Slashdot Mirror

Update: It wasn't Norton, it was older versions of their Enterprise protection:

http://www.securityweek.com/symantec-confirms-hackers-accessed-source-code-two-enterprise-security-products

Anyone that's not a deluded zealot's free to look @ the links I posted, & decide for themselves in these posts of mine as to whether these are "good things" going on with ANDROID (a Linux variant on smartphones) or not:

http://news.slashdot.org/comments.pl?sid=2586024&cid=38463414

http://news.slashdot.org/comments.pl?sid=2586024&cid=38488282

http://news.slashdot.org/comments.pl?sid=2586024&cid=38495050

http://news.slashdot.org/comments.pl?sid=2586024&cid=38495800

http://news.slashdot.org/comments.pl?sid=2586024&cid=38507222

http://news.slashdot.org/comments.pl?sid=2586024&cid=38519768

APK

P.S.=> For "good measure"? Here's 12 more, sending the total up to 84 now:

http://news.slashdot.org/story/11/10/06/0118231/android-malware-using-blog-as-cc-server

http://www.theregister.co.uk/2011/10/06/trend_discovers_more_android_malware/

http://www.theregister.co.uk/2011/11/14/android_anti_virus/

http://www.securityweek.com/new-android-trojan-masquerades-google-library-taps-device-administration-api

http://www.theregister.co.uk/2011/11/30/google_android_security_bug/

http://mobile.slashdot.org/story/11/12/02/1637249/researchers-find-big-leaks-in-pre-installed-android-apps

http://www.theregister.co.uk/2011/12/12/android_market_malware/

http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/

http://blogs.cio.com/mobile-security/16704/android-app-permissions-may-spark-false-sense-security

http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android

http://www.theregister.co.uk/2011/12/22/android_trojan_maytyr/

http://threatpost.com/en_us/blogs/fake-antivirus-scams-targeting-android-users-122911

"But anyone who cares about security uses linux - and by default anyone who uses the services of those companies uses and relies on linux." - by mSparks43 (757109) on Tuesday December 27, @03:33PM (#38506592) Homepage

Oh, really? Ok, per my subject-line:

---

London Stock Exchange Web Site Served Malicious Ads:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

And, yes - they run Linux to do it -> http://uptime.netcraft.com/up/graph?site=www.londonstockexchange.com

(So much for "caring for security" because they didn't do a good job... hell, Linux ALSO FELL FLAT ON ITS FACE ONLY MINUTES INTO THE JOB RUNNING LSE THE 1st DAY ON THE JOB:

LINUX WENT DOWN 2x in LESS THAN 1 YEAR @ London Stock Exchange:2011 -> http://linux.slashdot.org/comments.pl?sid=1999478&cid=35231358

Whereas, by way of comparison, the Accenture developed system that used Windows Server 2003 before it ran for 7++ yrs. before being replaced!)

---

AND OF COURSE, this much VERY CURRENTLY THIS YEAR IN 2011:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811

---

Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?

You get the picture...

* TOP THAT ALL OFF W/ DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS, PER THIS ARTICLE (very recent):

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

APK

P.S.=> Continuing the trend on ANDROID malware as well as I have been doing? Up to 56++ evidences now by this point with these 8 new ones to list:

http://mobi

http://mobile.slashdot.org/story/11/12/02/1637249/researchers-find-big-leaks-in-pre-installed-android-apps

http://www.theregister.co.uk/2011/11/30/google_android_security_bug/

http://www.securityweek.com/new-android-trojan-masquerades-google-library-taps-device-administration-api

http://www.theregister.co.uk/2011/11/14/android_anti_virus/

http://www.theregister.co.uk/2011/10/06/trend_discovers_more_android_malware/

http://news.slashdot.org/story/11/10/06/0118231/android-malware-using-blog-as-cc-server

http://it.slashdot.org/story/11/10/03/1427242/htc-android-backdoor-leaks-private-user-data

http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/

* Since the 1st batch wasn't enough, there's 8 more... plenty more where that came from too!

