D. H. McKee Blog

First Cell-Phone Virus Just a Test

June 17, 2004 D. H. McKee

Off

Cabir, the first virus to infect cell phones , was not designed to propagate massively, but rather to demonstrate that these kinds of devices can be infected by malicious code.
"This is a proof-of-concept worm," Patrick Hinojosa, CTO of Panda Software, told NewsFactor. "We won't see it spread very rapidly, because there are a number of physical limitations to keep it from mass replicating."
The Cabir code spreads to devices that run on the Symbian OS, which is used in many models of phones, including some manufactured by Nokia, Siemens and Sony Ericcson.

+ Read More

Wireless worm appears

June 16, 2004 D. H. McKee

Off

Hacking

A newly detected worm spreads among mobile phones using the Bluetooth wireless technology, according to security firm F-Secure.
Called Cabir, the worm targets phones that use the Symbian Ltd. Series 60 operating system, according to F-Secure officials. When a user unwittingly installs the worm on a phone, the malicious code activates and starts looking for other Bluetooth devices to infect. It sends itself as a file called caribe.sis, which the user must accept and install to activate the worm.
Cabir is the first mobile phone virus to be detected, according to F-Secure officials. Although it does not appear to cause any damage, it shows that virus writers have the ability to attack phones, said Matias Impivaara, business manager of mobile security services at F-Secure.

+ Read More

Bug causes Linux to crash

June 15, 2004 D. H. McKee

Off

Hacking

Running a simple C program crashes the Linux kernel. It does not require root access, but shell access is required. It affects both 2.4.2x and 2.6.x kernels on the x86 architecture
The flaw was by accident discovered by Stian Skjelstad while he was doing some code tests. He was quite surprised when I discovered that the code he was trying froze his machine. He reported it to the Linux-kernel mailing list and the gcc bugzilla 2004-06-09.

+ Read More

Squid NTLM Buffer Overflow Vulnerability

June 15, 2004 D. H. McKee

Off

Hacking

Remote exploitation of a buffer overflow vulnerability in Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. Squid Web Proxy Cache supports Basic, Digest and NTLM authentication.
A remote attacker can compromise a target system if Squid Proxy is configured to use the NTLM authentication helper. The attacker can send an overly long password to overflow the buffer and execute arbitrary code.

+ Read More

Spamhaus under attack from UK spammers

June 10, 2004 D. H. McKee

Off

Hacking

A law that the government said would clamp down on those who send millions of unsolicited junk emails is instead causing more hassle for anti-spam campaigners
Pioneering anti-spam organisation The Spamhaus Project has begun receiving threats from spammers, many of whom appear to have moved into Britain following the establishment of controversial UK laws that ostensibly outlaw the spamming of personal email addresses.
Spamhaus founder Steve Linford revealed told the Openwave messaging anti-abuse conference in London this week that this legislation has had a counterproductive effect. "For the first time we have very tenacious spamming gangs setting up in the UK," said Linford. "And, for the first time, we have spammers threatening us with legal action."

+ Read More

Microsoft’s anti-spam plan ‘hijacked by zombies’

June 10, 2004 D. H. McKee

Off

Hacking

Microsoft's plan to reduce spam by forcing an email sender's machine to solve a puzzle may be defeated by the Internet's army of zombie PCs, say security experts
One of Microsoft's plans to fight the spam epidemic is unlikely to adversely affect spammers or reduce the quantity of spam, according to security experts.
Microsoft's chairman Bill Gates has been calling for the IT industry to work together and eradicate the spam problem. About six months ago he unveiled an initiative called Penny Black, which was a method for reducing a spammer's ability to send large volumes of unsolicited emails using Hotmail and MSN accounts. He suggested making the senders' computer process a complicated mathematical puzzle, which takes approximately 20 seconds, before each message is released. The puzzle's result is attached to the email's header, so that a receiving gateway can recognise emails that have been through the process and allow them to pass.

+ Read More

Plug and Play port scan reveals new worms

May 20, 2004 D. H. McKee

Off

Hacking

Two good reasons for having the latest Microsoft patches have emerged in the form of Bobax and Kibuv
Investigations into recent increases in port 5000 scans have revealed the existence of two new worms: Bobax and Kibuv.
The W32/Bobax-A worm, which employs the same Microsoft security vulnerability as the Sasser worm to break into computers, uses port 5000 to identify Windows XP systems (the port used for "Universal Plug and Play").

+ Read More

Congress Revisits the Copyright Act

May 19, 2004 D. H. McKee

Off

Hacking, Politics

This year marks the 20th anniversary of the Supreme Court’s now famous Betamax decision. On January 17, 1984, the Court...

+ Read More

Can M$oft fight organised crime?

May 15, 2004 D. H. McKee

Off

Hacking

Microsoft is claiming that its $250,000 reward was responsible for the Sasser author's arrest, but experts say money alone will not stop the virus and spam problem.

+ Read More

A third of UK corporates open to hackers

May 15, 2004 D. H. McKee

Off

Hacking

A third of UK companies and public sector organisations are 'wide open' to hackers because they are ignoring basic security flaws, industry experts have warned.

+ Read More

About This Site