Zero-day flaw in Solaris allows remote attacks
Security experts are warning of a zero-day vulnerability with Sun Microsystems Inc.'s Solaris 10 and 11 OSes.
Exploit code has been posted on the Internet, and no special tools are required to take advantage of it, according to an advisory from the SANS Institute.
The problem lies within Telnet, a networking protocol. The Telnet daemon -- a process that runs in the background and waits for another Telnet client to connect -- can allow a hacker to log in without a password.
SANS suggests a couple of solutions: disable Telnet or limit the IP (Internet Protocol) addresses that can connect to Telnet through the firewall.
In the past, SANS has warned that using Telnet poses a risk because data transferred between clients may not be encrypted. Telnet is also a frequent target for port scanners.
"In my opinion, no one should be running Telnet open to the Internet," wrote Donald Smith of SANS.
IDG News Service
pasmith
Kindle news: pricing, business models and ... source code?
mulderjoe
Cell phone gaming: In search of good mobile games
jfruh
The guts of the iPhone 3GS
Enter your caption for this week's cartoon! The winner will receive a $25 Amazon gift card. Go now!
Essential JavaFX
Get started building rich Web apps quickly with an introduction to the power of JavaFX key features -- scene node graphs, nodes as components, the coordinate system, layout options, colors and gradients, custom classes with inheritance, animation, binding, and event handlers.Enter now!
The Nomadic Developer
Consulting can be hugely rewarding, but it's easy to fail if you are unprepared. To succeed, you need a mentor who knows the lay of the land. Aaron Erickson is your mentor, and this is your guidebook. Enter now!
