WASHINGTON–One of the keys to addressing the widespread security threats facing both private and government networks is to develop more secure operating systems from the ground up and not rely on trying to secure existing ones, top CIA and Pentagon information assurance officials said.
Browsing Tag: vulnerabilities
Google has fixed more than two dozen vulnerabilities in its Chrome browser and also implemented a defense against the BEAST SSL attack. The bugs fixed in the new version of Chrome include 11 high-severity flaws.
A group of researchers has released a tool that they say implements a denial-of-service attack against SSL servers by triggering a huge number of SSL renegotiations, eventually consuming all of the server’s resources and making it unavailable. The tool exploits a widely known issue with the way that SSL connections work.
Researchers in Germany have developed an attack that enables them to decrypt supposedly private messages sent via XML. Their attack affects messages encrypted with any of the algorithms supported by the XML encryption standard, including DES and AES.
The newest version of the Android mobile operating system includes a major security upgrade, the presence of address space layout randomization (ASLR), which gives users some better protection against memory-corruption exploits.
There is a new worm circulating right now that is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet. The worm also attempts to install a remote access tool in order to give the attacker control over the newly infected server.
By Alex GostevFirst of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here (at a minimum) – the main module and a keylogger. All that has been mentioned in last 24 hours about connections between Duqu and Stuxnet is related mostly to the first one – the main module.
The last couple of years have seen a rise in the volume of malware targeted specifically at various mobile operating systems, including Android, iOS and Symbian. Getting a handle on exactly how much of that mobile malware is actually infecting users has been a bit difficult, but Microsoft researchers have found that many mobile malware samples also show up on the desktop for various reasons, giving them a view into the prevalence of malware on key platforms.
Mac-based malware is still a relatively rare occurrence when compared to the flood of malicious programs aimed at Windows. But, it appears that the attackers who are creating the more recent Mac malware either have experience writing Windows-based malware or are simply paying close attention to what’s been working for Windows malware for all of these years. The latest evidence of this being the discovery that the Flashback Mac Trojan has the ability to overwrite the Mac’s built-in anti-malware component and prevent it from updating.
Researchers from MIT and Georgia Tech have developed a new technique that enables them to use the accelerometer in an iPhone or other smartphone to capture keystrokes from a nearby PC and decipher the typed words with about 80 percent accuracy. The tactic, while quite complicated, could be used to conduct password-recovery or other attacks on unsuspecting victims.