- Security problems inherent in the smart grid, Scientific American
- Analyzing CAPTCHAs, Schneier on Security
- MySQL update addresses DoS vulnerability, The H
- Security updates for PostgreSQL, The H
- Reader, acrobat patches plug 23 security holes, Krebs on Security
- Facebook, Twitter used in stock fraud schemes, ReadWriteWeb
- FCC may confront ISPs over botnets, malware, Krebs on Security
- Schneier on Stuxnet, Schneier on Security
- EU agency report on Stuxnet, The Register
- Foxit patches PDF software flaws, Zero Day
- Spammers use soft hyphen to hide malicious URLs, Slashdot
- Oracle update delivers 81 database security fixes, Zero Day
Tag: malware
TCLP 2010-09-26 News
This is news cast 225, an episode of The Command Line Podcast.
In the intro, thanks to Steve for his latest donation which also means he gets the signed copies of Wizzywig 1 & 2. Also, an announcement of audio and feed changes to go in effect on October 3rd.
This week’s security alert is a more in-depth look at the Stuxnet worm.
In this week’s news Intel to use DRM to charge for processor features and why that is problematic, an Ubuntu designer shares his thoughts on a context aware UI, a course on the anthropology of hackers (one I wish UMD’s MITH would offer), and the FCC finalizes rules for white space devices (including details on those rules) prompting one commissioner to speculate we no longer need net neutrality rules.
Following up this week the MPAA wants to know if it can use ACTA to block WikiLeaks and one judge quashes a US Copyright Group subpoena.
[display_podcast]
View the detailed show notes online. You can also grab the flac encoded audio from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Quick Security Alerts for the Week Ending 9/26/2010
- Stuxnet worm infected industrial control systems, Slashdot
- Stuxnet work may have targeted Iranian reactor, Slashdot
- Another story speculating about Stuxnet’s Iranian targets, Yahoo, HT Charles
- More on the sophistication of the Stuxnet worm, Schneier on Security
- Microsoft confirms ASP.NET vulnerability, Zero Day
- Microsoft provides temporary fix for APS.NET flaw, The Register
- Exploit of latest privilege escalation flaw in Linux kernel, Slashdot
- More details on recent Linux kernel flaws, The H
- Google App adopts optional two-factor authentication, ReadWriteWeb
- Security fix for critical Adobe Flash flaw, Krebs on Security
- Apple plugs info leak in OS X, Zero Day
- Fake iPhone jail-breaking tool packed with malware, Zero Day
- Twitter hit by security flaw, ReadWriteWeb
- More on highly visible Twitter security flaw, ReadWriteWeb
- Australian student responsible for Twitter exploit, Slashdot
- Hole closed in bzip2 compression tool, The H
- Are desktop firewalls overkill?, Slashdot
- New defense against DDoS attacks, Technology Review
- Security lessons learned from Diaspora launch, Slashdot
Security Alerts for the Week Ending 9/5/2010
- Commercial quantum crypto thoroughly hacked with lasers, Slashdot
- Microsoft fix for DLL vulnerability, Krebs on Security
- Microsoft tool for DLL vulnerability interferes with some applications, The H
- QuickTime flaw allows remote execution attack, The Register
- Twitter moves completely to OAuth for 3rd party apps, Web Monkey
- Fake Tweetdeck update prompts Twitter to reset passwords of compromised accounts, The Register
- Critical vulnerabilities in RealPlayer, Zero Day
- Google’s project hosting service used to host malware, Zero Day
- Questions about the security of Twitter’s OAuth implementation, Ars Technica
- Security patches for Chrome on its 2nd birthday, Zero Day
- Apple patches iTunes security flaws, Zero Day
- New malware imitates browser warning pages, Slashdot
- Data stealing bug in MSIE 8, Slashdot
Security Alerts for the Week Ending 8/29/2010
I should have posted these yesterday, going by my usual schedule. Being on hiatus from the podcast is disrupting my usual force of habit though.
