Cisco Systems has released patches for a pair of security flaws that were discovered in its Aironet 1100 series wireless access points.
One flaw would have allowed an attacker to use a "classical brute force" technique to discover account names, according to security troubleshooter Vigilante. Vigilante said the second flaw could freeze the access point and bring down the wireless access zone. Cisco posted advisories on the flaws Monday.
Jesse Tuttle was sure he had made a good deal two years ago when he agreed to help the government safeguard sensitive computer systems against hackers, thieves and terrorists.
For Tuttle, a computer hacker known around the world as "Hackah Jak," it was the chance of a lifetime.
The deal would help him avoid prosecution on computer hacking charges and would pay him to do something he loves: search the Internet for vulnerable computer systems. If he found one, he says, he wrote a report about it for the FBI in Cincinnati.
IT departments that fail to revoke access rights to critical systems risk exposing their firms to security breaches by former employees, new research has found.
More than half the UK workforce would be prepared to seek revenge on former employers by exploiting continued access to corporate systems if they were unhappy at losing their job, according to research by software vendor Novell.
Security experts stressed that this shows the importance of having good policies in place to deal with staff leaving and to provide legal protection.
l33tdawg: This is CERTAINLY a big one. Kiddies around the world are really going to have a field day with this sploit. :|
Hackers have moved quickly to exploit the critical flaw in Microsoft's Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface.
Workable exploit code is now in circulation on hacking mailing lists. Earlier versions were ineffective but the latest code seems to be working.
Microsoft released a patch for the critical flaw on 16 July.
Mod_mylo is an Apache module designed to log HTTP requests to a MySQL database.
Insufficient bounds checking on a buffer in the logging section of the code could allow a remote attacker to overwrite saved data on the stack and execute commands under the privileges of the Apache daemon user, typically 'www'.
This software is so unpopular it probably only affects a handful of users. The main category of people affected will probably be those that have FreeBSD and mod_mylo installed from the ports collection.