- HP buys EDS for $13.9 billion
- 10 ways the Chinese Internet is different
- What EDS is telling its people about HP deal
- Sprint loses nearly 1.1 million customers
- Desktops of the future here today
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
I think the only thing I like about sprint is EVDO rev.A. Their data network is awesome, other than that...- Matt V
Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack.
"Somewhere in my blog, I embedded a proof-of-concept code which exploits this 0day vulnerability," Raff wrote in a Wednesday blog posting. A 0day attack is a previously undisclosed software flaw that has not been fixed by the software maker.
The bug, which affects Internet Explorer 7 and IE 8, could allow an attacker to run unauthorized software on a victim's computer. Raff informed Microsoft of the flaw on Tuesday and the software vendor has not yet patched it, Raff said.
Microsoft didn't get much time to fix the bug, but Raff said he didn't feel that Microsoft would address the issue quickly unless he went public with the vulnerability.
When he has followed Microsoft's responsible disclosure guidelines in the past, the company has been too slow to fix bugs, he said via instant message. "The last time I used their Responsible Disclosure policy it took them six months to fix one line of code."
For Raff's attack to work, the hacker would first have to put a small amount of HTML code on a Web site and then persuade the victim to use a specific Internet Explorer feature on that site, he said.
The Israeli hacker said that the idea of disclosing his attack in a treasure hunt came from a local custom of playing such games during Israel's Independence Day, which falls on Thursday.
Raff has put the code on his own Web site, and he will offer clues as to what people must do to trigger the flaw over the next few days. When triggered, Raff's proof-of-concept code launches two copies of Microsoft's calculator software on the victim's computer, but it could be altered to do something malicious.
Next Wednesday, he will release full details of the bug along with his proof-of-concept code.
Microsoft was unable to immediately comment for this story.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Keep it up...By Anonymous on May 12, 2008, 5:30 pmWe need more like him, people who point our bugs rather than use it agains others. If he can find it, who knows how many others have started using it? He simply...
Reply | Read entire comment
Nice.By Anonymous on May 12, 2008, 10:31 amA smart guy with the maturity of a 10 year old. Maybe his mamma didn't teach him two wrongs doesn't make a right......
Reply | Read entire comment
unethicalBy Anonymous on May 11, 2008, 11:42 amIf Microsoft does nothing to fix the problem in a timely manner, that is wrong and makes for poor business standards. What this individual is doing is wrong and...
Reply | Read entire comment
Great idea.By Adrian on May 9, 2008, 4:35 pmWhile I realize it does take time and money to patch holes the way megacorps try to sweep problems under the rug disgusts me. I hope that any company that follows...
Reply | Read entire comment
why a dirtbag?By Anonymous on May 9, 2008, 9:07 amThis guy is smart. People don't take security holes seriously, what a surprise Microsoft is one of them. People need to start being aware of things like this.
Reply | Read entire comment
View all comments