- phpMyAdmin updates close vulnerabilities
- Anti-virus products struggling against more recent styles of exploits
- More details on DLL load hijacking
- Microsoft confirms DLL load hijacking flaw
- ATM makers patch flaws demonstrated at Black Hat
- OpenSSH 5.6 arrives
- A convention for those who author malware
- Private info of 126K students exposed online
- Windows DLL vulnerability exploit in the wild
- Testing Android anti-malware apps
- Apple patches 13 OS X vulnerabilities
- Critical security holes in Adobe Shockwave
- Single botnet responsible for 40% of spam on the net
- Many hackers inadvertently send malware code to Microsoft
- Researchers cripple botnet
- VLC 1.1.4 fixes Windows DLL vulnerability
- Firefox adds support for HTTP strict transport security
Quick Security Alerts for the Week Ending 8/22/2010
- Virgin media to warn malware-infected customers
- Network solutions sites hacked by widget
- Network solutions pulls widget that tainted so many web sites
- Dislike button scam hits Facebook
- Short passwords hopelessly inadequate
- ColdFusion bug more serious than Adobe claims
- Android app may be secretly uploading GPS data
- Clickjacking could affect mobile devices too
- Data loss bug in CouchDB fixed
- Adobe to patch Black Hat bugs this week
- Facebook clickjacking scam
- Critical Xorg vulnerability quietly patched
- Facebook login page still leaks sensitive info
- Reintroducing a malware hash registry
- Researcher finds common flaws in 40 Windows apps
- Adobe issues fixes for critical Acrobat, Reader flaws
- Google closes critical vulnerabilities in Chrome 5
- Google makes good on its bug bounties
Security Alerts for the Week Ending 8/15/2010
- Foxit fix for iPhone PDF flaw
- Apple to patch iPhone PDF flaw this week
- Apple releases fix for iOS PDF exploit
- Cars hacked through wireless tire sensors
- Critical updates to Windows, Flash Player
- Dissecting a click fraud botnet
- Adobe warns of critical Flash player flaws
- New undetectable trojan empties bank accounts
Via Hacker News. - Opera fixes high severity vulnerability
- Chrome beta addresses autofill vulnerability
- Server based botnet drives massive SSH brute force attack
- Facebook bug could expose users’ names, photos
- Nagging security flaws in Windows auth protocol
- Critical QuickTime flaw hits Windows
- Security bug may enable snooping on Android, Palm Pre
- Blackhole your malware
Security Alerts for the Week Ending 8/1/2010
- Reputation service for malware vendors
- Timing attacks explained
Via Hacker News. - Firefox patch addresses critical plugin problems
- Google fixes critical vulnerabilities in Chrome 5
- Few victims of rogue antivirus software fight back
- Microsoft ships anti-exploit tool for admins
- Version 2.0 of NoScript add on for Firefox released
- Leaked user data from Facebook came from public info
- Hacker breaks into ATM, dispenses cash remotely
- Android wallpaper app snags user data, donwloaded by millions
Via Hacker News. - Android developer defends against accusations of stealing user info
Via Hacker News. - More on WPA2 crack
- Scareware as a fake Firefox add on
- Microsoft to release an emergency fix for exploitable shortcut flaw
Security Alerts for the Week Ending 7/18/2010
- Apple ranks first in security bug count
- Does Microsoft’s shared source program pose a risk when it includes China, Russia?
- Facebook for hackers shut down in Pakistan
- New version of Zeus malware kit targets banking credentials
- Oracle patches almost 5 dozen security holes
- Confusion clouds real malware threat
- Zero day reported to Microsoft by Googler fixed in 33 days
- Why you should always set a PIN for phone service voice mail
- 25,000 PCs attacked with latest Windows zero day flaw
- Experts warn of new Windows shortcut flaw
- Mozilla refreshes its security bug bounty program
- Windows token kidnapping flaw
- DNS root zone cryptographically signed but just another step along the way to securing DNS
- Intentionally woefully non-secure Linux distro
TCLP 2010-07-11 News
This is news cast 218, an episode of The Command Line Podcast.
In the intro, thanks to new donor, Scott, and a request that existing donor Ryan contact me so I can send him his merit badge. Also, there will be new feature cast this week. I need to catch up on writing features for the show and I will be attending two events in DC this week: What Does Light Taste Like and Decoding Digital Activism.
This week’s security alerts are researchers form collective in response to Microsoft’s dismissal of a security concern and REMnux, a linux distro designed for reverse engineering malware.
In this week’s news new quantum states could lead to new approaches to quantum computing, the Apache web server conquers the world, another constructive criticism of transparency, and the NSA is looking to implement domestic surveillance of our infrastructure though they are quick to deny any active monitoring.
Following up this week, two UK ISPs are taking the Digital Economy Act to High Court.
[display_podcast]
View the detailed show notes online. You can also grab the flac encoded audio from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.