KernelTrap has a very interesting article about a recent attempt to sneak a "back door" into the Linux 2.6 kernel. Evidently someone managed to break into the CVS server that mirrors the kernel source tree and add a small patch allowing one to locally obtain "root" super-user access. Fortunately, during an export from the master BitKeeper version of the kernel source tree into the CVS mirror, the change was detected and quickly removed.
In these media-fueled times, when war is a television spectacle and wiping out large numbers of civilians is generally frowned upon, the perfect weapon would literally stop an enemy in his tracks, yet harm neither hide nor hair. Such a weapon might shut down telecommunications networks, disrupt power supplies, and fry an adversary's countless computers and electronic gadgets, yet still leave buildings, bridges, and highways intact. It would strike with precision, in an instant, and leave behind no trace of where it came from.
No hard evidence shows that terrorists are planning a cyberattack on the U.S. But if such an attack occurs, it is likely to be much more harmful than the current crop of relatively unsophisticated viruses and worms that have caused billions of dollars in damages, a cybersecurity expert said Monday.
Terrorism groups have planned cyberterrorism attacks for years, and those attacks are waiting for a vulnerability to trigger them, predicted Norm Laudermilch, vice president of managed security services for VeriSign.
L33tdawg: Every network security person has been banging on about 'security is a process not a product' for AGES, yet it still doesn't seem to make much difference when companies in Malaysia (for example) USUALLY do very little in terms of a proactive approach, thinking that a firewall is 'enough' (many a time these firewalls are poorly configured!) but rather take a 'wait and see' attitude. When they do get hax0red, invariably they panic and pay through their noses for external consultants, when it would have been so much cheaper to get everything locked down in the first place.
Hewlett-Packard has demonstrated how computer virus technology can be turned around to protect business networks against hackers and worms.
The company is researching new virus-like security technologies that are designed to identify vulnerable machines on company networks and shut them down
before malicious code strikes.
HP revealed this week that it had used the approach to protect thousands of machines on its network two days before the Blaster worm struck.