Apache sites scalped by hack
,----[ Quote ]
| Don Jackson, from Secureworks said that the hackers probably used stolen
| log-in details to gain access and then infected the Apache servers with a
| pair of files that generate constantly-changing JavaScript.
|
| If a punter visits the hacked site they get walloped with nine exploits
| including a recent QuickTime vulnerability, the long-running Windows MDAC
| bug, and a fixed flaw in Yahoo Messenger.
`----
http://www.theinquirer.net/gb/inquirer/news/2008/01/22/apache-sites-scalped-hack
This has nothing to do with Linux or Apache, apparently (Microsoft shills try
to make it seem so). It's about people whose Windows PCs may be compromised,
so the hosting passwords leak out.
Drive-by pharming attack hits home
,----[ Quote ]
| The best way to prevent becoming a victim is to change your network router's
| default password.
`----
http://www.news.com/8301-10789_3-9855195-57.html?part=rss&subj=news&tag=2547-1_3-0-20
It's FUD war on Linux.
Recent:
Red Hat bugs - another open source PR hit?
,----[ Quote ]
| Red Hat's Mark Cox quickly pointed out in a blog that a) the number was
| wrong, b) it counted flaws in all the third party products associated with
| Red Hat's OS, and worst of all c) it counted several bugs six times, since it
| added up fixes made for the same bug, on multiple Red Hat products.
|
| [...]
|
| Even if there were a greater number of reported bugs on these open source
| products, that would not equal lower security. It could just mean that there
| is more publicity for known bugs in the open source world (as we saw
| recently, when code-checker Coverity announced it had found around 8000 bugs
| in open source projects, I commented here that this was actually good news
| for open source).
|
| Obviously, whether or not Secunia deliberately got its sums wrong, it remains
| the case that "open source security flaws" is a much more arresting headline
| than "Microsoft security flaws" - for exactly the sam reason that "man bites
| dog" is more interesting than "dog bites man".
`----
http://community.zdnet.co.uk/blog/0,1000000567,10007077o-2000469549b,00.htm
McAfee throws some FUD at the GPL
,----[ Quote ]
| In its annual report, Windows security software vendor McAfee told its
| investors that open source software licence terms it vaguely characterised
| as " ambiguous" might "result in unanticipated obligations regarding our
| products."
|
| [...]
|
| That statement says several things. First, it reveals that McAfee does use at
| least some open source software derived code in its products. Second, it
| betrays that McAfee has misappropriated that open source software and thus is
| committing copyright infringement, because it doesn't distribute that open
| source software derivative source code. Third, by calling its products that
| include open source software code "proprietary", McAfee shows that it really
| doesn't want to shoulder its GPL licence obligations, but instead wants to
| both have its cake and eat it too.
`----
http://www.theinquirer.net/gb/inquirer/news/2008/01/05/mcafee-throws-fud-gpl
|
|
