目前分類:資安新聞 (704)
- Apr 24 Thu 2008 13:50
[CNET/NEWS]Web 2.0, meet Internet attack 2.0
- Apr 24 Thu 2008 13:43
[Secunia]phpMyAdmin Shared Host Information Disclosure
Secunia Advisory: | SA29944 | |
Release Date: | 2008-04-23 | |
Critical: | Less critical |
|
Impact: | Exposure of system information |
- Apr 23 Wed 2008 11:45
[中時電子報]青瓦台網路 遭駭客入侵
- Apr 22 Tue 2008 09:54
[Secunia]PHP-Fusion "submit_info[]" SQL Injection Vulnerability
Secunia Advisory: | SA29930 | |
Release Date: | 2008-04-21 | |
Critical: | Less critical |
|
Impact: | Manipulation of data |
- Apr 22 Tue 2008 09:35
[中國IT實驗室]Windows組件0Day漏洞 通殺IE6與IE7瀏覽器
中國IT實驗室4月21日報導:近日收到網友發來的郵件,反映了一個Windows 0Day漏洞。並在其博客中給出了相關代碼。
[0day]Microsoft Works 7 WkImgSrv.dll crash POC,dll版本7.03.0616.0,IE7+Windows XP SP2 測試通過。
- Apr 17 Thu 2008 11:15
[賽迪網]12%英美用戶越雷池 竊用未經加密Wi-Fi網絡
- Apr 17 Thu 2008 11:13
[賽迪網]賽門鐵克:微軟漏洞遭攻擊 用戶需速裝補丁
- Apr 17 Thu 2008 11:11
[賽迪網]黑客攻擊方式"變身" 可利用CPU漏洞控制PC
- Apr 17 Thu 2008 11:08
[賽迪網]Radware稱iPhone存安全漏洞 或致IE崩潰
- Apr 14 Mon 2008 12:27
[大砲開講]「台大推甄、個申榜單 網路提前曝光」之我見
- Apr 14 Mon 2008 12:26
[大砲開講]國立成功大學圖書館遭駭且被植入惡意連結
國立成功大學圖書館遭駭且被植入惡意連結,此惡意程式為 TSPY_MPASS.A,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: Danny)
對此網址,McAfee SiteAdvisor、趨勢科技網頁信譽評等和Google Search查詢結果,都顯示正常,此證明此種技術並非Web安全威脅的完美解決分案,換言之,資訊安全無法做到百分百的安全。
遭置換前首頁,如下圖所示:
- Apr 14 Mon 2008 12:20
[yohgaki's blog] GoogleのPython採用と脆弱性情報の関係
GoogleがカスタムアプリケーションのホスティングにPythonを採用しました。これにより多 くのセキュリティ研究者の研究対象がPythonに向けられ、PHPで報告されていたような問題がセキュリティ脆弱性して多數レポートされるようになるの ではないか、と予想していました。
さっそくセキュリティ脆弱性が多く発見されるライブラリの一つであるzlibライブラリにお馴染みの脆弱性が報告されています。
CVE-2008-1721
- Apr 14 Mon 2008 12:06
[SANS]Oracle April Patch Advance Information Posted
- Apr 14 Mon 2008 12:05
[SANS]Deja-Vu - database attack vector development
- Apr 14 Mon 2008 11:57
[JVNVU]632963 Microsoft Windows GDI におけるバッファオーバーフローの脆弱性
- Apr 14 Mon 2008 11:53
[SINA NEWS]美國政府單位成為網路黑客襲擊主要目標
- Apr 09 Wed 2008 16:07
[SANS]Symantec's Global Internet Security Threat Report
- Apr 09 Wed 2008 14:59
[EETimes]NXP RFID encryption cracked
Christoph Hammerschmidt | |
(04/01/2008 8:11 AM EDT) |
|
URL: http://eetimes.eu/industrial/207000946 | |
The Chaos Computer Club (Hamburg, Germany) has cracked the encryption scheme of NXPs popular Mifare Classic RFID chip. The device is used in many contactless smartcard applications including fare collection, loyalty cards or access control cards. NXP downplays the significance of the hack. | |
MUNICH, Germany — The Chaos Computer Club (Hamburg, Germany) has cracked the encryption scheme of NXPs popular Mifare Classic RFID chip. The device is used in many contactless smartcard applications including fare collection, loyalty cards or access control cards. NXP downplays the significance of the hack.
According to a report in Sueddeutsche Zeitung, Chaos Computer Club (CCC) experts along with colleagues from the University of Virginia cracked the encoding scheme with little effort. The achievement allows the crackers to read out data, recharge payment cards, copy RFID cards or generate "new" users. The Mifare Classic family is sold in large volumes. Its memory sports a capacity of 1 to 4 kByte, explained a spokesperson in NXPs Austrian RFID competence center. Since it is in the market since the mid-nineties, the proprietary 48-bit encoding scheme is not necessarily up to today's requirements. Nevertheless, NXP sees no necessity to modify the encryption. |
- Apr 09 Wed 2008 09:19
[ZDNet]HSBC admits loss of 370,000 customers' details
- Apr 07 Mon 2008 11:55
[F-Secure]Ms. Polinka wants your bank account
Ms. Polinka wants your bank account | Posted by Mikko @ 11:00 GMT | Comments (3) |
|
The mails claim to be from a Russian student girl looking for a local sex partner - or failing that, just a friend. The mail urges the recipient to check her photos at a site called livejournalhelper.cn (in China).