Microsoft Suspends Hotmail Attach-Photo Feature
Microsoft has temporarily suspended the Attach-Photo feature in Hotmail because of security issues. The problem lies in the way the feature interacts with Internet Explorer (IE). Hotmail users can still attach photos to their messages through other methods. Attach-Photo was disabled in late July; Microsoft plans to restore the feature by the end of September. Users complained because they were not notified that the feature would be removed.
http://www.theregister.co.uk/2009/08/21/hotmail_attach_photo_pulled/
http://www.computerworld.com/s/article/9136958/Microsoft_Hotmail_users_angry_over_pulled_photo_feature?source=rss_news
martes, 25 de agosto de 2009
Organized Criminals Trageting US Firms
Cyber Criminals Targeting Smaller US Firms; Get Millions
Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions.
The attacks are amazingly simple and the amount of money taken is large. The firms do not know how to protect themselves. In some cases where credit card theft has occurred, they have had to shut down because they lost the ability to process credit cards. Small businesses are being affected greatly by poor security practices. It isn't a risk issue. It is a survival one.
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?hpid=topnews
Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions.
The attacks are amazingly simple and the amount of money taken is large. The firms do not know how to protect themselves. In some cases where credit card theft has occurred, they have had to shut down because they lost the ability to process credit cards. Small businesses are being affected greatly by poor security practices. It isn't a risk issue. It is a survival one.
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?hpid=topnews
miércoles, 12 de agosto de 2009
Twitter and Facebook, Attack Spam Campaing
The denial-of-service attacks that hobbled Twitter and Facebook last week were not conducted through botnets, but instead were the result of a spam campaign aimed at a taking out accounts that belong to a pro-Republic of Georgia blogger. The social networking and blogging sites suffered deteriorating service as spam recipients clicked on links that pointed to accounts belonging to the blogger known as Cyxymu. The links pointed to Cyxymu's accounts on YouTube and LiveJournal as well. The blogger has written an open letter asking Russian President Dmitry Medvedev to launch an investigation to find the culprits.
http://www.theregister.co.uk/2009/08/07/twitter_attack_theory/
http://www.computerworld.com/s/article/9136379/Security_researchers_zero_in_on_Twitter_hackers
http://www.theregister.co.uk/2009/08/10/cyxymu_letter_to_medvedev/
http://news.bbc.co.uk/2/hi/technology/8194395.stm
http://voices.washingtonpost.com/securityfix/2009/08/twitter_facebook_google_attack.html
http://www.theregister.co.uk/2009/08/07/twitter_attack_theory/
http://www.computerworld.com/s/article/9136379/Security_researchers_zero_in_on_Twitter_hackers
http://www.theregister.co.uk/2009/08/10/cyxymu_letter_to_medvedev/
http://news.bbc.co.uk/2/hi/technology/8194395.stm
http://voices.washingtonpost.com/securityfix/2009/08/twitter_facebook_google_attack.html
Secrets, Invisible Cookies
Researchers from the University of California, Berkeley have reported that more than half of the Internet's websites are using Adobe Flash cookies to track users' behavior and interests, but these cookies are mentioned in just four privacy policies, though other suites mention the use of "tracking technology." Flash cookies differ from regular cookies because they are unaffected by browser privacy controls. Flash cookies are even being used to re-establish cookies for users after those users delete the more familiar cookies. The researchers' report was submitted earlier this week as a comment on the deferral government's proposal to re-establish the use of cookies on federal websites. For more information, see
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
martes, 11 de agosto de 2009
Revision del Libro IPv6 Security por Scott , Vyncke
Revision del libro "IPv6 Security "
IPv6 Security , por Scott Hogg y Eric Vyncke es un libro para lo que yo estaba esperando; en otros libros tales como IPv6 Essentials, 2 Ed, Running Ipv6 , IPv6 Networks Administration, son buenos, pero necesitaba mas informacion acerca de la seguridad en IPv6; este librolo cubre. Les recomiendo la lectura de este material
IPv6 Security , por Scott Hogg y Eric Vyncke es un libro para lo que yo estaba esperando; en otros libros tales como IPv6 Essentials, 2 Ed, Running Ipv6 , IPv6 Networks Administration, son buenos, pero necesitaba mas informacion acerca de la seguridad en IPv6; este librolo cubre. Les recomiendo la lectura de este material
Denegacion de Servicio a traves de paquetes SIP en Asterisk
Se ha confirmado la existencia de una vulnerabilidad en Asterisk, que podría permitir a un atacante remoto provocar una denegación de servicio en los sistemas vulnerables.
Asterisk es una aplicación de una central telefónica (PBX) de código abierto. Como cualquier PBX, se pueden conectar un número determinado de teléfonos para hacer llamadas entre sí e incluso conectarlos a un proveedor de VoIP para realizar comunicaciones con el exterior. Asterisk es ampliamente usado e incluye un gran número de interesantes características: buzón de voz, conferencias, IVR, distribución automática de llamadas, etc. Además el software creado por Digium está disponible para plataformas Linux, BSD, MacOS X, Solaris y Microsoft Windows.
El problema reside en el tratamiento de paquetes SIP específicamente creados, que podría provocar el consumo de toda la memoria disponible para la red SIP con la consiguiente caída del servicio. Aunque la vulnerabilidad se presenta en múltiples versiones de Asterisk, solo es potencialmente explotable en las versiones 1.6.1 y superiores, ya que esas versiones son las primeras que han permitido superar los paquetes SIP de 1.500 bytes.
El problema se encuentra solucionado en las versiones 1.2.34, 1.4.26.1, 1.6.0.12 y 1.6.1.4.
Para la descarga de la correción:
Asterisk Project Security Advisory - AST-2009-005
Remote Crash Vulnerability in SIP channel driver
http://downloads.asterisk.org/pub/security/AST-2009-005.html
Asterisk es una aplicación de una central telefónica (PBX) de código abierto. Como cualquier PBX, se pueden conectar un número determinado de teléfonos para hacer llamadas entre sí e incluso conectarlos a un proveedor de VoIP para realizar comunicaciones con el exterior. Asterisk es ampliamente usado e incluye un gran número de interesantes características: buzón de voz, conferencias, IVR, distribución automática de llamadas, etc. Además el software creado por Digium está disponible para plataformas Linux, BSD, MacOS X, Solaris y Microsoft Windows.
El problema reside en el tratamiento de paquetes SIP específicamente creados, que podría provocar el consumo de toda la memoria disponible para la red SIP con la consiguiente caída del servicio. Aunque la vulnerabilidad se presenta en múltiples versiones de Asterisk, solo es potencialmente explotable en las versiones 1.6.1 y superiores, ya que esas versiones son las primeras que han permitido superar los paquetes SIP de 1.500 bytes.
El problema se encuentra solucionado en las versiones 1.2.34, 1.4.26.1, 1.6.0.12 y 1.6.1.4.
Para la descarga de la correción:
Asterisk Project Security Advisory - AST-2009-005
Remote Crash Vulnerability in SIP channel driver
http://downloads.asterisk.org/pub/security/AST-2009-005.html
Suscribirse a:
Entradas (Atom)
