file criminal charges against the online classified advertising service.
Craigslist, which is known for selling everything from toasters to escort services, said today that it had filed a lawsuit in federal court in South Carolina against Attorney General Henry McMaster. The company is seeking a restraining order and declaratory relief, which is a court's judgment on a party's rights without awarding damages or ordering anything to be done.
----------
Advanced Algorithms Enlisted To Fight Cyberwars
PC World - Tue May 19, 6:50 PM ET
First Estonia. Then Georgia. Increasingly, the theoretical potential for cyberwar is becoming hard reality. One new report argues that the unchecked proliferation of cyber warfare weapons is comparable to that of nuclear warheads. At least one branch of the US military, United States Navy takes the threat seriously and monitors cyber threats on a daily basis.
----------
Chinese Regulations Target Rising Cybercrime PC World - Tue May 19, 12:26 PM ET
China has targeted cybercrime in three new sets of regulations issued this month as the activity starts to look like an established industry in the country.
----------
IIS 6 Attack Could Let Hackers Snoop on Servers PC World - Mon May 18, 5:20 PM ET
Security vendors are warning users of Microsoft's Internet Information Services 6 Web-server software that a new online attack could put their data at risk.
----------
Trusted Computing Group Widens Security Specs Beyond Enterprise NetworksMay 18,2009 New specs include support for SCADA systems, physical access control systems, guest PCs, printers, and VOIP phones
----------
CiscoWorks TFTP Directory Traversal Vulnerability
Cisco has announced that a directory traversal flaw has been discovered in its CiscoWorks product line. According to the announcement:
Products that have TFTP services enabled and that run CiscoWorksCommon Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable.Only CiscoWorks Common Services systems running on Microsoft Windowsoperating systems are affected.
----------
Cyber Warfare and Kylin thoughts
I believe that most of our readers heard about the Kylin OS.
This is suppose to be the super Chinese Operating system, designed to be US-proof...in other words, an OS that would make the US cyber-warfare tactics useless. More here on the Post article.
My personal opinion is that it is a huge hype on this.First, Kylin is available for download, (Kylin 2.1.1a at kylin.org.cn ) and if this is the one being used by China to be their secure OS, or better yet, a US-Cyber-Warfare-bullet-proof, then there may be some problems...
----------
Speling and Grammur Opshunall
Capitalizing on the burgeoning desire on the part of every red-blooded male to see the U.S. President's main squeeze in the buff, some enterprising malware knotheads have been seeding various comment boards out there with links "photos" of the First Ta-Ta's.
----------
Antivirus Taste Test: One Man's Quest for (Nearly) Objective Rankings
Security Consultant Chaz Sowers did a semi-scientific comparison of antivirus software. The results may surprise you.
Read more
----------
Google result-manipulating Gumblar exploit picking up steam
May 19, 5:18 p.m. UTC - by Jacqui Cheng Posted in: Security
A malware exploit that has been circulating since March or so is picking up the pace lately, hijacking more than 3,000 websites as of this week. Gumblar's goal is to manipulate Google's results in order to affect as many PCs as possible, which has some researchers describing it as "a botnet of compromised websites."
Read more
----------
Wednesday, May 20, 2009 10:06 AM
Answers to the IIS WebDAV authentication bypass questions
We have heard several questions from customers about the WebDAV authentication bypass issue on IIS. We wanted to post common questions and answers here to help anyone else who might have the same question.
Question: Is Sharepoint vulnerable to the authentication bypass?
Answer: No, Sharepoint is not vulnerable to this vulnerability. The Sharepoint team does not use the same code as IIS. Their DAV server goes against their backend SQL store, not the file system.
Question: Is Outlook Web Access (OWA) vulnerable to the authentication bypass?
Answer: No, OWA is not vulnerable to this vulnerability. Exchange 2007 and earlier supported the WebDAV protocol but they did so with an Exchange implementation of WebDAV which only reads/write to/from the Exchange store. It does not interact with the filesystem directly.
Question: How can I find IIS servers in my environment running WebDAV?
Answer: You can use the IIS Manager interface on the server to quickly tell whether the server is running WebDAV. If you want to do so remotely, you can issue an HTTP request to the server directly:
...
----------
Microsoft Bans Memcopy()
This seems smart:
Microsoft plans to formally banish the popular programming function that's been responsible for an untold number of security vulnerabilities over the years, not just in Windows but in countless other applications based on the C language. Effective later this year, Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its list of function calls banned under its secure development lifecycle.
Here's the list of banned function calls. This doesn't help secure legacy code, of course, but you have to start somewhere.
----------
20 May 2009
Microsoft releases free tool for secure software development
The tool is aimed at enabling programmers to integrate the knowledge accumulated through Microsoft's Security Development Lifecycle (SDL) into their software development environment more…
----------
"The ODF Alliance has prepared a Fact Sheet for governments and others interested in how Microsoft's SP2 for Office 2007 handles ODF. The report revealed 'serious shortcomings that, left unaddressed, would break the open standards based interoperability that the marketplace, especially governments, is demanding.'"
----------
The sky is falling? GPS in trouble?
Matthew Miller: The convenience and utility of GPS may be impacted over the next year or two as the satellites circling our planet begin to expire while funding and management issues keep replacement satellites grounded.
----------
Lots of recent buzz about this site:
http://www.wolframalpha.com/
----------
Hexzone, Virut and Pushdo
Some interesting relationships between Hexzone, Virut and Pushdo suggest a complex and sophisticated malware distribution network.
----------
Netbook comes with factory-sealed malware
Chuck Miller May 20, 2009
In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.
----------
Researcher publishes Java proof-of-concept to urge Apple action
Dan Kaplan May 19, 2009
Calling Apple's patching process "opaque," a security researcher has decided that publishing a proof-of-concept exploit is the best way to force the computing giant to fix a months-old flaw.
----------
Download My Hakin9 Article “Anatomy of Malicious PDF Documents”
----------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment