Scammers target Yahoo visitors
Those who visit Yahoo Inc.'s Web site may fall victim to a new phishing attack where people's user names and passwords are recorded. The IDG News Service reported that phishers will record Yahoo users' information while logging them into a legitimate area of the portal. The technique was uncovered by San Diego security firm Websense Inc. According to the report, users receive an instant message or e-mail that claims to be from a friend wanting to show photos from a vacation or birthday party. The message links to the phishing site, which records the user's ID and password while forwarding the user to the real Yahoo Photos site. "It would be difficult for the user to know they'd actually been phished," Ross Paul, Websense product manager for Europe, the Middle East and Africa, told the IDG News Service. The phishing site is hosted in free Web space provided by Yahoo Geocities' service in the U.S., Websense said. The method is unique in that the phishers are not only using a fake logo to trick users, but they're also forwarding the person to another site, a method that has been used before but not on such a large scale, Paul told the news service.
Security hole in RealPlayer and Helix Player
Attackers could launch malicious code by exploiting a security hole in RealNetworks Inc.'s RealPlayer and Helix Player, according to a vulnerability researcher who goes by the name c0ntex. Danish security firm Secunia confirmed the flaw in RealPlayer version 10.0.5.756 (gold), and Helix Player 126.96.36.1997 (gold). In both cases, Secunia said the flaw only affects Linux/Unix platforms. The firm said in an advisory that the vulnerability is "caused by a format string error when displaying the invalid-handle error message. This may be exploited to execute arbitrary code via a specially crafted '.rp' file. The '.rt' file format may also be affected." However, users must be tricked into opening or following a link to a malicious .rp file for the attack to work. Secunia recommended users avoid opening media files from untrusted sources.
GAO: Air traffic control networks vulnerable
Congressional investigators say the high-tech networks that bind key parts of the U.S. air traffic control system lack important controls and may be vulnerable to a cyberattack. The Government Accountability Office (GAO) said in an update to a 2000 report that the Federal Aviation Administration (FAA) has improved the security of its IT infrastructure and noted the agency's contention that its interconnected networks are secure. FAA spokesman Greg Martin said separately in an interview with the Reuters news agency that the investigation was too narrowly focused and that the agency has adequate controls in place nationwide. "They are very secure systems," Martin told Reuters. "There is a lot that the [report] failed to take into account." Martin said any flaws are countered by several redundancies and other controls built throughout the IT architecture. Nevertheless, the GAO cited a series of gaps that include outdated security plans, inadequate awareness training and questions about whether the FAA could detect intruders and keep the system up during a security breach. "The agency has not adequately managed its networks, software updates, user accounts and passwords and user privileges," the GAO said.
Flaw affects Solaris 7 through 10
Sun Microsystems has issued a workaround for a flaw affecting several versions of the Solaris operating system. The Santa Clara, Calif.-based company said in an advisory that, "a security vulnerability which affects the Xsun(1) and Xprt(1) commands may allow a local unprivileged user the ability to execute arbitrary code with the privileges of either the Xsun(1) or Xprt(1) command." Solaris 7 through 10 on the SPARC and x86 platforms are affected, and Sun said there are "no predictable symptoms that would indicate the described issue has been exploited." To work around the flaw, Sun recommended users remove the setuid(2) and/or setgid(2) bit from Xsun(1) and Xprt(1).