Privacy could be enhanced if data was allowed to fade, suggests research.
Dutch researcher Dr Harold van Heerde is looking into ways to gradually "degrade" the information that sites gather about visitors.
Slowly swapping details for more general information can help guard against accidental disclosure, he said.
I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting.
An announcement on the Unreal IRCd Forums states "This is very embarrassing...We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the privileges of he user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in)."
On the surface, it might sound like one of those amateurish conclusions a blogger might reach after having just read the press release: Symantec, a software company now mainly known for security products, acquires some assets from a non-competitor in order to get that company's logo. But in the deal between Symantec and VeriSign announced yesterday, there is no mistaking the fact that the antivirus products maker acquired, among other things, the single asset that just last week VeriSign argued was the ticket to its own future stability: quite literally, its own logo.
Up until yesterday, its name was the VeriSign Trust Seal. A big part of VeriSign's business had been the licensing of that logo to "trusted" Web sites whose security services pass VeriSign's test. So when online shoppers see that pixelated checkmark inside the circle, they conclude the site they're shopping on is safe...and they'll buy more.
Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.
The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.
Microsoft has released an urgent hotfix for the Server service. This hotfix applies to Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.
"Consistent exploit code has been discovered in limited, targeted attacks, affecting Windows XP and Windows Server 2003. While this service is enabled by default on all affected platforms, exploitation is most likely on Microsoft Windows 2000, Windows XP, and Windows Server 2003. Default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of UAC that enforce additional levels of integrity. This protection is in place even if the UAC prompt is disabled. Even after authentication, ASLR and DEP enhancements will present obstacles to exploitation."
The hotfix is available on Windows Update for download and installation. This urgent fix requires you to restart your computer.
Security researchers have discovered one of the most subtle and sophisticated examples of Windows rootkit software known to date.
The AutoRun-NOX worm extends the standard VXer trick of using software vulnerabilities to infect systems, by including functionality that allows the worm to exploit Windows security bugs to hook into parts of the Windows system that operate below the radar of anti-virus packages.
"Most malware with rootkit functionality will tamper with the Windows kernel and attempt to execute code in kernel mode," net security firm F-Secure reports. "Typically, a special driver is used to do this... AutoRun.nox is different — it uses a vulnerability to do the job. For malware, it's rather unique to see such a technique being used."
The worm uses a long-standing Windows vulnerability, patched by Microsoft in April 2007, involving a GDI privilege elevation flaw. If the attack using the vulnerability fails, the worm falls back to plan B - using the more common (but less elegant) driver method.
A blog posting by F-secure containing screenshots and a detailed technical run-down of the worm's modus operandi can be found here.
Source: TheRegister
Ubuntu today became the latest Linux vendor to patch a vulnerability in the open source operating system's kernel that could have left the door open for hackers to find their way into users' machines.
In an email sent overnight, the Linux vendor warned users to update all machines running recent versions of Ubuntu, ranging from 6.06, which was released back in mid-2006, to version 8.04, which came out earlier this year. The problem also applied to other versions of Ubuntu such as Kubuntu, Edubuntu and Xubuntu.
"It was discovered that there were multiple NULL-pointed function de-references in the Linux kernel terminal handling code," wrote Ubuntu administrators in the email. "A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service."
The email also detailed a number of other bugs which could be exploited by an attacker who already had some level of access to a computer running Ubuntu.
A number of other Linux vendors including Novell have recently released similar patches to address the problems.
Source: ZDNet Australia
Symantec's comprehensive security report on the malware industry from July 1 to December 31, 2007, is now available (PDF) in its 100+ page glory. While some parts of the report simply reiterate data we're well aware of - it's no surprise to read that the majority of malicious activity originates in the US - there's also a great deal of new information here that we'll examine below.
OS/software vulnerabilities
Symantec broke down information on patch development time by operating system and by the type of vulnerability encountered. Surprisingly, Microsoft had the shortest time-to-patch over both halves of 2007. In the first part of the year, Microsoft released 38 patches (two of which involved third-party applications) with an average deployment time of 18 days. From July to December, Microsoft released 22 patches with an average patch time of six days.
Source: Ars Technica
Page 1 of 2
