Friday, July 18th, 2008
Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson.
The code behind the Asprox botnet seems to have been around for quite some time ...
Posted in Internet, Privacy, Security | No Comments
Thursday, July 17th, 2008
Storm, Srizbi, and... Microsoft? Microsoft’s Office application security team actually runs its own internal botnet, which, among other things, “fuzzes” for vulnerabilities in Office applications.
Microsoft’s botnet isn’t anywhere near the size of Srizbi (over 300,000 bots at last count) nor any of the other mega-botnets -- it’s just a couple ...
Posted in Internet, Privacy, Security, Windows | No Comments
Thursday, July 17th, 2008
Several Cross Site Scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining *persistent* ...
Posted in Internet, Security, Windows | No Comments
Thursday, July 17th, 2008
Cryptography expert Bruce Schneier, in conjunction with a research group, has studied the security of TrueCrypt, to see whether it meets the specifications for a 'Deniable File System' (DFS) – implemented in TrueCrypt as hidden volumes – and is really able to conceal the existence of a volume within a ...
Posted in Internet, Privacy, Security, Software, Windows | No Comments
Wednesday, July 16th, 2008
Mozilla Corp. has patched a pair of critical vulnerabilities in Firefox, taking the unusual step of updating the older version 2.0 on Tuesday but delaying the fixes for the newer version 3.0 until Wednesday.
Both updates, labeled Firefox 2.0.0.16 and Firefox 3.0.1, plug two holes rated "critical" by Mozilla, which uses ...
Posted in Internet, Security | No Comments
