SaferPC.info

Security News and Issues

Each day owning a computer and maintaining it online becomes more of a challenge. Security is a major concern to computer users. SaferPC brings you Security News and Issues of interest to security conscious PC users.

     
 Title   Date   Author   Host 

NSW speed cameras in doubt
The Age (AU)
August 11, 2005

The NSW Roads and Traffic Authority (RTA) concedes that a court's decision to throw out a traffic infringement case had created "some uncertainty" about speed camera detection.

RTA lawyers told the court they could not find an expert to prove the authenticity of mathematical algorithms published on each picture. The algorithms known as MD5 are used as a security measure to prove the pictures have not been altered after they are taken. "I accept that yesterday's judgment has raised a level of uncertainty - it's upon us to resolve that," Mr Willoughby said. "(But) people shouldn't conclude because of that decision there is a wider problem with speed camera images, we don't believe there is."

Flies swarm around MS Honeymonkey
The Register
by Robert Lemos, SecurityFocus
August 9, 2005

Microsoft 's experimental Honeymonkey project has found almost 750 web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper

Known more formally as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction. In the latest experiments, Microsoft has identified 752 specific addresses owned by 287 websites that contain programs able to install themselves on a completely unpatched Windows XP system. "The honeymonkey client goes [to malicious websites] and gets exploited rather than waiting to get attacked," said Yi-Min Wang, manager of Microsoft's Cybersecurity and Systems Management Research Group. "This technique is useful for basically any company that wants to find out whether their software is being exploited this way by websites on the internet."

"Blogger Developers Network" Blog, Cracked
Google-Blog
by Dirson
August 3, 2005

Since yesterday, "Blogger Developers Network" is cracked. This blog is a space where Blogger team publishes projects and code related with the blogging tool. You can see the original appearance of the blog on this screenshot or through Google cache.

The cracker, who changed the title ("Downloading..99%") and the design with another one inspired by 'Matrix' movie (view screenshot 1 and screenshot 2), claims that the attack was possible due to a vulnerability of Blogger, which allows any member who is invited to this blog become into admin.

Cisco Web Site Breached by Hackers
BetaNews
by Nate Mook
August 3, 2005

Facing a second embarrassing security situation in as many weeks, Cisco on Wednesday began notifying customers that its Web site, Cisco.com, had been compromised and asked users to change their passwords. News of the breach followed a report that Cisco's

"It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users," the company wrote. "As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords." Cisco said the problem was apparently not related to its own hardware products or technologies, and simply stemmed from a poorly coded Web application.

Phishers hack eBay
Tech World
by John E. Dunn
August 2, 2005

A flaw has been discovered on eBay's website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.

Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending e-mails asking eBay users to update their accounts. So far so normal, as such fake eBay e-mails are currently one of the phishing world’s persistent lines of attack. Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.

Lynn presentation leaks onto Net
TechWorld
by Kieren McCarthy
July 29, 2005

The controversial presentation by researcher Michael Lynn regarding exploitation of known holes in Cisco's router software has leaked onto the Internet.

This week, Cisco first pressured Lynn's former company Internet Security Systems (ISS) into removing the presentation from the line-up at the Black Hat security conference in Las Vegas. Then, when Lynn resigned from ISS in protest and threatened to go ahead with the presentation, Cisco took out an injunction against him. Lynn nevertheless did the presentation stating that he "had to do what was right for the country and the national infrastructure". Cisco, ISS, Black Hat and Lynn have since signed a legal agreement in which Black Hat and Lynn promised not to make the material available to anyone else. Lynn was also put under a series of controls including "unlawfully disassembling or reverse engineering Cisco code in the future ... [and] using Cisco decompiled code currently in his possession or control for any purpose."

SANS: No Safety From Vulnerabilities
Internet News
by Sean Michael Kerner
July 25, 2005

IE vulnerabilities still abound, but Apple, Mozilla and Real Player users have little to gloat about.

There were 422 newly reported Internet security vulnerabilities in the second quarter of 2005, according to the SANS Institute. The number represents a 20 percent year-over-year and an 11 percent quarterly increase in reported vulnerabilities. SANS' quarterly update of the top 20 list of Internet vulnerabilities, released Monday, identifies the most critical of the 422 that resulted in widespread damage to both enterprise and home users. Six different vendors made the list, including Microsoft, Mozilla, Apple, Real Networks, Computer Associates and Veritas.

Get paid for hacking? It's not just for movies anymore!
Arstechnica
by Josh Meier
July 25, 2005

I remember the days when hackers kept security exploits to themselves in order to gain hacker points among their fellow hackers. These days they just sell them to companies like TippingPoint. .. or do they?

TippingPoint, part of 3Com, produces intrusion prevention systems for computer systems and, in order to get a leg up on the competition, they have started offering money in exchange for the disclosure of new security vulnerabilities. The idea is that they will be able to get a leg up on competing security products if they are able to patch a vulnerability before their competitors even know it exists. TippingPoint can then use the vulnerability information to update their own security software, while notifying the original software developer of the problem.

Guardian Unlimited | Special reports | Police ask for tough new powers
The Guardian
by Alan Travis and Richard Norton-Taylor
July 22, 2005

Police last night told Tony Blair that they need sweeping new powers to counter the terrorist threat, including the right to detain a suspect for up to three months without charge instead of the current 14 days.

Senior officers also want powers to attack and close down websites, and a new criminal offence of using the internet to prepare acts of terrorism, to "suppress inappropriate internet usage". They also want to make it a criminal offence for suspects to refuse to cooperate in giving the police full access to computer files by refusing to disclose their encryption keys.

Promotional Firefox community site hacked
Arstechnica
by Ryan Paul
July 15, 2005

Registered users at the promotional Mozilla community site SpreadFirefox were greeted this morning by an e-mail informing them that a July 10 security breach could potentially have enabled attackers to acquire a massive amount of private user data.

SpreadFirefox has become the nexus of a concerted effort to market and promote the open source web browser that many of us have come to know and love. Since its inception in December of 2004, SpreadFirefox has grown in scope and support to become one of the most influential factors in Firefox proliferation... ...It is likely that exploit was facilitated by a recently discovered vulnerability in Drupal, the open source CMS utilized by SpreadFirefox and other community sites.

     

Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Shawn K. Hall © 2003-2021 Powered by 12 Point Design
Professional Web Hosting and Design Services: 12 Point DesignAt Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling painReliable Answers - developer information, current news, human interest and legislative newsLocal Homeschool provides the most up-to-date support group listings in a geographical and searchable indexTwain Harte, CA - The closest you can get to Heaven on EarthSaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security
Google

AddThis Social Bookmark Button