http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219000172 By Thomas Claburn InformationWeek August 4, 2009 The security risks posed by the use public Wi-Fi networks have been known for years, but even cautious computer users may be vulnerable to attack when connected to public Wi-Fi networks as a result of the widespread insecurity of automated software updates. In a recent presentation at the DEFCON security conference in Las Vegas, Radware security researchers Itzik Kotler and Tomer Bitton revealed that hundreds of popular applications are vulnerable to a man-in-the-middle attack because they rely on a flawed software update process. To demonstrate the flaw, Kotler and Bitton have released software called ippon-mitm that can hijack software update sessions and answer update queries by returning malware to the requesting computer. Often, a user will be unaware that an update query has been sent and intercepted and may continuing to enter sensitive information into the compromised computer. The researchers said that the update mechanisms in Alcohol 120, Adobe (NSDQ: ADBE) PDF Reader, GOM Player, Hex Workshop, iMesh, and Skype, among other applications, were vulnerable. Kotler declined to name the rest of the vulnerable applications, saying that his company has been in contact with the appropriate vendors to inform them about the problem. A company spokesperson was not immediately available to clarify whether any of the vulnerable applications have been patched since the DEFCON presentation. [...] __________________________ Subscribe to InfoSec News http://www.infosecnews.orgReceived on Wed Aug 05 2009 - 02:34:03 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 05 2009 - 02:49:49 PDT