Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
A thief recently walked into a University of California, Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants, highlighting a continued lack of security that has increased society's vulnerability to identity theft.
Leading global telecommunications companies, Internet service providers and network operators will begin sharing information on Internet attacks as members of a new group called the Fingerprint Sharing Alliance, according to a published statement from the new group.
Purely objective information about security issues is becoming one of the scarcest commodities in the tech industry.
Corporations, government agencies and even consumers are tinkering with open-source software, which can be downloaded free from the Internet.
Doubts were cast this week over the security of three major software systems formerly regarded as safe havens from hacker attacks and viruses.
But experts argue that despite the new findings, these systems are still more secure than their Microsoft counterparts because hackers overwhelmingly target the Windows software.
Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.
Hackers gained personal information of 59,000 people affiliated with a California university - the latest in a string of high-profile cases of identity theft.
A M$ funded report released today indicates Windows Server 2003 may actually be more secure than its most popular Linux competitors.
It isn't like it was 'co-funded' by both Microsoft and Red Hat," said Michael D. "Mick" Bauer, senior editor of Linux Journal.
You may want to think twice before logging into a public wireless hotspot. Sure, grabbing a few minutes of connectivity is convenient, but identity thieves are discovering that, through "evil twin" attacks, hotspots are a great way to steal unsuspecting users' private information. So how does an evil twin attack work?
Internet attacks on businesses and other organizations increased by about 28 per cent in the second half of 2004 compared with the first six months of the year, and hackers are setting their sights on the rapidly emerging mobile-computing market, warns a report on Internet security to be released Monday.
The Presidential IT Advisory Committee (PITAC) has recommended the federal government sharply increase its spending on cybersecurity R&D and shift the focus to fundamental, long-term solutions to security challenges.
"The IT infrastructure is highly vulnerable to premeditated attacks with potentially catastrophic effects," PITAC warned in a letter submitting the report, titled Cyber Security: A Crisis in Prioritization, to the president. "These vulnerabilities put the nation's entire critical infrastructure at risk."
Although windows-centric, theregister has published an article on the lessening numbers of "Slammer-style worms". They attribute this decline to "the widespread use of XP SP2 and greater use of personal firewall" rendering "worms far less potent in the same way that boot sector viruses died out with Windows 95 and the introduction of Office 2000 made macro viruses far less common."
secunia.com has published "some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the others can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system."
BBC news has posted an article relating a study "by security researchers who have spent months tracking more than 100 networks of remotely-controlled machines. They discovered 'bot nets [were]used to launch 226 distributed denial-of-service attacks on 99 separate targets.'"
Sebastian Krahmer has reported a vulnerability in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon dcopserver. This can be exploited to lock the dcopserver for arbitrary local users. Successful exploitation may result in decreased desktop functionality for the affected user.
The vulnerability has been reported in versions prior to 3.4.
Solution: Upgrade to KDE 3.4 or apply patch.
Click for more information and links to patches.
Original information on dot.kde.org.