Security Hero Rotating Header Image

October, 2009:

ARM Expects Mobile Phones with Dual-Core Processors Next Year.

ARM Expects Mobile Phones with Dual-Core Processors Next Year.

Dual-core central processing units (CPUs) were considered a breakthrough in the personal computer industry back in 2005. In 2010, dual-core chips, albeit powered by processors with different micro-architecture, are set to enter the market of mobile phones, according to ARM, a leading developer of processors for portable electronics.

“We don¡¦t need silly GHz speeds. With our dual-core A9, we can get two times the performance, without the speed draining the battery, so by the time you get home your phone is dead,¡¨ said Rob Coombs, director of mobile solutions for ARM, in an interview with TechRadar web-site.

Mr. Coombs added that ARM hopes that actual implementers would introduce dual-core processors for mobile phones sometime in 2010, but still, delays to 2011 were possible.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=33626

KDE Multiple Input Validation Vulnerabilities

Vuln: KDE Multiple Input Validation Vulnerabilities

KDE Multiple Input Validation Vulnerabilities

URL: http://www.securityfocus.com/bid/36845

/proc filesystem allows bypassing directory permissions on

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on

Re: /proc filesystem allows bypassing directory permissions on

URL: http://www.securityfocus.com/archive/1/507584

/proc filesystem allows bypassing directory permissions on

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on

Re: /proc filesystem allows bypassing directory permissions on

URL: http://www.securityfocus.com/archive/1/507584

/proc filesystem allows bypassing directory permissions on Linux

Bugtraq: Re: /proc filesystem allows bypassing directory permissions on Linux

Re: /proc filesystem allows bypassing directory permissions on Linux

URL: http://www.securityfocus.com/archive/1/507473

2910 (kernel)

CVE-2009-2910 (kernel)

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2910

[USN-850-1] poppler vulnerabilities

Bugtraq: [USN-850-1] poppler vulnerabilities

[USN-850-1] poppler vulnerabilities

URL: http://www.securityfocus.com/archive/1/507340

South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges

Bugtraq: South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges

South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges

URL: http://www.securityfocus.com/archive/1/507323

Xpdf – Integer overflow which causes heap overflow and NULL pointer derefernce.

Bugtraq: Xpdf – Integer overflow which causes heap overflow and NULL pointer derefernce.

Xpdf – Integer overflow which causes heap overflow and NULL pointer derefernce.

URL: http://www.securityfocus.com/archive/1/507261

insecure elements in https protected pages

insecure elements in https protected pages

Posted by Mohammad Hosein on Oct 18

in a certain web application e.g gmail there are times the whole

communication is secured by ssl and sometimes "there are insecure elements"

that raise questions . i’m not a web professional . how to find these

insecure elements ? and how to evaluate if these elements are the results of

a successful man in the middle attack or not ?

regards

URL: http://seclists.org/fulldisclosure/2009/Oct/251

Nikto 2.1.0 released

Nikto 2.1.0 released

Posted by david lodge on Oct 18

It’s final time to stop procrastinating: Nikto 2.1.0 is here!

(Available from http://cirt.net/nikto2)

This version has gone through significant rewrites under the hood to

how Nikto works, to make it more expandable and usable.

Changes include:

* Rewrite to the plugin engine allowing more control of the plugin

structure and making it easier to add plugins

* Rewrite to the reporting engine allowing reporting plugins to cover

more and also…

URL: http://seclists.org/fulldisclosure/2009/Oct/249

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Unusual traffic from Loopback to Bogon Address, (Sat, Oct 17th)

Lode sent in some unusual traffic he is seeing from one of his servers. The traffic is Protocol 0 (IPv6 Hop by Hop), originates from a Loopback address and is destined to 108.22.0.0, which is a reserved address.

13:02:52.012656 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.181 108.122.0.0: ip 0

13:02:52.012699 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.25 108.122.0.0: ip 0

13:02:52.012743 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.96 108.122.0.0: ip 0

13:02:52.012788 IP (tos 0x7,CE, ttl 255, id 29423, offset 0, flags [none], proto: Options (0), length: 20) 127.0.0.187 108.122.0.0: ip 0

Some searching shows references to this traffic from Solaris systems dating back to at least 2002, but I couldn’t find any concrete solutions. One reference suggests this traffic might be related to a rootkit.

Anybody who knows anything about this traffic and can provide insight please contact me via our contact page.

CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections

Bugtraq: CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections

CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections

URL: http://www.securityfocus.com/archive/1/507254

milw0rm

Re: milw0rm

Posted by Michal on Oct 17

Anders Klixbull wrote:

at a lemonparty

URL: http://seclists.org/fulldisclosure/2009/Oct/247

Mozilla disables Microsoft plug-ins?, (Sat, Oct 17th)

Mozilla disables Microsoft plug-ins?, (Sat, Oct 17th)

A couple of readers have indicated that this evening when they started Firefox it disabled the Microsoft plug-ins Windows Presentation Foundation and Microsoft .NET Framework Assistant 1.1. These plug-ins have been the source of some controversy since it was revealed earlier this week that Microsoft had patched them as part of patch Tuesday.

While the people over at Mozilla have recommended disabling these plug-ins, their is no indication over at the Mozilla Blogs of why this action was taken.

Anybody have any details of what is going on?