Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.
Anyone who has installed the Vietnamese language pack for Firefox could be in danger of having malicious code in their system. Be sure to uninstall this add-on pack if you have recently installed it - unless you enjoy banner ads and opening up your system for future exploits.
On April 4, CERT put out a scary advisory about the GNU Compiler Collection (GCC). This advisory raises some interesting issues on when such advisories are appropriate, what programmers must do to write secure code, and whether compilers should perform optimizations which could open up security holes in poorly-written code.
Are you a c programmer? This article shows you how to make your code a little more secure. It's a very an important skill to have so take a look.
Dating back to the end of February, we have been tracking test runs of malicious PDF messages to very specific targets. These PDF files exploit the recent vulnerability CVE-2008-0655.
Ever since the end of March, beginning of April, the amount of samples seen in the wild has significantly increased. Interestingly enough, there is almost no "public, widespread" exploitation. All reports are limited to very specific, targeted attacks. However, due to the wide scope of these attacks, and the number of targets we know of, we feel a diary entry was in order.
Remember the old saying of "if it ain't broke, don't fix it"? It appears this exploit seems very focused on targeting not only the vulnerability mentioned in the article, but the very facet of sticking with stable software. Nothing is apparently "broken" about Adobe Acrobat v7, however as you can tell by the diary entry, updating is the key to preventing "it ain't broke" software from having to be "fixed" due to exploits such as this one.
Source: Network World - Posted by Eckie Silapaswang
For years, hackers have focused on finding bugs in computer software that give them unauthorized access to computer systems, but now there's another way to break in: Hack the microprocessor.
On Tuesday, researchers at the University of Illinois at Urbana-Champaign demonstrated how they altered a computer chip to grant attackers back-door access to a computer. It would take a lot of work to make this attack succeed in the real world, but it would be virtually undetectable.
It's actually kind of funny that they decided to mention that this system was "running the Linux operating system". Regardless of the OS, a hardware level exploit such as this poses such a bigger threat than just OS security. Although this type of exploit is much harder to deploy rather than software, this article poses interesting situations on how exactly it can be carried out.
This goes out to all the web hackers out there. If you're a proud user of a web application framework and you think it's superior to all others, we invite you to prove it. Flourish is having a web application framework showdown and we need you to come defend yours. There will be food and the site you build goes to a deserving non-profit. So far, we've got someone for Ruby on Rails, CakePHP and web2py. Send an email to info@flourishconf.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it if you want to participate.
Do you have a favorite web application framework? Do you use it because you think it's secure. This conference seems to be a good test to see how secure web application frameworks are.
Source: ars Technica - Posted by Eckie Silapaswang
One of the factors that make an ongoing malware attack so difficult to stop is the speed with which the assault can evolve. Over the past 12 days, an IFrame injection attack that originally focused on ZDNet Asia has been spreading across the 'Net, changing targets and payloads on an almost daily basis. An iFrame (short for inline frame) is an element of HTML that's used to embed HTML from another source into a webpage. The timeline of the attack is provided below, thanks in no small part to security consultant Dancho Danchev, who has kept a play-by-play account of the IFrame attack on his blog.
Read on for an interesting analysis of the injection method and how it is leveraging SEO engines. How do you feel this should be properly mitigated and countered?
For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
Open source exploit frameworks continue to evolve and improve - Inguma seems to have its focus upon Oracle systems. How do you feel this matches up against other frameworks such as Metasploit?
Source: www.linuxworld.com - Posted by Ryan Berens
This recent kernel exploit has been spreading around the Internet quickly in recent days. So what is it, exactly? What is it really doing and how does it allow a cracker to exploit the root privileges in your system? Jonathan Corbet chimes in with one of the best overviews of the exploit, why it's a problem, how it got here, and what's being done to address it:
"Unlike a number of other recent vulnerabilities which have required special situations (such as the presence of specific hardware) to exploit, these vulnerabilities are trivially exploited and the code to do so is circulating on the net.
A new bug in Firefox could be used by attackers to scout out a system prior to mounting a more thorough assault, according to Mozilla's head of security.
The flaw, said Window Snyder, Mozilla's chief security officer, is in the browser's chrome protocol - 'chrome' is the Firefox term for its user interface - as she responded to reports of the vulnerability and the public posting of a proof-of-concept exploit.
What do you think about this latests Firefox bug?
Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.
The study, set to be published in February, takes a close look at "open recursive" DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks.
What is so new about the possible attacks on DNS servers? We all know they are very vulnerable to attack because they are so visible and important to the Internet