Google Security Engineer Issues Sophos Warning
angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)" ...
development
google
information
mac
ormandy
pdf
practice
security
sophail
sophos
tavis
Found more than 1 month ago on channel
Slashdot
Uncle Sam Wants You (to Optimize Your Content for Mobile)
Americans deserve a government that works for them anytime, anywhere, and on any device. — President Barack Obama It’s easy to get frustrated by the pace of change in mobile. Companies drag their feet about actually delivering content and services optimized for mobile devices, commissioning yet more research to “prove” the need for a mobile strategy. Meanwhile, we tap away at our ever-more-capable smartphones and tablets, pinching and zooming our way through sites designed for a much larger screen. Now we can find inspiration for taking quick action in mobile from an unexpected source: the government. President Obama has ordered executive branch federal agencies to make at least two key services available on mobile devices over the next year. The initiative to optimize content for mobile is part of the larger Digital Government strategy aimed at building a twenty-first-century platform to better serve the American people. This strategy outlines a sweeping vision for how to deliver ...
action
africa
african american
agency
americans
api
apis
applications
center
china
christmas
cms
conditions
convenience
cornell
corporations
development
difference
discussion
documents
education
facebook
flanders
fox
gifs
google
government
gps
hispanic
illustration
india
influence
information
inspiration
internet connection
kevin
laziness
minority
necessity
ned
nielsen
organization
pdf
pew
pop-tart
population
predictions
presentation
president barack obama
privacy
probability
procurement
reference
requirements
responsibility
revolution
rss
security
service
statement
steven
susannah
technology
uncle sam
united states
vanroekel
vision
web
Cloud Firm MediaFire Flags Malware Samples For DMCA Violation, Bans Researcher
chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to ...
act
agency
contagio
dmca
gaiman
internet
lady
leakid
leaksearch
mediafire
michelle obama
mila
millennium
neil
notice
ownership
paris-based
parkour
pdf
protection
science fiction
security
service
television
violations
web
Found more than 1 month ago on channel
Slashdot
Web Exploit Found That Customizes Attack For Windows, Mac, and Linux
phaedrus5001 writes with this quote from Ars: "Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform. The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the user's computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform."
ars
columbian
f-secure
java
linux
mac
security
web
windows
Found more than 1 month ago on channel
Slashdot
Serious Web Vulnerabilities Dropped In 2011
wiredmikey writes "It's refreshing to see a security report from a security vendor that isn't all doom-and-gloom and loaded with FUD. Web Application Security firm WhiteHat Security released a report this week (PDF) showing that the number of major vulnerabilities has fallen dramatically. Based on the raw data gathered from scans of over 7,000 sites, there were only 79 substantial vulnerabilities discovered on average in 2011. To compare, there were 230 vulnerabilities on average discovered in 2010, 480 in 2009, 795 in 2008, and 1,111 in 2007. As for the types of flaws discovered, Cross-Site Scripting (XSS) remained the number one problem, followed by Information Leakage, Content Spoofing, Insufficient Authorization, and Cross-Site Request Forgery (CSRF) flaws. SQL Injection, an oft-mentioned attack vector online – was eighth on the top ten."
applications
authorization
csrf
fud
information
pdf
security
sql injection
vulnerabilities
web
xss
Found more than 1 month ago on channel
Slashdot