APK

P.S.=> Would you like more? I have many, Many, MANY more... apk

Known security bugs in Linux's kernel alone (3 remote ones no less) in Linux's kernel alone than there is in nearly all of what MS offers companies, users, and developers to do business with, which is a lot more than an OS kernel (I am talking Windows Server 2008, IIS7, SQLServer 2008, Office 2010, & more, which have less unpatched bugs in them than the Linux kernel alone (which if you put on Apache, MySQL, PHP, plus the rest of what's in a Linux distro alone which has security bugs unpatched too. making it even worse than 4 times the bugs already the kernel alone has versus all of what MS gives you)?

Tell us about the FINE "security" in ANDROID (a Linux itself), won't you?? Truckloads of malware seems to operate there (in an area linux finally was shown it gets used a bit more than most other competitors showing Linux was just getting security by obscurity).

You obviously know zero about security in Windows, because one can do the same types of things in NTFS, registry, or other permissions as you noted in Linux (which bit off of the ACL model via SeLinux MAC copy of it, you dumb ass).

A little newsflash since you mentioned goverments and stock exchanges: NASDAQ has for example been using Windows Server 2003 + SQLServer 2005 for nonstop clustered solid uptime into nearly a decade solid now as their "official trade data dissemination system". While literally only the other day, NYSE running Linux iirc, got floored http://www.californiality.com/2011/10/anonymous-nyse-attack-shocker.html

Now, let's also look at Linux at LSE (London Stock Exchange), which as you know (lol), LINUX FELL FLAT ON ITS FACE 2x the FIRST 2 DAYS IT RAN THERE, and this:

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

(Please, do tell us another one like this from you "firstly Linux is more secure than m$" to make us LAUGH @ YOU SOME MORE please, along with the fact that you're full of it. You can't pay for this kind of humor.)

This data's ALL from a respected source (secunia.com) for known security vulnerabilities unpatched:

---

Vulnerability Report: Microsoft SQL Server 2008: (10/11/2011)

http://secunia.com/advisories/product/21744/

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (10/11/2011)

http://secunia.com/advisories/product/17543/

Unpatched 0% (0 of 6 Secunia advisories)

Vulnerability Report: Microsoft Exchange Server 2010: (10/11/2011)

http://secunia.com/advisories/product/28234/

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft SharePoint Server 2010: (10/11/2011)

http://secunia.com/advisories/product/29809/

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft Forefront Endpoint Protection 2010: (10/11/2011)

http://secunia.com/advisories/product/34343/

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Baseline Security Analyzer 2.x: (10/11/2011):

http://secunia.com/advisories/product/6436/

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Office 2010: (10/11/2011)

http://secunia.com/advisories/product/30529/?task=advisories

Unpatched 0

My favorite quote from the article: “We continue to strengthen our cyber defenses, using the latest anti-virus software and other methods to protect Air Force resources and assure our ability to execute Air Force missions,” Cook said in a statement. “Continued education and training of all users will also help reduce the threat of malware to Department of Defense systems.” Why do I get the feeling that Norton/McAffee are offering their 'latest anti-virus software" to "strengthen our cyber defenses"...which will inevitably lead to a 2-4 year staged upgrade of all systems to bring them back up to their 'speeds' before they were "strengthened"..while software from ESET, VIPRE & AVAST are only found on the laptops of off duty personnel that have a clue. Given that DARPA sort of kickstarted this whole thing we're using these days you might think there'd be some military-grade software in use but I've yet to see any hint of that in any of the 'cybersecurity' discussions that find their way into our shared discussions on the 'tubes'.

