Via Spare Room, it has been revealed that you can listen in to details on an 021 (Vodafone) phone number, change plans, buy SupaPrepay addons and more all by knowing the 021 phone number.
This comes a couple of months after the Telecom security scare, where you could change your Telecom mobile to any number to intercept texts, send texts or call using another persons account.
After McAfee and Symantec’s swings at Microsoft - saying that the giant isn’t cooperating with them - another virus maker has come out and said that there is no evidence of Microsoft stopping them from doing anything.
Kaspersky labs, a Russian based security group, has said in Reuters on Friday:
“From what we have seen of Vista we cannot tell that Microsoft is blocking access to the core,” Kaspersky Lab Chief Executive and co-founder Natalya Kaspersky told Reuters in an interview in Paris.
No surprises here. Soon after McAfee and Symantec made swings at Microsoft, BetaNews had gone out to find other companies opinion. Sophos also found no problems with the Vista security model, in fact saying:
Conceivably, if Sophos wanted to provide a “total security solution,” given this new set of circumstances, wouldn’t it need to understand some of PatchGuard’s secrets? Surprisingly, O’Brien told us no. “At this point in time, Sophos does not see the need to be able to access the kernel within the Microsoft operating system,” he said.
“If there is a point in time where the kernel becomes the subject of malware being written specifically to it, then I would expect that we would go back to Microsoft and tell them we need to be able to access the kernel. But at this point, it doesn’t appear to be necessary.”
So, this seems to be the big security companies being the only ones kicking up a fuss. They have the most to lose I suppose. Still, you shouldn’t get McAfee or Symantec products anyway - they are overpriced and resource hogging. You should just find some free alternatives (that also happily work with Vista).
Mischa Spiegelmock and Andrew Wbeelsoi at a ToorCon conference (on hacking) had proclaimed that the Javascript in Firefox was a “complete mess,” and that there are several vulnerabilities, the worst of which causes a stack overflow and consequently code execution. (Stack overflow is where a program takes up more space than it had/been allocated in memory.) They also proclaimed that it could “never be patched.”
Mozilla had, of course, looked into this, and spoken to Mischa. There was a surprise though: he had never actually got the code to execute anything. It would merely cause a stack overflow… and crash.
As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.
So, it was also based on an old security flaw which was fixed previously.
So, was it just a prank to try and make ToorCon more notable?
Clearly afraid that it won’t be needed anymore, Symantec had complained to the EU that wants security features from Vista removed. Basically, make Vista so idiotically dumbed down so then Symantec can continue to line its pockets.
One of the complaints is the Security Center in Vista they want to be able to replace with there. This is despite the ability to fill it with all their own icons and logos throughout the control panel. Next thing they want is kernel protection removed. Malicious software can patch the Windows kernel to do their bidding, and Symantecs products can fix this by patching it again. So, now that it is impossible to patch the kernel, and hence not have any malicious software lurking there, they want Kernel PatchGuard removed.
So, Symantec is a business, and now they are seeing a threat from Vista because it features built in security. These are the right moves that Microsoft are taking - you shouldn’t need to pay someone else to have a secure computer. Quite frankly, Symantec are just being idiots.
In other news, Adobe is also trying to bundle its crap in the OS as well. As a new XML format called XPS (XML Paper Specification) is built into Vista, and will compete with PDFs. I don’t see a problem with this, as there are lots of programs that make PDFs for free anyway. Adobe have already stopped Microsoft from having a publish to PDF function in future versions of Office. Now they are just being silly.
Get Updates