Browsing Category: Vulnerabilities

Categories: Vulnerabilities

By Dancho Danchev, ZDNet
Earlier this month, the controversial BBC purchase of a botnet and modifying the infected hosts in the name of “public interest” sparked a lot of debate on the pros and cons of their action. Condemned by certain security vendors, and naturally, at least from guerrilla PR perspective, applauded and encouraged as a awareness raising tactic by others, the discussion shifted from technical to moral and legal debate, leaving a single question unanswered – what is the name of the botnet that the BBC rented and what’s so special about it?

Until now. Let’s take a peek inside the BBC “Chimera Botnet” [zdnet.com] offered for rent by a Russian Cybercrime-as-a-service (CaaS) vendor.

Read more...

Just days ahead of an April 1st activation date for the Conficker worm, a pair of security researchers from the Honeynet Project have scored a major breakthrough, finding a way to remotely and anonymously fingerprint the malware on infected networks.
Now, with the help of Dan Kaminsky and Rich Mogull, off-the-shelf network scanning vendors, including the freely available nmap, have the ability to quickly detect Conficker infections.

Read more...

Categories: Vulnerabilities

By Joe Stewart, SecureWorks

If you’ve been reading any news at all on the Internet in the past week, you’ve probably heard that Conficker Armageddon is approaching, and it’s scheduled for April 1st, only a few days from now.
The truth is, there will be no April 1st outbreak, despite what some of the press stories have said so far. The only thing that will happen with Conficker on April 1st is that already-infected systems will begin to use a new algorithm to locate potential update servers. There, that’s not so scary, is it? So why all the fuss over the 1st?
Read the full essay [secureworks.com]

Read more...

Categories: Vulnerabilities

Software vendors and security officials in several countries have been working for nearly six months on a fix for a serious flaw in a number of TCP implementations that caused a lot of controversy and speculation last fall. The problem could allow attackers to consume all of the resources on a given remote server, essentially making it unusable.

Now, it appears that the release of a patch for the weakness may not come for several more months.

Read more...

Categories: Vulnerabilities

The OpenSSL Project has released new versions of its popular implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to fix multiple security vulnerabilities.
According to an advisory [openssl.org], the update fixes three security flaws that carry “moderate severity” ratings.  The raw details:

Read more...

Categories: Vulnerabilities

When Mark Dowd and Alex Sotirov demonstrated a technique for bypassing Vista’s memory protections at Black Hat last year, the security community was stunned. Microsoft officials said at the time they were working on ways to defeat the pair’s attack and now that protection has arrived, in the form of Internet Explorer 8.

Read more...

Categories: Vulnerabilities

By Paul F. Roberts, The 451 Group
The security of smartphones such as the iPhone, Windows Mobile devices and the T-Mobile G1 has come under a lot of scrutiny lately. Each device has its own unique security model, and in the case of the iPhone, Apple has kept its platform closed to third-party security vendors. But that’s not stopping some of them from making an end run around Apple and creating their own security applications for the hugley popular device.

Read more...