Scob code still widespread, says security expert

Grok Headline matches for Scob code still widespread, says security expert

Expert Tips for Finding Security Defects
in Your Code

Expert Tips for Finding Security Defects
in Your Code 10/31/2003 12:37 AM
Reviewing code for security defects is a key ingredient in the software creation process, ranking alongside planning, design, and testing. Here the author reflects over his years of code security reviews to identify patterns and best practices that all developers can follow when tracking down potential security loopholes. The process begins by examining the environment the code runs in, considering the roles of the users who will run it, and studying the history of any security issues the code may have had. After gaining an understanding of these background issues, specific vulnerabilities can be hunted down, including SQL injection attacks, cross-site scripting, and buffer overruns. In addition, certain red flags, such as variable names like "password", "secret," and other obvious but common security blunders, can be searched for and remedied.

Web servers still doling out "Scob" code

Web servers still doling out "Scob" code 07/08/2004 05:13 PM
BOSTON - More than 100 Web servers are still distributing the "Scob" malicious code, first identified two weeks ago as code used in a widespread attack to plant Trojan horse programs on vulnerable computers, according to one computer security company. That attack used compromised Microsoft Corp. Internet Information Services (IIS) Web servers to distribute the Trojan horse programs.

JS.Scob.Trojan Source Code ...

JS.Scob.Trojan Source Code ... 06/29/2004 12:08 PM
K-OTiK Security (Jun 28 2004)

"Code Access Security (CAS) ? "Guilty
until proven Innocent" (Partially
Trusted Code) "

"Code Access Security (CAS) ? "Guilty
until proven Innocent" (Partially
Trusted Code) " 06/22/2004 04:03 AM

(IE/SCOB) Switching Software Because of
Bugs: Some Facts About Software and
Security bugs

(IE/SCOB) Switching Software Because of
Bugs: Some Facts About Software and
Security bugs 07/01/2004 10:30 AM
Drew Copley (Jun 30 2004)

Re: (IE/SCOB) Switching Software Because
of Bugs: Some Facts About Software and
Security bugs

Re: (IE/SCOB) Switching Software Because
of Bugs: Some Facts About Software and
Security bugs 07/07/2004 02:41 PM
Thomas C. Greene (Jul 06 2004)

Expert: Gaps still pain Bluetooth
security

Expert: Gaps still pain Bluetooth
security 04/22/2004 09:32 PM
ZDNet Apr 23 2004 1:06AM GMT

Ask Security/Cryptography Expert Paul
Kocher

Ask Security/Cryptography Expert Paul
Kocher 03/13/2003 12:49 PM

Security expert flags twin terrors of
the Net

Security expert flags twin terrors of
the Net 04/14/2004 10:22 AM
CNET Asia Apr 14 2004 1:52PM GMT

MP3 interview with security expert Bruce
Schneier

MP3 interview with security expert Bruce
Schneier 05/03/2004 04:26 PM
Amazing interview (available as a text transcript or audio file) with security guru Bruce Schneier, who really should be hired to run Homeland Security.

Doug Kaye: Now a recurring concept in your book is probably typified by this example: “A terrorist who wants to create havoc will not be deterred by airline security; he will simply switch to another attack and bomb a shopping mall.”

Bruce Schneier: This is, I think, really important.  I just did a hearing two days ago on Capitol Hill about CAPS II, about airline profiling, and one of the things I’m always struck with is how good we are at defending against what the terrorists did last year.  We’re spending a lot of money shoring up our airlines, we’re now talking about shoring up trains. And money that we spend that simply causes the bad guys to change their tactics is money wasted. 

You have a red and a blue door, and the terrorists go through the red door, and you say, “We must secure the red door,” so they go through the blue door the next time.  What did you actually buy? 

Link

Security expert proposes hackers' union

Security expert proposes hackers' union 11/19/2003 09:17 PM
A proposal to create an association to represent the interests of hackers and vulnerability researchers is gaining support.

