Kieren McCarthy, writing for the Register, reports about the two-inch-high lady dancing on your PC for people who downloaded and installed VirtualGirl. The software does install a little bit of spyware on your PC.
Researchers have found a security hole in Oracle's 8i database program that could let an
outside attacker take over the software and--in the case of a Windows computer--the entire
system.
Researchers at Covert Labs, part of Network Associates' PGP Security group, discovered the
vulnerability and ranked its risk as "high." Oracle has acknowledged the problem, fixed it in the
newest 9i version of its software and issued a patch for the earlier releases.
A Japanese computer enthusiast named 'HighSpeed Junkie' has developed an attack script for a recently-identified unchecked buffer in the Microsoft IIS (Internet Information Services) Indexing Service ISAPI filter, which, if exploited, can yield system-level access to an intruder.
At issue is IDQ.DLL, a component of Index Server (or 'Indexing Service' in W2K) which supports administrative scripts (.IDA files) and Internet Data Queries (.IDQ files). The library is installed by default on all IIS versions and implementations..
By Kurt Seifried
Once you have Linux up and running on your computer or your network and have installed your applications, you are all ready to go, right? Well, yes and no. Your system may be running, but until you consider security issues you are potentially leaving yourself open to serious trouble.
A lot has been written in the popular media about the effects of hostile coordinated traffic attacks (hacking), and, as a sysadmin, I find my systems increasingly under attack by hostile sources. Two years ago, we got mapped and port-scanned for vulnerabilities once a month. One year ago the scan frequency was up to once a week, and these days we get scanned several times a day with real attack attempts at least once a week. The Internet is becoming an increasingly hostile place and the traditional defenses and documentation of attack systems seems woefully inadequate.
Time has apparently run out for Internet
e-commerce sites to fix a critical software flaw
that exposes customer credit card numbers. In
the past few days, dozens of URLs have been
posted in Internet chat rooms linking to small
Web sites that hadn’t patched their flawed
shopping cart programs. The flaw is so
widespread that some of the URLs containing
customer information are being picked up by
The infamous Unicode IIS Web server exploit can also be used as a denial of service attack tool. Gray hat hacker Big Poop has published a site on the Internet explaining how the Unicode bug, which permits the execution of commands on a Web server, can be used to tie up system resources so that legitimate users can't access a site - a classic DoS attack technique.
SecureInfo.com is blaming PoisonBOx for leaving tens of thousands of San Antonians without Internet access the day before. Hackers targeted a commercial customer of STIC.NET, a San Antonio-based Internet service provider, but it created a domino effect that brought Internet access to a halt for 18 hours Wednesday.
A coalition of companies and Internet user groups on Monday released its first set of minimum security standards for an operating system, in an effort to encourage vendors to ship systems that are less susceptible to hacker attacks.
