21-08-05

hacking webcams ?

see here in the corner  of the picture  blablabla
http://s19l12.ath.cx:81/  (a parking lot)
 
can even be done by a trojan to extort money from you in exchange of certain pics
http://www.theregister.co.uk/2005/02/28/webcam_trojan_case/
 
and in 2004 there was another worm
http://www.theregister.co.uk/2004/08/23/peeping_tom_worm/
 
 

01:58 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

do you want your directory of partners and clients on the web ?

I don't think the Nasa would had this is mind, but the whole directory is here
http://www.brokenfloppy.com/tiz/directory.txt
 
Hackers have released the phone, email, and address directory for NASA online. The directory contains over 1000 associates, affiliates, engineeers, scientists, and friends of NASA. NASA has yet to comment on the situation. The directory was released by SheepByte of the hacker zine 'TIZ'.
 

00:47 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

20-08-05

lessons learned from zotob so far

zotob is still running around, but we can already have some lessons to talk about
 
- the patch-timeline is now 3 days after the publishing of the patches. Some attacks were done even faster, but the timeline of one week that was commonly accepted before (testing) is now 3 days and the planning will be all different. In that timeline it is important for Microsoft to have enough programmers and security people ready to responds immediately to all problems that may arise in this short timeline because before friday all critical systems will have to be patched.
 
- maybe the exploit publishing gangs and business should be hold responsable for its consequences.
 
- everything pda, usb, portable that is not part of the strictly controlled environment of the desktop-server environment of a network should be isolated and treated as possible hostile
 
- the access by vpn should be rethought and computers that use such a connection should be checked on security and enormously limited in their possibilities
 
- if you do not need the service on the computer or server, you should not activate it, period
 
- whatever we learned after the previous incidents doesn't necessarily tell us anything about what will happen next, I think nobody has a clue for the moment what will happen next
 
- limit, limit limit                        no more nice guy but wise guy
 
 

22:29 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

secure coding still far away

http://www.techworld.com/security/news/index.cfm?RSS&...
 security hole in a popular development tool has severe implications for a number of the Internet's most popular applications, including Gmail, Flikr and MSN Virtual Earth.

Tens of thousands of companies including AOL, Google, Microsoft and Yahoo are likely to be affected by the flaw in CPAINT - a toolkit used to create applications using an approach known as AJAX - short for Asynchronous JavaScript and XML. Rather than a technology in itself, AJAX is an approach to putting more dynamic interactivity into Web applications using a combination of HTML, CSS, Document Object Model, JavaScript, and XMLHttpRequest.


01:22 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

botnets going from IRC to http

We have seen in the last zotob that the control and instruction was going through the port 8080 instead of the normal IRC ports.
This alert from Websense shows that there are real normal webbased control panels for botnet- controllers. http://www.websensesecuritylabs.com/alerts/alert.php?Aler...

00:55 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

19-08-05

the turkish hackerclans again

http://www.lurhq.com/pnpworms.html
the zotob viruses would be written by Diabl0 who would be in Turkye and would have been responsable for some Mytob viruses
 
and Turkye wants to be part of Europe ?

01:26 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

exploit released for internet explorer - no defense yet

The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer.
 
http://www.microsoft.com/technet/security/advisory/906267... 
my thought : if it is not marked safe for scripted and not intended for use in Internet Explorer, why does it.  Just make two different internet explorers, one for internal (intranet explorer) and one for external use that is very very very cut down. And that is why the new internet explorer still is not ideal.
 
the exploit http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php


all the news about the vulnerability
http://secunia.com/advisories/16480/
 
The internetstorm center is still collecting and organising information but the safest way is that you stop surfing all sites that you don't trust normally.
http://isc.sans.org/diary.php?date=2005-08-18
 
easiest solutions Restrict use of ActiveX controls to trusted web sites only
tools - internet options - security - advanced (be sure that any active x is set to disable or ask)

01:02 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |