Thursday, January 18th, 2012 A pernicious virus that infects the middleware of smart card readers is attacking users of U.S. Department of Defense (DoD) and Windows smart cards. A variant of the Skyipot trojan, the malware uses a zero-day vulnerability in Adobe software to install a keylogger and obtain the PINs and certificate information from smart cards.
The trojan, first identified by Alienvault Labs, appears targeted at a particular type of application.
see full artical : http://www.scmagazine.com/dod-id-cards-under-attack/article/223625/
According to a Websense blog post on Jan 9th 2012, emails that look like typical spam trying to hawk male enhancement drugs were used to test mobile usersquick response (QR) codes for URLs.
The link leads to an already-created QR code, which can be scanned by a mobile reader application available in places like the Android Market. After the code is recognized, a URL is loaded that advertises the counterfeit goods, including Viagra aJannd Cialis.
Adobe on Tuesday shipped quarterly fixes for its flagship Reader and Acrobat software running on Windows and Macintosh.
The update addresses six "critical" flaws, last month in Reader and Acrobat versions 9. The release addresses a total of six flaws and updates users to version 10.1.2 and, if they are unable to upgrade to Reader/Acrobat X, version 9.5.
Hackers, claim they have lifted the source code for Symantec's Norton AntiVirus product, and are planning to post it.
A cyber gang calling itself "The Lords of Dharmaraja" promised to release the entire source code, but first issued what they said was a sneak peak, according to a Pastebin document, which has since been removed.The group said it stole the data by infiltrating servers belonging to an Indian military intelligence agency.
However, a Symantec spokesman said the document didn't include any proprietary programming language.
"It wasn't source code," Symantec's Cris Paden said Thursday evening in an email to SCMagazine.com. "It was a document from April 28, 1999 defining the application programming interface for [Symantec's virus] definition generation service. This document explains how the software is designed to work and contains function names, but there is no actual source code present."
RADIUS and TACACS+ are distributed client/server system that secures networks against unauthorized access using AAA services. In the Cisco implementation, RADIUS and TACACS+ clients running on Cisco routers send authentication requests to a central server that contains all user authentication and network service access information. In this section we are going to show how to bypass AAA and login in to the router without being authenticated against a RADIUS or a TACACS+ server.
