Microsoft has issued an advisory about a new vulnerability being discovered in IIS6 WebDAV component which leads to authentication bypass and can allow an attacker to gain access to the web server and upload malicious files which can lead to a complete compromise of the system.
Till the vulnerability is confirmed, Microsoft has asked users to disable WebDAV and apply ACLS.
The Microsoft Advisory can be found at microsoft technet security website and more details about this vulnerability can be found in this pdf at SecLists.Org.
Latest posts
China develops most secure OS Kylin
China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies.
The secure operating system, known as Kylin, was disclosed to Congress during recent hearings that provided new details on how China's government is preparing to wage cyberwarfare with the United States.
"We are in the early stages of a cyber arms race and need to respond accordingly," said Kevin G. Coleman, a private security specialist who advises the government on cybersecurity. He discussed Kylin during a hearing of the U.S. China Economic and Security Review Commission on April 30.
The deployment of Kylin is significant, Mr. Coleman said, because the system has "hardened" key Chinese servers. U.S. offensive cyberwar capabilities have been focused on getting into Chinese government and military computers outfitted with less secure operating systems like those made by Microsoft Corp.[source]
70GB Personal Data stolen with Torpig Botnet
On: Tuesday, May 5, 2009
Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data.
The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials. [source]
The botnet, known as Torpig or Sinowal, is one of the more sophisticated networks that uses hard-to-detect malicious software to infect computers and subsequently harvest data such as e-mail passwords and online banking credentials. [source]
Most Secure Windows XP from Microsoft
It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it.
The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as a template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us. [source]
A-Z of security
On: Wednesday, April 22, 2009
A-Z of security
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan
K is for Kids (Parental Control)
L is for Love Bug
M is for Mircosoft
N is for Neologisms
O is for Orange Book
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Got this list from silicon.com
Subscribe to:
Posts (Atom)
