Monday, April 7th, 2008
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday.
Fewer than half of the flawed ActiveX controls have been patched.
The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft, ...
Posted in Internet, Security, Windows | No Comments
Monday, April 7th, 2008
Billy Rios has discovered a vulnerability in the Google Code service which could be exploited to steal passwords from developers who have registered on the site. The Google Security Team has since fixed the vulnerability.
Rios succeeded in gaining cross-domain access by uploading a crafted Java applet to a project on ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Monday, April 7th, 2008
A loyal ISC reader pointed us to this note from AUSCERT. The basic story is that HP has optional "floppy USB keys" for some of their Proliant servers. The 256 KB and 1 GB versions include a batch that also came with 'W32.Fakerecy' or W32.SillyFDC' designed to infect your machine ...
Posted in Hardware, Privacy, Security | No Comments
Monday, April 7th, 2008
In the tiger team operations we have been involved with, I often end up hacking through the least interesting systems. If you ask AP, a password-cracking ninja and master of hacking through simplicity, the less interesting the system is, the higher the chances to be insecure. A successful exploitation of ...
Posted in Hardware, Security, Software | No Comments
Monday, April 7th, 2008
A new botnet twice the size of Storm has ballooned to an army of over 400,000 bots, including machines in the Fortune 500, according to botnet researchers at Damballa.
The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of ...
Posted in Networking, Privacy, Security | No Comments
