Security-Protocols

• 10 Oracle bugs in 10 minutes.. Doesnt sound impossible as Cesar Cerrudo demonstrated an audit of Oracle using free tools to find flaws.
• Month of PHP Bugs - Day one starts out with a bang with 5 releases:

PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
PHP Executor Deep Recursion Stack Overflow
PHP Variable Destructor Deep Recursion Stack Overflow
PHP 4 unserialize() ZVAL Reference Counter Overflow
PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability

• Blackhat Blackballed: RFID vs Researchers - In a move similar to the Lynn vs Cisco scandal of 2005, security firm  IOActive is being blocked to give their presentation on RFID security at the upcoming Blackhat Federal 2007, to be held in Arlington, VA this upcoming February 26-March 1.
• A new variant of the Storm Worm is spreading that when a user is infected, it will cause the users machine to make a forum or blog post and then adds a link to a site which has the malcious installer.
• Should Digg sue Wired???  Techcrunch sure does think so.
• David Maynor has revealed the code he used to exploit the Apple wireless driver flaw.  We knew you had it all this time David, forget about what everyone else says.
• Minority Report: The 10 worst things about Apple by silicon.com.  O wait, they also published the 10 best things about Apple.

• A group of Chinese dissidents and others are creating a site called Wikileaks for the untraceable leaking of government documents. Wikileaks has already gotten allot of attention even though the site has not yet even launched. Doesnt sound like a very noble effort to me.
• Apple Inc. releases security update 2007-001 which fixes a buffer overflow in QuickTime’s handling of RTSP URL’s. This flaw was published on the Month of Apple Bugs website (MOAB-01-01-2007). I wish Apple would fix my issues this fast.
• Its official, Blu-Ray DRM has been cracked. Janvitos has decrypted a full Blu-Ray movie without even owning any Blu-Ray equipment. This is very embarrassing for Sony. You can download BackupBluRay here…
  
• SecurityFocus: Bug brokers offering higher bounties Here is one quote from the article: “One of the reasons why the hacking community is so frustrated with large corporations is because these corporations are making a killing off their research and they are not seeing fair value for their work.”

• AGLOCO (AllAdvantage 2.0) has send out a newsletter stating that the Viewbar will be available within a few weeks!
• Today’s Month of Apple Bugs release: System Preferences writeconfig Local Privilege Escalation Vulnerability
• iPhone Trademarks: the Real Issues - Mark Rasch explains how U.S. trademark law works and the real issues at play in this highly publicized trademark dispute.
• The Century PS3 Hard Drive: 750GB RAID Setup : Should you max out the 20GB or 60GB of your PS3 you might want to make plans to visit the Akihabara district of Tokyo.
• Lessons from selling websites: Ahmed has posted some reflections on the recent sale of three blogging related sites (Blog Catalog (sold for $40k), EatonWeb (sold for $10k) and 2RSS (sold for $7k) which all sold for between 24 and 100 times monthly revenues.  Very interesting read..

• Advisory (was for fun): OmniWeb 5.5.2 “MAP NAME=#” Denial of Service
• These sexy MacBook Pro’s have been getting their holes penetrated since 1999.
• Today’s MOAB Release: Apple DMG UFS ffs_mountfs() Integer Overflow
• iDefense is offering $8,000 - $12,000 per remote code execution flaws within Windows Vista, and IE7. If you ask me, I would have to say that a remote in Vista and or IE7 is worth a whole lot more than $8,000.
• An interesting article on “How the Mac was born, and other tales“.
• Cisco Sues Apple Over Use of iPhone name. I was wondering when this was going to happen.  I wonder what Apple will call it now?  Apple Phone?
• And last but not least, some really good commentary on the Rixstep site regarding the latest MOAB flaws.

• Todays MOAB (MOAB-09-01-2007) release was a really nice find. The fanboys will be cringing over this one.
• Apple Inc. announces the Apple TV (appletv ?), Apple iPhone and the Airport Extreme Base Station. After watching the Macworld Keynote of 2007, looks like ill be buying some new hardware soon. Apple’s stock soared today…
• This is one nice highlight of The Wedge in Newport Beach, and looks like it was pumping earlier this month at Salt Creek.
• Yahoo! picks up Mybloglog.com for $10-$12 million according to different sources.
• John Chow tests out the new Canon S3 digital camera with 12x optical zoom, at what is also known as the ‘Babe Booth Cam‘.
• MOAB special: The canary trap is set, the leak and the moles are revealed. Oldest tricks on the book still work…

Quote of the day:

“People regularly download software they cannot claim they trust and just run it with no thought for the consequences. Yes, it’s ‘only’ a computer - but listen to them wail if something goes wrong. They’re living in their rose (pink) coloured world and are totally unaware of the threats lurking outside in the dark.

And the worst of those threats is hopefully not the desultory accidental exploit that turns into a major worm outbreak and a headline on the front page of websites and newspapers everywhere - the worst is how Bill Gates, Steve Ballmer, and Rob Enderle will capitalize on it.”

~ Rixstep on Apple Security