If you’re an Australian and you’ve gone against Apple and jailbroken your iPhone, well, karma is coming to get you. There is a worm on the loose that at this point is only affecting Australian iPhone users. This one replaces the phone’s wallpaper with a picture of Rick Astley.
The vector of attack is via the SSH application where the user has not changed the default password (more karma).
Experts say this likely is the first of many.
“National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.
The success of National Cyber Security Awareness Month rests on all of us doing what we can to engage in awareness activities. There are opportunities for everyone from home users to major corporations and government entities to get involved.”
While this likely isn’t as bad as it sounds, it is still unbelievable to me that this is still happening. It very clearly shows that there is a lack of interest in keeping this information secure. American voters should be making this a priority for any new elections because eventually no one is going to have any personally identifiable information. The government is going to have carelessly let it all out into the public.
SANS has released their Top Cyber Security Risks report. Top two priorities: Unpatched internal systems and vulnerable websites.
“Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.”
Word today that there is a 0-Day exploit targeting a flaw in SMB2 that can allow a single packet to crash a Windows Vista/7/2008 machine. Not too many details yet but the code is out and there is a Metasploit module available.
So it seems OS X 10.6 has an old version of Flash bundled with it and it won’t keep your updated version if you’re upgrading. Somehow in the rush to get 10.6 out the door, Apple didn’t update to the newest version and doesn’t during the install.
We all know that Flash is a significant vector for attack so you need to make sure you update it as soon as you have installed your new breed of Leopard.
Posts
All Comments
