The Register sums up the Black Hat briefings pretty well. The Operating System level has received a lot of scrutiny in recent years for security flaws and as a result there has been a good deal of improvement there and so now, researchers are heading to the low hanging fruit of the REST of the software stack, be it the drivers, or browsers, or office software. Another area of software were those class of programs that run checking for updates for OTHER software. It’s time to realize that most ANY piece of software could compromise system security and updates need to be expected for most any part of the “software stack”.
Tag: Security Focus
-
Real VNC 4.1.1 vulnerability – Remote Access without password
This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested “any machine running VNC 4.1”) I haven’t tested yet, so I don’t know if this ONLY affects REALVNC’s implementation or is broader. They have a proof of concept page which attempts to connect to the ip of the browser at the vnc port and display a screenshot. The site is getting slashdotted at the moment, so revisit this page and link until you get a chance to test out your VNC serving machines.
-
BIOS based rootkits coming soon….
There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this as well.
-
Web smarts is the main defence against spyware
Over at the Security Fix, Brian Krebs is talking about spyware and the fact that keeping up-to-date on patches, and running current antivirus with current definitions is not enough to protect your machine from spyware. He sums it up by saying common sense is the best defence.
(more…) -
The state of computer security
The Register has an interesting piece, reflecting on the current state of the computer security industry. The recent Blackhat convention has prompted this reflection and they conclude that not enough is being spent currently on computer security.
(more…)