DNS flaw mistakenly published


Matasano Security inadvertently confirmed a blog posting that speculated on the technical details of the DNS cache poisoning flaw discovered by Dan Kaminsky. Matasano immediately removed its blog posting, but copies were soon circulating on the Internet. The company has since apologized on its blog. Kaminsky is scheduled to discuss the vulnerability at the upcoming Black Hat conference in August and had asked the security community to hold off on discussions about the bug to give users time to patch their systems. Kaminsky found the bug several months ago and worked with software vendors to create a fix for the flaw, which was released in early July. On his blog, Kaminsky writes, “Patch. Today. Now. Yes, stay late.” (InfoWorld

BlackBerry PDF vulnerability fixed


A vulnerability in the BlackBerry Enterprise Server (BES) that could let attackers try to get users to open malicious PDFs attached to email has been patched by Research In Motion (RIM). (Computerworld)

Web site of Georgian president falls in DDoS attack


The Web site of Mikhail Saakashvili, the president of Georgia, was knocked offline from Saturday to early Sunday by a distributed denial-of-service (DDoS) attack launched by a botnet. The Shadowserver Foundation, an all-volunteer watchdog group of security professionals, identified the attack’s command-and-control (C&C) server as based in the US. The C&C server used botnets to flood the president’s Web site with TCP, HTTP, and Internet control message protocol (ICMP) attacks. The attackers and motive have yet to be identified. (Techworld)

New malware analysis tool to be unveiled at Black Hat


A security researcher will release a new malware analysis tool based on Intel VT at the Black Hat conference in August. Paul Royal, a researcher at Damballa, will release Azure, an external hardware tool that detects and analyzes malware at the instruction or Windows API level. Azure uses Intel VT, a virtualization tool, to create a full-scale virtual environment outside of the operating system for malware analysis. Azure lets users infect the virtual environment with malware without the malware detecting the virtual environment. In a test to detect 15 widely used malware obfuscate applications against other malware analysis tools—Saffron and Renovo—Azure was the only tool to detect all 15 malware packing tools. (Dark Reading)

Free tool to detect DNS flaw released


DNSstuff has released DNS Vulnerability Check, a tool to check domain name servers for the cache poisoning flaw announced earlier this month by Dan Kaminsky. DNSstuff’s tool redirects to a specially designed URL that encodes a user’s IP address. The URL resolves to several unique URLs, resulting in several DNS queries. DNSstuff records the IP addresses of the DNS servers making the requests, the source port for the queries, and the query IDs in the DNS packet headers. The tool compares the lookups and displays vulnerability information. (eWeek)

University can publish details of Oyster smart card crack


A Dutch court has ruled that Radboud University can publish a paper thatdetails how university researchers cracked the Oyster smart card used on the London Underground. In the paper, researchers discuss how they cracked the card in June, rodethe London Underground free, and executed a denial-of-service attack that jammed Underground gates. The manufacturer of the card, NXP Semiconductors, sought to halt publishing of the paper and give itscustomers time to secure their card systems. A university spokesman saidit had already decided to delay publication until October. However, the university hasn’t released a publication date. (ZDNet UK)

Encryption software still open to data leaks


Researchers at the University of Washington and BT have discovered that users who partially encrypt portions of their hard drives might still be vulnerable to data leaks. In a paper to be presented at the Usenix HotSec Workshop in San Jose, California in July, researchers detail how programs such as Microsoft Word and Google Desktop store data on unencrypted areas of the hard drive when working with encrypted files. The researchers were able to recover copies of the Word documents stored in a hard drive’s encrypted partition and read snapshots of encrypted files when Google Desktop’s Enhanced Search option was enabled. The potential for data leaks occurs with partially encrypted hard drives, virtual disks, and encrypted USB devices. The researchers say that full-disk encryption still offers the most protection. (Techworld)

ISP tracked sites visited by users without notification


Embarq, a Kansas-based ISP with roughly 1.3 million users in 18 states, used deep-packet inspection technology to track the sites its users visited without notifying them. The US House Energy and Commerce subcommittee on telecommunications and the Internet will discuss whether Embarq’s actions violated users’ rights and federal wiretapping laws. Embarq used technology by NebuAd to track, collect, and analyze users’ browsing activity and directly targeted advertising to them. Lawmakers will try to find out in which states Embarq used the technology, how many users were affected, and why the company didn’t inform users of its actions. (The Washington Post)

Asprox attack compromises 1,000 high-profile domains


In a blog posting, security company Finjan identified more than 1,000 Web site domains serving up the Asprox malware attack. Several well-known sites are among those infected, including the UK National Health Service, University of California, and Snapple. Unsuspecting visitors to the compromised sites might find their machines infected with a Trojan. Finjan’s SecureBrowsing in-the-cloud security tool detected the infected Web sites. (Finjan)

BlackBerries vulnerable to PDF flaw


A vulnerability in the way the BlackBerry Attachment Service processes PDFs leaves enterprise networks open to attack, according to Research In Motion, maker of the BlackBerry. RIM has yet to issue a patch for the flaw, but advises users to disable the BlackBerry Attachment Service that lets them view PDFs on their BlackBerries. Vulnerable systems include devices running BlackBerry Enterprise Server software versions 4.1 Service Pack 3 (4.1.3) to 4.1 Service Pack 5 (4.1.5). (ZDNet)

Showing 3,791 - 3,800 of 4,575 results.
Items per Page 10
of 458