SC Magazine

In the latest wave of Gumblar attacks, the backdoor script being used to infect legitimate websites has been causing some WordPress blogs and other PHP-based sites to crash, security researchers warned this week.“On various forums, you can find posts where webmasters report similar problems with their WordPress blogs,” independent security researcher Denis Sinegubko wrote on his Unmask Parasites blog on Thursday. “Their sites are broken and all they can see is error messages.”Researchers said the messages are being generated because of a bug in the Gumblar malicious code that has been injected in these sites. "[The error messages] should serve as a clear warning ... Read Full Story

Twenty years seems like a long time. May and June 1989 brought the Tiananmen Square protests. Seinfeld, the TV show about nothing, premiered in July, and Hurricane Hugo did $7 billion damage in September. In computing, Tim Berners-Lee had not yet introduced the World Wide Web to the world (that would come a year later in 1990), John McAfee founded McAfee Associates, and Atari introduced Portfolio, the smallest portable computer of the time. Twenty years ago, with co-author Barbara Clifford, I had just published my first book, dBXL and Quicksilver Programming – Beyond dBase. I was writing, consulting and lecturing and I had not ... Read Full Story

A draft bill approved Wednesday by a House subcommittee would require the National Institute of Standards and Technology (NIST) to facilitate U.S. involvement in the creation of international cybersecurity standards. The proposed Cybersecurity Coordination and Awareness Act, approved Wednesday by the House Subcommittee on Technology and Innovation, would also require NIST to develop and implement a cybersecurity awareness and education program and engage in research and development to improve identity management systems. Also, it would amend the Cybersecurity Research and Development Act to update technical terms. The proposed legislation was drafted by staff of the House Committee on Science and Technology to implement some ... Read Full Story

Microsoft on Thursday revealed that it plans to distribute six patches, covering 15 vulnerabilities, as part of its November security update, scheduled for Tuesday.Three of the bulletins are labeled "critical," while the other half are marked "important," according to an advance notification. The three critical and one of the important patches are slated to resolve flaws in Windows, while the remaining two important bulletins will address holes in Office.None of the bugs are present in the just-released Windows 7 operating system. Most vulnerability experts agree that administrators should be most wary of is Bulletin 3, which is rated critical across Windows 2000, XP, Vista ... Read Full Story

A web security researcher has revealed a major new threat to most websites due to the contradictory way that cookies and the domain name system (DNS) act.Mike Bailey, a senior web security researcher at Foreground Security, released a paper this week demonstrating something most corporations didn't think could happen: A vulnerability on one of their website subdomains can be used to attack their main production domain, which often contains the data that criminals seek to steal.Most webmasters operate under a false assumption that because of the way DNS is hierarchically structured and segmented, an exploit on a subdomain (for instance, mail.google.com) cannot impact the ... Read Full Story