It looks as though there are quite a few things that I have skimmed over the last two days and haven’t posted on. I’ve been preoccupied with a couple of projects and frankly following news regarding the hurricane along the Gulf Coast. I thought I’d pass along two links that I’ve been following today specifically with regards to the situation in New Orleans. This is as much for my reference as anyone elses, but… The Times-Picayune’s Breaking News page, some detailed reports from a paper in the New Orleans area, they had to evacuate earlier today due to rising flood waters and are now keeping things updated from a temporary office. Also, WWltv.com has a blog page up with brief updates as they get them. These two sites have been sources that seem to lead the networks in updates. (The news networks seem to get bogged down recycling earlier stories.)
Month: August 2005
-
A virus writer talks….
Along the lines of “Wishlist of Spyware Slime” that I referred to last week, it appears there’s a chat transcript out from before the arrest of the suspected writer of the mytob and zotob worms. The security fix has the details.
-
OpenSuse 10 beta 3 review and screenshots
Yesterday (or day before) Mandriva had a beta 3 come out, today I see OpenSuse has released the third beta in the release cycle for version 10. It sounds like most of the changes have not been user-visible, but more “under the hood”. There is a bit of a review at tuxmachines.org with some nice screenshots.
-
Serious PHP flaw
PHP which is a widely used scripting language for webpages has been found to have a serious vulnerability. The Inquirer is reporting on the announcement at hardened-php.net that the vulnerabilities are in the XML-RPC for PHP and PEAR XML-RPC libraries. This is apparently an eval() vulnerability similar to one earlier in the year.
-
Update on Long registry entries bug
Incidents.org has an update on yesterdays story of very long registry entries not being visible in most registry tools (regedit among others.) They have an updated list of what does and does not read these long keys. They’ve alluded to nasties in the wild that are already taking advantage of this and have confirmed that the length is greater than 254 characters. On handler has written a program to scan the registry for these stealth entries
-
The end of antivirus definition updates?
Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there’s a new unknown virus that people are getting infected with before there’s a reaction from the antivirus vendors. The supposed cure for this dillema was hueristic scanning which was supposed to detect things that “looked” like they might be viruses. A noble goal, but along the path it’s proven innefective mostly, either too aggressive and tagging EVERYTHING as potentially viral, or really unnoticable.
-
Get paid for the mistakes you make….
It seems that some companies are fortunate enough to be able to make money even from their faults. The Monterey Herald details an account of a woman who was informed by Choicepoint that crooks had accessed some of her personal information. This was apparently due to a lapse in security at Choicepoint. They then offered to sell her access to her own information to see what might have been compromised.
-
Zotob may affect XP Service pack 1 systems
There’s an eweek article indicating the zotob family of worms could affect Windows XP SP1 systems as well as the Windows 2000 systems that are currently affected. Since the original outbreak it’s been reported that there were certain circumstances that an XP system could be compromised, this seems to back that up.
-
Virtual Server 2005 R2 to support Linux
Microsoft’s Virtual Server 2005 R2 will be supporting both Linux and Solaris as guest operating systems in the coming release. The coming release of Virtual Server 2005 R2 will also include 64-bit support.