A less-than-critical Vista hole could become more critical, as Microsoft’s security team says it’s aware of a published exploit that could enable an ordinary process to pass itself off as a system process with unrestricted access.
Last April, Microsoft admitted to a serious, though perhaps not critical, security hole in all modern versions of Windows including XP and Vista. But a notice posted last Thursday to the company’s Security Response Center blog, warning of a published exploit using that same technique, is an indication that the hole has gone unplugged all this time.
Posted in Security |
|
No Comments »
The world bank has been hacked repeatedly over the last year according to a report on Dark Reading, which once again brings out the question, where was the information security team on this one?
With the banks in crisis and contributing to a generalized distrust of the banking system, the news of the breech could not come at a worse time. While many in the information security world wondering who is running the servers and managing the security at many of the banking companies as they consolidate and shut down, news of a world bank hack, with five servers that contained sensitive data for a year comes as stunning information.
Posted in Security |
|
No Comments »
The MPAA has approved the use of DreamSteam “military strength” 2048-bit encryption to protect online video streaming content in an effort to stop the unauthorized downloads of the content.
“We are very excited to have the MPAA stand behind our technology,” said Ulf Diebel, chief development officer for DreamStream. “The MPAA understands the need to be proactive - rather than reactive — in addressing the chokehold that piracy has on the motion picture industry. Their recommendation is not something that Hollywood will take lightly.”
Posted in Security |
|
No Comments »
An ActiveX control used to view Microsoft Access report snapshots poses a potential avenue for exploitation.
Microsoft confirmed the existence of a flaw in one of its complementary products. Advisory 955179 highlighted the issue with the ActiveX control for the Snapshot Viewer for Microsoft Access.
The flaw leaves unprotected users at risk from specifically crafted web pages aimed at breaking in through the exploit. If attacked, people run the risk of arbitrary code being executed on their machines.
“The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003,” Microsoft said.
Posted in Microsoft, Security |
|
No Comments »
In its monthly advance notice the weekend before the second Tuesday of the month, Microsoft said it will only be addressing four security issues this time around, two dealing with Windows. But a surprisingly big Vista bug fix is under way.
If you think about it, the relative security of Windows Vista hasn’t been the subject of much debate recently. If there’s any problem consumers have with it, whether it’s born out of market perception or real-world experience, it’s a feeling that it’s not all that reliable.
Posted in Security, Windows |
|
No Comments »
Australia has the highest incidence of cyber crime in the world, according to a global survey of nine countries by software security vendor, AVG.
The study, which canvassed 1000 users each in Australia, the US, France, Germany, Italy, Spain, Sweden, Brazil, and the Czech Republic, found that more than 39 per cent of Australians had been the victim of cyber crime, compared to 32 per cent in Italy, 28 per cent of Americans, and just 14 per cent in Sweden and Spain.
The most common forms of cyber theft experienced by Australians were:
Posted in Privacy, Security |
|
No Comments »
Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday.
Experts with Boston’s Core Security Technologies, who discovered the deficiency and described it to the Associated Press before they issued a security advisory, said there’s no evidence anyone else found or exploited the flaw.
Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem.
Posted in Security |
|
No Comments »
A Chilean hacker posted sensitive information about six million of his compatriots on the Internet, apparently in an act of protest against the government’s lax data security.
According to Chilean newspaper El Mercurio, details including people’s address’, phone numbers, ID numbers, email addresses and even academic records were all laid bare for the world to see on a popular technology blog called FayerWayer. Links to additional information was also posted on a website called “ElAntro”.
Posted in Hacking, Security |
|
No Comments »
Yahoo opened the beta test of SearchScan in several countries to help safeguard people against potentially dangerous links in their search results. Searchers may notice something different about the search results in Yahoo. The company partnered with security vendor McAfee, which runs the SiteAdvisor service, to power a new feature called SearchScan. “While SearchScan will be on by default, users have control over how they use the feature,” said the Yahoo Search blog. “In preferences, users can choose to turn the feature off or choose to filter out all sites with warnings from their search results.” SearchScan compares links with an index of ones it has checked for possible problems, like browser exploits, unsafe downloads, or just the likelihood the site spams visitors who give it an email address. McAfee said its site ratings are based on automated safety tests of websites, and include feedback from volunteer reviewers and its analysts. Yahoo’s Vish Makhijani, SVP & GM for their search engine, noted on the official Yahoo blog how they are the only search site providing this type of advance warning today. People will see these warnings appear in red with the listing SearchScan flags. SearchScan should be of great benefit to people whose less than perfect spelling leads them to mistype a query, which could return a link or two that direct people to a dangerous website. Some scammers register incorrectly spelled domains in the hopes of bringing in visitors who hit a wrong letter or two. Other search sites may want to consider similar initiatives. Google for one has been vexed for months with SEO poisoning attacks that drop links to infected pages into its listings. Their work with StopBadware.org doesn’t seem to notice these links, and that’s not good for visitors.
Posted in Security, Yahoo |
|
No Comments »
Ethical hacking group GNUCitizen.org has warned that the default settings on one of the UK’s most widely used wireless routers is leaving customers open to attack.
The group showed in a blog posting that the BT Home Hub, the wireless router supplied to BT Broadband customers, uses algorithms that make the device easy to crack when in default mode.
Using reverse-engineering techniques the group said that the hub’s Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses, but had decided against making its automated guessing program publicly available.
Posted in Hacking, Security |
|
No Comments »