- Sep 11 Tue 2007 23:35
如何防止網頁篡改系統技術的比較
- Sep 11 Tue 2007 23:32
轉貼-【2007.08.31】關於中國網頁防篡改技術分析
- Sep 11 Tue 2007 23:18
微軟IE含競爭條件漏洞 可導致瀏覽器崩潰
- Sep 11 Tue 2007 16:11
IBM WebSphere Application Server Unspecified Vulnerability
Secunia Advisory: | SA26761 | |
Release Date: | 2007-09-10 | |
Critical: | Moderately critical |
|
Impact: | Unknown |
- Sep 11 Tue 2007 16:08
Debian update for phpmyadmin
Secunia Advisory: | SA26733 | |
Release Date: | 2007-09-10 | |
Critical: | Less critical |
|
Impact: | Cross Site Scripting |
- Sep 11 Tue 2007 16:06
lighttpd mod_fastcgi PHP Header Overflow
Secunia Advisory: | SA26732 | |
Release Date: | 2007-09-10 | |
Critical: | Highly critical |
|
Impact: | System access |
- Sep 11 Tue 2007 16:04
TorrentTrader Script Insertion Vulnerabilities
Secunia Advisory: | SA26551 | |
Release Date: | 2007-09-10 | |
Critical: | Less critical |
|
Impact: | Cross Site Scripting |
- Sep 11 Tue 2007 15:56
Seeing bubbles? Might be the Skype worm...
A Skype worm is going around. It's spreading via Skype's instant-messaging functionality (Skype Chat). Users receive messages from their friends with links to innocent-looking URLs along these lines: http://www.myimagespace.net/erotic-gallerys/[removed]/dsc027.jpg http://www.fakme.org/erotic-gallerys/[removed]/dsc027.jpg Although the links look like they are pointing to an image, they are not. Instead, they point to a page that will try to download a program called DSC027.SCR to your machine. We've seen at least two different versions of this malware so far. When run, they both display one of the default built-in wallpapers in Windows (Soap Bubbles.bmp):
- Sep 11 Tue 2007 15:34
RightMedia implicated again in Trojan attack
Brian goes on to report "The banner ads in question were traced back to an ad network exchange run by a company called RightMedia, which was recently bought by Yahoo!. The ads were being delivered to RightMedia's network from a third-party ad server. According to ScanSafe, those third-party servers included in their rotation several malicious ads that used Macromedia Flash files to load an invisible "iFrame" (used to insert content from another Web site into the current Web page)."
- Sep 11 Tue 2007 11:35
木馬竄改DNS設定 Google變色情網站
上週傳出因DNS(網域名稱系統)設定錯誤,導致台灣區首頁遭轉址的微軟MSN事件才剛平息,趨勢科技又警告用戶注意一個會竄改電腦DNS伺服器設定的木馬程式家族TROJ_DNSCHANG,感染後電腦將會向惡意DNS伺服器發送需求,使用者便可能被導引到錯誤的網站,「使用者將會被導引向釣魚和色情網站,騙取個人資訊或網站流量,」趨勢科技技術顧問簡勝財說。
- Sep 11 Tue 2007 11:33
新變種蠕蟲綁架Skype、關閉防毒軟體
近幾個月以來在Windows Live Messenger(MSN)使用者間傳佈、以相片作為誘餌的病毒疑似出現Skype版本。Skype台灣區總代理PChome Online今表示陸續接獲用戶與內部使用者發出疑似Skype病毒的通報指出,在收到Skype連絡人傳來的連結,點擊並下載、執行該連結指向的圖片檔後,便會發生Skype被強制停留在「勿打擾」狀態,無法更動、使用的狀況,且會持續送出該惡意連結給其他連絡人,「如同把Skype綁架,」 PChome Online行銷處總監曾薰儀說。
- Sep 10 Mon 2007 12:10
Microsoft to Spackle Holes in Windows, Messenger, Visual Studio
While only one—a vulnerability in Windows—is deemed critical, three of the advisories address vulnerabilities that can lead to system takeover: the Windows flaw, flaws in MSN Messenger and Windows Live Messenger, and holes in Visual Studio.
"If the Windows Messenger vulnerability lends itself to a chat-based attack vector, then organizations and users of the ubiquitous Microsoft Messenger should pay attention, because this would be a prime candidate for spreading malware and viruses," said Paul Zimski, senior director of market and product strategy for PatchLink, in a statement.
- Sep 10 Mon 2007 11:38
Analysts Predict Death of Traditional Network Security
According to them, in the next five years the Internet will be the primary connectivity method for businesses, replacing their private network infrastructure as the number of mobile workers, contractors and other third-party users continues to grow. In this new world, which Whiteley and Lambert called "Internet Everywhere," corporations will have to redefine network security and focus on data encryption, managing risk at the endpoint and having strict data access controls, they said.
Some corporations, such as the energy giant BP, have already taken big steps towards deperimeterization—a term created by the Jericho Forum to describe a strategy that focuses on protecting data with tactics such as encryption rather than traditional efforts aimed at fending off attacks from intruders at the network's boundary. BP has taken some 18,000 of its 85,000 laptops off its LAN and allowed them to connect directly to the Internet, the two said.
- Sep 10 Mon 2007 10:10
Apple issues security update for iTunes
Apple on Thursday morning issued a security update for iTunes. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7 or later and Windows XP and Vista. It addresses a vulnerability identified in CVE-2007-3752.
According to Apple, opening a maliciously crafted music file may lead to an unexpected application termination or arbitrary code execution. Specifically, a buffer overflow exists in the way that iTunes processes album cover art. By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution. Apple credits David Thiel of iSEC Partners for reporting this vulnerability.
- Sep 10 Mon 2007 09:49
More .Gov Sites Boobytrapped
I had just finished writing up this story of a European country with a defense agency site that's got its database dangling out for all the world to play with, when Exploit Prevention Labs Chief Technology Officer Roger Thompson pointed to about a dozen poisoned government sites that are hosting pages serving malware and porn.
Thompson says that he expects there are many more, which wouldn't surprise me—a quick Google search yesterday turned up plenty.
EPL reports that the hacked .gov sites are dishing out malware via drive-by download and social engineering. The front pages give off no clues of having been compromised, but they're hosting pages that serve junk. EPL has identified city governments such as lasalle, il and frenchsettlement-la as being compromised.