Free Advertising
Apparently TheTAZZone.com will soon be offering FREE Advertising for 3 months beginning March 1st on 4 different domains. According to inside sources this offer will be open to both personal and commercial websites.
They have a forum thread at TAZForum where you can sign up for the FREE Advertising, or you can just e-mail their administration.
Vulnerability Turns MS Excel Into Open Door for Hackers
The vulnerability is in Microsoft Office Excel 2003 Service Pack 2, along with Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac, Microsoft said. If successfully exploited on a vulnerable computer, it could enable remote code execution, the company added.
Microsoft is now investigating public reports and the extent of the vulnerability’s impact on customers. Once that’s done, it may provide a security update through its monthly release process or as an out-of-cycle release, it said.
“While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA (Microsoft Security Response Alliance) partners to help protect customers,” wrote Microsoft’s Security Response Center on the group’s blog. “We will update the advisory and this blog as new information becomes available.”
Linux News: Security: Vulnerability Turns MS Excel Into Open Door for Hackers
Teenager hacks Polish tram system
A 14 year-old schoolboy hacked into a Polish tram system and used a remote control to change the direction of a number of vehicles.
Transport employees in Lodz immediately suspected outside interference when a driver who was trying to turn right found his tram veering to the left.
The tram’s back wagon was derailed and hit a passing tram. Another derailment injured 12 passengers.
Anatomy of a hack attack
With the help of security experts, we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case.
Monday, 9am
Blackjack, a hacker working from an internet cafe in London, is about to launch an attack on a major government agency. His aim is to cause maximum disruption and embarrassment. And, according to security experts, his job is going to be worryingly easy.
“Most organisations have dozens of vulnerabilities they haven’t patched, or aren’t even aware of,” said Toralv Dirro, a security strategist with McAfee. “Even if a penetration-testing service says you’re not vulnerable, that only means they haven’t found a vulnerability, not that one doesn’t exist.”
Sears puts customers’ buying histories on the Web
Sears Holdings Corp. has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.
Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.
The Web site has a feature called “Find your products” that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they’ve bought from the retailer, but the site also lets them look up the purchase histories of other people.
“Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person’s purchase history by entering that person’s name, phone number and address,” wrote Ben Edelman, an assistant professor at Harvard Business School, in a blog posting.
WordPress Hacked: Anyone Can View Future/Draft Posts
There is a bug in WordPress right now that is rather critical for anyone who uploads posts without immediately publishing. Simply by manipulating the URL any visitor can view all future, draft, or pending posts. Our site was vulnerable to this issue, but we patched it quickly because it could be used to retrieve the CyberNotes posts that we write ahead of time.
Introducing Weave
Introducing Weave
We’re now launching a new project within Mozilla Labs to formally explore this integration. This project will be known as Weave and it will focus on finding ways to enhance the Firefox user experience, increase user control over personal information, and provide new opportunities for developers to build innovative online experiences.
Just like Mozilla enables massive innovation by making Firefox open on many levels, we will aim to do the same with Weave by developing an open extensible framework for services integration.
HP confirms gaping backdoor on 82 laptop models
Computer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.
An advisory from HP lists 82 laptop models as vulnerable to the ActiveX vulnerability found on the HP Info Center software. The issue is rated “critical” and HP laptop owners should be aware that public exploit code that provides a roadmap for exploiting the hole is circulating around the Internet.
A successful exploit simply requires that the laptop owner is lured to a malicious Web site while using Microsoft’s Internet Explorer. The risks include remote code execution, remote system registry read/write access and remote shell command execution.
It affects laptops running Windows 2000, Windows XP and Windows Vista.
HP confirms gaping backdoor on 82 laptop models | Ryan Naraine’s Zero Day | ZDNet.com
Are The Days of Duplicate Content Numbered
Canadian software author and webmaster, Dewald Pretorius, today released two new software products that are focused on solving the duplicate content (http://www.phpspinner.com) worries of many webmasters across the globe. “I initially wrote the software out of a personal need and frustration with duplicate content problems, and as an afterthought realized what a big market there is for it,” said Dewald Pretorius.
The software addresses the problem at the source, the website where the original content is published, by enabling the webmaster to vary the content of the same web page with every single page view.
Are The Days of Duplicate Content Numbered with Newly Released Software? – Scadart Software
Top US military research labs infiltrated by hackers
Hackers successfully infiltrated Oak Ridge National Laboratory (ORNL), one of the nation’s leading military research facilities. The attackers gained access by sending e-mails infected with trojan horses to ORNL employees. The lab claims that no classified information was retrieved, but admits that the perpetrators managed to acquire a database containing personal information about ORNL visitors and employees, including Social Security numbers.
“A hacker illegally gained access to ORNL computers by sending staff e-mails that appeared to be official legitimate communications. When the employees opened the attachment or accessed an embedded link, the hacker planted a program on the employees’ computers that enabled the hacker to copy and retrieve information,” ORNL revealed in a statement. “No classified information was lost; However, visitor personal information may have been stolen. If you visited ORNL between the years 1990 and 2004 your name and other personal information such as your social security number or date of birth may have been part of the stolen information.”
-
Recent
- Free Advertising
- Vulnerability Turns MS Excel Into Open Door for Hackers
- Teenager hacks Polish tram system
- Anatomy of a hack attack
- Sears puts customers’ buying histories on the Web
- WordPress Hacked: Anyone Can View Future/Draft Posts
- Introducing Weave
- HP confirms gaping backdoor on 82 laptop models
- Are The Days of Duplicate Content Numbered
- Top US military research labs infiltrated by hackers
- Hackers Ram Through Security at Oak Ridge Lab
- New Software Detects Web Interference
-
Links
-
Archives
- January 2008 (5)
- December 2007 (6)
- November 2007 (3)
- June 2007 (1)
- February 2007 (1)
- January 2007 (2)
- December 2006 (9)
- September 2006 (1)
- August 2006 (2)
-
Categories
-
RSS
Entries RSS
Comments RSS
