security
If you happen to be in control of a sizable botnet, and in need of nerdy stuff from the ThinkGeek online store, killthisbox.com has a mission for you. The website's creators offer a fifty dollar gift certificate to anyone who takes the site off the internet, and keeps it offline for fifteen minutes.
Revision3.com has published a detailed description of the Denial of Service (DoS) attack they suffered during the weekend. The attack originated from MediaDefender, a company that is in the business of stopping the spread of illegal file sharing. Revision3 is a web TV network, creating and producing its own original shows.
The DoS attack overloaded one of the servers and took the entire site offline. After significant effort on part of Revision3's technical staff, the site was eventually put back online. At the peak of the attack, up to 8,000 packets hit the Revision3 server per second.
News outlets are reporting that a previously unknown security flaw in the Flash multimedia plugin is exposing Windows-based PCs to risk. The exploit affects Adobe Flash Player 9.0.115.0 and 9.0.124.0, allowing execution of arbitrary code. Sources say thousands of web pages, which have been compromised earlier via SQL injections and other hacking techniques, are already redirecting browsers to malware sites containing the Flash exploit code.
An unclassified Powerpoint presentation, made by the FBI, contains details about potential security risks, related to counterfeit network equipment. Cisco branded routers and switches, imported from China, have been identified as low-quality and possibly dangerous imitations of original products.
A programmer's error has caused a serious security flaw in the popular Debian Linux distribution. All SSL and SSH cryptographic keys, generated on a Debian platform since September 2006, are to be considered potentially compromised. Experts say they will need to recreated from scratch after a fix to the OpenSSL package is applied. The official security advisory, containing link to a detector for known weak keys, is available here.
A large number of IIS-hosted websites are potentially vulnerable to a newly discovered SQL injection attack, report Hackademix and the Internet Storm Center. Thousands of sites have been compromised since January, mostly where web developers have failed to sanitize their user inputs properly.
