Networking

Got this from MSNBC.

Visit an attacker's webpage using Microsoft's browser on Microsoft's operating system, and the attacker can execute arbitrary code on your system with your full privileges. Oh, and thanks to Microsoft innovation - you may remember this from the trial - the browser is integrated with the OS, so reading email from an attacker (opening attachments not necessary) also gives them full access to your machine. MSIE 5.5 is vulnerable, and MSIE 5.01 is vulnerable unless you've installed Internet Explorer 5.01 Service Pack 2.

Saw this over at SNN

Saw this over at SNN

Many companies spend a serious amount of money on securing their computer hardware, networks and data. According to Safeware, the Columbus, Ohio computer insurance agency, in 1999, 92% of computers stolen in the U.S were notebooks which generally are taken out of the secure office environment, yet still contain easily accessible sensitive or confidential data. Nowadays there are many low cost security tools available for notebooks, but are they being used and are they enough to protect your data?

This is the latest information that I got from alldas.de. Defacement

is getting serious in Malaysia, and here's a short list of defacements by "industry" to prove it.

Universities:

MMU

UKM

UITM

USM and

UM

Local Authority Sites

PKNS

BAKSA

Perkeso

JPJ and MPSJ

Private Sector

Midvalley

Affin Bank

SecurityFocus just announced the start of their new service, ARIS (Attack Registry and Intelligence Service) Analyzer. The service allows you to submit logs from several different intrusion detection systems automatically and quasi-anonymously. Looking at the front page, they seem to have over 700,000 incidents already reported since starting.

Saw this over at SNN

Someone Posing as MS empolyee convinced Verisign to issue him/her a digital certificate in MS's name. This Cert can be used for a multitude of things. Rouge ActiveX controls, and Macros viruses are among the hundreds of possibilities.

Read More Here

The Honeynet Project is setting up decoy boxes and systems to lure evilflagburningterrorist 'hackers' and to watch and learn what they do. Other than the fact that this decoy is one of the oldest tricks in the book, what's hilarious is that a project member summarized that "Many don't crack a system because they want to access information, they crack it simply because they can".

Gee, what a revelation! Got this from a WiReD article which reported this here.

Saw this over at SNN