WinAmp bug opens door to MP3 viruses
WinAmp bug opens door to MP3 viruses. Interactive Week Apr 30 2002 9:22AM ET [Moreover – Tech latest]
Archive for the ‘security’ Category.
China Incapable of Hacking US Files
AP via NY Times (April 25, 2002):
China Incapable of Hacking US Files
The Chinese military is seeking to develop the ability to disrupt Taiwanese and U.S. computer systems, but doesn’t have the sophistication to cause widespread problems, U.S. officials said Thursday.
…
“These are … not people from the government,” the official said. “For the most part, it’s students who are doing this during school breaks.”
Can you really click ‘No’?
Mr. Fine contacted Symantec and was told that as of Nov. 1, 2001, Symantec had changed its policies and that his users could no longer use NAV updates on their home systems. (Because Symantec’s licenses are perpetual, in theory the home users could keep the original software on their systems, but without new virus definitions the software would soon be of little use.) “I was pretty disgusted,” says Mr. Fine. “Since we were on maintenance at the time of this change in policy, the right thing for them to do would have been to notify customers at that point. To ‘notify’ me by allowing me to renew, so I can read it in the fine print, is not the best way to find out that a feature that was a big plus for us in choosing NAV is now gone.”
CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
LA Times:
CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
Moreover, U.S. authorities are bracing for a possible wave of hacking attacks by Chinese students against the United States in coming weeks, according to the analysis. The confidential alert, which was reviewed by The Times, was sent to intelligence officials a week ago.
No kidding. We’ve had the interest of a Chinese hacker trying to disrupt our operations for at least a couple of months.
IE-6 privacy solution backfires
IE-6 privacy solution backfires. “The privacy features added in IE6 to help protect a user’s privacy by giving them direct control over cookie management allows any site to read any other site’s cookies, in effect removing all privacy. Further, this hole extends to other protocols, allowing you to execute arbitrary commands on the user’s machine as well as take over MSN Messenger,” Larholm told us. [The Register]
See also
SQL Security
SQL Security:
the web site,
and
the slide show.
Security Review of 802.11b
Security Review of 802.11b: an excellent rundown by the author of a recent O’Reilly & Associates book on 802.11b.
Virginia Tech Police Seize and Search a Professor’s Computer in Vandalism Case
Chronicle of Higher Ed:
Virginia Tech Police Seize and Search a Professor’s Computer in Vandalism Case
Cracks in the Firewall
Cracks in the Firewall. Business Week Apr 8 2002 11:58PM ET [Moreover – Computer security news]
Internet Explorer SuperCookies bypass P3P and cookie controls
Richard Smith via NTBugTraq:
Internet Explorer SuperCookies bypass P3P and cookie controls
There is a significant privacy problem with Internet Explorer
because of a design flaw in the Windows Media Player (WMP). Using
simple Javascript code on a Web page, a Web site can grab the
unique ID number of the Windows Media Player belonging
to a Web site visitor. This ID number can then be used just
like a cookie by Web sites to track a user’s travels around
the Web.However this ID number becomes a SuperCookie because it can be used
by Web sites to bypass all of the new privacy and P3P protections
that Microsoft has added to Internet Explorer 6 (IE6). IE6 ships
today with all Windows XP systems. SuperCookies also work in all
previous versions of Internet Explorer with all older versions of
Windows.
