Dec292011

Hash collisions vulnerability in web servers

Published by hirantha at 8:17 AM under Security

A new vulnerability advisory by security firm n-runs describes how hash tables in PHP5,Java,ASP.NET and others can be attacked with deliberate collisions in the hash function, leading to a denial of service (DoS) on the web server in question. Microsoft have already responded with an advisory of their own, other vendors are likely to follow.



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Mar032011

Android apps infected with rootkit malware

Published by hirantha at 8:36 AM under Google | Andriod | Security

android-virus

More than 50 applications on Google's Android Market have been discovered to be infected with malware called "DroidDream" which can compromise personal data by taking over the user's device, and have been suspended from the store. The apps, according to analysts, may have been downloaded up to 200,000 times before they were found.

The apps were not newly developed ones. The malicious apps were just a bunch of existing applications that had been repackaged to include the virus code.

According to “Android Police” , the malware sends sensitive data including product ID, model, partner (provider), language, country, and user ID. The most dangerous aspect of the rootkit malware is its ability to download codes.

Those who are on  version 2.3+ not vulnerable to the exploits DroidDream uses. They can simply uninstall the offending application(s).

Resources :



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Feb242011

Windows 7/2008 R2 SP1

Published by hirantha at 8:25 PM under Microsoft | Security | Windows 7

The very first service pack for Windows 7 should be popping into your Windows Update right around now. There are few areas that might cause some issues. Here’s what to watch for.

  • Whitelisting / Blacklisting: Whitelisting software may not have checksums yet to verify all the files that are modified by the service pack.
  • Firewalls: Third party firewalls may find that some of the low level hooks they use have changed.
  • Disk Encryption: In particular full disk encryption that modifies the boot process may find that some of the changes it did are undone by the SP install
  • Custom hardware: If you are using drivers other then those that are included in Windows 7 (or 2008 R2)
  • Dual boot : Linux dual boot might cause some issues

Resources :



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Jan282011

International Data Privacy day

Published by hirantha at 8:45 AM under Security | Security | Security

Today is the fourth annual Data Privacy Day. Dozens of countries have been celebrating with events throughout the week to inform and educate us all about our personal data rights and protections

Few topics worth watching/reading;

Privacy & Innovation: A Data Privacy Day Reflection by Ryan Calo

Data Privacy Day 2011

The Technology of Privacy: When Geeks Meet Wonks – Panel discussion 10AM EST

European Research Consortium to Pilot Digital Privacy Solutions at University and Secondary School



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , , , , , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Jan282011

International Data Privacy day

Published by hirantha at 8:45 AM under Security | Security | Security

Today is the fourth annual Data Privacy Day. Dozens of countries have been celebrating with events throughout the week to inform and educate us all about our personal data rights and protections

Few topics worth watching/reading;

Privacy & Innovation: A Data Privacy Day Reflection by Ryan Calo

Data Privacy Day 2011

The Technology of Privacy: When Geeks Meet Wonks – Panel discussion 10AM EST

European Research Consortium to Pilot Digital Privacy Solutions at University and Secondary School



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , , , , , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses