Computer Tips -Tech Info

PHP which is a widely used scripting language for webpages has been found to have a serious vulnerability. The Inquirer is reporting on the announcement at hardened-php.net that the vulnerabilities are in the XML-RPC for PHP and PEAR XML-RPC libraries. This is apparently an eval() vulnerability similar to one earlier in the year.    Send […]

Incidents.org has an update on yesterdays story of very long registry entries not being visible in most registry tools (regedit among others.) They have an updated list of what does and does not read these long keys. They’ve alluded to nasties in the wild that are already taking advantage of this and have confirmed that […]

I’m impressed, it looks as though the FBI has announced the arrest of the authors of both the Zotob and Mytob viruses. Of course Zotob was in the wild in the last 2 weeks. This is really very good news as it is rare for virus writers to be identified and captured. Maybe the FBI […]

Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there’s a new unknown virus that people are […]

There’s an eweek article indicating the zotob family of worms could affect Windows XP SP1 systems as well as the Windows 2000 systems that are currently affected. Since the original outbreak it’s been reported that there were certain circumstances that an XP system could be compromised, this seems to back that up.    Send article […]

According to an article at the Washington Post, it appears that there are a large number of attacks against Defense related non-classified computers coming from (at least in the last hop) computers residing in China. It’s unclear whether these attacks are REALLY originating from China or if crackers are using Chinese machines as a convenient […]

The diary over at the SANS Institute mentioned an interesting program today. Nepenthes is a program that can simulate a vulnerability so that it can collect samples of malware trying to exploit that vulnerability.    Send article as PDF   

Sunbelt has found another keylogger in the dumaru family and has updated their free tool to scan for it and clean it up. This is the same family of trojans/keyloggers that contributed to the large ID theft discovery they made earlier in the month.    Send article as PDF   

The sunbeltblog has uncovered a fairly interesting document. (Dated May 16 and originally in Russian) which appears to be the wishlist of a spyware criminal. (Slime was my own definition…)    Send article as PDF   

Sunbeltblog has a flurry of posts today. This one muses on wireless networking (in)security. One of the points that they make is that there are “acceptable” levels of security depending on your circumstance. In other words, if you’re miles from nowhere and feel comfortable with WEP (which is breakable) fine.    Send article as PDF […]