Vulnerabilities

An Iranian man who revealed a vulnerability in a widely used point of sale (POS) system in Iran had his blog confiscated by Google, which cited violations of its Terms of Service.

A vulnerability in Skype that could expose members’ IP addresses may have been known to Skype officials as far back as November 2010. A researcher who first discovered the flaw speculates it may have been left exposed perhaps because it was deeply embedded in the code and could cause other problems, according to a Wall Street Journal blog.

The dust still hasn’t cleared from revelations that many of RuggedCom brand networking products contain an easily-exploited back door account, and that it is working on a fix for the problem, according to a statement from Siemens, which recently bought RuggedCom.

Unprotected users visiting a page hosting the much-discussed Flashback Trojan could be earning some serious cash for the malware’s creators, according to new research from Symantec.

Anti malware company Symantec released its threat report for 2011 on Monday. Buried in the dry statistics about the number of Web based attacks and malicious programs detected during the year are some surprising facts. Among them: religious-themed Web sites are among the dirtiest on the Internet.

VIEW SLIDESHOW Mac Malware through the YearsWith the recent glut of high profile Mac-based malware like MacDefender and Flashback, it’s easy to forget that Macintosh computers (and Mac malware) have been kicking around for more than thirty years – longer, even, than Windows malware. In fact, the first documented Mac virus actually predated some of the first PC viruses by a good four years.

There’s a critical remotely exploitable vulnerability in all of the current versions of the Oracle database server that can enable an attacker to intercept traffic and execute arbitrary commands on the server. The bug, which Oracle reported as fixed in the most recent Critical Patch Update, is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code circulating.