It's not so much the sites you KNOW are done well/as secured as can be in code/db engines etc. (plus OS + Serverware patch levels. et al), but... It's ALSO the possibilities, of this occurring:

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/

---

* As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

APK

P.S.=> Now, "top that off" with the possibility of "DNS-Poisoned" (redirected really) DNS Servers too? It goes up yet again, as to "absolutely trusting" sites you're actually seeing (& disabling javascript GLOBALLY but only using it where you absolutely NEED it (think 'e-commerce' type sites for example), & only enabling it for TRUSTED favs. & yes, there's way to check OS patch & WebServerWare OS patch levels online (or in Opera's dev

Correct URL: http://www.securityweek.com/facebook-adds-malicious-link-protection-powered-websense

The link in the article
http://www.securityweek.com/turkish-police-detain-32-suspected-hackers-linked-anonymous
has pictures that were obviously photoshopped with masks. WTF? Seems out of place and an odd thing to do?

Turkish Police Detain 32 Suspected Hackers Linked to Anonymous:

http://www.securityweek.com/turkish-police-detain-32-suspected-hackers-linked-anonymous

(In fact, that's the 2nd round of them I've seen get caught thusfar, 1st was in Spain... & more ARE coming!)

APK

P.S.=> It's not a joke to the turks, & they're coming after YOU, "anonymous" (I hate to say it but... told you so, & I've been it before)

... apk

Turkish Police Detain 32 Suspected Hackers Linked to Anonymous:

http://www.securityweek.com/turkish-police-detain-32-suspected-hackers-linked-anonymous

(In fact, that's the 2nd round of them I've seen get caught thusfar - Spain was 1st... & more ARE coming!)

APK

P.S.=> It's not a joke to the turks, & they're coming after YOU, "anonymous" (I hate to say it but... told you so, & I've been it before)

... apk

Turkish Police Detain 32 Suspected Hackers Linked to Anonymous:

http://www.securityweek.com/turkish-police-detain-32-suspected-hackers-linked-anonymous

(In fact, that's the 2nd round of them I've seen get caught thusfar... & more ARE coming!)

APK

P.S.=> It's not a joke to the turks, & they're coming after YOU, "anonymous" (I hate to say it but... told you so, & I've been it before)

... apk

You think the Frontline Wikileaks episode was the sole reason? Sorry, pal, but PBS has done way more than that to harm the causes of freedom in the world, and the Wikileaks episode isn't the only government propaganda their guilty of spewing.

It's the reason why LulzSec did what they did according to security week. If you have any additional information, I am genuinely interested.

Also, you appear to have bought the propaganda hook line and sinker. Assange is a hero and anyone who tells you otherwise is lying, pure and simple. There is no "other side" to the story, any more than there's an "other side" to the belief that the Earth orbits the Sun.

And it seems you didn't watch the episode in question. Most of it dealt with Mannings, not Assange. The only really critical thing I can recall being mentioned about Assange is that the NY Times and Daniel Domscheit-Berg both mentioned that he was a difficult person to work with. Sure, Frontline did ask him to opine on some of the negative repercussions and views his actions might create, but such questions are vital to understanding his mindset, and maybe nabbing some fence sitters. An interview that simply praised Assange would be a rather pointless one after all.

"In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system." link

Except computer viruses are no way near analogous to the biological kind. In nature the virus first has to latch onto the outside of the cell before injecting its genetic payload. It does this by hijacking biological processes necessary the cell to survive and propagate in the host fluid. There is no such analogous process in computer systems. A computer system can still function without ever having to download external code. The root cause of the current virus/spam/phishing infestation being the inability of the local system to differentiate between code and data and not allowing remote code to be run.

"In nature, we know that ants defend against threats very successfully," Fulp said. "They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We're trying to achieve that same framework in a computer system."

Yeah, that's what we need. One Symantec AV can't stop a virus it doesn't know about, so we need TEN SYMANTEC AVS on the job.

The problem in computer security is one of DISCERNING INTENT. Good code and bad code look the same. The call the same functions, perform mostly the same tasks.

Think of VNC or Windows Remote Help vs a backdoor trojan. Same basic thing, just different intent.

FTP, Dropbox or other file transfer vs a trojan that uploads your files. Intent again.

