attack

IBM has released a patch for highly critical security flaws in its Lotus Notes, following the discovery of vulnerabilities in a third-party software component used in Lotus 1-2-3.

Users who open a malicious file attachment can trigger a buffer overflow, as Lotus 1-2-3 tries to process the Lotus Worksheet file format. The vulnerabilities could allow a malicious attacker to take control of a user's system remotely and execute arbitrary code, according to Core Security Technologies, which issued a security advisory on Tuesday.

"Although these specific vulnerabilities exist on a third-party component, the problem is compounded by the way … Read more

Time's running out. The holidays are almost here, and you need ideas to get a rise out of your boring relatives, who will already be on the lookout for the RC tarantula you unleashed on the last family gathering. That 44-pound roach bot would be ideal, but it's not for sale.

Enter the "Roboscorpion." This beast's motions have been pattered after the poisonous desert dweller, according to Gizmowatch, with independently moving head, tail, and claws that look sharp enough to make it the robotic equivalent of Edward Scissorhands. It's the closest thing we've … Read more

Have you ever found yourself thinking that veggies would go down easier, if only they tasted more like bacon? You may want to top them with Bacon Salt. The brainchild of two bacon-loving former tech workers, the zero-calorie seasoning lets you add a bit of bacony goodness to any food product. It comes in three flavors--original, hickory, and peppered--and, according to this post from Seattle alt-weekly The Stranger, has been enjoyed on "potatoes (fried, mashed, whathaveyou), corn on the cob, popcorn, watermelon, pineapple, steak, eggs (fried, scrambled), green beans, assorted vegetables, chocolate, Bloody Marys, pasta, guacamole, and peaches." … Read more

A bank that guarantees its online users safety and security has direct evidence that its Web-based banking system may not be 100 percent bullet-proof.

Should that bank tell its customers? And if it doesn't, is it misleading, or even worse, lying, to them?

Bank of America, like many other financial institutions in the U.S., has jumped on the "two-factor" authentication bandwagon. Instead of having its customers log in with just a user name and password, these new schemes require some third bit of information.

Some banks choose to issue their customers a cryptographic hardware token (a … Read more

Beware of JEALOUS COMPUTERS! Apparently they have started to attack (particularly N95 owners)... here you see a few poor victims of a laptop bite and a keyboard to the face. Not pretty. Well Nokia has really gone all out on this viral N95 site... I just wrote up a big piece on this over at NOTCOT, and it was too hilarious, bizarre, and nicely designed not to share with you CNET readers too. Basically they have created a whole series of PSAs, posters, tshirts, and even a mug (well, half mug, and well they have a cool pic, but it … Read more

Enough already--how many times do we need to say "uncle"? We've been admitted afraid, very afraid, of eyeball-shaped gadgetry for some time now, in case anyone cares. But now they're imposing their ocular creepiness on kids, and that's just wrong.

Gizmodo noticed that Toys "R" Us, of all places, has come up with a nightmare-inducing thing called the "EyeClops Bionic Eye," a handheld contraption that supposedly magnifies whatever it "sees" on an order of 200x and displays it on whatever TV it's plugged into.

All it needs is … Read more

At some point within the last week, some MySpace user pages were seeded with malicious computer code. The malicious code seeks to exploit Microsoft Windows and Internet Explorer using recently patched security holes. The hope is that you haven't patched your computer yet. If you're a MySpace visitor and you visit one of the infected pages, you'll be redirected to a fake MySpace log-in page aiming to steal the visitor's MySpace user name and password. The attack employs phishing and drive-by download techniques.

SANS' Internet Storm Center offers a detailed breakdown of the attack.

According to the Associated Press, the US Defense Department took 1,500 computers offline as the result of a cyber attack. No additional information about the event was provided. Defense Secretary Robert Gates said the attack happened sometime yesterday and that e-mail systems were expected to be back online later today.

Gate said during a press conference on the matter: "We obviously have redundant systems in place. ... There will be some administrative disruptions and personal inconveniences." When asked if he, personally, had been inconvenienced, Gates replied that he's a very low tech person. "I don't … Read more

As the automated Mpack attack continues to turn thousands of legitimate Web sites into compromised sites offering drive-by downloads of malicious software, security researcher Roger Thompson over at Exploit Prevention Labs reminds us there are other exploits compromising legitimate sites, and some are as easy to find as entering a simple search string on Google. For more than a week (starting before the current Mpack attack), Thompson has been posting a list of dangerous search strings on his blog site. I've collected these and indicated in parentheses some of the known exploits associated.