目前分類:資安新聞 (704)
- Oct 03 Wed 2007 09:34
iPhone Security Hellhole?
- Oct 03 Wed 2007 09:30
軍方文件洩密 突顯資訊控管漏洞多
軍方爆發文件洩密案,再次突顯資訊控管慎防漏洞的重要性,資安專家說。
根據媒體報導,因國防部小兵違反規定,將未能切碎的機密文件賤賣給民間回收業者,導致軍事機密被一一拼湊出。令平時強調保密防諜、且投入巨資購買設備的軍方資訊外洩,最後敗在看似不起眼的疏漏。
值得注意的是,這已不是第一次軍方資訊外洩的新聞。專家指出,資訊安全工作繁複,科技、人、流程都是可能的資訊漏洞所在。
- Sep 28 Fri 2007 09:47
專訪WhiteHat CTO:Web應用使邏輯漏洞危害更大
網頁應用程式安全評估專家、網頁應用程式安全聯盟(Web Application Security Consortium, WASC)創辦人、WhiteHat技術長Jeremiah Grossman今(27)日應OWASP(開放Web軟體安全計劃)台灣分會之邀,來台參與OWASP亞洲年會並發表演說。
網頁應用程式安全專家認為,商業流程中可能隱藏的小缺失,在進入Web情境後,其風險將會被擴大,影響更多人。
- Sep 28 Fri 2007 09:35
Tk GIF Processing Buffer Overflow Vulnerability
Secunia Advisory: | SA26942 | |
Release Date: | 2007-09-27 | |
Critical: | Moderately critical | |
Impact: | DoS System access |
- Sep 28 Fri 2007 09:33
F-Secure Archives and Packed Executables Detection Bypass
Secunia Advisory: | SA26948 | |
Release Date: | 2007-09-27 | |
Critical: | Not critical | |
Impact: | Security Bypass |
|
Where: | From remote |
- Sep 28 Fri 2007 09:30
Cisco Catalyst 6500 / Cisco 7600 Series Devices Accessible Loopback Address Weakness
Secunia Advisory: | SA26988 | |
Release Date: | 2007-09-27 | |
Critical: | Not critical | |
Impact: | Security Bypass |
|
Where: | From local network |
- Sep 28 Fri 2007 09:27
Xen pygrub Command Injection Vulnerability
Secunia Advisory: | SA26986 | |
Release Date: | 2007-09-27 | |
Critical: | Less critical |
|
Impact: | Security Bypass |
- Sep 26 Wed 2007 12:32
Cards, Cards, Cards, Baked Beans, Cards, Cards...
- Sep 26 Wed 2007 11:32
Firefox Won't Save You from IE Flaws
Researcher Petko D. Petkov said in a Sept. 18 blog posting that he's found that a fully patched Windows XP Service Pack 2 system running Internet Explorer 6 or 7 along with Windows Media Player 9—the default, although the media player is now up to Version 11—will open any page of an attacker's choice even if the default browser is not Internet Explorer.
- Sep 26 Wed 2007 11:29
Researcher Publishes Apple Wi-Fi Exploit Details
Errata Security Chief Technology Officer David Maynor published the details in an article in the September issue of Uninformed, an online security research magazine.
- Sep 26 Wed 2007 11:24
Critical Zero-Day PDF Bug Compromises Windows PCs
"All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one," said researcher Petko D. Petkov, aka pdp, in a blog posting on Sept. 20.
Petkov said he's closing the season with this highly critical flaw—a season that's included, at least in the past two weeks, his discovery of a slew of serious vulnerabilities in meta media files: a QuickTime flaw that can be used to hijack Firefox and Internet Explorer; a simple method of loading HTML files into Windows Media Player files; and an easy, six-step method by which to penetrate Second Life accounts with an IE bug.
- Sep 26 Wed 2007 11:19
iPhone hackers say 'relock' on the way
- Sep 26 Wed 2007 10:45
[大砲開講]台灣鹽博物館網站遭駭
台灣鹽博物館網站遭駭,在這裡要注意的是這個網站有可能被植入惡意連結或惡意程式碼,所以,他們的網管應該要找出系統或軟體的安全漏洞,然後,儘快修補這些漏洞,而不是只是移除/修改那些遭駭的檔案。
詳文請按 rogerspeaking.blogspot.com/2007/09/blog-post_651.html- Sep 26 Wed 2007 10:43
[大砲開講]臺灣文學年鑑資料庫網站被植入惡意連結
臺灣文學年鑑資料庫網站被植入惡意連結,此惡意程式為 TROJ_DELF.HYF 或 Trojan-PSW.Win32.Maran.kf,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。
- Sep 26 Wed 2007 10:41
[大砲開講]哈日第一台 JET TV 網站又被植入惡意連結
詳文請按 rogerspeaking.blogspot.com/2007/09/jet-tv.html
- Sep 26 Wed 2007 09:39
[大砲開講]主題酷網站被植入惡意連結
詳情請按 rogerspeaking.blogspot.com/2007/09/blog-post_26.html
- Sep 26 Wed 2007 09:37
[大砲開講]KimoG 奇檬子心情留言網被植入惡意連結
詳情請按 rogerspeaking.blogspot.com/2007/09/kimog.html
- Sep 26 Wed 2007 09:35
[大砲開講]VIP生活網被植入惡意連結
VIP生活網被植入惡意連結,此惡意程式為 Trojan-PSW.Win32.OnLineGames.dky,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。
- Sep 26 Wed 2007 09:33
[大砲開講]開南大學應用日語學系網站被植入惡意連結
開南大學應用日語學系網站被植入惡意連結,此惡意程式為 WORM_RBOT.GBG,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。
詳情請按 rogerspeaking.blogspot.com/2007/09/blog-post_8192.html- Sep 17 Mon 2007 12:57
預警:關閉殺毒軟件修改系統時間的木馬
今日提醒用戶特別注意以下病毒:
"AUTO病毒18032"(Win32.Troj.Agent.18032)和"網遊盜竊者xd"(Win32.Troj.OnlineGames.xd.31232)。 "AUTO病毒18032" (Win32.Troj.Agent.18032)這是一個木馬程序。 "網遊盜竊者xd"(Win32.Troj.OnlineGames.xd.31232)這是一個盜號木馬。