Ants don't do any better at recognizing bad guys than AV software does. Faced with an enemy that is TRYING to disguise itself, they are fooled or sidelined. http://www.securityweek.com/researchers-model-security-software-mimic-behavior-ants

On the bight side, I'll be they can squeeze a few research grants out of it.

Apple doesn't hide rootkits in their software or media files.

Maybe not. But they were summoned to the US Senate to answer questions on privacy concerns over what they track & why they track it unencrypted.

Google, who is responsible for Android, was also called to those hearings. Apple sent a vice-president in charge of software development. Google sent a lobbyist. Apple voluntarily has already taken steps, and has promised to take further steps, to reduce both the amount of "tracking data", and to encrypt what data the user's phone does store. What has Google done/promised (I honestly don't know on that one)? But don't let facts available for nearly two months stop your rant.

...

Umm, so Apple treats your privacy slightly better than Google does.

Not a very high standard, now is that?

(Yeah, this will piss off all the brainless Googlebots. GOOD!!!!!)

Apple doesn't hide rootkits in their software or media files.

Maybe not. But they were summoned to the US Senate to answer questions on privacy concerns over what they track & why they track it unencrypted.

Google, who is responsible for Android, was also called to those hearings. Apple sent a vice-president in charge of software development. Google sent a lobbyist. Apple voluntarily has already taken steps, and has promised to take further steps, to reduce both the amount of "tracking data", and to encrypt what data the user's phone does store. What has Google done/promised (I honestly don't know on that one)? But don't let facts available for nearly two months stop your rant.

Apple doesn't actively prohibit "rooting" of their devices.

I think you need to read the last 2 lines about possibly denying sevice on this page.

Yeah, EULAs always sound terrible. But point to me one instance of Apple actually doing that. [Crickets]

Apple doesn't pursue the iOS "hacker" community with legal threats, DMCA takedown notices, etc.

It has put the mechanisms in place to do so in the future though.

Again, the potential of doing it; but obviously Apple is just putting that in as a guard against an unforseeable "worst-case-scenario" threat. And again, please show me a single instance of Apple actually making good on any sabre-rattling. And didn't it get settled nearly a year ago that "Jailbreaking" was NOT illegal? Do you see Apple actively fighting that with signed bootloaders, security fuses, etc, like some Android Device manufacturers? So, your point, again?

Apple doesn't embrace DRM every day, and in every way (they DO have to put up with SOME DRM due to pressures from "content providers"; but it is obvious they chafe against it).

Apple dropped DRM from iTunes about 2 years ago. It could be argued that they bowed to pressure from their user base after the Sony rootkit and CD DRM fuss. I have not come across a DRMed CD for some years now because of the stink DRM caused.

ANYTHING "can be argued". But at least Apple's CEO published an Open Letter publicly decrying DRM. Has Sony? Howabout Google?

Apple doesn't infest its products with an OS (Windows 7) that has DRM from the driver-level up.

I'm mainly a Linux guy, I'm still using XP for some stuff but haven't played with Windows 7 much beyond setting up some laptops for colleagues - therefore I'm no expert on it. However, I am not aware of any restrictions on Windows 7 that stop you running non-DRMed formats on it exactly as you can do on previous iterations of Windows. I am led to believe that it provides a *platform* for DRM, again probably bowing to the same pressures from the RIAA that you said it was perfectly okay for Apple to have done during the early days of iTunes.

When Apple was starting out with iTunes, NO ONE would have signed up without DRM, and you (and everybody else) knows it. Even when iTunes had DRM on music, it was the weakest DRM possible. Individual songs weren't DRMed, per se; only Playlists were copy-restricted. NOTHING (but trust) prevented the user from deleting the Playlist, and recreating it, thus garnering another seven (then five) copies of a particular song. And let's not forget that iTunes also allows creating an Audi

From the summary and the article:

Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.

Other than that, how's being a schmuck working for you?

Apple never stated it's going to be encrypted. Read the article you linked to, or even Apple's actual Press Release.

