software development, security, opinion
Archive for the ‘LINKS’ Category.
cnet news.com: Stealth P2P network hides inside Kazaa
“A California company has quietly attached its software to millions of downloads of the popular Kazaa file-trading program and plans to remotely “turn on” people’s PCs, welding them into a new network of its own.”
McAfee punts proactive virus protection. ThreatScan [The Register]
Sun raises curtain (a little) on Solaris 9. New default thread library (for better multiprocessor scaling). Remote Jump Start. In 12-18 months, a Jump Start management scheme dubbed iChange. [The Register]
Update: CSS2 Rollovers. We’ve tweaked our pure CSS2 rollovers to perfection, and moved them to their own directory. These vertical rollovers use the hover pseudo-class for CSS2 browsers, and display properly in Netscape 4.x. By Andy King et al. 0329 [WebReference News]
Drive by hacking linked to cyberterror. The Register Mar 28 2002 1:36PM ET [Moreover – Computer security news]
TechRepublic:
Serious Java hole affects multiple operating systems
Several versions of the Java Virtual Machine that have been in use for years contain a serious vulnerability. Although the problem was only recently disclosed, Sun has apparently known for 11 months that the Java RunTime Environment code contains a flaw that could allow an attacker to capture sensitive data by redirecting Web traffic.
Microsoft reports that this problem is a threat to anyone who connects to the Internet through a proxy server. A remote server could use a hostile Java applet to hijack the user’s HTTP connection to the proxy. It’s more than a bit ironic that proxy servers are normally used to improve security but the bug could allow attackers to redirect proxy Web traffic to a new destination.
Microsoft was the first to release a patch for this problem (MS02-013), but the threat isn’t confined to Internet Explorer users. This vulnerability also affects Netscape Navigator and Sun platforms. The Sun security bulletin HttpURLConnection is #00216. Mitre identifies this vulnerability in report CAN-2002-0058. Again, any system with an HTTP proxy server could be at risk.
According to Sun Microsystems, Netscape Navigator versions 6.1, 6.0.1, and 6.0, as well as Netscape Communicator version 4.79 and earlier, contain the vulnerable Java code. Microsoft’s Virtual Machine through build 3802 are all affected.
SecurityFocus:
D.I.R.T. Spyware Exposed on Web
Software marketed as a computer surveillance tool for law enforcement investigators has its secrets laid bare on an anonymous Web site.
By Kevin Poulsen
You are currently browsing the archives for the LINKS category.
