Archives

Categories

Recent Comments

Subscribe to this blog's feed
Bookmark and Share

« January 2010 | Main

February 2010

02/07/2010

New Samba directory traversal bug

Everything old is new again; it's 2010 and there are still undiscovered old chestnuts in enterprise applications. In this case, @kingcope has uncovered a directory traversal bug hidden in plain sight.



If you look at the YouTube conversation, Samba luminary jeremy Allison acknowledges and promises to address the bug, so it's going to be closed quickly. It is a little disturbing, though, issues that we understand this well are still out there.

I don't think the underlying issue is that there was a bug -- it's that the development process didn't catch something this obvious and well-understood. Along the same lines, the fix isn't simply patching a bug; Samba should re-examine it's security process and code acceptance criteria.

Posted at 10:37 AM in Security, Software | | Comments (0)

Technorati Tags: , , , , ,

|

02/02/2010

Chinese hacking hits mainstream media

Google's recent trouble with Chinese hackers has brought mainstream media attention to very old news in the security world: China has lots of hackers; some of them work for the government; some of them are criminals. Is this really the best the NY Times can do?

Internet security experts say China has legions of hackers just like Majia, and that they are behind an escalating number of global attacks to steal credit card numbers, commit corporate espionage and even wage online warfare on other nations, which in some cases have been traced back to China.

via www.nytimes.com

At least they interviewed Scott J. Henderson, even if it is after the page jump. He has been studying the Chinese hacker culture for a very long time. If you're interested in the topic, his work is pretty much the definitive view (at least in the non-classified world). You should follow his blog,The Dark Visitor. I'd also recommend his book of the same title.

 

Posted at 02:34 PM in Security | | Comments (0) | TrackBack (0)

Technorati Tags: , , , ,

|