9 total posts
Top 10 most notable Black Hat/Defcon stories
"Security woes from Las Vegas
Las Vegas airport is now crowded with crackers, hackers and those that oppose them heading home, as the annual Black Hat and Defcon conferences are over for another year.
Here's the most notable happenings of the events, some scary, some funny and some downright disturbing.
Honourable mention: Conversation
10. Internal hacks
9. FAA hacking
8. The Feds
7. SMS hacking
6. Software updates
5. Cloud computing
4. AES hacking
3. ATM hacking
More details in http://www.v3.co.uk/v3/news/2247288/top-notable-black-hat-defcon
Security experts spot holes in Twitter malware filter
"Dancho Danchev, independent security consultant and cyberthreats analyst, noted that the site's latest security move was an indication "Twitter is finally moving from reactive to proactive security practices". However, he pointed out in a blog post on ZDNet.com that the malware filter was "clearly still in development" and showed "disappointing results".
Danchev pointed to how a MySpace phishing page used in a tweet triggered the security filter, but was eventually accepted by adding a 'http://' or removing the 'www'."
Read more in http://news.zdnet.co.uk/security/0,1000000189,39706536,00.htm
Netgear adds proper parental controls and anti-phishing...
to its routers
"Netgear has announced that it will bring OpenDNS parental controls and anti-phishing to its routers.
Netgear's deal will see OpenDNS' services integrated into the router, so everything can be managed from the router's interface. The WNR2000 will be the first router to have OpenDNS built in, but Netgear plans to release firmware updates for its other routers soon.
Unlike D-Link's similar deal with Best Path Networks, Netgear plans to make its extra security available to the entire world not just the US."
Continue reading in http://www.expertreviews.co.uk/news/265093/netgear-adds-proper-parental-controls-and-antiphishing-to-its-routers.html
Verity shows off CD destruction box
"IT staff worried about leaving confidential data on old disc media are being offered an alternative to just binning them and hoping for the best. Verity Systems has come up with a destruction system that literally grinds the data off the surface of a CD or DVD.
The CD-DX2 doesn't come cheap at
Sophos: Malware from Rapidshare links; Flash in the Formula!
Sophos blogs about malicious files in some blog linking with Rapishare, a free online file sharing.
Story in http://www.sophos.com/blogs/sophoslabs/post/5784
In another blog entry, Sophos writes:
"Well the malware authors have discovered yet another vehicle for delivering and triggering their dual-actioned Adobe Flash vulnerability (which I talked about at a recent conference), this time in Microsoft Excel (expect to see them in PowerPoint and Word as well!)
The style of attack was recently outlined by Pob here, where a PDF document with two specifically crafted Flash objects work together to exploit the vulnerability. It was only a matter of time before the AVs caught up and started blocking suspicious PDFs and so the game has moved onto finding other compound files capable of embedding and invoking Flash objects. Microsofts OLE2 compound document format is well suited to this scenario and is being actively exploited as the sample submissions indicate."
Read about it in http://www.sophos.com/blogs/sophoslabs/post/5798
Researchers: XML Security Flaws are Pervasive
"Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products.
At issue are problems with the way many hardware and software makers handle data from an open standard called XML. Short for "eXtensible Markup Language," XML has been used for many years as a fast and efficient way to transport, store and structure information across a wide range of often disparate applications.
Researchers at Codenomicon Ltd., a security testing company out of Oulu, Finland, say they found multiple critical flaws in XML "libraries," chunks of code that are typically used and re-used in software applications to process XML data."
Read more in http://voices.washingtonpost.com/securityfix/2009/08/researchers_xml_security_flaw.html
Here Come The Twitter Patent Lawsuits. TechRadium Files...
The First One.
"Twitter is being sued again, and this time it isn’t some angry baseball manager who doesn’t like people impersonating him on the service. This time it is a little more serious. Twitter is being sued for patent infringement by TechRadium, a Texas-based technology company which makes mass notification systems for public safety organizations, the military, and utilities."
Apple Releases Large OS X Security Fix
"Apple has released their Security Update 2009-003 and Mac OS X v10.5.8, addressing 18 security vulnerabilities, some of them quite old.
Many of the vulnerabilities are quite critical and, based on the brief descriptions, sound amenable to exploit in the wild. For instance: "Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution." So opening some image file could take over your Mac. There are many similar flaws addressed in this update. Another interesting bug is that a locked system with a Multi-Touch TrackPad can still be accessed with "four-finger Multi-Touch gestures."
It's true that Mac users typically run as a standard, less-privileged user, but other vulnerabilities fixed in this update could allow a local user to obtain System Privileges. Even the login window has a vulnerability, and arbitrary code can be executed by using a format string in it.
The updates may be applied through Software Update or by downloading the correct version from http://www.apple.com/support/downloads/."
NOTE: Details of the update is in http://support.apple.com/kb/HT3757