While most of the tech world had its eyes focused on the big Consumer Electionics Show in Las Vegas this week, spammers and malware writers were getting their operations cranked up for 2008 with a new Master Boot Record rootkit and iPhone Trojan.
Microsoft has fixed a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack. IDG News Service, 01/08/08.
Microsoft顾问:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
Related alert:
US-CERT: Microsoft Updates for Multiple Vulnerabilities
**********
Seven new patches from Ubuntu:
**********
Seven news updates from Debian:
Dovecot (programming error, information disclosure)
mysql-dfsg-5.0 (multiple flaws)
**********
Four new fixes from Mandriva:
**********
Five new patches from Gentoo:
Claws Mail (temp files, symlink attack)
**********
Today's malware news:
While not a huge risk, the first Trojan for the iPhone has been discovered. The first reports came from iPhone enthusiast site Modmyifone.com and were later confirmed by security research company F-Secure. MacWorld, 01/08/08.
F-Secure: Trojan Software for iPhone
Nugache worm kicking up a Storm
虽然臭名昭着的风暴蠕虫在2008年作为世界上最危险的僵尸网络的声誉进入,但安全专家表示,有一个名为Nugache的上升,这可能会为其赚钱而努力。有个足球雷竞技app网络世界,01/07/08。
From BootRoot to Trojan.Mebroot: A Rootkit in Your MBR!
There have been recent reports of an MBR (Master Boot Record) rootkit in the wild and, of course, we have been following up these reports and doing our own analysis. An MBR is the first sector of a storage device such as a hard disk, and is generally used for bootstrapping the operating system after the computer's BIOS has done its startup checks. Basically, if you can control the MBR, you can control the operating system and therefore the computer it resides on. Symantec Security Response blog, 01/08/08.
垃圾邮件战争愤怒。对于每种技术,垃圾邮件发送者提出来,防御将垃圾邮件发送到新技术,以每天在互联网上播放的猫和小鼠的一个令人惊叹的快速游戏中。来自坏人的最新排球?音频垃圾邮件。CSO,01/08/08。
Spammers hijack Microsoft site to push pill popping
Spammers have found another great place to hide spam URLs in plain sight - on Microsoft's Live SkyDrive file sharing service. TechWorld, 01/09/08.
**********
来自有趣的阅读部门:
'Hacker safe' Web site gets hit by hacker
Just because a Web site has a certification claiming that it is virtually hackproof, that doesn't necessarily mean it's immune to all intrusions. Computerworld, 01/07/08.
在这些“暴风雨”时代,在赛门铁克的时候,我们经常警告用户在未经请求的电子邮件中遵守以下链接。它可以被视为巧合,然后我直接收到了以下宝石到我的工作电子邮件。Symantec安全响应博客,01/07/08。
Mass hack infects tens of thousands of sites
Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend. Computerworld, 01/06/08.
Boeing Dreamliner could be vulnerable to hackers
The electronics of Boeing's new 787 Dreamliner jet could be vulnerable to hackers due to the way critical flight systems are linked with those used by passengers, the U.S. Federal Aviation Administration has warned. IDG News Service, 01/07/08.
Researcher says Sears downloads spyware
注册新的营销计划的西尔斯和kmart客户可能会放弃比他们讨价还价的私人信息,这是一个突出的反间谍软件研究人员声称。IDG新闻服务,01/01/08。
It is proving to be the e-mail that wont go away. The Australian Tax Office is again warning people about a fraudulent e-mail that claims to offer recipients a tax refund. Computerworld, 01/07/08.
A majority of organizations are creating unnecessary risks by using actual customer data for the development and testing of applications, according to a survey by Compuware and the Ponemon Institute. Computerworld Uk Staff, 01/09/08.
使用手机的学生attics,iPods意味着学校IT人员的胃灼热
学生喜欢他们的iPod,手机和社交网站,但学校IT管理人员正在发现技术的不端行为的行为挑战是他们的网络安全挑战。有个足球雷竞技app网络世界,01/08/08。
Report: IRS information security still poor
根据周二的高报告称,将纳税人信息持续存在纳税人信息的“普遍”信息安全弱点。根据周二的高报告,在美国政府问责办公室据确定,在修复美国政府问责办公室的数十项问题方面取得了有限的进展。IDG新闻服务,01/08/08。
美国国土安全部(DHS)臭虫固定方案已经在180年在180次广泛使用的开源软件项目中揭开了每1000条代码的一个安全故障。TechWorld,01/09/08。
Aaron Weaver has made a discovery the world could probably do without: He's found a way to spam your printer from the Web. IDG News Service, 01/09/08.