A single misconfigured server exposed broadband provider Excite@Home's internal corporate network to hackers for at least three months, making its customer list of 2.95 million cable modem subscribers accessible to anyone with a web browser and a modicum of cyber smarts, SecurityFocus has learned.
The servers of open source development site SourceForge have been compromised.
Active subscribers to the site, which is owned by VA Linux, received the following terse message from its administrators.
"This week, one of our systems was compromised. We have promptly taken the necessary steps to correct this situation," the message said.
"You have been contacted, because according to our log files, you have used SourceForge during the past week and may have used the system that was compromised."
The Business Journal of Florida
reports that servers owned by Web
hosting company, InControl Online
were hit by hackers. CEO Bruce
Franklin said he battled hackers
in a hand to hand - byte to byte
confrontation.
Turbolinux warned that their "pmake" package contains a vulnerability that may allow local users
to execute arbitrary code on the server and gain root level privileges. Pmake is a
multiprocessor version of the GNU Make utility.
What do you all think?
The full news is at Wired. I personally like Max's work on penetration testing etc. I have done some of the same things myself, and I have to say, his IDS signatures are awesome! In a nutshell, I think he has done a lot for the security community. Anyway, read on, and post your comments.
You'd be amazed at what you can find out there in other people's computers: confessions, obsessions and other personal matters. The best part is, snooping is perfectly legal, because Napster taught the world how to share
Hackers have long enjoyed the thrill of rifling through other people's computer hard drives. Now we can all have a go. Last week, using the same marvelous technology that powers music-swapping service Napster, I unearthed material from strangers that I'm quite sure they would rather I didn't go public with...
When hackers want to breach your systems, they typically look for well-known security flaws and bugs to exploit. In the past, vendors and hackers gave different names to the same vulnerabilities. One company might package a group of five vulnerabilities into a patch or service pack and call it by one name, while another vendor might call the same group by five separate names.
There are no front lines in an information war, no fiery explosions. The enemy's
camp is a cube on the other side of the globe. Their target? Your business.
Vulnerability in Oracle E-Business
Suite Release 11i Applications
Desktop Integrator
Overview
Multiple vulnerabilities have been identified and fixed in CBOS, an
operating system for the Cisco 600 family of routers. Cisco CBOS
Software contains a flaw that permits the successful prediction of
TCP Initial Sequence Numbers. It only affects the security of TCP
connections that originate or terminate on the affected Cisco device
itself; it does not apply to TCP traffic forwarded through the
