[img_assist|nid=7026|title=|desc=|link=none|align=right|width=100|height=100]Three months after the world first learned of the sophisticated Stuxnet worm, insiders say that there’s a scramble to find and hire engineers with knowledge of both security and the industrial control systems that were Stuxnet’s intended target.
FTP Flaw Could Disable Wide Range of ServersAn easily exploitable flaw exists that could enable an anonymous hacker to cause a denial of service on many common FTP server platforms , including some public FTP servers run by software giants Adobe and HP, according to a report published by SecurityReason.. The vulnerability affects a wide range of FTP servers, including those by OpenBSD (V 4.7), NetBSD (V 5.0.2), FreeBSD (V 7.3/8.1), Oracle’s Sun Solaris 10 and GNU Libc, used by some leading software vendors.The vulnerabilityexists in the glob() function, which is used to enable wildcard searches by file names. When exploited the hole can cause servers to become slow, unresponsive and even crash. Acccording to the report (http://securityreason.com/securityalert/7822) from Maksymilian Arciemowicz, a security researcher with SecurityReason, the error boils down to a problem with GLOB_LIMIT, a component created in 2001 to help reduce memory used by glob(). The faulty GLOB_LIMIT clogs up memory with errant patterns that leads to the attack.Arciemowicz said well trafficked sites such as ftp.openbsd.org, ftp.netbsd.org, ftp.freebsd.org, ftp.adobe.com, ftp.hp.com and ftp.sun.com are all vulnerable to denial of service attacks using the glob() function. Those sites often allow anonymous logins, making attacks even easier.Unlike previous FTP attacks like Gumblar, which remotely steals credentials, the GLOB flaw does not allow remote code to be executed on the affected system and does not appear to be widespread. A patch has yet to be issuedThe H Security has more details about the flaw.An easily exploitable flaw exists that could enable an anonymous attacker to cause a denial of service on many common FTP server platforms, according to a report published by SecurityReason.
[img_assist|nid=7015|title=|desc=|link=none|align=left|width=72|height=72]This month’s batch of security patches from Microsoft will be a record-breaking one: 16 bulletins addressing a whopping 49 security vulnerabilities.
[img_assist|nid=7023|title=|desc=|link=none|align=right|width=100|height=100]In the face of continued attacks targeting its hugely popular Gmail service, Google has put together a checklist to help Gmail users better secure their accounts by looking at the settings in their inboxes, their browsers and their PCs. The security guide doesn’t automate any of these tasks for users, but instead gives them a guide comprising 18 steps to help lock down their Gmail inboxes.
[img_assist|nid=7008|title=|desc=|link=none|align=left|width=100|height=100]Spammers have jumped on the little-used soft hyphen (or SHY character) to fool URL filtering devices. According to researchers at Symantec Corp., spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore.
[img_assist|nid=7007|title=|desc=|link=none|align=right|width=100|height=100]It took a malware attack with an unprecedented level of sophistication to make it happen, but officials in charge of the security of much of the country’s electrical grid have come ot the conclusion that there is a need for more secure software and better security processes and procedures to prevent future attacks in the vein of Stuxnet.
[img_assist|nid=6993|title=|desc=|link=none|align=left|width=100|height=100]A compromise of the Web site that is a repository for tens of thousands of sensitive documents has led to questions about the purpose of the hack, and whether the identity of those who have leaked information may have been exposed.
[img_assist|nid=6988|title=|desc=|link=none|align=right|width=100|height=100]Since at least the time of the release of the first generation Apple iPhone, sophisticated smartphone users have been working diligently to jailbreak their devices in order to load their own software, install third-party applications and make other modifications. Now, one Android device, the G2 from HTC, has the ability to roll back modifications and restore the phone to its original state.
This video from the Black Hat USA 2010 conference shows IOActive researcher Barnaby Jack demonstrating his ability to remotely attack ATMs and force them to dispense all of their cash.