9/15/2006

Hacker Discovers Adobe PDF Back Doors

Filed under: — Aviran Mordo

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open back doors for computer attacks.

David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

“I do not really consider these attacks as vulnerabilities within Adobe. It is more exploiting features supported by the product that were never designed for this,” Kierznowski said in an e-mail interview with eWEEK.

The first back door (PDF), which eWEEK confirmed on a fully patched version of Adobe Reader, involves adding a malicious link to a PDF file. Once the document is opened, the target’s browser is automatically launched and loads the embedded link.

“At this point, it is obvious that any malicious code [can] be launched,” Kierznowski said.

Source: eWeek

Microsoft announces plans for Zune phone

Filed under: — Aviran Mordo

Microsoft plans to release a Zune-based phone sometime in the future, according to Zune’s general manager of global marketing, Chris Stephenson. The phone will be part of Microsoft’s plans to expand into the digital music player market, although like the Zune itself, there were no details or timeline given for when to expect the Zune phone.

Source: arstechnica

Samsung Blu-Ray Players To Add Java Support

Filed under: — Aviran Mordo

Samsung Corp’s Samsung America Inc on Thursday said it would make some improvements to its Blu-ray high-definition DVD players ahead of the holiday season.

The production line improvement will include a modified setting for the noise filter reduction circuit that will provide a slightly sharper picture, it said.

The Blu-ray consortium has long said it would launch with interactive features built on Sun Microsystems Inc.’s Java software.

On Thursday, Samsung said the improvements would include adding Java title compatibility to coincide with the launch of BD Java titles being released this fall.

Source: extremetech

AOL IM tools up for business

Filed under: — Aviran Mordo

The days of companies using unsecure consumer technology for instant messaging are numbered, according to AOL and online conferencing company WebEx.

AIM Pro Business Edition (PBE), launched on Thursday, is an IM service aimed at business users who need tighter security and management than traditionally available in the popular consumer products from Yahoo and MSN.

Corporate IM systems do exist but, unlike other products, the makers of AIM PBE claim that their product does not require a dedicated local server but is hosted online making it more flexible to manage and deploy.

“There is a reason enterprise-grade IM (EIM) software hasn’t taken off: Companies simply don’t want to buy and maintain complex IM servers. Instant messaging belongs on the Web,” said David Knight, vice president of messaging solutions, WebEx.

Source: News.com

CBS, Comcast end video-on-demand fees

Filed under: — Aviran Mordo

CBS Corp. and Comcast Corp. are snipping the price tag off their video-on-demand (VOD) offering of primetime series.

The companies announced a new pact Thursday that will not only make episodes of CBS fare like “Survivor” free on video-on-demand, but for even more shows, for a longer period time, and in all Comcast markets.

When the nation’s largest cable operator struck a deal in November to make CBS the first broadcaster to put series programming on VOD the morning after their primetime airing, they charged 99 cents per episode. The experiment covered just four CBS series and extended only to CBS owned-and-operated markets served by Comcast.

Nine months into the VOD offerings, CBS and Comcast have switched from collecting a fee to offering it for free. The conversion is a reflection of the experimental nature of programming on alternative platforms, as well as increased interest from advertisers in VOD.

Source: Reuters

Top Five Causes of Data Compromises

Filed under: — Aviran Mordo

In a key step to help businesses better understand and protect themselves against the risks of fraud, Visa USA and the U.S. Chamber of Commerce today announced the five leading causes of data breaches and offered immediate, specific prevention strategies for each.

“The single, most effective weapon in the battle against today’s data theft is education,” said Sean Heather, executive director, U.S. Chamber of Commerce.

The findings, which are described in a comprehensive security alert from Visa, came from a detailed review of the card security environment, including common fraud techniques, potential areas of weakness by card-accepting merchants, and emerging threats.

