Researchers uncovered latest bug in 2007; Microsoft mum on timing
The vulnerability that sent Microsoft scrambling yesterday and is being used by hackers now to attack Internet Explorer (IE) users may have been reported 18 months ago or more.
In the security advisory it issued yesterday, Microsoft credited a pair of researchers -- Ryan Smith and Alex Wheeler -- with reporting the bug. Smith and Wheeler once worked together at IBM's ISS X-Force, although Wheeler now is at Texas-based 3Com's TippingPoint DVLabs.
Wheeler confirmed that he and Smith uncovered the vulnerability, but he gave most of the credit to Smith. Wheeler declined, however, to say when the bug was reported to Microsoft. "I don't feel comfortable talking about that," he said, citing a non-disclosure agreement related to the vulnerability that he signed at the time. Instead, he steered questions to his former employer, ISS X-Force.
Wheeler suggested switching browsers. "Unless they're specially configured, other browsers will face substantially lower risk," said Wheeler. Browsers such as Mozilla's Firefox, Google's Chrome and Apple's Safari don't rely on ActiveX technology to drive add-ons, as does IE.
Read the full Computerworld story by By Gregg Keizer
Thursday, July 9, 2009
Wednesday, July 8, 2009
Cyberattacks hit U.S. and South Korean Web sites
SEOUL, South Korea--Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea's main government spy agency said on Wednesday.
Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.
A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new antiterrorism bill that would give it more power.
Read the full story in The New York Times by Choe Sang-Hun.
Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.
A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new antiterrorism bill that would give it more power.
Read the full story in The New York Times by Choe Sang-Hun.
Monday, July 6, 2009
Why iPod Touch Owners Shouldn't Upgrade to OS 3.0
With all the hoopla about the iPhone 3GS's speed, what about its little non-cellular brother, the touch? I took a second-generation touch, (reportedly sporting a 533-MHz ARM processor, versus the 3GS's 600-MHz chip).
Read the full story
Read the full story
Sunday, July 5, 2009
IPhone 3GS owners bemoan its battery life
Buyers are finding that the device has trouble making it through a workday without a rest stop at the electrical outlet.
The new, high-octane iPhone 3GS is loaded with features that could light up your life -- but its battery isn't one of them.
Buyers are finding that the device, introduced two weeks ago, has trouble making it through a workday without a rest stop at the electrical outlet. It's proving to be something of an Achilles' heel on Apple Inc.'s flagship device, more than 1 million of which were sold in the first weekend.
Even the company suggests on its website that users disable some of the phone's most vaunted features, including the faster 3G network itself, to keep it from shutting down during the day.
Continue Reading
The new, high-octane iPhone 3GS is loaded with features that could light up your life -- but its battery isn't one of them.
Buyers are finding that the device, introduced two weeks ago, has trouble making it through a workday without a rest stop at the electrical outlet. It's proving to be something of an Achilles' heel on Apple Inc.'s flagship device, more than 1 million of which were sold in the first weekend.
Even the company suggests on its website that users disable some of the phone's most vaunted features, including the faster 3G network itself, to keep it from shutting down during the day.
Continue Reading
Saturday, July 4, 2009
Apple prepares iPhone SMS patch
Security experts have discovered a flaw in the way Apple’s iPhone handles text messages, prompting the company to ready a patch to fix the issue.
The flaw could enable a hacker to gain remote control of the device using the iPhone’s text-messaging capabilities. It works by exploiting a weakness in the iPhone’s SMS protocols and could allow cybercriminals to track the phone’s location by tapping in to its GPS features, remotely activate the microphone for eavesdropping, or transform the handset into a botnet used for sending spam or committing online crime, or instigating a distributed denial of service attack that could bring down a website.
Friday, July 3, 2009
Apple patching nasty iPhone SMS vulnerability
Given the hype surrounding Apple's iPhone, we're actually surprised that we haven't seen more holes to plug over the years. In fact, the last major iPhone exploit to take the world by storm happened right around this time two years ago, and now -- thanks to OS X security expert Charlie Miller -- we're seeing yet another come to light.
Read the full story by by Darren Murph at engadget.
According to Miller, the attack "exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service)," but due to a prearranged agreement with Apple to keep the details out of the press, he refused to say more. In fairness, we're glad that he's passing the evidence onto Apple for it to mend up the problem before it becomes something more serious. For those unfamiliar with the name, Charlie Miller is a renowned expert on Mac OS X security, so while he's credited with finding the gap, he's certainly a "good guy" in all of this.
The only details Miller had were as follows: "The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet."
The only details Miller had were as follows: "The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator's network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet."
Read the full story by at http://hothardware.com
Thursday, July 2, 2009
Apple Issues Heat Advisory for iPhone 3G, 3GS
Whether anecdotal reports of iPhones overheating are true or not, Apple has taken them seriously enough to reveal the presence of a temperature warning screen for the iPhone 3G and 3GS.
Here's the deal: an unknown but probably very small number of iPhones have been affected by overheating, to the point that some white iPhone 3GSes have allegedly turned pink. Sascha Segan, our phone analyst, said he hasn't seen any such problems with his iPhone 3GS, however.
Read the full story
Subscribe to:
Posts (Atom)
Stumble It!