#TeamOpenSourceMalaysia
In a recent ISA Server 2006 Level 400 class, we discussed a vulnerability on Exchange server that could lead to remote code execution. The particular remote attack is listed in CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213 and rated high in it’s severity. If you have customers or run Exchange … “URGENT! – Serious security flaws with all Microsoft Exchange versions”
Read MoreWas doing some reading on my frequently accessed security page, SANS and found these two vulnerabilities that should be of mention. These two software i use well, often, like Quicktime (for my ITunes) and Asterisk (for my mobile VoIP support). Quicktime- A vulnerability that allows … “Vulnerabilities on Quicktime and Asterisk”
Read MoreHere’s a piece of software i must blog about, its called Fring. I just got a Nokia N80 recently and of course, i wanted to stuff the phone like what we did to the turkey in Christmas, but with software. The company i work for … “Fring Me (Asterisk and Nokia Symbian special mention)”
Read MoreSome people in the middle eastern parts of the world including Pakistan have been shaken by phone SMS messages warning them about the existence of a phone to human virus. This hoax, just like many we JUNK in Outlook, had forced public figures to release … “Idiocracy Alert – Phone to Human virus”
Read MoreLook out Flash, here’s come another ray of light, called Silverlight. Silverlight is Microsoft’s answer to rich web applications which previously dominated by Macromedia Flash. I tried some of the samples, looks like it can do pretty much what Flash can, like, play games, watch … “Every cloud has a Silverlight”
Read MoreIt comes as no surprise that the exploitation of the MS DNS issue is out and around. According to Symantec, this particular worm executes several vulenrability checks (much like a security scanner) and exploits those that are vulnerable. In short, the process is completely automated … “W32.Rinbot – Exploitation of Windows DNS and other vulnerabilities”
Read MoreMy previous post talks about the DNS vulnerability and now the exploit codes are available and are being used already to VERY EASILY EXPLOIT DNS servers especially within an organization (typically). No one in their right mind would publish RPC over the internet, right.., right..!!?? … “WARNING – DNS Zero day exploit code is public”
Read MoreA new buffer overflow vulnerability with the RPC protocol for managing the DNS service in Windows 2000 (all SPs) and Windows 2003 (all SPs) has been discovered by hackers. Upon successful execution of this exploit, the attacker can run code with the security equivalent of … “Windows 2000/2003 DNS Server Service Zero Day Exploit”
Read MoreEver wanted to check what ports is a particular program listening on? Well, if you run Windows, there’s an awesome tool called CurrPorts which has been around for sometime now. I used it this morning, and still loving it. Windows itself can do a little … “CurrPorts – A must have program in your support thumbdrive”
Read MoreSome sources have confirmed a highest number of spam since 12 months ago containing security related messages and request users to patch files etc. Please be very careful, i do not know any klutzy security companies that send updates via emails. WELL THEY DON’T. Have … “Spam Storm”
Read More