August 19 2010 by
Teksquisite in
Security |
Computerworld - About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, a security researcher said Wednesday.
The bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs, said HD Moore, the chief security officer of Rapid7 and creator of the open-source Metasploit penetration testing toolkit. Moore did not reveal the names of the vulnerable applications or their makers, however.
Each affected program will have to be patched separately.
Moore first hinted at the widespread bug in a message on Twitter on Wednesday. “The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,” he tweeted, then linked to an advisory published by Acros, a Slovenian security firm.
That advisory detailed a vulnerability in iTunes for Windows that hackers could exploit by persuading users to download and open a malformed media file, or by duping them into visiting a malicious Web site, where they would fall to a drive-by attack.
Read the article here
Any guesses on the affected applications?
My take is that there are plenty of web browsers included in this research assessment. Other apps could possibly be Microsoft Office, Adobe products, and Oracle.
Source: By Gregg Keizer, Computerworld
August 18 2010 by
Teksquisite in
Security |
A new series of mass SQL injection attacks has planted links to malware sites and hidden iframes in over a million webpages, including parts of Apple’s website. The technique is similar to a standard SQL injection attack, but uses obfuscation to disguise the data in hopes of routing around any rudimentary input checking.
The attack was detailed earlier this week by security researcher Manuel Humberto Santander Peláez. The attacks rely on a series of SQL commands stored as hexadecimal data preceded by a CAST command. When decoded, it attempts to inject iframes into data tables, which then end up being rendered in webpages that use the tables to build its HTML code dynamically. The attacks lead to Russian top-level domains that appear to be sources of malware.
Read the article here
Source: By Chris Foresman, ars technica
Could there be a secret DIGG Microsoft Fan Boy group meeting going on right now? Perhaps meeting in secret Microsoft DIGG Fan Boy virtual chambers? Could DIGG MICROSOFT Fan Boys be strategically targeting, quashing and burying potentially popular Linux articles on DIGG?
YouTube censorship via use of vote-botting, false flagging, and filing of False DMCA claims has been effectively utilized to shut down groups on YouTube. The same style of methodologies can be used on a powerhouse site such as DIGG via collective burying.
Hairyfeet, speaking about both DIGG and Slashdot
‘Linux Stories Are Getting Down-Voted‘
Digg is “simply a symptom of a larger disease,” Slashdot blogger hairyfeet opined.
“It is sad that so many have been hoodwinked by the dem vs. repub lies, when in reality it is as fake as pro wrestling,” he asserted. “BOTH sides are pro corporation over the people, BOTH sides are for bigger government and BOTH sides are happy to grab more power for themselves and less for the people.”
“Has everyone who [was] once interested in Linux suddenly vanished? Have people stopped writing about Linux?” Vaughan-Nichols asked. “I don’t think so.”
His theory: “Linux stories are getting down-voted on a regular basis on Digg these days,” he suggested. “Who’s doing this? In whose best interest is it to make it appear that there’s little interest in Linux? Might it be a company named Microsoft?”
Read the rest of this article at LinuxInsider
Are Linux articles really being targeted and buried on DIGG?
Donate $1.00 USD here:
I have run into a bit of a debacle here on the east coast with the Oregon move scheduled for the end of August. Having already terminated most IT Consulting gigs for the transition to Oregon, I have been relying upon psychiatric hospital earnings to fund a major move across country from NH to Oregon. My regular schedule at the Psy for 4.4 years has been 24-32 hours per week.
Up until I gave my ‘letter of resignation” I was receiving 24-32 extra hours per week. This all stopped after I handed in my letter five weeks ago.
It appears that my workplace is not willing to offer anything over two extra shifts per week I’ve pissed off the timekeeper(s). Instead, they have offered up to 40 hours of overtime, premium, and 1.5 shifts to full-time employees who have gladly agreed to work up to an extra 40 hours per week!
It was recently suggested to me by a co-worker (Thanks Brian) that perhaps I should request travel donations online. If all friends, acquaintances, and followers could donate $1.00 via PayPal, this would seriously benefit preparation/moving expenses and also allow a fresh new beginning for Teksquisite in Oregon.
Thanks for reading this and
Thanks for stopping by!
/Bev
Online whistleblower WikiLeaks has vowed to continue publishing more secret files from governments around the world despite US demands to cancel plans to release classified military documents.
“I can assure you that we will keep publishing documents – that’s what we do,” a WikiLeaks spokesman, who said he goes by the name Daniel Schmitt in order to protect his identity, said.
Mr Schmitt said he could not comment on any specific documents but asserted that the publication of classified documents about the Afghanistan war directly contributed to the public’s understanding of the conflict.
Source:
Wikileaks: We won’t stop publishing – World News, Breaking News – Independent.ie.
