Tools to prevent drive-by attacks
You won't find a perfect solution to the growing problem of drive-by attacks, but many tools are available to help you keep malicious code off your network.
Attackers have an easy time on today's Internet. Intruders of the past needed to circumvent troublesome firewalls and other protective devices, but today, they only need to entice an unsuspecting user into accessing a web server prepared with malware or send a malicious link through email, text, or an instant messaging service. Contact details for reaching the potential victims can usually be retrieved from social networks such as Xing. And QR codes are ideal for distributing malware links: The reader has no way to even guess where the code might by pointing.
Many of these attack methods exploit the fact that Web 2.0 tools are installed on nearly every workstation and mobile device, including a web browser and plugins such as Flash Player, Java, and Adobe Reader. Browsers or plugins almost always contain vulnerabilities that are then exploitable using special attack tools installed on the web server. The goal of these attacks is to infect the client with malware and then misuse the client system by adding it to a botnet or using it as a bridgehead for access to other resources on the network. The attack is usually completely transparent and goes unnoticed by the user. This style of attack is often called a drive-by download (see the "How a Drive-By Attack Works" box). In the opinion of ENISA (European Network and Information Security Agency), drive-by downloads are currently the biggest threat on the Internet .
Read full article as PDF:
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open-source groupware solution.
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.
Donors will get to vote on new features for the free video editor.
Debian project puts init out to pasture and says no to Ubuntu's Upstart.
Ultra-sophisticated attack tool might have originated from a state-sponsored intelligence service.
New alternative for init comes with a small footprint and minimal configuration.
X marks the target for the next-generation windowing system.
Super-clone CentOS Linux gets beamed up to the mother ship.
HTML technology will enable new video editing and playback options.
New Linux distro is optimzed for gaming.