web app security


Vsftpd FTP Server Download Site Compromised

Someone was able to compromise a version of the vsftpd secure FTP server recently, inserting a simple backdoor that gives the attacker a shell on compromised machines. The bad version of the server has been removed and the creator of the app has moved it to a different hosting provider as a precaution.

Google to Add Warnings About Malicious Executables to Chrome

Google is testing a new feature in its Chrome browser that will warn users when they attempt to download a potentially malicious executable file. The feature is an extension of the existing Web-based security mechanisms the company has integrated into Chrome and the Safe Browsing API and will be available to all users later this year.


The attack on RSA that the company revealed last week raises a multitude of questions about the security of the company’s network and its own internal procedures. But the most important issues the RSA attack brings to the surface concern exactly what the attackers may have been after and what the successful compromise means for the integrity of the tens of millions of SecurID tokens deployed around the world.

By Gunter OllmannAs a follow-up to the Rustock botnet news, Microsoft have identified themselves as the key instigators of the takedown.
This is the second time Microsoft’s legal team has been actively
involved in combating the botnet menace – and they obviously learned
from their previous attempt at trying to takedown the Waledac botnet.

By Jeremiah GrossmanThere are several security issues affecting all major Web browsers that
have remained unaddressed for years (probably because the bad guys
haven’t leveraged them aggressively enough, but the potential is
there). The problem is that the only known ways to fix these issues
(adequately) is to “break the Web” — i.e. negatively impact the
usability of a significant and unacceptable percentage of websites.
Doing so is a non-starter for any browser vendor looking to grow market
share. The choice is clear for most vendors: Be less secure and adopted, rather than secure and obscure. This is what the choice comes down to. This is a topic deserving of further exploration.

A
high-profile online advertising Web site has been hacked and rigged to
serve multiple exploits to Microsoft Windows users surfing the net with
unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net,
which is described as a high-profile advertiser on the Internet realm. 
The site has been firing an assortment of exploits for several months,
including exploits for vulnerabilities in Microsoft DirectShow and
Adobe PDF Reader.  Read the full advisory [websense.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.