Contribute  :  Calendar  :  Advanced Search  :  Site Statistics  :  Directory  :  About  :  Cartoons  :  Web Resources  :  Polls  
    geekinfo.net ...for all that other stuff    
 Welcome to geekinfo.net
 Wednesday, June 28 2017 @ 07:31 CEST

The Windows Shatter attack

  View Printable Version 
Security

Freelance security consultant Chris Paget have written a paper explaining how to escalate your privileges from Guest User to LocalSystem just by having physical access to (or even just a desktop. Think Citrix) a PC running Windows.

The trick involves sending control messages from a window to another, exploiting the fact that no authentication is ever done as from where the messages arrives from or indeed if they have any business talking to the window in question.

 
read more (34 words) Post a comment
Comments (2)

A FreeBSD Security Checklist

  View Printable Version 
SecurityFrom Daily Daemon News:
I recently assembled a checklist of security-oriented operating system configuration changes for FreeBSD servers.
 
read more (84 words) Post a comment
Comments (0)

Eliminating Root with Sudo

  View Printable Version 
SecurityWhile proper implementation of groups can help reduce the need for the root password, at times, users must absolutely run commands as another user (usually root). As the system administrator, you're stuck between deciding to hand out the root password or doing everything for your users. sudo provides a third way, one that can help solve this dilemma. It's a tricky program, however, and needs some care in implementation. sudo is integrated into OpenBSD, and is an add-on package for just about every other Unix-like operating system out there.
 
read more (87 words) Post a comment
Comments (0)

Microsoft IE monster fix

  View Printable Version 
SecurityMicrosoft released a cumulative patch (MS02-047) for IE5 and IE6 on August 22. MS has labeled it "critical", and it promises to fix six different security holes in Microsoft's browsers.

Read on for the technical bits:

 
read more (57 words) Post a comment
Comments (0)

The Windows XP ICF

  View Printable Version 
Security

The Internet Connection Firewall (ICF) in Windows XP is probably something most XP users already have tinkered with. But is it any good? Is it even safe? Is it perhaps too safe, and what about application control?

As it turns out, it is all these things, and then some. It's a bit like Bruce Willis, really.

 
read more (4 words) Post a comment
Comments (0)

Duload: the new KaZaA worm

  View Printable Version 
Security

A worm with the name "Duload" is spreading through the KaZaA file sharing network. The KaZaA network is also used by Grokster et.al.

When infected, the KaZaA client will start offering the virus for download under one of 39 different filenames, either 18432 bytes or 7680 bytes in size. In a stint of social engineering, the filenames are of the kind that you more or less likely will be lured into downloading.

See the Kaspersky Labs' writeup for all the details on this worm.

 
read more (8 words) Post a comment
Comments (0)

OpenSSH tarball trojaned

  View Printable Version 
SecurityI first spotted this article on Daily Daemon News:

Edwin Groothuis posted a message on freebsd-security stating that the OpenSSH 3.4p1 tarball has been trojaned.

 
read more (33 words) Post a comment
Comments (1)

OpenSSL needs patching

  View Printable Version 
SecurityIf you run OpenSSL on anything, be advised that vulnerabilities exist in certain versions. Quote from the OpenSSL security advisory:

"Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable."

Patches are downloadable from http://www.openssl.org/source/.

 
Post a comment
Comments (0)

Hard security

  View Printable Version 
SecurityFirst seen on NewsForge, this PCWorld.com article discusses an interesting and novel idea for a security concept: Hackers will be unable to attack Web sites protected by a new security system unless they can change the laws of physics, according to Naoto Takano, chief executive officer of Scarabs, a Japanese company.

The company claims that it has developed a hard disk with two heads that prevents disk files published on the Web from being altered by hackers.

 
read more (152 words) Post a comment
Comments (2)

VoIP phones full of security holes

  View Printable Version 
SecuritySecurity researchers @stake Inc. have found over a dozen security flaws in VoIP phones from Pingtel Corp.. The flaws include showstoppers like getting administrative access to the phone and hijacking calls.

The rest of this story is at eWeek.
 
Post a comment
Comments (0)
 Copyright © 2017 geekinfo.net
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.04 seconds