Tag: security
-
Panda threats of the last 20 years
Panda has just released a study of the most severe threats over the last 20 years. This makes for interesting reading and brings back some memories; however, the most interesting thing about this article ( and other articles on the same topic ) is that nowhere is it mentioned that these are all Microsoft-platform viruses.…
-
Microsoft, Word and the evil patent
Microsoft has been recently sued by i4i ( a Canadian developer of sgml software ) for patent infringement, specifically on a custom XML feature in Word. The damages so far amount to $290m which is a considerable amount. That though is not the big problem for Microsoft: the suit includes an injunction against Microsoft selling…
-
Windows botnets take down most of the major social web services
Twitter, Facebook, Livejournal and some other social web services were completely taken off the air this Thursday past by a massive DDoS attack aimed, wait for it, at one person – a pro-Georgian blogger called Cyxymu. This user is an activist blogger and someone doesn’t like him! So hoards of virus-infested Windows machines ( about…
-
Bind security issues
This time the security issue is with BIND 9 specifically and not DNS in general as Dan Kaminsky’s fabled cache poisoning issue from last year. Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Slaves are unaffected however. Patches are…
-
Internet Explorer patch
This past Tuesday saw Microsoft release a patch targeting a number of vulnerabilities in its browser on Windows 2000 and XP platforms ( possible IE 5, 6 and 7 ). The bugs relate to how IE handles objects in memory and table operations, more specifically it could allow remote code execution. The vulnerabilities can be…
-
This week’s security and more botnets
This week’s security issues are dominated by Oracle and Adobe Acrobat/Reader flaws – Oracle’s issues look to be in remote access and listener areas while Reader/Acrobat are to do with image decoding buffer overflows ( 14! ). Perhaps Adobe should do some code checking once in a while considering the high rate of vulnerabilities they…
-
Conficker still around?
The hype surrounding Conficker just seems to be increasing and the latest variant ( C ) apparently has some interesting capabilities such as disabling security software ( AV, firewalls, etc. ), killing processes for running security apps and p2p networking to spread infection. The worm exploits a vulnerability in the Windows Server service that is…
-
Great Wall of Aussie
The government-led project to block all sites deemed as inappropriate to children has continued with a number of interesting developments in the last few weeks. First Wikileaks listed the blocked site list on their website ( and were then duly blocked themselves!!! ). Now a group have hacked the Aus Classification Board’s website. For a…
-
IE8 – not really all that
IE8 was released to much fanfare recently ( Dean Hachamovitch at the Las Vegas MIX 09 conference ), but it hasn’t taken long for someone to find the first vulnerability. Nils, a hacker from Germany, banged the browser by using a previously unknown vulnerability in the browser, during the annual PWN2OWN contest held at the…
-
Windows security redux
A number of people responded to my previous article on the BBC’s botnet indicating that I was being overly harsh. I have 2 comments on that: 1. if you’re happy fighting fires, then maybe you should be a fireman 2. most of these respondents ran standalone machines; they had no experience maintaining corporate networks And…
-
The BBC’s botnet
It appears that the BBC has decided to become a hacking company – they recently obtained a botnet of around 22000 machines from an underground forum and demonstrated ( as part of a special investigation ) how to use these machines to send spam to some predefined email addresses they had created. UK law (…
-
Truecrypt and ext2ifs
I came across an issue this morning ( which has been around for some time already ) concerning using TrueCrypt and ext2ifs together. I would get a blue screen of death in Win XP sp2 when trying to mount a Truecrypt volume and the BSOD would relate to a driver called ifsmount.sys. Some googling turned…
-
Czech ISP chaos
A Czech ISP made some changes this morning which cause routing updates to increase from a few thousand per second to around 25k per second at its peak. Newly-connected BGP routers typically provide information about themselves to each and every other BGP router on the internet. One of these pieces of information is AS (…
-
Windows for War – scary stuff
A number of military organisations around the world have started using Windows 2000 as a platform for operational systems within navies, the army, air services and other war branches. But recently there has been quite a bit of consternation concerning the use Windows in UK naval vessels as well as French fighter planes. I’m the…
-
Kaspersky issues? or something more?
In the light of recent Kaspersky security issues I thought it useful to approach the subject of security companies trumpeting their own horns and crying foul once too many times. To start with, I don’t think this issue really merits any more attention than usual. Kaspersky do anti-virus software, not intrusion prevention software, which is…