Browsing Category: Vulnerabilities

Categories: Vulnerabilities

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm [zdnet.com] targeting routers and DSL modems.
The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem and launching denial-of-service attacks on some Web sites.
From the article:

Read more...

Categories: Vulnerabilities

It appears that the free ride is over for software vendors.

For years, software makers have benefited from the work done by the community of security researchers who spend days or weeks looking for vulnerabilities and novel ways to break the vendors’ products. This work is virtually always done pro bono by researchers who either have day jobs and do their research as a sideline or by experts at security companies who do the work as a way to promote their research teams. Either way, until recently, most of these bug reports were given to the affected vendors for free.

Read more...

Categories: Vulnerabilities

After taking some heat for its decision to buy a botnet and use it to send spam and launch a denial-of-service attack against a site owned by Prevx, the BBC has released an editor’s note to explain and defend the broadcast experiment.
Here’s the gist of the Beeb’s defense, via BBC Click executive editor Mark Perrow:

Read more...

Categories: Vulnerabilities

 The Conficker worm has been wreaking havoc on the Internet for several months now, and despite the concerted efforts of dozens of security organizations around the world, it is showing no signs of fading. A new analysis of Conficker by SRI International shows that the worm’s authors have added further code obfuscation and other mechanisms to avoid analysis and removal.

Read more...

Categories: Vulnerabilities

By Elinor Mills, CNET

Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket.

Read more...

Categories: Vulnerabilities

By Eric Ogren, SearchSecurity.com

Apple has a knack for producing consumer friendly technology, and they have done it again with its Apple iPhone OS 3.0 software [apple.com], which will be available later this summer. But in the process they’ve exposed the smartphone to new areas for hackers to target. The new iPhone software has many exciting new features for consumers. Features such as landscape editing, viewing of email and text files and access to corporate applications through browsers, means this handheld device will be a significant issue for security teams.

Read more...

The backers of the non-profit StopBadware.org consortium have launched a Web site where ordinary people can band together to fight computer viruses and adware. The online community site, called BadwareBusters.org, launched Tuesday and is sponsored by Harvard University’s Berkman Center, which runs StopBadware.org, and Consumer Reports WebWatch, an online information source for Web users.

Read more...