Donald Sears

US CERT Warns on VxWorks Flaws

The U.S. Computer Emergency Readiness Team has issued two warnings on flaws in the embedded systems’ OS technology VxWorks as discovered by researcher HD Moore. One flaw deals with weakness in the hashing algorithm of the API authentication; The second regards debug settings being enabled by default and affects nearly 60 vendors’ products. Read the algorithm warning here. Read the debug warning here. [US CERT]

Private Web Browsing Is Mostly A Failure

Features in the four major browsers designed to cloak users’ browser
history often don’t work as billed, according to a research paper that
warns that users may get a false sense of security when using the
built-in privacy settings. Read the full article. [The Register]


Researchers at Def Con created a handful of virtual server instances on
Amazon’s EC2 and used a homemade program to attack the network of a
client — a small business that wanted its connectivity tested. They took the company off the
Internet. The price? Six dollars. Read the full article. [Dark Reading]

A security researcher has uncovered yet another vulnerability in Adobe
Reader that allows hackers to execute malicious code on computers by
tricking their users into opening booby-trapped files. Read the full article. [The Register]

A secretive volunteer group that tries to track terrorists and criminals on the Internet went to the Defcon hacker conference this past week in hopes of recruiting information security experts, but it will first have to overcome some skepticism. Read the full article. [IDG News Service]