flaw

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list. According to the researcher, the code exploits a vulnerability in Linux version 2.6.30, and 2.6.18, and affects both 32-bit and 64-bit versions. The 2.6.18 kernel is used in Red Hat Enterprise Linux 5.

The exploit bypasses null pointer de-reference protection in the mainline kernel, which could allow an attacker to … Read more

Here's quick update to the story we posted the other day on a couple filing a class-action lawsuit over a potential design flaw in Amazon's Kindle 2 involving the company's cover and cracks developing around the clasps where the cover attaches to the device.

Amazon has decided that it will now replace Kindles that have been cracked by the cover free of charge, reversing its earlier stance that the Kindle 2's warranty didn't cover such cracks and required a $200 fee to repair. As expected, Amazon wouldn't comment on the lawsuit itself, which will … Read more

There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.

The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.

The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That means an attacker may be able to execute malicious code on a target machine, if … Read more

Acronis, a major vendor of backup software, released a report earlier this week stating that about 87 percent of computer users back up their data once every two or three months--way less frequently than recommended. This suggests that most of us live dangerously when it comes to backing up.

The survey was widely reported in the press, but it turns out the numbers didn't seem to go well with Acronis' report.

The percentages released to the media were taken from the question "How often do you back up your hard drive or files?" Results include: 48 percent for "once a week (or more)"; 55 percent for "2-3 times a month"; 81.5 percent for "once a month"; 86.8 percent for "every 2-3 months", 91.4 percent for "2-3 times a year", 94.6 percent for "once a year or less"; and 25.5 percent for "never."

It may be that I'm Asian and extra good with math, but I couldn't help but notice that when added up, the numbers total around 500 percent. Other ways to interpret the chart didn't justify the reported 87 percent, either. So maybe you're not as bad at backing up as some media reports told you you were. … Read more

Microsoft has failed to remove a long-recognized Windows Explorer security risk from Windows 7, according to security company F-Secure.

The "hide extensions" feature, which was present in Windows NT, 2000, XP, and Vista, is also included in the Windows 7 release candidate, Mikko Hypponen, F-Secure's chief research officer, said Tuesday in a blog. The feature could allow virus writers to trick users into opening and running malicious files, he added.

"In Windows NT, 2000, XP and Vista, Explorer used to hide extensions for known file types," Hypponen said. "And virus writers used this 'feature' … Read more

Hackers have launched attacks targeting an unpatched flaw in Microsoft PowerPoint, the company warned Thursday.

The vulnerability, which affects Microsoft Office 2000 SP3, 2002 SP3, and 2003 SP3, can be exploited by getting a person to open a PowerPoint file rigged for the attack. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system.

In a security advisory, Microsoft said that at present, attacks are not widespread but are tailored to affect specific victims.

"Microsoft is investigating new reports of a vulnerability in Microsoft … Read more

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project.

Some of the researchers have released a proof-of-concept scanner that can be used … Read more

Update at 8:45 a.m. PST: Information from security firm Symantec added.

Attackers are making the rounds and exploiting a critical security flaw in Adobe Reader 9 and Acrobat 9.

Earlier versions of the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person's computer, Adobe Systems warned Thursday.

Reports also surfaced that attackers have developed an exploit and are taking advantage of the flaw, the company said.

Adobe has yet to develop an update to address the vulnerability but noted … Read more

We've seen a variety of images that reveal the innards of the iPhone 3G, and you can even buy a T-Shirt showing those innards to the world. Now one iPhone user, Flunky Carter, has gotten creative and recorded a video of his iPhone 3G using the night vision setting of his camcorder. The video, which you can view below, gives you a unique perspective of the iPhone 3G.

iPhone under Night Vision from Flunky Carter on Vimeo.

The video reveals stress cracks around the edges of the iPhone and the iPhone camera that are invisible normally to the naked … Read more