An anonymous reader writes “Researchers from the University of Cambridge have discovered flaws in the card payment systems used by millions of customers worldwide. Ross Anderson, Saar Drimer, and Steven Murdoch demonstrated how a easy paper clip can be used to capture account numbers and PINs from so-called ‘tamper-proof’ equipment. In their paper (PDF), they warn how with a tiny technical skill and off-the-shelf electronics, fraudsters could empty customers’ accounts. British television featured a demonstration of the attack on BBC Newsnight.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
BaCa writes “Core Security has issued an advisory disclosing a vulnerability that could severely impact organizations relying on VMware’s desktop virtualization software. It involves directory traversal using VMware’s shared folders, and could allow an attacker access to the host system from a guest VM. Core also released an exploit for the vulnerability.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
Gaveen writes “The popular JotSpot, which was acquired by Google some time ago, is now officially part of the family. JotSpot is now integrated into Google Apps as Google Sites. InfoWorld has a writeup on the service.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
unityofsaints writes “Up until now, Adobe hasn’t done much in terms of porting its applications to Linux, as its only product to have recieved any kind of Linux implementation is Flash. This may be about to change because the company has announced a Linux port of AIR, its web application development software. No definite release date is mentioned in the interview with Adobe CTO Kevin Lynch, just a vague ‘later this year.’”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
cperciva writes “The first release from the new 7-STABLE branch of FreeBSD development, has been released. FreeBSD 7.0 brings with it many new features including support for ZFS, journaled filesystems, and SCTP, as well as dramatic improvements in performance and SMP scalability. In addition to being available from many FTP sites, ISO images can be downloaded via the BitTorrent tracker, or for users of earlier FreeBSD releases, FreeBSD Update can be used to perform a binary upgrade.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
DigDuality writes “With the news that Windows 2008 (recently discussed on Slashdot) will have GUI-less installs and be fully scriptable, that they’ve opened up their communication protocols for non-commercial usage and are providing a patent covenant (Redhat Responds), and now finally an interesting rumor floating around that Microsoft will be taking on GNU directly. Has Microsoft totally switched gears in how it is approaching the Unix and FOSS sector for direct competition? According to an anonymous email leaked from a Microsoft employee, it seems Microsoft will be developing a framework that will be completely GNU compatible. Microsoft CEO, Steve Ballmer, said on Friday (23 February) that they are aiming to restore a Unix-like environment to its former proprietary glory, at the same time proving that Microsoft is committed to interoperability. Ballmer emphasized that Microsoft’s new strategy is to provide users with a complete package, and this includes users who like Unix environments. According to the supposedly leaked email, UNG, which stands for UNG’s not GNU, is set to be released late 2009.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
buzzardsbay writes “Yes, it’s all in good fun to point out the mismatched belt and shoes and the atrocious hairstyles, but honestly, I’m committing three of these errors right now! Is that why I can’t get a key to the executive washroom? Or is it my rebellious attitude and pungent man-scent that’s keeping me down? The shocker in here was pigtails on women… I love pigtails on women!”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
I Don’t Believe in Imaginary Property writes “Websense is reporting that Gmail’s CAPTCHA has been broken, and that bots are beginning to sign up with a one in five success rate. More interestingly, they have a lot of technical details about how the botnet members coordinate with two different personal during the process. They believe that the second host is either trying to learn to crack the CAPTCHA or that it’s a quality check of some sort. Curiously, the bots pretend to read the help information while breaking the CAPTCHA, probably to prevent Google from giving them a timeout message.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
stinkymountain writes to tell us that NetworkWorld got their hands on Microsoft’s latest addition to the server OS market and had a opportunity to poke around inside Windows Server 2008. It seems that the new release is a vast improvement over older versions in both security and performance but still lacking in several key areas. “There’s even a minimalist installation called Windows Server Core that can run various server roles (such as DNS, DHCP, Active Directory components) but not applications (like SQL Server or IIS dynamic pages). It’s otherwise a scripted host system for headless operations. There’s no GUI front end to a Windows Server Core box, but it is managed by a command line interface (CLI), scripts, remotely via System Manager or other management applications that support Windows Management Instrumentation (WMI), or by Remote Terminal Services. It’s also a potential resource-slimmed substrate for Hyper-V and virtualization architectures.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
narramissic writes “In a current ITworld article, Security researcher Brent Huston ponders how it is that versions of SQL worms dating back to 2002 represent almost 70% of all malicious traffic on the World wide web this day. ‘I have made a few attempts to backtrack hosts that perform the scans and at first blush many show the signs of common botnet infections. Most are not running exposed SQL themselves, so that means that the code has likely been implemented into many bot-net exploitation frameworks. Perhaps the bot masters have the idea that when they infiltrate a commercial network, the SQL exploits will be available and useful to them? My assessment team says this is pretty true. Even today, they find blank “sa” passwords and other age-old SQL issues inside major corporate clients. So perhaps, that is why these old exploits continue to thrive.”
Read more of this story at Slashdot.
Share This
Share This
No Comments »
Entries (RSS)