We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
According to several reports by anti-virus vendors, criminals have attempted to exploit an unpatched hole in Adobe Reader disclosed about two weeks ago to infect Windows PCs. The relevant malware includes the particularly dangerous ZeuS bot. The specially crafted documents are apparently sent to users as email attachments.
After informing a researcher just a few days ago that
This is not the first time Apache.org has been hacked, it was comprised back in September 2009 using SSH keys. This time another targeted attack against the site was successful and allowed the attackers to capture the passwords of users logging into the bug-tracking service.
Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a "direct, targeted attack."
Hundreds of WordPress blogs were hacked during the past few days by attackers who pilfered blogger credentials stored in plain text in the database. The researchers who discovered the attacks say a design flaw in the WordPress blogging platform was the underlying problem because by default it allows users to set up permissions that let anyone read their blog's wp-config.php file configuration files, and because WordPress stores the bloggers' credentials in plain text.
The massive hacking by a Chinese espionage network into the Indian Government
IT security firm Sophos has conducted a new research which reveals the automated tools used by Search Engine Optimisation (SEO) hackers and how companies can protect themselves. Sophos said the business of using blackhat SEO techniques to impregnate legitimate sites has become a huge money-spinner for cybercriminals.
Security researcher Jeremy Conway says he has discovered a way to spread malicious code across PDF documents on a victim's computer. The attack leverages a flaw in the way the PDF file format works, adding malicious data to legitimate PDF files that could then be used to attack anyone who opens them.
It's not clear why Linux fans would even want to run it on a PS3, "when a console is NOTHING but 'DRM... in a box'" says Slashdot blogger hairyfeet. "Even when [Sony] allowed Linux you didn't get access to the full machine -- no GPU access -- which left it an underpowered POWER based PC."
As the iPad rolls out across the United States on Saturday, one developer appears to have gone rogue already. Jonathan E. Vi, one of the few developers to actually get an iPad in advance of the launch, has rigged it to run Apple's old Newton personal data assistant from the '90s. Fire up the Newton emulator app, and the iPad's screen changes to that muted green color with dim gray text and the old Mac fonts.
A security researcher has demonstrated a mechanism that exploits PDF files without taking advantage of any particular vulnerabilities. Didier Stevens' proof of concept exploit relies on running an executable embedded in a PDF file - something that ought to be blocked - by launching a command that ultimately runs an executable.
Spamhaus has uncovered a fake spam filter company which was pirating and selling DNSBL data stolen from major anti-spam sysjavascript:submitbutton('save');tems including Spamhaus, CBL and SURBL, republishing the stolen data under the name "nszones.com".
iPhone hacker George Hotz, aka "GeoHot," was able to finally crack the PlayStation 3... three years after the system's release. He praised the hardware for its security, but now that Sony has responded by removing the Linux capabilities of the PlayStation 3 entirely, the hacker has decided to fight back, warning gamers not to update their systems until he finds a way to keep the Other OS option on the PlayStation 3.
The techniques used by unloveable rogues who automate search engine manipulation attacks themed around breaking news to sling scareware have been unpicked by new research from Sophos.
A smattering of security stories reveals the ongoing challenges to protecting systems and data. From the discovery of the first serious iPhone 3G exploit to the sighting of a new Captcha-conquering bot, the past week has proven interesting in the world of IT security, so much so that I've decide to take a look at several of stories that have cropped up, rather than doing my regular deep-dive into a specific topic.
Crafted TLS packets can crash OpenSSL servers and clients. The problem is caused by an error in the ssl3_get_record() function, which processes SSL records. Data is transferred between end points in SSL records. According to an advisory from the OpenSSL development team, incorrectly formatted records can cause a memory access error.
The countries of hackers originating malware-laced spam runs have been exposed by new research, which confirms they are often located thousands of miles away from the compromised systems they use to send out junk mail.
Early this year, the big brains at Google admitted that they had been outsmarted. Along with 33 other companies, the search giant had been the victim of a major hack
Our read Paul observed malware being delivered from the ".sys" directory of various web sites. The URL follows the scheme: =....
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