As outlined today, the five leading causes of card-related data breaches are:

  1. Storage of Magnetic Stripe Data - The most common cause of data breaches occurs when a merchant or service provider stores sensitive information encoded on the card’s magnetic stripe in violation of the PCI Data Security Standard. This can occur because a number of point-of-sale systems improperly store this data, and the merchant may not be aware of it.
  2. Missing or Outdated Security Patches - In this scenario, hackers are able penetrate a merchant or service provider’s systems because they have not installed up-to-date security patches, leaving their systems vulnerable to intrusion.
  3. Use of Vendor Supplied Default Settings and Passwords - In many cases, merchants receive POS hardware or software from outside vendors who install them using default settings and passwords that are often widely known to hackers and easy to guess.
  4. SQL Injection - Criminals use this technique to exploit Web-based applications for coding vulnerabilities and to attack a merchant’s Internet applications (e.g. shopping carts).
  5. Unnecessary and Vulnerable Services on Servers - Servers are often shipped by vendors with unnecessary services and applications that are enabled, although the user may not be aware of it. Because the services may not be required, security patches and upgrades may be ignored and the merchant system exposed to attack.

The Visa alert along with helpful answers to data security questions can be found at the Chamber’s web page.

Spam fighter hit with $11 million judgment

Filed under: — Aviran Mordo

The manager of a popular blacklist used to block spam was hit with a multimillion-dollar judgment on Wednesday, but the order may not be enforceable.

The U.S. District Court for the Northern District of Illinois has ordered Spamhaus to pay $11,715,000 in damages to e360insight and its chief, David Linhardt, who had sued the U.K.-based organization earlier this year over illegal blacklisting.

The court also barred Spamhaus from causing any e-mail sent by e360insight or Linhardt to be “blocked, delayed, altered, or interrupted in anyway” and ordered Spamhaus to publish an apology for that states that Linhardt and his company are not spammers, according to a copy of the order.

“This ruling confirms e360insight’s position that Spamhaus.org is a fanatical, vigilante organization that operates in the United States with blatant disregard for U.S. law,” Linhardt wrote in an e-mail to CNET News.com on Thursday.

Source: News.com

Toshiba Readies New HD DVD Players

Filed under: — Aviran Mordo

Toshiba will soon put its second generation of HD DVD players on sale in the U.S.

The more expensive of Toshiba’s two new players, the HD-XA2, packs several new features that should mean a better picture if you have the right TV and content. The player generates output at up to 1080p, which is the highest of several levels of high-definition picture, and has the latest version of the HDMI (high-definition multimedia interface) standard.

HDMI version 1.3 increases the color depth from 24 bits to 36 bits for deeper colors in images, but you’ll need a compatible TV to realize the benefit.

The HD-A2 will be available from October for $500 and the HD-XA2 will go on sale in December for $1000, said Toshiba.

Source: Yahoo

Cyber crime becoming more organized

Filed under: — Aviran Mordo

Cyber scams are increasingly being committed by organized crime syndicates out to profit from sophisticated ruses rather than hackers keen to make an online name for themselves, according to a top U.S. official.

Christopher Painter, deputy chief of the computer crimes and intellectual property section at the Department of Justice, said there had been a distinct shift in recent years in the type of cyber criminals that online detectives now encounter.

Source: Reuters

Firefox 1.5.0.7 Released

Filed under: — Aviran Mordo

Mozilla released an update to the popular open source browser, Firefox.

Firefox 1.5.0.7 fixes 4 critical security flaws and it is recommended for everyone to update.

Download Firefox

Rage Over MySpace Photo Leads to Arrest

Filed under: — Aviran Mordo

A 22-year-old woman was arrested after authorities say she tried to hire someone to kill another woman whose photo appeared on her boyfriend’s MySpace.com Web page.

Heather Michelle Kane was booked Tuesday for investigation of conspiracy to commit murder, Mesa Detective Jerry Gissel said.

Kane was arrested after she met with an undercover police detective at a grocery store, authorities said. Court records show Kane offered to pay $1,000 to have the woman killed - $500 up front and $500 after the job was completed

Source: AP

Powered by WordPress