HackersBlog publicized on its site that it had breached the U.S. Web site of Moscow-based firm Kaspersky on Saturday and the Portugal site of BitDefender on Monday using the same attack techniques.Kaspersky said on Monday that no sensitive or customer data had been exposed in the breach and that it would ask a database expert to audit its systems. BitDefender said the site that had been breached belonged to an unnamed partner and no customer data was stolen.
Users of HP LaserJet printers need to apply a firmware update following the discovery of a potentially troublesome vulnerability.The security bug creates a means for hackers to gain access to files sent to printers via the web administration console on vulnerable machines. A security advisory from HP explains various versions of its HP Digital Senders as well as HP LaserJet printers and HP Color LaserJet printers are all potentially vulnerable.Users of HP LaserJet 2410, 2420, 2430, 4250, 4350, 9040, and 9050 series all need to upgrade their printer's firmware software to a secure version. HP Color LaserJet 4730mfp, HP Color LaserJet 9500mfp and HP 9200C Digital Sender users also need to update.
The justice system in Houston was thrown into disarray late last week after the infamous Conficker (Downadup) worm infected key systems.The infection forced municipal courts in the Texan city to shut down on Friday, and police had to temporarily stop making arrests for minor offences, such as those for outstanding traffic warrants or minor drug possession. "The people we pull over with outstanding traffic warrants will be issued a citation rather than being taken to jail," explained Houston Police Department spokesman John Cannon. "Anyone suspected of a violent crime will be taken to jail. We’re not cutting back on that."Meanwhile, bail bonds agencies report that the process of releasing prisoners and handling bond payments has slowed to a crawl.
An annual hacking challenge has put the security of browsers and smartphones in the firing line.The latest Pwn2own contest at CanSecWest next month will reportedly include challenges involving hacking into browser packages running on Windows 7 PCs and a separate contest involving breaking into next-generation smartphones. 3Com's TippingPoint security division is to sponsor both contests, due to take place at the Vancouver conference from 16 March.
At ESG, we have this concept called ubiquitous encryption. As more and more encryption technologies are baked into products and enter the enterprise, data will likely be encrypted everywhere--on hard drives, networks, database columns, file systems, tape drives, portable media, etc.Good news for data confidentiality and integrity but all of this encryption means tons of new encryption keys to create, protect, and manage. This situation has scared me for a while. If encryption keys are stolen, they can easily unlock secret data. If encryption keys are lost, critical data can turn into useless 1s and 0s.
The Federal Aviation Administration (FAA) is warning some 45,000 employees that their personal data may have been compromised in a hack of one of its computer systems.A notice about the FAA breach says that "an agency computer was illegally accessed and employee personal identity information was stolen electronically." Affected employees will receive individual letters to notify them about the breach, the notice says.
Several renowned white-hat hacker security sites have been hit during the past few days with a distributed denial-of-service attack (DDoS). Immunity, Milw0rm, and Packet Storm were in the clear as of this posting, but attackers were still hammering away at Metasploit.The attackers behind the DDoS -- which began on Feb. 6 and continued through the weekend on most of the sites -- deployed a massive botnet of some 80,000 zombies to flood the sites' domains with HTTP requests, according to Cisco researchers.
The Conficker botnet is proving to be a feisty bit of malware. It may never become a problem of Storm-sized proportions, but Conficker's authors seem determined to keep their system in play. Team White Hat, however, isn't giving up—OpenDNS and Kaspersky Lab announced on Monday, February 9 that they'd be working together to prevent Conficker from spreading once it's infected a network. There are two components to the new approach. First, Kaspersky Labs is capable of predicting what domains Conficker will attempt to contact, while OpenDNS' Botnet Protection feature prevents those domains from resolving internally. The result—at least in theory—is a cooped-up Conficker.The problem the two companies are trying to address dates back to a new version of Conficker we first covered three weeks ago. Dubbed Conficker.B, the newer model is capable of spreading via USB stick and attempts to crack the passwords of other local systems. Once it has found additional systems to sink its hooks into, Conficker fires up and begins spreading itself across the network; only one system need remain unpatched for an entire network of systems to become infected.
Mozilla Foundation chairperson Mitchell Baker contends that the inclusion of Microsoft's Internet Explorer web browser in the Windows operating system represents an ongoing threat to competition and innovation on the Internet. She supports the European Commission's investigation of Microsoft's bundling tactics and believes that remedies are needed to address Microsoft's alleged abuses. To that end, Mozilla intends to assist the commission by offering expertise about the browser market.The European Commission (EC) issued a finding last month declaring that Microsoft has abused its dominant position as an operating system vendor by tying its web browser to the Windows platform. The commission has sent a Statement of Objections to Microsoft which outlines the basis for the accusation. Microsoft will be given the opportunity to respond in formal hearings before the EU evaluates the possibility of imposing fines or other remedies.
Palm's Pre debuted with a bang at CES this past January and was arguably the star of the show. Palm has struggled to remain a relevant, profitable player in the smartphone market for years; the company's last major smartphone (the Centro, released in the fall of 2007) was reasonably well-received, but it couldn't entirely negate the barrage of negative criticism that hit Palm following the cancellation of the ill-fated Foleo.In a meeting with investors today, Palm President and CEO Ed Colligan confirmed that the company intends to leave its past behind and to devote itself entirely to its new webOS—after twelve-plus years, Palm OS is finally headed for retirement.
Novell has announced the official 1.0 release of Moonlight, an open source implementation of Microsoft's Silverlight rich Internet application framework. This release will make it possible for users of the Linux operating system to view content that is compatible with Silverlight 1.0.The Moonlight project emerged in 2007, shortly after Microsoft unveiled Silverlight at the MIX conference. When Microsoft officially released Silverlight 1.0, the company announced plans to provide specifications and test suites to Novell in order to facilitate development of a Linux-compatible version. Moonlight has evolved significantly over the past year and is now ready for widespread use.
The US commercial Iridium spacecraft hit a defunct Russian satellite at an altitude of about 800km (500 miles) over Siberia on Tuesday, Nasa said.The risk to the International Space Station and a shuttle launch planned for later this month is said to be low.The impact produced a cloud of debris, which will be tracked into the future.
Unix weenies everywhere will be partying like it's 1234567890 this Friday.That's because, at precisely 3:31:30 p.m. Pacific time on February 13, 2009, the 10-digit "epoch time" clock used by most Unix computers will display all ten decimal digits in sequence. (That's 6:31:30 Eastern, or 23:31:30 UTC.)
Since the Soviets launched Sputnik in 1957, it is estimated about 6,000 satellites have been put in orbit.Satellite operators are all too aware that the chances of a collision are increasing.
Nicholas Johnson, an orbital debris expert at the Johnson Space Center in Houston, was quoted by the Associated Press as saying that the Hubble Space Telescope and Earth-observing satellites at higher orbits and closer to the collision site were at greater risk of damage.
On point 9, I have a question for the European Commission. If Windows will come without Internet Explorer, how will the people download another browser from the web?-bgd77 (February 15, 2009, 07:49 AM)