You might want to adjust your tinfoil hat. Not only is Apple not going to simply encrypt the information, the information in the cache isn't even from the iPhone itself, but from Apple. It's a cache of nearby cell towers and WiFi access points so that when you use Location Services, the phone can look up its location faster than it would otherwise.

To repeat: this cache is from Apple, and is a collection of nearby towers and APs that your phone has never even connected to, so that if you drive ten, or even a hundred, miles from your current location, your phone can tell that it has done so in seconds instead of minutes.

Except they aren't going to encrypt it....

From the summary and the article:

Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.

You might try reading the article, or even the summary.

From the summary and the article:

Additionally, Apple said that in the next major iOS software release the cache would be encrypted on the iPhone, though a timeline for that was not provided.

Other than that, how's being a schmuck working for you?

LSE Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also, as I stated it would be on BOTH accounts no less in my posts here this week (this time? It's via malicious adbanners being inserted & served up to the general public as well)... apk

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also, just as I said it would be in my init. post here, and again, I didn't have to wait long... just like I didn't have to wait for LSE showing instability & mistakes in data ouputs, also (via malicious adbanners being inserted & served up to the general public as well)... apk

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also, just as I said it would be in my init. post here, and again, I didn't have to wait long... just like I didn't have to wait for LSE showing instability & mistakes in data ouputs, also (via malicious adbanners being inserted & served up to the general public as well)... apk

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also, just as I said it would be in my init. post here, and again, I didn't have to wait long... just like I didn't have to wait for LSE showing instability & mistakes in data ouputs, also (via malicious adbanners being inserted & served up to the general public as well)... apk

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also, just as I said it would be in my init. post here, and again, I didn't have to wait long... just like I didn't have to wait for LSE showing instability & mistakes in data ouputs, also (via malicious adbanners being inserted & served up to the general public as well!)... apk

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also, just as I said it would be in my init. post here, and again, I didn't have to wait long... just like I didn't have to wait for LSE showing instability & mistakes in data ouputs, also (via malicious adbanners being inserted & served up to the general public as well)... apk

Read 'em & weep Penguins:

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

Let's see - so far, Linux has fallen onto its FACE only 2 days into the job, & now they're serving malwares too?

Please...

APK

P.S.=> Need I say more? apk

Read 'em & weep Penguins:

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

Let's see - so far, Linux has fallen onto its FACE only 2 days into the job, & now they're serving malwares too?

Please... lol!

APK

P.S.=> Need I say more? apk

Read 'em & weep Penguins:

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

Let's see - so far, Linux has fallen onto its FACE only 2 days into the job, & now they're serving malwares too?

Please...

APK

P.S.=> Need I say more? apk

Read 'em & weep Penguins:

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

Let's see - so far, Linux has fallen onto its FACE only 2 days into the job, & now they're serving malwares too?

APK

Top off the list of malicious hacks & slowdowns adbanners expose folks online to I posted @ the termination of my init. post here -> http://yro.slashdot.org/comments.pl?sid=2014770&cid=35337228 :

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware

---

"HOT OFF THE PRESSES", today...

APK

P.S.=> The "penguins" won't like this either, because not only did the London Stock Exchange FLOP after only 2 days on the job using Linux, but... it appears that it's been "hacked/cracked" also (via malicious adbanners being inserted & served up to the general public as well)... apk

Not surprising and something that's likely to be a trend in consumer devices over time, especially as more and more devices become "connected" -- An interesting research report we highlighted last week shows just how vulnerable these newly connected devices are (ok PS3 isn't newly connected but many more consumer devices are) Cellphones, iPods, digital cameras, set-top boxes, gaming systems... these devices pervade modern life. Mostly, they make our lives easier and more fun. But if they're built without the proper security technology, our favorite gizmos and gadgets can seriously compromise our privacy, finances and even our personal safety: http://www.securityweek.com/security-focus-consumer-electronics

According to a comment on the original article:
Try 'manage' as the username.

