New SQL Injection Attack Infecting Machines

New SQL Injection Attack Infecting Machines

A new SQL injection attack started circulating last week, and appears to have infected several thousand web servers as of late Friday evening. The attacks look similar to the one below, and attempt to query random valid files on the web server.

The sysobjects and syscolumns tables queried are the give away: the attack is targeting machines running MSSQL server and storing the malicious HTML code in the database. It’s also possible that web servers with Sybase database backends could also conceivably be exploited, as Sybase is largely using the same SQL syntax and table structure as MSSQL server.

The SQL statement itself scans through all of the tables in the database, inserting the attack author’s own HTML into the contents of each page. This ultimately causes the web server’s visitors to, depending on their client, be sent one of many different forms of malware from the referred pages. Similar to...

Massive VMware Bug Shuts Systems Down

Massive VMware Bug Shuts Systems Down

AKA: All your VM's belong to us

As of tomorrow morning, VM's running on all hosts with ESX 3.5U2 in enterprise configurations will not power on.

Boom.

Apparently, there is some bug in the vmware license management code. VMware is scrambling to figure out what happened and put out a patch.

There is a major discussion going on in the vmware communities about it: http://communities.vmware.com/thread/162377?tstart=0

OK, while we're all remaining calm....just imagine the implications that bugs like this can occur and get past QA testing....5 years down the road, nearly all server apps worldwide pretty much running in VM's (pretty easy prediction)......some country decides to initiate cyberwarfare and manages to get a backdoor into whatever is the prevaling hypervisor of the day.....boom. All your VM's belong to us.

Read the whole blogg...

Gmail’s Out…Again

Gmail’s Out…Again

Update: Google says sorry about the GMail outage. That’s good enough for me. Here is what Todd Jackson, GMail product manager had to say on the company blog.

Many of you had trouble accessing Gmail for a couple of hours this afternoon, and we’re really sorry. The issue was caused by a temporary outage in our contacts system that was preventing Gmail from loading properly.

We’ve identified the source of this issue and fixed it. In addition, as with all issues that affect Gmail and our other services, we’re conducting a full review of what went wrong and moving quickly to update our internal systems and procedures accordingly. We don’t usually post about problems like this on our blog, but we wanted to make an exception in this case since so many people were impacted.

Read the story...

Hackers hacked at infamous DefCon gathering

Hackers hacked at infamous DefCon gathering

In the end, it was hackers at DefCon that got hacked. After three days of software cracking duels and hacking seminars, self-described computer ninjas at the infamous gathering in Las Vegas found out Sunday that their online activities were hijacked without them catching on. A standing-room crowd cheered admiringly as Tony Kapela and Alex Pilosov showed them how they were "pwned" by a simple technique that could be used to "steal the Internet." "Pwned" is popular computer and video game culture slang playing off the word "owned" and is used to describe someone being totally dominated or humiliated online or in-game.

Story from Yahoo!.

Will Collaboration Pit Cisco Against Microsoft, Google?

Will Collaboration Pit Cisco Against Microsoft, Google?

Cisco Systems (CSCO) reported its fiscal fourth-quarter 2008 financials last week, but while the San Jose, Calif.-based networking giant beat Wall Street estimates, thanks to the hurdle posed by the law of large numbers, it forecast more modest growth going forward. “The market is clearly in transition, and we will use this time as an opportunity to expand our share of customer spend and to aggressively move into market adjacencies,” CEO John Chambers said in statement.

The question is, what are those markets adjacencies? After all, in order to move the needle, Cisco needs to find as-yet untapped markets that it can serve. Such a challenge comes at a particularly difficult time: The telecom market has consolidated in the hands of a few carriers, new opportunities are few and far between, and the overall trend is towards hardware becoming a service.

Read the whole story...

PHP 4 is dead, long live PHP 4

PHP 4 is dead, long live PHP 4

The 8th of August marked the end of life for PHP 4, which has been in stable release since May, 2000. With no further security patches to come for the technology, what options are there for those who can't or won't upgrade?

For a technology that has been in stable release since May 22, 2000, PHP 4 has finally reached the end of its official life. With the release of PHP 4.4.9, official support has ended and the final security patch for the platform issued.

Read the whole story here.

-Ken

Google Translate comes to the iPhone

Google Translate comes to the iPhone

Google has released a version of its translation service that is specifically tailored to Apple's iPhone.

The Google Translate mobile service, launched on Friday, came about as the result of the company's '20 percent' time policy, which sets aside a day of each employee's week for work on any new project or idea they may wish to pursue. Google has not yet made any announcements about future versions of the service that could work on other handsets, but a spokesperson for the company told ZDNet.co.uk on Friday that such versions were intended.

Because the service works using the Apple handset's Safari browser, a data connection is needed most of the time — previously searched phrases and words are, however, stored on the phone itself for future access. The service can translate text between 24 languages, including Mandarin, French and Japanese.

Read the whole story...

Xandros to return Freespire to Debian roots

Xandros to return Freespire to Debian roots

Xandros, which acquired Linspire and its Freespire Linux distribution in July, has said it will return the operating system to its roots by basing the next version on Debian.

The move is the latest shift in the tumultuous history of Freespire, which began as the Debian-based LindowsOS in August 2001. Lindows went through several business plans and name changes and, in February 2007, under the name of Linspire, formed an agreement with Canonical to begin basing its software on Canonical's Ubuntu Linux distribution.

Xandros said Xandros Freespire 5 is scheduled for the fourth quarter of this year, and will be based on the Debian 'lenny' release. Xandros will follow the Freespire release with Xandros Desktop Professional 5, which will be built on the Freespire code base with additional commercial elements aimed at enterprise customers.

Read the whole story...

Security firm exposes massive crimeware server

Security firm exposes massive crimeware server

A Trojan horse command-and-control server discovered in June contained 50GB of stolen user account and financial details, including 9,000 bank and credit-card account credentials from around the world and 463,582 user account passwords, according to a report published at the Black Hat security conference in Las Vegas this week.

The server appears to have been the central control point for Coreflood, a password-stealing Trojan and botnet that has been quietly infiltrating corporate networks since 2001, according to Joe Stewart, director of malware research for security firm SecureWorks, which co-operated with Spamhaus in shutting down the server.

In a presentation at Black Hat, Stewart said an analysis of scripts left behind on the server indicated that the 50GB of material represented about one-quarter of the details that had been harvested, the rest having been deleted.

Read the whole story...

Danger of phone web history

Danger of phone web history

A stolen phone can make it very easy to commit identity theft if the phone contains personal information and a web browser history, a life assistance company has warned.

Web histories can reveal a lot about an individual, allowing easier access to their persona.

A study by CPP revealed that over a fifth of the adult UK population has either lost a phone or had one stolen, and a quarter have found a mobile phone.

While the research also showed that 92 per cent said they had returned the item to its owner, CPP warned that a thief could run up a phone bill of over £1,000 in just 12 hours.

And the web history creates an even greater danger.

Read the whole story here.

-Ken