security – Page 15 – Nuudelisoppa

2005/07/28

"Cisco 'Cover Up' Ignites Black Hat Controversy"

“A deal between Cisco and Internet Security Systems to pull a talk about Cisco vulnerabilities at the Black Hat conference in Las Vegas Wednesday has attendees crying cover up and led to the resignation of a prominent researcher. […] At this year’s event, Michael Lynn, a member of ISS’ X-Force R&D team, gave a talk Wednesday on vulnerabilities in Cisco’s IOS, but he did so only after resigning from ISS, according to a company spokesperson. […]

Cisco and ISS plan to research the vulnerabilities further and disclose them in the proper forum at a later date, [an ISS] spokesperson said.”

CRN via /.

Cisco’s now trying to silence the guy using legal actions.

2005/07/26

EA Games slapped for ignoring Battlefield 2 server security holes

“Since EA didn’t take the time to respond (or maybe even read) our emails about various stats-server security holes, it clearly showed us how much they care. Therefore, we came to the conclusion that modifying 5 million accounts wouldn’t be that big of a deal.

That being said, accounts with ids from 40,000,000 to 45,000,000 now have all of their weapons unlocked.

What will be next week? Perhaps we’ll give everyone their Distinguished Service Medal, or maybe we’ll elevate everyone to the rank of Sergeant Major.

The ball’s in your court, EA. Time’s up at the buzzer, how well will you play?”

“The truth behind all of these “random” unlocks…”
EA Games via BlogsNow

2005/07/24

USB Devices Can Crack Windows

“Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device, according to an executive from SPI Dynamics, which discovered the security hole. The buffer-overflow vulnerabilities could enable an attacker to circumvent Windows security and gain administrative access to a user’s machine.”

eWeek.com via /.

2005/07/19

Greasemonkey extension 'fatally insecure'

“A recent thread on the Greasemonkey mailing list suggests that the popular Firefox extension is fatally insecure. It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest.”

/.

Apparently, installing a new version of the extension solves the insecurities but also causes some old scripts to cease working. As I didn’t have any critical use for GM, I just chose to uninstall it.

2005/07/17

Identiteettivarkaiden unelma

“Tietosuojavaltuutettu Reijo Aarnio on varma, että jos EU-maihin luodaan laaja teletunnistetietojärjestelmä, se kiinnostaa takuuvarmasti myös rikollisia. […] Aarnion mukaan tallennusjärjestelmän tarpeellisuutta on arvioitava vielä moneen kertaan[….] Aarnio pitää hanketta niin massiivisena, ettei halua sen jäävän virkamiesten päätettäväksi.”

HS Verkkoliite