February 2006 - Posts

Spreading security awareness for OS X

Robert Lemos interviews Kevin Finisterre, founder of security startup Digital Munition, who created the three recent versions of the InqTana worm to raise awareness of security in Apple's OS X. Finisterre discusses his reasons for creating the worms, the problems with Mac OS X security, and why he does not fear prosecution.

http://www.securityfocus.com/columnists/389
Posted Tue, Feb 28 2006 18:54 by Don
Filed under:

Symantec Threat Meter Tests E-mail, Web Browsing, Instant Messaging, File Sharing

Symantec on Tuesday launched a new Internet security barometer that gives consumers clues on which online activities are currently safest.

But unlike rival security meters, Symantec's new Internet Threat Meter breaks out current risks by activity: e-mail, Web browsing, instant messaging, and file sharing.

In its debut, the meter labeled e-mail as a "Medium: Use Extra Caution" risk, and Web activities, instant messaging, and file sharing all as "Low: Use Basic Caution." Threats will be tagged with low, medium, and high markers.

Techweb News

Posted Tue, Feb 28 2006 14:33 by Don
Filed under:

Adware Firm 180Solutions Admits Error, Apologizes

180solutions, the controversial adware marketer admitted last week that it was initially unable to identify the rogue affiliate that was installing its Zango software illegally, and in fact found a pair of sites adding Zango to PCs without users' consent.

"As it turns out, we didn't get Mr. Edelman's guy on Monday. The guy we got on Monday, 'Sniper84,' was also installing our software in the same unauthorized manner," wrote Ken Smith, co-founder and chief technology officer of Bellevue, Wash.-based 180.

TechWeb

Posted Tue, Feb 28 2006 13:02 by Don
Filed under:

Crimeware code sells trojans to hackers

by William Eazel 27 Feb 2006 10:02

Security experts have detected a new crimeware creation system that sells made-to-measure trojans to hackers for $990.

The code, dubbed Trj/Briz.A by PandaLabs, stands out because its author customizes the code for hackers. The malware specializes in stealing bank details and data from web forms.

According to PandaLabs, this trojan is "the most complex example of the business network based on malware."

Apart from the code, cyber-crooks that buy this crimeware also get a complex system for controlling the infection caused by the custom-built trojan. This allows the client to get a list containing a large quantity of data about the infected computers: IP addresses, passwords and even the physical location of the computers.

SC News

Posted Tue, Feb 28 2006 9:13 by Don
Filed under:

UK.plc struggles to eradicate viral infection

Malware remains top security nuisance
By John Leyden
Published Tuesday 28th February 2006 12:12 GMT

Viral infection was the biggest single cause of security incidents over the last two years, according to a DTI-backed study published on Tuesday.
The study also found that viruses were more likely to cause service disruptions than other security breaches. While interruptions generally had minimal impact, a quarter of firms that blamed viral infestation for the worst security incident had major problems, such as losing important services (for example email), for more than a day.

TheRegister
Posted Tue, Feb 28 2006 7:13 by Don
Filed under:

IBM, Novell aid open-source identity project

IBM, Novell and Parity Communications announced on Monday that the firms would contributing code to an open-source initiative, known as Project Higgins, which aims to create an identity system that give the user more control over their data.

SecurityFocus
Posted Tue, Feb 28 2006 5:51 by Don
Filed under:

Cyberthieves silently copy keystrokes

Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a legitimate business but are actually attempts to steal passwords and other personal data.

But there is evidence that among global cybercriminals, phishing may already be passe.

In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con--the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine, putting them in the category of malicious programs known as Trojan horses, or just Trojans.

CNet

Posted Mon, Feb 27 2006 14:15 by Don
Filed under:

Kits help phishing sites proliferate

The number of phishing Web sites grew by about 65 percent in December, which security experts say is due to the increasing use of easy-to-use "phishing kits."

The Anti-Phishing Working Group's report for December revealed that although the number of phishing e-mails fell between November and December last year, the number of fraudulent Web sites increased from 4,630 to 7,197, which is a new record.

CNet

Posted Mon, Feb 27 2006 14:13 by Don
Filed under:

Is Mac OS as safe as ever?

Apple Computer fans have long loved to point out the safety of using Mac OS X, which has mostly been left alone by hackers. But the recent arrival of three threats has some asking: Is the software's charmed security life over?

In the past two weeks, a pair of worms that target Mac OS X have been discovered, along with an easily exploitable, severe security flaw. The vulnerability exposes Mac users to risks that are more familiar to Windows owners: the installation of malicious code through a bad Web site or e-mail.

CNet
Posted Mon, Feb 27 2006 10:44 by Don
Filed under:

It’s ‘phishing’ season for tax scammers

Marketing pitches masquerading as the 1099 forms detailing non-payroll income have been arriving in taxpayer mailboxes, while e-mails that appear to be from the Internal Revenue Service are really identity theft scams designed to collect personal financial information.

Government officials say they are currently seeing about one widespread IRS-themed e-mail scam a week, but Internet security experts expect them to escalate as the April 15 tax deadline nears.

http://www.msnbc.msn.com/id/11552490/

Posted Mon, Feb 27 2006 6:27 by Don
Filed under:

Microsoft To Release Six Versions Of Windows Vista

Microsoft plans to release Vista in six editions, including versions for business, home, a low-priced version for India and other emerging companies, and a version for sale in Europe that does not include the media player, in compliance with European anti-trust rulings.

Microsoft plans to disclose the lineup for Vista Monday, after it inadvertently posted information about its packaging plans for the software on its Web site last week. Microsoft's new PC operating system will arrive in two editions for business customers, three editions for home users, and a special low-priced "starter" edition for sale in India, Russia, Mexico, and other developing countries.

InformationWeek

Posted Mon, Feb 27 2006 5:45 by Don
Filed under:

MPAA Sues Usenet, Torrent Search Sites

The Motion Picture Association of America has found a new target in its war against piracy: search engines providing links to copyrighted material. Although they distribute no files themselves, such sites are a critical piece of the infrastructure that enables movie piracy, the MPAA says.

Lawsuits were filed Thursday against: BinNews.com, Torrentspy.com, IsoHunt, BTHub.com, TorrentBox.com, NiteShadow.com, Ed2k-It.com, NZB-Zone.com, and DVDRs.net. The suits mark the first time the MPAA has gone after Usenet related services, which have largely been spared in the crackdown on illicit file sharing.

BetaNews

Posted Mon, Feb 27 2006 4:49 by Don
Filed under:

IRS Phishing Alert

It's tax time and new variations of phishing email scams are making the rounds. They attempt to dupe users into divulging confidential information. Users receive one of a variety of messages. The most popular is one that claims that the taxpayer is eligible for a refund and needs to log on to a website to verify information. Upon accessing the spoofed URL, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers.

Many of the sites have similiar characteristics in their URL paths and include /IRS/claimrefund/caseid or /.www.irs.gov in the path.

One such mail message body example:

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

{Link Removed}

Regards,
Internal Revenue Service

The only click necessary is the one to send it to the trash bin.
Posted Sat, Feb 25 2006 5:41 by Don
Filed under:

Adware Firm Blasts Critics As "Irresponsible"

The sniping between a controversial adware company and a prominent anti-spyware researcher continued Thursday as 180solutions defended its practices and called critic Ben Edelman "irresponsible."

TechWeb
Posted Fri, Feb 24 2006 12:39 by Don
Filed under:

Macromedia ShockWave Player ActiveX Installer Buffer Overflow

Secunia Advisory: SA19009

Description:
Peter Vreugdenhil has reported a vulnerability in Macromedia ShockWave Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the Installer ActiveX control. This can be exploited to cause a stack-based buffer overflow via overly long values passed in two specific parameters to the control.

Successful exploitation allows arbitrary code execution, but requires that the user is e.g. tricked into visiting a malicious web site that prompts the user to install Shockwave Player.

The vulnerability has been reported in versions 10.1.0.11 and prior.

NOTE: The vendor has reported that the vulnerability occurs only during the installation process, and no action needs to be taken by current users.

Solution:
Only install ShockWave Player directly from the vendor's web site.

Provided and/or discovered by:
Peter Vreugdenhil

Original Advisory:
Macromedia:
http://www.macromedia.com/devnet/security/security_zone/apsb06-02.html

3Com's Zero Day Initiative:
http://www.zerodayinitiative.com/advisories/ZDI-06-002.html
Posted Fri, Feb 24 2006 6:20 by Don
Filed under:

Microsoft Security Advisory Notification (914457)

Issued: February 22, 2006

Security Advisories Updated or Released Today

* Security Advisory (914457)

  - Title:    Possible Vulnerability in Windows Service ACLs

  - Reason For Update:  Added Microsoft Knowledge Base Article 914392

  - Web site: http://go.microsoft.com/fwlink/?LinkId=61165

Support:
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

Posted Thu, Feb 23 2006 5:28 by Don
Filed under:

Microsoft looks for 'protection' money

Microsoft has spent billions of dollars in recent years to secure its software. Now it's payback time.

Until recently, security was just something that the software company got hammered on--a perennial headache, with no upside. But now, four years after Chairman Bill Gates launched his Trustworthy Computing push, Microsoft is starting to see security as a potential selling point.

Last month, Windows chief Jim Allchin pointed to enhanced security as the top reason customers should move to Vista, the update to the operating system due this year. The software maker estimates that a third of its engineering time for the new Windows was spent on protective measures.

CNet

Posted Wed, Feb 22 2006 15:39 by Don
Filed under:

Windows Finally Beats Unix, But Linux Is Coming on Strong

Well, it finally happened.

After years of "Unix is sick," "Unix is dying" and "Unix is dead" headlines, Windows, according to IDC, has finally overtaken Unix as the No. 1 pre-installed server operating system.

This may come as a surprise to some people, who've assumed that Windows has been No. 1 for quite some time. Nope. Windows has been No. 2 on servers for ages.

http://www.eweek.com/article2/0,1895,1930216,00.asp

Posted Wed, Feb 22 2006 15:36 by Don
Filed under:

Microsoft Security Advisory Notification (906267)

Issued: February 21, 2006

Security Advisories Updated or Released Today

* Security Advisory (906267)

  - Title: A COM Object (Msdds.dll) Could Cause Internet Explorer
    to Unexpectedly Exit    

  - Web site: http://go.microsoft.com/fwlink/?LinkId=51466
 
  - Reason For Update: Advisory updated to direct customers
    to Security Bulletin MS05-052, "Cumulative Security
    Update for Internet Explorer".

Support:
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

Posted Wed, Feb 22 2006 4:32 by Don
Filed under:

Google admits Desktop security risk

Businesses have been warned by research company Gartner that the latest Google Desktop Beta has an "unacceptable security risk," and Google agrees.

On Feb. 9, Google unveiled Google Desktop 3, a free, downloadable program that includes an option to let users search across multiple computers for files. To do that, the application automatically stores copies of files, for up to a month, on Google servers. From there, copies are transferred to the user's other computers for archiving. The data is encrypted in transmission and while stored on Google servers.

Story Continues at CNet
Posted Tue, Feb 21 2006 11:43 by Don
Filed under:
More Posts Next page »