ACKNet Technologies
ACKNet Technologies is a professional information security
firm. We specializes in IT security assessments and
incident response. Our innovative services and products will keep
your organization protected from the latest security threats
and assist you in achieving regulatory compliance. ACKNet posses
the experience and expertise to guide your organization through
the ever changing information security challenges of today's
business environment.
Our consultants possess US Government clearances and have extensive
expertise in the following fields.
- Information Security Vulnerability Assessments
- Intrusion Detection
- Incident Response
- Computer and Network Forensics
- IT Risk Mitigation
- Penetration Testing
- Wireless Detection
Latest Bulletins
Mozilla releases port scanning patch
Mar 20, 2007
The FTP PASV port-scanning flaw, which is rated a low risk, could enable a
hacker to take a look around inside a victim's machine. An advisory on the
Mozilla site warns that a malicious Web page hosted on a specially-coded FTP
server could use the scanning feature to perform a rudimentary port-scan of
machines inside a user's firewall.
Apple patces 45 vulnerabilities in single update
Mar 13, 2007
Apple on Tuesday issued a security update for its Mac OS X to plug 45 security
holes, including several zero-day vulnerabilities. The megapatch is the seventh
Apple security patch release in three months. It deals with vulnerabilities in
Apple's own software, as well as third-party components such as Adobe Systems'
Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the
update were previously released as part of two high-profile bug-hunting campaigns.
No Microsoft Patches on Blue Tuesday for March
Mar 9, 2007
In its monthly advance notification bulletin posted earlier today, Microsoft simply said,
"No new Microsoft Security Bulletins will be released on March 13, 2007." It marks the
first time in 18 months that Microsoft has not issued at least one security update in a
scheduled patch rollout. Since January 2003, only three months have been sans security fixes.
Apple plugs QuickTime flaws
Mar 6, 2007
Mac maker Apple released an update on Monday for QuickTime that patches nine flaws (corrected)
in the Windows version of the program, including eight flaws that also affect QuickTime for
the Mac OS X. The security vulnerabilities occurred in how the program handles a variety of
different media formats, including movie files, third-generation partnership project (3GPP)
files, QuickTime image files (QTIF), and Picture (PICT) files. Exploiting any of the nine flaws
could allow an attacker to run code on the target's PC or Mac, the company stated in an
advisory. Media files have increasingly become a vector for attacks.
Attacker Backdoors Wordpress 2.1.1
Mar 2, 2007
It was determined that a cracker had gained user-level access to one of the servers that powers
wordpress.org, and had used that access to modify the download file. We have locked down that
server for further forensics, but at this time it appears that the 2.1.1 download was the only
thing touched by the attack. They modified two files in WP to include code that would allow for
remote PHP execution.
News
OSX Malware not taking off yetMar 22, 2007
Today we know of over 236,000 malicious malware items. These are mostly
meant for the MS-Windows environment. Only about 700 are meant for the various
Unix/Linux distributions. Current known Mac OSX malware count is even less with
7, so pretty much non-existent at the moment. For older builds of the MacOS
there are 69 known malicious items, with an additional 8 items for MacHC that
used hypercard script extensions which had to be manually installed as an addon
package.
Most Data Centre Thefts Are Inside JobsMar 14, 2007
Acts of theft, fraud and vandalism in data centres are three times more likely to be inside
jobs than perpetrated by external parties, according to data centre firm Migration Solutions.
Feds Investigate Whether Wal-Mart Employee Broke Any LawsMar 10, 2007
Federal prosecutors are trying to determine if a Wal-Mart systems technician who was fired
for spying on fellow employees broke any federal laws. Wal-Mart said last week that the employee
was fired for intercepting text messages and recording telephone conversations without authorization.
The company conducted an internal investigation that started after one of the employee's
colleagues "expressed concerns" about the recordings, according to a release from Wal-Mart.
FBI acted illegally on dataMar 9, 2007
The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain
personal information about people in the United States, a Justice Department audit concluded Friday.
And for three years the FBI has underreported to Congress how often it forced businesses to turn
over the customer data, the audit found. The Office of the Inspector General blames agent error and
shoddy record-keeping for the bulk of the problems and did not find any indication of criminal
misconduct.
US hacker gets a year in JailMar 8, 2007
A man who pleaded guilty to conspiring to commit computer fraud and identity theft has been
sentenced to one year's imprisonment by a Florida court. Justin A Perras was one of five co-defendants
who admitted hacking into computers at information management and workflow provider LexisNexis. The
computers were accessed using Trojans and social engineering tricks in order to make unauthorised
entries into the company's Accurint database, which is used by law enforcement agencies among others.