Security

ID theft, vulnerabilities, privacy issues, etc

Researchers: OpenOffice.org Security 'Insufficient'

Filed under
Security

With Microsoft's Office suite now being targeted by hackers, researchers at the French Ministry of Defence say users of the OpenOffice.org software may be at even greater risk from computer viruses.

Defending Against New Rootkits That Beat BSD, Linux, Mac, Vista, AMD and Intel

Filed under
Security

“The idea behind Blue Pill is simple,” says Joanna Rutkowska of invisible things. “Your operating system swallows the Blue Pill and it awakes inside the Matrix.”

n/a
n/a

Debian Server restored after Compromise

Filed under
Security

One core Debian server has been reinstalled after a compromise and services have been restored. On July 12th the host gluck.debian.org has been compromised using a local root vulnerability in the Linux kernel. The intruder had access to the server using a compromised developer account.

Debian server hacked

Filed under
Security

"Early this morning we discovered that someone had managed to compromise gluck.debian.org," Debian developer James Troup wrote in an e-mail to the Debian community shortly before 4am AEST.

FBI plans new Net-tapping push

Filed under
Security

The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping.

Researcher Promises Browser Bug-A-Day

Filed under
Security

A security researcher has promised to release one browser vulnerability each day for the next month as part of his self-proclaimed "Month of Browser Bugs."

SQL Injection Weaknesses Found in Mambo, Joomla

Filed under
Security

Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible.

The battle of the spam

Filed under
Security

A French-based Englishman, John Graham-Cumming, is about 666,666 clicks away from creating a weapon to kill spam for good.

Security Vendor Warns Of Porn-clicking Browser

Filed under
Security

A free Web browser that bills itself as a tool for privacy protection is, in fact, a click-fraud engine for pornographic Web sites, security vendor Panda Software warned Friday.

MySQL Mistakenly Shares Customer E-mail Addresses

Filed under
Security

A mass e-mail sent out last week by open-source database vendor MySQL erroneously contained the e-mail addresses of about 9,300 customers instead of information on a series of software-support special offers that the company meant to publicize.

KDE Security Updates: Artswrapper and KDM

Filed under
Security

KDE made two security announcements today, the KDM Symlink Vulnerability is a potential local exploit on systems using KDM as their login manager. Artswrapper return value checking vulnerability affects Linux 2.6 systems that have artswrapper installed SUID root.

IE And Firefox Sport New Zero-day Flaw

Filed under
Security

Multiple security organizations warned Tuesday that Internet Explorer, Firefox, Mozilla, and SeaMonkey -- on Windows, Linux, and the Mac -- are vulnerable to a JavaScript bug that could allow a determined attacker to dupe users into giving up sensitive personal information such as credit card or bank account numbers and passwords.

Face it: Linux is insecure

Filed under
Security

Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure.

Deal with it.

OpenOffice.org: There's No Virus

Filed under
Security

OpenOffice.org responded Friday to claims in the media that the first virus had been discovered for the open source productivity suite. The group said that macro viruses are possible in any program that supports the feature.

Flaw Discovered In Snort Intrusion Prevention Technology

Filed under
Security

A recently discovered security issue in Snort, the open source intrusion prevention and detection technology used in government agencies and many large corporations, could allow attackers to bypass security on compromised machines.

Linux Kernel SMP "/proc" Race Condition DoS

Filed under
Security

Tony Griffiths has reported a vulnerability in the Linux Kernel, which can be exploited malicious, local users to cause a DoS (Denial of Service).

SSH Issues: Does Installing SSH Enable More Exploits Than it Solves?

Filed under
Security

SSH, the wonder tool of the security set, is misused by your users more easily and more often than you may think. John Traenkenschuh points out how well-intentioned administrators are using SSH to create gaping holes in their own security, and what you can do about it.

Red Hat Plugs Multiple Linux Kernel Flaws

Filed under
Security

Linux software provider Red Hat issued a security advisory for a number of its products, addressing a series of kernel vulnerabilities in the operating system software.

Syndicate content