Chris Brook

About

"Distrust and caution are the parents of security" - Benjamin Franklin

Feds Raid Home of Former Raytheon Employee

Federal agents on Monday raided the Melrose, Massachusetts home of a missile systems expert who formerly worked at U.S. defense
contractor Raytheon. Several boxes of items were taken by FBI and Immigration
and Customs Enforcement agents from the home, which is owned by Richard M. Lloyd.


Customers of an Italian bank were lured into a phishing scam with promises of mobile phone airtime credits, according to a blog post from analyst Mathew Maniyara on Symantec’s Connect blog.

Spammers always need fresh lists of e-mail addresses, says
Steve Santorelli of Team Cymru. Supplying them is a lucrative underground
business in its own right. The easy availability of such lists and the
commodity prices they fetch is a sign of how well developed the underground
economy really is. In this strip, a spammer negotiates for a list of one
million e-mail addresses. The final price: 100 addresses for a little more than
a penny.

FTP Flaw Could Disable Wide Range of ServersAn easily exploitable flaw exists that could enable an anonymous hacker to cause a denial of service on many common FTP server platforms , including some public FTP servers run by software giants Adobe and HP, according to a report published by SecurityReason.. The vulnerability affects a wide range of FTP servers, including those by  OpenBSD (V 4.7), NetBSD (V 5.0.2), FreeBSD (V 7.3/8.1), Oracle’s Sun Solaris 10 and GNU Libc, used by some leading software vendors.The vulnerabilityexists in the glob() function, which is used to enable wildcard searches by file names. When exploited the hole can cause servers to become slow, unresponsive and even crash. Acccording to the report (http://securityreason.com/securityalert/7822) from Maksymilian Arciemowicz, a security researcher with SecurityReason, the error boils down to a problem with GLOB_LIMIT, a component created in 2001 to help reduce memory used by glob(). The faulty GLOB_LIMIT clogs up memory with errant patterns that leads to the attack.Arciemowicz said well trafficked sites such as ftp.openbsd.org, ftp.netbsd.org, ftp.freebsd.org, ftp.adobe.com, ftp.hp.com and ftp.sun.com are all vulnerable to denial of service attacks using the glob() function. Those sites often allow anonymous logins, making attacks even easier.Unlike previous FTP attacks like Gumblar, which remotely steals credentials, the GLOB flaw does not allow remote code to be executed on the affected system and does not appear to be widespread. A patch has yet to be issuedThe H Security has more details about the flaw.An easily exploitable flaw exists that could enable an anonymous attacker to cause a denial of service on many common FTP server platforms, according to a report published by SecurityReason.