News
Six-year-old security hole discovered in UW IMAP
20081208
Security expert at Bitsec discovers a vulnerability in UW IMAP which makes it possible for an attacker to gain full control over the system.
Bitsec’s security expert Aron Andersson has discovered a critical vulnerability in the application UW IMAP developed by the University of Washington. The vulnerability, which has existed since 2002, specifically affects the applications dmail and tmail that are used to distribute mail to private users. By supplying a specially crafted recipient, a local attacker can increase his privileges to ”root”, which results in full control of the system. Depending on which mail server is used and how it is configured, the vulnerability could potentially also be exploited without local access to the system.
Read more in our advisory >>
Further information in the CVE database >>
Discovery of vulnerability in Agda PS
20081125
Bitsec’s security expert has discovered a vulnerability in Agda PS, one of Sweden’s leading providers for payment systems and services.
Bosse Eriksson, security expert at Bitsec, has discovered a critical vulnerability in the HR system Agda PS. This may affect many of the 400 000 employees who receive their salary through the program.
The vulnerability makes it possible for attackers to steal, change and add information in the system. The vulnerability lies foremost in the so-called Agda Entré, which is the gate to the Agda PS itself, making it easy for attackers to penetrate the system without login credentials. The system is especially sensitive because it is usually open to the Internet. This would mean large losses for companies that use Agda PS as their salary system. Intruders can get access to employees’ usernames, passwords, national ID number and salary.
Read more about the vulnerability in our advisory >>
Read more about the vulnerability in the article in IDG (in Swedish) >>
Bitsec CTO Joel Eriksson has been interviewed on Radio Free
Europe / Radio Liberty
20080812
The interview dealt with the recent developments in Georgia and the Russian hacker war on the net against official Georgian websites.
[...] "Eriksson says all computer software has vulnerabilities that make it possible for hackers to break into a computer over the Internet. He says there is little that can be done to stop hackers who discover previously unknown vulnerabilities in new systems.
But he says administrators of websites sometimes fail to update
computer systems, leaving themselves open to hackers who exploit "old
vulnerabilities."
Read more >>
Established investor becomes joint owner of Bitsec
20080417
The Sixth AP Fund has entered as a joint owner of Bitsec. We see this as a proof that our activity and development has created interest not only among our customers, but also among investors, and consider it as a strength to have a major public player in the group of owners.
Framework Agreement
2008-02-07
Bitsec has signed a framework agreement for IT consulting services with
VERVA (6872/08) within area 6, Information security.
Some 90 public bodies, authorities, municipalities and foundations can now take advantage of our services via the agreement.
Read more about the agreement (in Swedish) >>
Verva frame agreement
2008-01-31
Bitsec has been invited to sign a frame agreement.
Read more >>
The course The Most Common Programming Mistakes continues
2008-01-16
After several fully booked trainings in 2007, we start 2008 by
scheduling more courses following requests from satisfied customers.
This year's first course again started fully booked.
Read more >>
Bitsec Rickardsson acts as an expert witness, prosecutor lays down 2 out of 3 charges
2008-01-08
Read more >>
Bitsec invited to RSA
2008-01-01
Read more >>
Up | 25.8.2008