10 total posts
Could blogging spread computer worms?
Security experts disagree about the possible threat of computer worms transmitted via RSS feeds. While no virus has yet used this method, some worry that when any network becomes large enough it will become a target. Although it may not be an immediate threat, theoretically exploited RSS data feeds could direct users to malicious websites. Worms that could use RSS readers to spread are a more comlex threat that currently does not pose a practical danger as the feeds generally do not have large enough subscriptions.
Patches issued for Kerberos flaws
The Massachusetts Institute of Technology (MIT) has issued patches for three serious flaws in its widely-used Kerberos v5 authentication system. Two of the flaws are found in the Key Distribution Center (KDC). One is a heap-based buffer overflow an attacker could exploit over TCP or UDP to execute malicious code and even gain access to the authentication realm. Another flaw would free memory in random locations, crashing the system. A double-free flaw, found in the krb5_recvauth() function, could allow a hacker to take over the system, but would be difficult to exploit. The flaws affect version 1.4.1 of Kerberos v5. While MIT has released patches for the meantime, the flaws will also be fixed in the upcoming version 1.4.2.
Australian man, ISP found guilty of piracy
By Steven Deare, ZDNet Australia
Published on ZDNet News: July 14, 2005, 7:59 AM PT
Major record labels in Australia have won a legal battle against a man and his ISP for alleged music piracy.
Stephen Cooper, operator of a Web site called MP3s4free.net, was found guilty Thursday of copyright infringement by Australia Federal Court Justice Brian Tamberlin.
Although Cooper didn't host pirated recordings per se, the court found the resident of the state of Queensland breached the law by creating hyperlinks to sites that had infringing sound recordings.
This is the first such judgment against hyperlinking in Australia.
Tamberlin found against all other respondents in the case, namely Internet service provider Comcen; Comcen employee Chris Takoushis; Comcen parent company E-Talk Communications; and Comcen and E-Talk director Liam Bal.
Virus scanner bug cost Trend $8 million
Tokyo-based anti-virus software vendor Trend Micro said a bug in its own software that affected thousands of customers has cost the company
Verisign buys security researcher iDefense
VeriSign has snapped up network security researcher iDefense for US$40 million in cash. iDefense provides early warning assessment of Internet security threats to a fairly select group of government and very large enterprise clients, said Chris Babel, vice president of Managed Security Services at VeriSign.
By acquiring the company, VeriSign hopes to be able to market the iDefense research products to a wider audience, while at the same time using data from VeriSign's security monitoring operations to bolster the iDefense research, he said.
Spyware.PCWash.com Renews Agreement with TrekBlue
Spyware.PCWash.com, today announced a renewed agreement that makes TrekBlue's Spyware Nuker Spyware software program available from their website. Visitors to the site can receive a free spyware scan of their computer.
Cisco warns of security flaws
By Marguerite Reardon, CNET News.com
Published on ZDNet News: July 14, 2005, 9:53 AM PT
Cisco Systems identified several vulnerabilities in its products this week that could lead to denial-of-service attacks
The most noteworthy flaw was reported Tuesday when Cisco warned that hackers could cripple its IP telephony networks by exploiting flaws in its CallManager software, an essential component of Cisco's IP telephony technology, which is used for call signaling and call routing.
Cisco has issued a patch for the vulnerability, which can be found on its Web site. Internet Security Systems also has released software that can block the attack to help customers as they test and install the Cisco patch.
Another worm hits AIM users
Published: July 14, 2005, 10:20 AM PDT
By Joris Evers
Staff Writer, CNET News.com
A new version of the Opanki worm that spreads via instant messenger hit users of America Online's AOL Instant Messenger on Wednesday, security company IMlogic said. The worm tricks victims into clicking on a malicious link by sending a variety of messages such as: "Hey check out this link:" or "LOL, click here:" Jon Sakoda, IMlogic's chief technology officer, said. After a victim clicks the link, the worm attempts to install remote control software on the victim's system and sends itself to all the contacts on the user's contact list, Sakoda said. IMlogic rates the new worm a "medium" risk.
Government computer systems struck by intruders
CTV.ca News Staff
CTV News has learned Canada's ultra-secret spy agency recently detected what the Communications Security Establishment says were: "a series of sophisticated intrusions into the federal government's computer systems."
The agency, Canada's national cryptologic agency, says the attacks were minimal, and refuses to divulge exactly what the hackers were after or reveal their identities.
But Julie Spillan, federal director of The Canadian Cyber Response Centre, admits: "There is a threat to Canada in the cyber realm."
Spillan says the hackers targeted specific, sensitive information.