Many don't realize that when they connect their devices (iPhones, iPads, Etc) to corporate networks they are handing over control to their employer. I wrote a piece about this back when iPhone 4 was released and one of the it execs we interviewed mentioned that fact: http://www.securityweek.com/iphone-4-enterprise-new-features-expected-drive-adoption-iphones-enterprise

Yeah, since manslaughter doesn't get you more than two years these days. And a hit and run might not even be something a DA wants to pursue vigorously.

The charges in this case went beyond denial of service and were prosecuted under federal law.

The case was prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney's Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department. Former Student Gets 30 Months in Prison for DDoSing Conservative Figures and Using Botnets, 30-Month Sentence For Bot Nets Used To Obtain Information From Other Computer Systems

In the American federal system, crimes of violence are almost always prosecuted under state law. If you have any complaints about sentencing, take them to your state assemblyman or senator.

The consequences for conviction on a charge of vehicular homicide vary wildly from state to state.

In Iowa, there is no probation and the mandatory sentence is twenty five years. In Tennessee the average jail time is 29 days. Vehicular Manslaughter

Failing to pursue the felony charge can make very big headlines in unexpected places: Morgan Stanley financial adviser escapes felony charges for hit-and-run 'because it could jeopardies his job', Alleged hit-and-run driver may not face felony

This is the third company to launch such technology, including another that launched in September -- http://www.securityweek.com/sponsored-spam-fighting-captchas-emerge-latest-tool-online-advertisers

In the linked article they claim "Bugat" was being distributed via the recent attack targeting LinkedIn users but the article they use as their reference clearly states the LinkedIn spam was distributing "ZeuS". Make up your mind, M'kay?

Win32/Stuxnet might be described as a worm of a slightly different color, though it’s attracted interest from the media that’s comparable in intensity to Conficker, or Code Red, or Blaster. David Harley did an interesting piece on this... http://www.securityweek.com/stuxnet-sux-or-stuxnet-success-story

http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-location

No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers’ encryption keys. Also driving RIM’s position is the fact that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.

Source: http://www.securityweek.com/rim-statement-india-demands-access-messaging-services-no-ability-provide-its-customers%E2%80%99-encryption-k

I took this as "fuck off, but I guess they got a wizard to, in some way, hand governments unencrypted data without decrypting it?

*sigh*

Security Week posted has some videos of the presentation that they uploaded to youtube.

China is directing the single largest, most intensive foreign intelligence gathering effort since the Cold War against the United States....

http://www.securityweek.com/chinas-cyber-threat-growing

Or could it be that US is using this as an excuse to take even more control over the Internet?

This is nothing new. I remember reading about such things in the 90's. US is good with propaganda, including entertainment and everything. Just see cold war.

Or could it be that the world really isn't actually filled with hippies like you that think "free love" magically solves all of our problems, and is some kind of fairy dust that you just sprinkle on oppressive totalitarians to infect them with patchouli stink fantasy?

The problem with ultra liberals like yourself is that you seem to think everyone wants to be your friend. The reality is that they don't. Many of them just want to steal/copy your success, or learn how to prevent you from obtaining it.

It would be really nice if China shut down the US internet grid. Even if it was just for a few minutes. I say it would be nice, because I am always amused by the rhetoric spewed by the defender of my enemies.

Yes, let's call a spade a spade. China, one of the worst human rights violators on Earth, if not the worst, is our enemy. Just because we trade with them does not make them our friend, nor our frienemy.

China is directing the single largest, most intensive foreign intelligence gathering effort since the Cold War against the United States....

http://www.securityweek.com/chinas-cyber-threat-growing

Or could it be that US is using this as an excuse to take even more control over the Internet?

This is nothing new. I remember reading about such things in the 90's. US is good with propaganda, including entertainment and everything. Just see cold war.

China is directing the single largest, most intensive foreign intelligence gathering effort since the Cold War against the United States.... http://www.securityweek.com/chinas-cyber-threat-growing