I’m in a much better mood today. I should really work from the home office more often.
- Browzar promises private surfing
- NSA Mobilizes Against Leaks
- Research shows SSL VPNs gaining inroads over IPSec VPNs
- Sophos Anti-Rootkit 1.1
- Disaster recovery plans for your data warehouse
Tags: News, Disaster Recovery, NSA, SSL VPNs, Sophos, Anti Rootkit, Browzar, Daily Links, Morning Coffee
For those of you gadgetheads that have all the toys, or guys like me that had someone give him a PSP, heads up. Just posted over on Secunia is a vulnerability in the PSP that has been rated as moderately critical. This is currently an unpatched vulnerability that will
Description:
A vulnerability has been discovered in Sony PlayStation Portable, which can be exploited by malicious people to compromise a user’s system.The vulnerability is caused due to an error in libTIFF and can be exploited to execute arbitrary code when a specially crafted TIFF image is viewed in the Photo Viewer.
The vulnerability has been confirmed in version 2.60 and has also been reported in versions 2.00 through 2.80.
The easy way is to not view untrusted images according to the posting. Well, either that or you could put the thing down, go outside and read a book. Remember those?
Tags: PSP, Gadgets, PSP TIFF Vulnerability, SONY, Vulnerability
Via Richard Stiennon’s blog we find the possibility that the Canadian goverment may be preparing to filter and block content that it deems inappropriate. This is a disturbing development if found to be true.
On June 29th we saw the ISP Bell Sympatico change it’s policies to permit spying on it’s customers.
While the sites in question are reprehensible white supremacist rantings that deserve to be tactically nuked from orbit it is a little disconcerting that Canada believes its citizens need to be protected from certain types of information.
I can see these sites being filtered…but, what next? And what controls will be in place to avoid abuse?
I worried when Harper took power. Now I’m starting to think that worry might have been justified. If the Conservatives think Canadians are too stupid to avoid hate sites on the internet. How far off can the RFID implants be?
Here’s a snapshot of what we can expect.
Tags: Canadian Government, Censorship, RFID, Harper
In the hopes of cashing in on the misery of others the scamming phishers et cetera were signing up “Ernesto” themed domain names.
As of early Tuesday, 19 new domains with the term “Ernesto” have come online, reported the SANS Institute’s Internet Storm Center (ISC). Of the 19, 18 are hurricane related, including domains such as “ernestohurricane.com,” “ernestodamage.com,” and “ernestoweather.com.” According to Johannes Ullrich, the chief research officer of the ISC, 17 of those were registered by one person.
Thankfully Ernesto turned out to be little more than a rain storm. Which incidentally seems hell bent on ruining my labour day weekend.
Glad to see the scammers/squatters getting hosed on the domains. I hope (but know better) that they register with Network Solutions and paid through the nose.
Tags: Ernesto, Scammers, Squatters, Websites
Well, I can see from reviewing the logs that school is back in. A big hello to all of the college/univerisity readers that have come online in the last 72 hours. Raise a pint for me, the poor working stiff, as I remember the good ole days. Sleeping in until noon and out with the lads till all hours each night. Enjoy.
- Rootkit malware has double sting in its tail
- Microsoft to patch app that strips DRM technology
- Guidelines needed to protect anonymity
- FISA Surveillance Can Target Non-Spies
- Teen data on Myspace compromised
Tags: News, MySpace, FISA, Rootkit, Malware, Microsoft DRM, Daily Links, Morning Coffee
The folks over at Consumer Reports have published a review of the various antivirus solutions. Now they tackled this from a much different angle for their testing. What these folks did, and managed to seriously piss off the industry in the process, was to use mutations of known viruses. And (insert deity) bless them for doing it. And thanks to Brian Krebs on his blog Security Fix I was able to learn about this story.
Well, the Consumer Reports pissed off the industry…and they wrote a letter.
More than 100 security experts and executives from companies like Microsoft and HP as well as anti-virus vendors F-Secure, Kaspersky, McAfee, Sophos, Symantec and Trend Micro signed their names to a declaration denouncing Consumer Reports’ methods, stating that it is “not necessary and … not useful to write computer viruses to learn how to protect against them.”
Well, here is a link to the letter. Hmmm, ok. So they’re pissed off because the testing managed to demonstrate the failings of the antivirus products? OK, I can see that. I don’t agree with it but, I can see why they’re pissed.
From Krebs piece again,
As I have noted here before, many malware authors are increasingly outpacing the security vendors by automagically updating the genetic makeup of their creations before anti-virus companies have time to ship updates. As a result, we have an industry whose business is predicated on 10 percent to 20 percent of its customers being successfully attacked before it can even begin to respond, according to some estimates.
Now, these numbers are only going to grow.
I can see why they’d be pissed. Being shown to be sub par would do that to most people. The arguement that you should only test with known viruses seems to me to be inherently flawed. I would want to know that my antivirus product can respond to and if possible protect ungainst the unknown threats.
And finally,
The most innovative idea I’ve seen so far came in a presentation from Paul Vixie and David Dagon at the DefCon hacker conference in Las Vegas this year. Vixie and Dagon proposed creating a massive malware repository to which all of the anti-virus vendors would automatically submit new samples.
Well, this has already been done in fact. The guys at Offensive Computing also released this idea at Defcon, and in fact it is already up and running. Check it out.
Tags: Antivirus, Offensive Computing, Consumer Reports, Defcon
Now, I can’t help but to find the rather high level of amusement with this news. Apparently hackers have managed to access AT&T systems and purloined credit cards for “fewer than 19,000″ customers.
The company said it noticed the hacking “within hours,” immediately shut down the online store, notified credit card companies and is working with law enforcement agencies to investigate the incident and find the hackers.
Now I can’t help but wonder if AT&T actually “noticed” the hacking or if the folks at the NSA processed the information for them and provided the output.
Sorry, I couldn’t resist.
Tags: AT&T Hacked, NSA, Credit Card Theft, Prviacy
The long weekend approaches (for those of you in North America) and it can’t get here fast enough. Especially when you have a job that you have no love for. Have a better day than me 
- London school to fingerprint students
- T-Mobile hacker gets home detention
- Stupid Security Awards Nominations Open
- For DOD, networks are critical line of defense
- Sun Acknowledges Security Hole in Patch Process
Tags: News, Daily Links, Morning Coffee, T-Mobile Hacker, Sun Security, DOD
I had tried using Joomla in the past on another project and I wasn’t overly enamoured with it. That being said there are literally thousands of people out there who are fans. With that we have a rather extensive install base. For those of you that are using Joomla please be aware of this vulnerability.
Description:
A vulnerability has been discovered in Joomla!, which can be exploited by malicious users to conduct SQL injection attacks.For more information:
SA21644The vulnerability has been confirmed in version 1.0.10. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.Grant only trusted users “Editor” privileges.
Tags: Joomla, SQL Injection, Vulnerability
A nice weekend sitting around the campfire and no technology to be seen. It was a great weekend
- Are Personal Firewalls Any Good?
- Crypto browser plug-in aims for simplicity
- MS finally patches IE patch
- TSC chief Bucella stepping down
- Security breach strikes student loan site
Tags: TSC, Student Loans, Crypto Browser, MS Patches, Personal Firewalls