Security expert: Virus writers are
winning

Security expert: Virus writers are
winning 08/07/2004 03:35 AM

Direct and Related Links for 'Security expert: Virus writers are winning'

An interesting interview with the Director of Anti-Virus Research from F-Secure, Mikko Hyppönen. I’m not keen on their products, but I like what he says, especially his response to the question, “What responsibility do ISPs have in protecting these home users in the first place? It’s irresponsible to sell Internet connections without telling the users of the risks. If you go out and buy an (Asymmetric DSL) box and connect it to your computer and…

Linux Security Expert Defends Debian

Linux Security Expert Defends Debian 12/04/2003 04:59 AM
The lead developer of Bastille Linux Project says Debian took the proper steps to fix their breach.

Security expert Q&A: The virus writers
are winning

Security expert Q&A: The virus writers
are winning 08/05/2004 09:06 AM

Avoid Friendster and its clones, warns
security expert

Avoid Friendster and its clones, warns
security expert 02/10/2004 02:48 AM
Privacy grab

Software Expert: Oracle Sat on Security
Patches (NewsFactor)

Software Expert: Oracle Sat on Security
Patches (NewsFactor) 08/04/2004 01:41 PM
NewsFactor - Oracle's (Nasdaq: ORCL) database software contains more than 30 security holes according to an expert with the UK-based firm Next Generation Security Software. The findings suggest that a great portion of enterprise data is at some risk because Oracle's applications are in such widespread use.

Share data to thwart cyber attacks, says
security expert

Share data to thwart cyber attacks, says
security expert 11/04/2003 12:14 PM
Computer Weekly Nov 4 2003 10:20AM ET

Security expert: Cyberspace digital arms
race threatens U.S

Security expert: Cyberspace digital arms
race threatens U.S 06/17/2005 04:26 PM
Washington Technology Jun 17 2005 5:09PM GMT

Security expert warns computer hackers
keeping up with technology

Security expert warns computer hackers
keeping up with technology 08/16/2004 02:04 PM
AFP via Yahoo! Aug 16 2004 4:55PM GMT

Security expert warns computer hackers
keeping up with technology (AFP)

Security expert warns computer hackers
keeping up with technology (AFP) 08/16/2004 12:26 PM
AFP - Computer hackers are keeping up with the times and are putting an increasingly technology-dependent world at risk, the chairman of leading US-based IT security firm McAfee said.

Web Hosting News: Security Expert says:
Businesses Hardest Hit By Recent Domain
Name Crimes

Web Hosting News: Security Expert says:
Businesses Hardest Hit By Recent Domain
Name Crimes 08/16/2004 09:51 AM
Web Host Directory Aug 16 2004 2:04PM GMT

Updating patches 'first priority' for
business and home users, says Internet
security expert

Updating patches 'first priority' for
business and home users, says Internet
security expert 08/29/2004 06:58 AM
AME Info Aug 29 2004 10:39AM GMT

Scob infection statistics, etc..

Scob infection statistics, etc.. 06/28/2004 04:54 PM
Hubbard, Dan (Jun 28 2004)

Scob variant using IIS 6.0 or just
upgrades ?

Scob variant using IIS 6.0 or just
upgrades ? 07/07/2004 05:53 PM
Hubbard, Dan (Jul 07 2004)

Registry Fix For Variant of Scob

Registry Fix For Variant of Scob 07/03/2004 11:49 AM
Drew Copley (Jul 02 2004)

RE: Registry Fix For Variant of Scob

RE: Registry Fix For Variant of Scob 07/05/2004 02:38 PM
Thor Larholm (Jul 03 2004)

Massive Credit Card Security Breach Puts
40 Million Consumers at Risk for
Identity Theft – Tips to Protect
Yourself from Financial Expert

