October 14, vnunet.com - Instant messaging falls prey to hackers.

October 14, vnunet.com - Instant messaging falls prey to hackers.

Post by David H. L » Sun, 19 Oct 2003 01:49:39


October 14, vnunet.com - Instant messaging falls prey to hackers. Hackers are exploiting
browser security flaws to hijack instant messaging (IM) accounts, security experts have
warned.
Internet security firm Symantec said vulnerabilites have meant that attacks on IM and
peer-to-peer sites have risen 400 per cent since 2002. Using what are known as application
programming interfaces (a set of routines, protocols, and tools for building software
applications), hackers have developed worms or Trojans that can capture a remote user's
list of IM correspondents, or 'buddies'. By grabbing a user's buddy list rather than
scanning for vulnerable IP addresses, these worms have the potential to be more virulent
than predecessors like Code Red, Slammer or Blaster, which spread over the internet rather
than over IM networks, warned Neal Hindocha of Symantec. Usually the victim is led to a
website, either by a distributing link through IM or via an email with a link to the
Webpage,
which then automatically downloads a worm or trojan.

Source: http://www.yqcomputer.com/
 
 
 

1. attack of the malfunctioning NT cash machine, vnunet.com

2. InfoPath signatures cannot be trusted, vnunet.com

Microsoft in standards battle with W3C
Lisa Kelly Oct 24 2003

World Wide Web Consortium says InfoPath signatures cannot be trusted ..

.. Dr John Boyer, a research scientist at e-forms specialist PureEdge
Solutions, and co-author of the XML DSig standard and the XForms 1.0
recommendation, said that businesses cannot rely on InfoPath signatures
for security.

He claimed that, in under five minutes, PureEdge managed to change a
signed InfoPath form from an 'Employment Applicant Rating' form to a
'Prisoner Registration' form.

"The InfoPath signature remained valid, but the signer was proving a
rating of a job applicant, not agreeing to go to prison," said Dr Boyer,
warning that this problem could lead to disputes between businesses and
a signer ..

.. Neil Laver, group product marketing manager at Microsoft, said:

"Although the InfoPath signature is constructed to follow the grammar of
the WC3 recommendation for XML digital signatures, it does not follow
the intent of the standard as given in section 8.1.2 of the
recommendation," he explained.

"We support the W3C standard in terms of knowing that XML code has not
been tampered with."

But, he added, there is currently no way of proving whether an InfoPath
signature has not been tampered with in a court of law.

"We will [be able to] in time," he added. "We constantly review security
but it is a trade off. If we completely lock the signature down, there
is no room for modification."

--- unquote ---
http://www.yqcomputer.com/

3. Nasa runs fastest simulation on Linux, vnunet.com

4. microsoft millions back SCO case, vnunet.com

5. SCO extends licences to end of year, vnunet.com

6. UK builds up security alert network - on Windows :] , vnunet.com

7. gates on how to defeat spam, vnunet.com

8. microsoft millions back SCO case, vnunet.com

9. Re : attack of the malfunctioning NT cash machine, vnunet.com

10. Microsoft rejects digital claims, vnunet.com

11. latest SCO utterances, vnunet.com

12. System News for Sun Users: TOC Vol 116 Issue 2: October 8 to October 14

13. WinCE Update releases for the week of October 14 through October 28, 2005

14. Unprotected PCs Fall To Hacker Bots In Just Four MinutesUnprotected PCs Fall To Hacker Bots In Just Four MinutesUnprotected PCs Fall To Hacker Bots In Just Four Minutes

15. WinCE Update releases for the week of October 7 through October 14, 2005