After Lilupophilupop, which infected one million web pages, a new mass SQL injection campaign appears. The name of this new mass SQL injection campaign is Nikjju and has infected about 200000 URLs. It has targeted ASP and ASP.NET websites. Nikjju.com, the domain in the script of the injected code, was registered few days ago on April fool’s day. It appears that website owners and administrators still don’t care about security. SQL injections is one of the most popular security hole and it can be easily avoided with few steps.
Flashback Removal Tool
As me mentioned in a previous post Flashback infected more than 600000 Macs. F-Secure released manual steps on how to remove the trojan from your computer. Now they have turned those steps into a tool that can check and remove the trojan for you automatically. On the other hand, Apple announced that they are working on a fix but until now there is no response. Maybe they are still working on it. Maybe they are still working on a Java vulnerability patch too. It seems that trojans and viruses are not Apple’s strong points. Visit the source link and download the Flashback removal tool, you can get rid of the trojan in 4 simple steps.
Patent wars are far from over
It seems that patent wars are far from over. Companies pay several millions or even billions in order to purchase patents for their arsenal. Microsoft will pay $1.056 billion to AOL for more than 800 of its patents (and patent applications). The transaction will most probably completed by the end of 2011. Microsoft wants to enhance its patent portfolio and be prepared for patent lawsuits. Nowadays, companies are as strong as their patent arsenal and they try to be on top not by innovating and creating better products but by suing their opponents. Facebook recently bought patents from IBM to protect itself from Yahoo! and sue them back. IBM has the greatest patent arsenal but we don’t see them in patent lawsuits. On the other hand we are tired to see Apple, Microsoft, Google and Samsung suing each other. While large companies upgrading their patent arsenal, patent law will make it impossible for new companies to create rival products. There are so many patents and some of them are very generic which makes it almost impossible to create a new product without at least one patent infringement (even without knowing it).
Flashback infected about 600000 Macs
Several months ago I have written a post, with some history in it, about Mac and Trojan Horses. That post was about Flashback too (Flashback.C), a modification of the original Flashback. I bet that some Mac users didn’t get the memo or they still think that viruses and trojans are only for PC users. Today more than 600.000 Macs are infected with Flashback (original and variations), that’s a 6 followed by many zeros. Flashback.I spreads through infected sites exploiting Java vulnerabilities. When a user visits one of the infected sites a JavaScript loads a Java applet which infects user’s system. After Flashback is installed to a system, it injects malicious code into web browsers and other applications in order to gather user information and passwords.
Malware in your RAM
Anti-virus companies are doing a (very) good job at detecting malware in our computers but hackers are always one step ahead. Some users think that having an anti-malware software on their computers are safe and some others think that they don’t even need them because they are very carefull on what they download. For both categories, the reason they believe that is ignorance which is sometimes a bless but not in this case. Many malwares are injected to your system by a method called drive-by download or drive-by-installation. Malwares can be installed to your computer by just opening a malicious email or visiting a website. Recently security researches at Kaspersky lab discovered a malware that it does not even create any files on your hard drive and thus can not be found by (most of) anti-malware programs. It is injected in your RAM with the drive-by download method by exploiting a Java vulnerability and you are infected while your computer is not shutting down.
Google Earth Vulnerability
Another vulnerability found in one of Google products, this time in Google Earth. The vulnerability was found by Ucha Gobejishvili, also known as Longrifle0x. The vulnerability allows code execution and it applies on all Google Earth versions. You can try it yourself, download Google Earth, install it on your computer and open it. Click on Placemark, put there your code and execute it. You thought that it was going to be harder and need more low-level knowledge but that’s it. Lately security researchers have found several vulnerabilities on Google products and some of them were critical and this proves that Google products are not as safe as they made us believe, including its web browser Chrome.
Duqu’s secret programming language
Kaspersky experts were called to investigate Duqu and they discovered that its framework was written in a programming language they didn’t recognize. The mystery of the unknown programming language is solved. Duqu framework is (most likely) written in an custom object-oriented extension of the programming language C called “OO C”. That code it is compiled with Microsoft Visual Studio Compiler 2008 with some special options (“/O1″ and “/Ob1″) that optimizes the code size and the inline expansion. Despite the fact that it is a malicious software, the developers have done an excellent job and they make the life of security expert difficult.
Mutillidae – Penetrate and Hack
Mutillidae is a free and open source web application which can be used by security experts who want to use their penetration testing tools and hack a website. Mutillidae can be installed on any computer with a web server. You can easily install a web server on your personal computer by using XAMPP which installs a web server (Apache), a database (MySQL) and several other tools. Mutillidae has several vulnerabilities and hints which makes hacking very easy. It can be used by security experts who want to test their penetration testing applications, by students who learn about web application security and in general by any security enthusiast who wants to learn the vulnerabilities of a web application and how hackers exploit them to gain access. You can visit SourceForge website to see the full list of Mutillidae’s features and download it.
Siri – The Horror Movie trailer
You have heard a lot about Siri and how amazing is and how helpful. Some of you might even have an iPhone with Siri and talk to her every day. But what if Siri is not as friendly as you think she is. What if the next update change her and make her something scary, something… deadly? You should watch this trailer of the horror movie about Siri. After watching this video, you will change you mind about Siri and next time that it will ask for upgrade you will think again. I don’t want to scare you, watch the trailer and Beware the upgrade.
The evolution of the Moon
We all watch the Moon from time to time and most of us admire it. Moon is also approached as a must see in a romantic date and for some others a full moon means werewolves. If you look at it with a telescope you will notice its craters and general its formation. If you did so when you were a small kid and again recently you will notice that there is no change on what you see. This is true for the near past but Moon was not like this from the beginning. Thanks to NASA and its Lunar Reconnaissance Orbiter you can now see the evolution of the Moon and enjoy it in HD (up to 1080p). The video is very informative and very interesting to watch.