Massive Credit Card Security Breach Puts
40 Million Consumers at Risk for
Identity Theft – Tips to Protect
Yourself from Financial Expert 06/22/2005 01:51 AM
Master Card and Visa security breaches are becoming almost common. Last week’s announcement of hackers accessing records from CardSystems Solutions Inc. means up to 40 million credit card holders may be at risk of identity theft. Financial Planning Expert Jim Trippon CPA offers practical pro-active ideas to protect your financial privacy. [PRWEB Jun 19, 2005]

Scob Virus Targets Financial Data
(NewsFactor)

Scob Virus Targets Financial Data
(NewsFactor) 06/28/2004 03:05 PM
NewsFactor - The so-called "Scob" virus that infiltrated possibly thousands of popular and mainstream Web sites apparently was trolling for financial data from unprotected PCs, according to antivirus firms tracking this latest malicious code.

Security issues of using shared code

Security issues of using shared code 08/02/2004 03:25 PM

Direct and Related Links for 'Security issues of using shared code'

“If you’ve ever written a lot of code, you’ve probably found yourself thinking, ‘Someone must have already tackled this problem.’ You may even have gone a step further and done a Google search for relevant code that you might be able to incorporate into your project. But have you ever stopped to think about the security ramifications of using this type of code? If not, you should!…

[SECURITY] [DSA 624-1] New zip packages
fix arbitrary code execution

[SECURITY] [DSA 624-1] New zip packages
fix arbitrary code execution 01/05/2005 11:55 AM
Martin Schulze (Jan 05 2005)

Hackers crack N-Gage security code

Hackers crack N-Gage security code 11/17/2003 02:05 AM
iafrica.com Nov 17 2003 1:02AM ET

[SECURITY] [DSA 619-1] New xpdf packages
fix arbitrary code execution

[SECURITY] [DSA 619-1] New xpdf packages
fix arbitrary code execution 12/30/2004 09:51 PM
Martin Schulze (Dec 30 2004)

[SECURITY] [DSA 618-1] New imlib
packages fix arbitrary code execution

[SECURITY] [DSA 618-1] New imlib
packages fix arbitrary code execution 12/25/2004 05:09 PM
Martin Schulze (Dec 24 2004)

[SECURITY] [DSA 621-1] New CUPS packages
fix arbitrary code execution

[SECURITY] [DSA 621-1] New CUPS packages
fix arbitrary code execution 12/31/2004 04:35 PM
Martin Schulze (Dec 31 2004)

[SECURITY] [DSA 709-1] New libexif
packages fix arbitrary code execution

[SECURITY] [DSA 709-1] New libexif
packages fix arbitrary code execution 04/15/2005 12:59 PM
Posted by Martin Schulze, Apr 15 2005

[SECURITY] [DSA 623-1] New nasm packages
fix arbitrary code execution

[SECURITY] [DSA 623-1] New nasm packages
fix arbitrary code execution 01/04/2005 05:26 PM
Martin Schulze (Jan 04 2005)

[SECURITY] [DSA 625-1] New pcal packages
fix arbitrary code execution

[SECURITY] [DSA 625-1] New pcal packages
fix arbitrary code execution 01/05/2005 01:38 PM
Martin Schulze (Jan 05 2005)

MSDN TV: Basic Principles of Code Access
Security

MSDN TV: Basic Principles of Code Access
Security 02/12/2004 06:11 PM
Code Access Security (CAS) brings a new security paradigm to writing code for Windows. In this episode, Matt Lyons presents some of the basic principles of CAS - in particular, the effects of default CAS policy - and how it relates to the average .NET developer.

[SECURITY] [DSA 617-1] New libtiff
packages fix arbitrary code execution

[SECURITY] [DSA 617-1] New libtiff
packages fix arbitrary code execution 12/25/2004 05:09 PM
Martin Schulze (Dec 24 2004)
Grok Description matches for Scob code still widespread, says security expert
GrokA matches for Scob code still widespread, says security expert

Scob code still widespread, says security expert

The following phrases have been identified by the grok system as matching this entry: