OS X Terminal Exploit SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System


SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System
: “We received notice from Juergen Schmidt, editor-in-chief at heise.de, that a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.”

So… the .scp Outlook exploit has come to OS X. Grand. I guess the honeymoon is over.

(Via SANS Internet Storm Center.)


Slashdot | Is SETI a Security Risk?


Slashdot | Is SETI a Security Risk?: “Richard Carrigan, a particle physicist at the US Fermi National Accelerator Laboratory in Illinois, fears the Search for Extra-Terrestrial Intelligence (SETI) may be putting the earth at risk. As reported in the Guardian, Carrigan frets that alien radio signals could pose a security risk. The report cites a 2003 paper entitled ‘Do potential Seti signals need to be decontaminated?'”

Unless the aliens look like Jeff Goldblum with a G3 Powerbook I think we’re safe. They do? DON’T LET THAT SHIP DOCK! *sigh* Too late. Where’s my electronic thumb?

(Via Slashdot.)

Oracle Security Checklist


Pete Blogs about a new security checklist paper from Oracle. Haven’t gotten around to looking at it ye. I can’t download it for some reason.

IE Zero Day


Saw an IE Zero Day over at SANS. Not quite sure how bad it looks, but it could be really bad.