Date: 03/06/09     Keywords: security

The Azerbaijan section at the United States Agency for International Development (azerbaijan.usaid.gov) has been compromised and is embedded with malware and exploits serving scripts approximately around the 1st of March. The malicious script is taking advantage of a series of redirects which are dynamically loading live exploits, or rogue security...

Source: http://blogs.zdnet.com/security/?p=2817

Date: 03/06/09     Keywords: software, security

Dan J. Bernstein has acknowledged an exploitable security flaw in his djbdns software and has made good on a public security guarantee -- to pay $1000 to the first person to publicly report a verifiable security hole in the latest version of the popular DNS name server. ...

Source: http://blogs.zdnet.com/security/?p=2812

Date: 03/06/09     Keywords: no keywords

A computer breach at the Federal Aviation Administration FAA has led to the theft of personal information on more than 45,000 employees and retirees, the agency confirmed this week. All told, the FAA said the hackers hijacked 48 files, two containing sensitive personal information that could expose...

Source: http://blogs.zdnet.com/security/?p=2803

Date: 03/06/09     Keywords: microsoft

After a couple of days of "no comments," Microsoft has acknowledged the findings of a pair of bloggers who discovered that starting with the next major test release of Windows 7, Internet Explorer 8 will be able to be removed. by Mary Jo Foley

Source: http://blogs.zdnet.com/microsoft/?p=2235

Date: 03/06/09     Keywords: security

Apple has released a firmware update with fixes for three documented security vulnerabilities affecting its Time Capsule and AirPort Base Station products. The vulnerabilities could lead to denial-of-service or information disclosure attacks via specially crafted packets. Details on the vulnerabilities: ...

Source: http://blogs.zdnet.com/security/?p=2799

Date: 03/05/09     Keywords: software, security, microsoft

Microsoft today outlined plans to ship three security bulletins for software vulnerabilities in the Windows operating system. One of the three bulletins will carry a "critical" rating, meaning that it will cover flaws that could be exploited to launch remote code execution attacks. ...

Source: http://blogs.zdnet.com/security/?p=2794

Date: 03/05/09     Keywords: security

A new report from Secunia is pouring more gas on the Internet Explorer vs. Mozilla Firefox security debate. The security alerts aggregator collected and crunched the numbers on security flaws publicly reported -- and fixed -- by the two vendors and found that Mozilla easily won the...

Source: http://blogs.zdnet.com/security/?p=2786

Date: 03/05/09     Keywords: no keywords

In any locale, a municipality's police force is charged with protecting its populace from crime. That's what makes it saddest when it can't protect its own -- police officers and their families -- from easy-to-avoid abuse. This past week, a civilian official at...

Source: http://blogs.zdnet.com/BTL/?p=13958

Date: 03/05/09     Keywords: security

Guest editorial by Andrew Storms Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak...

Source: http://blogs.zdnet.com/security/?p=2783

Date: 03/05/09     Keywords: no keywords

After reading the article over on Neowin, via ZDNet Australia, about the chief information officer of Research in Motion, the company which makes the BlackBerry device, recording absolutely every communication within the corporation, this shocked and stunned me. We, the students, as the next generation of IT...

Source: http://blogs.zdnet.com/igeneration/?p=1162

Date: 03/05/09     Keywords: software, security

Mozilla today shipped Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical. The most serious of the vulnerabilities could be exploited by attackers to run code and install software, requiring no user interaction beyond normal browsing, Mozilla warned in...

Source: http://blogs.zdnet.com/security/?p=2778

Date: 03/27/08     Keywords: software, security

EMC said Thursday that it is partnering with Verint to offer physical security services.Verint provides IP video security software and dashboards. EMC will offer services for companies looking to design and manage physical security information management. The move by EMC and Verint highlight how information and physically...

Source: http://blogs.zdnet.com/security/?p=982

Date: 03/26/08     Keywords: software, asp, web

Acquia, KnowledgeTree and JasperSoft touted new open source web publishing, social software, content management and business intelligence products at the Open Source Business Conference this week. Acquia, of Andover, Mass., said it is on track this fall t ship a new social web publishing platform...

Source: http://blogs.zdnet.com/open-source/?p=2181

Date: 03/26/08     Keywords: no keywords

Cisco patched multiple vulnerabilities on Wednesday with the most important fixes covering data-link switching, IPv6 and VPN flaws. Among the highest rated patches (all rated 7 or above on a 10 scale): Cisco patched multiple vulnerabilities in the Data-link Switching (DLSw) feature in its...

Source: http://blogs.zdnet.com/security/?p=981

Date: 03/26/08     Keywords: java

Mozilla has patched 10 vulnerabilities in Firefox 2.0 with update 2.0.0.13. In an update early Wednesday Firefox addressed the following: MFSA 2008-19  XUL popup spoofing variant (cross-tab popups) MFSA 2008-18 Java socket connection to any local port via LiveConnect MFSA 2008-17 Privacy issue with...

Source: http://blogs.zdnet.com/security/?p=980

Date: 03/26/08     Keywords: no keywords

Considering my previous posts on my experiences at Black Hat Federal received pretty good reviews, I thought it would make sense to again highlight a Black Hat trip. This time it was all the way out to Amsterdam, where Rob Carter and I will be speaking about URI Use...

Source: http://blogs.zdnet.com/security/?p=978

Date: 03/26/08     Keywords: google

Google filed its proxy statement with the SEC on Tuesday and detailed an attempt to get the search giant to stand up to Internet censorship abroad. Google recommended shareholders vote against the effort. The Internet censorship proposal was raised by the Office of the Comptroller of New...

Source: http://blogs.zdnet.com/BTL/?p=8303

Date: 03/25/08     Keywords: no keywords

One of the questions coming out of last week's wintel vs lintel discussions asked which one is generally more secure. As it turns out that's an easy question to answer -unless, of course, you want to demonstrate that your answer is correct, because then it turns out that virtually nothing...

Source: http://blogs.zdnet.com/Murphy/?p=1101

Date: 03/25/08     Keywords: java

In my first post in this series, I discussed the Same Origin Policy and how it protects us from some very serious attacks, the dangers of domain name based trust, and how to attack implementations of the Same Origin Policy within the Java Virtual Machine (JVM).  In order to demonstrate...

Source: http://blogs.zdnet.com/security/?p=974

Date: 03/24/08     Keywords: browser, web

Last summer, I looked at Apple's announced plans for its Safari web browser and wondered out loud, Is Steve Jobs planning a hostile takeover of the Windows desktop? Apple's decision last week to begin aggressively pushing Safari to any Windows user running iTunes (in other words, anyone with an iPod or an...

Source: http://blogs.zdnet.com/Bott/?p=405