Archive for February, 2007
2007.02.05 Daily Security Reading
by Rodney Campbell on Feb.05, 2007, under Security
Windows Vista has barely been released, and already the driver signing on the 64 bit version has been circumvented. The 64 bit version only permits signed drivers in an attempt to enforce that every driver fully implements the Protected Media Path that was incorporated into Vista at the behest of the major media conglomerates (and at the cost of the consumers who now have to live with less stable/proven – drivers need to be re-engineered which takes time and money – drivers for crucial system components).
‘Contact us’ attack takes out mail servers
The contact us feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers.
Mac Developer mulling OS X equivalent of ZERT
Now that the Month of Apple Bugs project is done, Landon Fuller just wants some rest. Then, if his buddies are up to it, the brain behind the month of Apple fixes counter-project wants to expand the initiative to provide “zero-day patches” for critical issues affecting Mac OS X users.
2007.02.02 Daily Security Reading
by Rodney Campbell on Feb.02, 2007, under Security
SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
Six years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. The SANS Top-20 2006 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts.
Thumb drives are too often the victims of convenience
USB flash drives, also known by many other names, seem to be everywhere — and that’s the problem. Last year, vendors sold 85 million of the drives, according to market research firm Gartner, but few of those buyers thought about the drives’ security implications.
Vista pranks possible via voice commands
Windows Vista, could have system commands activated by audio files running on a Web site… In order for an attack to be successful, the user would have to have a microphone and speakers.
2007.02.01 Daily Security Reading
by Rodney Campbell on Feb.01, 2007, under Security
Software security vulnerabilities to grow
Security research company, Internet Security Systems, anticipates a continued rise in profit-motivated attacks, including an increased focus on the Web browser and image-based spam. See the full IBM ISS X-Force 2006 Trend Statistics report (pdf).
Script wreaks havoc on MySpace
A handful of enterprising people – at least one of them a teen – has devised a Javascript that allows its owner to temporarily access the browser’s MySpace account.
Why Anti-Virus Profiling is inadequate and Why Anti Virus is Dead (pdf)
There are two techniques that AV products use to try to spot viruses.
Internet Explorer at Zero-Day Risk
A security research firm is warning that all versions of Microsoft’s Internet Explorer are at risk from a vulnerability that could trigger a denial of service attack on end-users.
Spam Made Up 94% Of All E-Mail In December
Legitimate e-mail now constitutes a rounding error when compared with spam, thanks to a standing army of more than a million zombie PCs waging war on in-boxes worldwide on any given day. At a local level I can confirm this – at the gateways I look after for the company I work for we saw 96% incoming attempted messages as spam in both Dec 2006 and Jan 2007.