-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Windows RPC hole being exploited already
,----[ Quote ]
| A public exploit has been circulated for the recent RPC hole in Windows. When
| the vulnerability was publicised last Wednesday, Microsoft still said in its
| security bulletin that although there were targeted attacks, the actual
| attack code wasn't publicly available – but the company did warn that the the
| hole was a potential target for worms. It now seems that this prediction has
| come true, as a program called "Gimmiv.A" has reportedly been sighted in the
| wild. Gimmiv.A infiltrates vulnerable computers and sends information back to
| base. Some virus scanners and intrusion detection systems already offer
| signatures to recognise these attacks.
`----
http://www.heise.de/english/newsticker/news/118049
And the law is still broken...
Student charged after alerting principal to server hack
,----[ Quote ]
| A 15-year-old high school student in New York State has been charged with
| three felonies after he allegedly accessed personnel records on his school's
| poorly configured computer network and then notified his principal of the
| security weakness.
|
| The unnamed student of Shenendehowa Central School was charged Thursday with
| computer trespass, unlawful possession of a personal identification
| information and identity theft, according to news reports. He has been
| suspended from school and ordered to stand charges in family court in
| Saratoga County.
`----
http://www.theregister.co.uk/2008/10/28/student_charged/
Recent:
Microsoft RPC exploit could be a packaged deal
,----[ Quote ]
| While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical"
| and provided a rare out-of-cycle fix because its exploit could easily be used
| as worm on a compromised network, one security researcher doesn't think it
| will happen that way.
|
| "It's likely we're going to see this packaged with some other attack." said
| Ben Greenbaum, senior research manager at Symantec. "A Web-based attack, for
| example. We're looking out for are exploits of this being bundled with
| client-side exploits or Trojans so that the worm can get past corporate
| firewalls and get behind that firewall into the internal network."
`----
http://news.cnet.com/8301-1009_3-10074269-83.html?part=rss&subj=news&tag=2547-1_3-0-20
Trojan attacks Microsoft's emergency patch vuln
,----[ Quote ]
| A day after Microsoft released an emergency patch for a critical flaw that
| could allow self-replicating attacks, researchers have identified a nasty
| trojan that attempts to exploit the vulnerability.
`----
http://www.theregister.co.uk/2008/10/24/trojan_exploits_wormable_microsoft_flaw/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkIJCgACgkQU4xAY3RXLo4digCgimwE5jCVoH/KK8HitnC7uERn
zw4AniTa1UH/bStpx3L5Fak4RAebXq8R
=Ic2W
-----END PGP SIGNATURE-----
|
|
