July should have been a great month for Apple, it was the month that was to see the much talked about (and hyped) 3G iPhone, MobileMe service and iPhone App store. Instead the company has been plagued with problems.
First there was the iPhone day (July 11th) launch which didn’t go as well as they had [...]
There’s been a lot of talk about the DNS vulnerability (CVE-2008-1447) discovered by Dan Kaminsky. The exploit, as detailed by the Common Vulnerabilities and Exposures Database, allows remote attackers to spoof DNS traffic enabling the poisoning of DNS caches in order to send systems to malicious websites. This greatly increases the risk of phishing attacks [...]
Tippingpoint, a company providing Intrusion Prevention Systems, has published a post on their site detailing how they successfully infiltrated the Kraken botnet and took control of over 25,000 unique bots. The Kraken botnet is arguably the world’s largest botnet with estimates ranging up to 400,000 bots under its control.
Security researchers at TippingPoint infiltrated the botnet [...]
Jeff Jones, a security strategy directory for Microsoft, has published a report on the number of security vulnerabilities during Q1 of 2008 for workstation operating systems including Windows Vista, Windows XP, Mac OS X, Red Hat and Ubuntu. The results are surprising in that Vista had the least reported vulnerabilities while Mac OS X 10.5 [...]
I came across a short article in last month’s (IN)SECURE magazine about a USB based firewall. If you have never read (IN)SECURE, it’s a very informative PDF based security magazine available for free. It mentions a USB based, Linux powered firewall and IDS solution for laptops called the Yoggie Firestick Pico. It promises to be a [...]
The Secunia security site has a useful tool called PSI or Secunia Personal Software Inspector that can be used to scan a Windows system for security vulnerabilities. These include both system and application vulnerabilities. This is important as with the increase in the security of the OS (through the better release and patching of Windows [...]
I came across an interesting post from Mark Russinovich on his blog recently. The original post was written a couple of years ago and details how a user with limited user rights can circumvent Microsoft group policies being applied by using the Sysinternals tool called gpdisable. What’s amusing, but not particularly surprising, is that now [...]
Another interesting post on the McAfee Avert Labs Blog discusses the relative importance of password complexity versus password length. They used the Cain & Abel utility to work out the time required to break various passwords and came to the conclusion that password length trumps complexity.
The McAfee Computer Security Research blog has an interesting article on how malicious web sites can defeat the “captcha” codes that appear on many sites. The “Completely Automated Public Turing test to tell Computers and Humans Apart” or CAPTCHA are the challenge-response mechanisms that display distorted text or numbers that can be read by humans but not [...]
Microsoft released their third edition of the Security Intelligence Report last month which summarises the findings of their Malicious Software Removal tool, Windows Defender and OneCare service. This edition reports on the software vulnerabilities, exploits and malicious software discovered between January and June 2007. During this period the report claims that over 3,400 new vulnerabilities [...]
