Baanboard.com

Go Back   Baanboard.com > News

User login

Frontpage Sponsor

Main

Poll
How big is your Baan-DB (just Data AND Indexes)
0 - 200 GB
19%
200 - 500 GB
30%
500 - 800 GB
4%
800 - 1200 GB
7%
1200 - 1500 GB
7%
1500 - 2000 GB
11%
> 2000 GB
22%
Total votes: 54

Baanboard at LinkedIn


Reference Content

 
RSS Newsfeeds

Comic for March 18, 2019

Dilbert - March 19, 2019 - 12:59am
Categories: Geek

Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

Ars Technica - 1 hour 29 min ago

Enlarge (credit: LG)

Mirai, the virulent Internet of Things malware that delivered record-setting denial-of-service attacks in 2016, has been updated to target a new crop of devices, including two found inside enterprise networks, where bandwidth is often plentiful, researchers said on Monday.

The malware infects webcams, routers, DVRs, and other Internet-connected devices, which typically ship with default credentials and run woefully outdated versions of Linux that are rarely, if ever, updated. The rapidly spreading Mirai first made a name for itself in 2016, when it helped achieve record-setting DDoS attacks against KrebsOnSecurity and French Web host OVH.

A newly discovered variant contains a total of 27 exploits, 11 of which are new to Mirai, researchers with security firm Palo Alto Networks reported in a blog post Monday. Besides demonstrating an attempt to reinvigorate Mirai’s place among powerful botnets, the new exploits signal an attempt to penetrate an arena that's largely new to Mirai. One of the 11 new exploits targets the WePresent WiPG-1000 Wireless Presentation systems, and another exploit targets LG Supersign TVs. Both of these devices are intended for use by businesses, which typically have networks that offer larger amounts of bandwidth than Mirai’s more traditional target of home consumers.

Read 8 remaining paragraphs | Comments

Google, Microsoft work together for a year to figure out new type of Windows flaw

Ars Technica - 2 hours 53 min ago

Enlarge (credit: Marco Verch / Flickr)

One of the more notable features of Google Project Zero's (GPZ) security research has been its 90-day disclosure policy. In general, vendors are given 90 days to address issues found by GPZ, after which the flaws will be publicly disclosed. But sometimes understanding a flaw and developing fixes for it takes longer than 90 days—sometimes, much longer, such as when a new class of vulnerability is found. That's what happened last year with the Spectre and Meltdown processor issues, and it has happened again with a new Windows issue.

Google researcher James Forshaw first grasped that there might be a problem a couple of years ago when he was investigating the exploitability of another Windows issue published three years ago. In so doing, he discovered the complicated way in which Windows performs permissions checks when opening files or other secured objects. A closer look at the involved parts showed that there were all the basic elements to create a significant elevation of privilege attack, enabling any user program to open any file on the system, regardless of whether the user should have permission to do so. The big question was, could these elements be assembled in just the right way to cause a problem, or would good fortune render the issue merely theoretical?

The basic rule is simple enough: when a request to open a file is being made from user mode, the system should check that the user running the application that's trying to open the file has permission to access the file. The system does this by examining the file's access control list (ACL) and comparing it to the user's user ID and group memberships. However, if the request is being made from kernel mode, the permissions checks should be skipped. That's because the kernel in general needs free and unfettered access to every file.

Read 15 remaining paragraphs | Comments


All times are GMT +2. The time now is 23:30.


©2001-2018 - Baanboard.com - Baanforums.com