Thursday, May 22, 2008

Vulnerabilities in Apple's iCal application

According to Researchers at Core Security Technologies, they have uncovered three vulnerabilities in Apple's iCal application that hackers can exploit to take over vulnerable machines or launch denial-of-service attacks. iCal is a personal calendar application provided by Apple on Mac OS X and serves as a client-side component to a calendar server, allowing users to create and share multiple calendars. It can also be used as a stand-alone application.
The most serious of the bugs is the result of a memory corruption vulnerability that can be triggered if a user runs a malicious .ics (iCal calendar file). The other two are null-pointer errors caused when parsing malformed .ics files, Core researchers wrote in the advisory. Version 3.0.1 of iCal, running on the Mac OS X 10.5.1 platform, is vulnerable, Core researchers wrote.

US Military Botnet - Weapons of Mass Denial

U.S. military is planning to botnet attacks to its enemies computer network. US botnet is a disturbing concept, but next to cluster bombs and cruise missiles it's War Lite. According to Col. Charles W. Williamson III proposes that "...America needs a network that can project power by building an robot network [botnet] that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack." Wow, them's fighting words.
In a real war this would all be devastating for the civilian infrastructure, but I doubt it would stop troops from moving or planes from flying or submarines from diving. Perhaps that's the best reason to follow Williamson's advice: Once deterrents are in place, launching an attack only ends up shooting you in the foot.

Source: eweek

Recent Comments