Well, as someone just asked me, the big question is did she use “self-rising” flour?
Reuters reports on a strange case of airport security and false positives:
A U.S. college student imprisoned for three weeks for trying to take flour-filled condoms onto an airplane has settled her lawsuit against Philadelphia for $180,000, a city spokesman said on Friday.
Janet Lee, 21, a student at Bryn Mawr College in Pennsylvania, was arrested at Philadelphia International Airport in 2003 after police and security officials thought the flour was an illegal drug.
Three weeks? Ok, I have to ask, how long does it take security experts to figure out what’s in a condom? Can you imagine if it took three weeks for email to clear your spam filters?
Depending on the type of grain involved, I guess you might be able to say the TSA went awry…
I had a bit of a hiatus from the blog this weekend. My first vacation in a while. Shame, really, as I have about a dozen stories to post now, all of which I expect should show up sometime this week. Meanwhile, someone was kind enough to send me a link to some real eye-candy advertisements posted on Dark Roasted Blend that exemplify the paradigm shift of flyingpenguin. For example:
Very cool. I had to look twice to find the car in the second ad. I wish more advertising had this kind of balance.
2007 is really starting with a bang, eh? The latest outbreak seems to be defined so far by a Windows Mutex Object service. Mutex are meant to provide mutual exclusion for resource contention to allow synchronization. Here’s what seems to happen to affected systems:
mutex.exe starts and runs in task manager, and can restart itself if you terminate it
attempts to contact link.hottest.es over random high ports
kills the RPC service
prevents regedit from running
disables services
The first symptom appears to be loss of network connectivity.
Symantec is calling this lokkest and warns of backdoors and keyloggers. They also suggest a large number of attack vectors:
11. Spreads through Yahoo! Messenger, AOL Instant Messenger, MSN Messenger, and ICQ.
12. Spreads to SQL server and to network shares protected by weak passwords, and by exploiting the following vulnerabilities:
* Symantec Client Security and Symantec AntiVirus Elevation of Privilege (as described in Symantec Advisory SYM06-010)
* The RealVNC Remote Authentication Bypass Vulnerability (as described in Bugtraq ID 17978)
* The Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS06-040)
* The Microsoft ASN.1 Library Multiple Stack-Based Buffer Overflow vulnerabilities (as described in Microsoft Security Bulletin MS04-007)
The SecuriTeam site reports on a new GaiaOnline (web-based game) worm:
Kyran ran the worm for 3-4 hours (with a central .js file it’s easy to stop the worm) and logged 1500 unique usernames, but not much more can be deduced in terms of growth over time due to the lack of timestamps. Since the passwords weren’t logged we cannot check statistics on those, but I would hazard a guess at the statistic being similair to those of sites like MySpace. Furthermore, the point of this exercise was to see how well a reflective XSS worm can spread on a large site.
Very effectively, they argue. And even more to the point:
Reflective XSS can viably be used to spread an effective worm and sending variables via POST does not make people any safer. Considering how very common reflective XSS is (34 pages of reflective XSS flaws) this is something web masters really need to start getting to grips with. Furthermore it’s clear that Gaiaonline aren’t ready for users reporting flaws, they don’t know what to do when a flaw is reported and they aren’t too quick at fixing them (at the time of writing the flaw is still up).
