Saw this over at SNN
Well it's official -- Palm security is now on the radar screen of Fortune 500 (er, Forbes) executives. An article in their current "Best of the Web" issue advises readers to protect their Palm PDAs with the password-protection feature of the OS. While we certainly applaud security consciousness-raising efforts in the mainstream press, in this case Forbes readers may be lulled into a false sense of security.
Saw this over at SNN
Cracking the license mechanisms of commercial software packages and then sharing the fruits of that labor has been part of the underground scene for years. Now, the developer of a tool designed to crack password protected web sites has automated the tool so that each time a user cracks a site, that information is sent to a site where the rest of the user base can share the user names and passwords of the cracked sites.
Web surfers trading free music and other digital goods over one of the Web's most popular file-swapping networks are sharing much more: sensitive data files that could expose them to identity theft.
One of several file-swapping networks coat-tailing on Napster's success, Gnutella allows people to open the contents of their computers to create a virtual swap meet for MP3s, software, video and text files. A recent casual search of the system revealed scores of files that could compromise the service's users.
Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. This effectively allows an attacker to overwrite arbitrary portions of memory". Practically all common versions of SSH1 are affected, except OpenSSH 2.3.0. A fix is already in the works, so stay tuned for that.
Well I'm surprised I haven't seen anything like this before. Granted I may not have been looking about too hard for it. Security experts are begining to get worried over Gnutella and other file sharing networks. Their reason for concern? Cookies. Apparently a badly configured share with Gnutella or other P2P network connection can leave users open to identity theft. Far too often, people will open up their entire hard drive and allow people to download any files from their system, including cookies, which may contain sensitive bits of data. Personally, I just use these things to leech.