May 2006 - Posts

Trend Micro, CA Give Away Windows Vista AV

As reported by Techweb, Security vendor Trend Micro on Wednesday followed the lead last week of a rival to launch a free Windows Vista version of its anti-virus software to protect users as they try out the new operating system.
Posted Wed, May 31 2006 13:52 by Don
Filed under:

Trojan ID Thieves Pose As Microsoft Patches

A pair of Trojans posing as Microsoft patches or updates are on the loose, security firms said Tuesday.

According to U.K.-based Sophos, the Trojan horse "BeastPWS-C" starts with a spoofed e-mail from Microsoft that claims a new vulnerability in the WinLogon Service is out and about. (WinLogon is the log-in service for Windows NT, 2000, and XP.) The spammed message includes a link to a purported patch.

Posted Wed, May 31 2006 6:07 by Don
Filed under:

MPAA accused of hacking

Torrentspy.com, a BitTorrent search engine, has accused the Motion Picture Association of America (MPAA) of hacking its servers. The accusations came in a new legal suit filed last week.
Posted Wed, May 31 2006 6:01 by Don
Filed under:

Macro virus aims at OpenOffice, StarOffice

An unknown virus writer has created the first macro virus that targets computers running the alternative word processors OpenOffice and StarOffice, antivirus firm Kaspersky Labs said on Tuesday.

The virus, which Kaspersky called StarOffice.Stardust.A on its Viruslist blog, is written in StarBasic, a variant of the BASIC programming language designed for scripting common functions in the StarOffice and OpenOffice word processors. While the virus attempts to spread to computers through OpenOffice and StarOffice, Kaspersky called the functionality theoretical.

Posted Wed, May 31 2006 5:57 by Don
Filed under:

Web attacks on the rise - Acunetix appeals for web security auditing

Web hacking attacks reported recently in the media have cost companies millions of dollars in fines, compensation and damage control measures. In a recent security workshop Acunetix CEO, Nick Galea, launched an appeal to companies with an online presence to improve and enforce web application security auditing.
Posted Mon, May 29 2006 16:47 by Don
Filed under:

Anti-DRM Campaign Heats Up

Members of the Free Software Foundation are engaging in a campaign against Digital Rights Management, which they emphatically refer to as Digital Restrictions Management.
Posted Sat, May 27 2006 20:59 by Don
Filed under:

Security firm warns of Symantec AV flaw

A flaw in the Symantec's desktop antivirus for corporations could allow an attacker to compromise a victim's system without relying on any user interaction, security firm eEye Digital Security said in an advisory posted this week.

The security firm published an upcoming advisory on the vulnerability on Thursday, a day after notifying Symantec of the flaw. The flaw affects Symantec Antivirus 10.x and Symantec Client Security 3.x, according to the eEye's tests. Symantec, which confirmed the vulnerability on Friday, stressed that it does not affect any of its consumer desktop security products. (SecurityFocus is owned by Symantec.)

Posted Sat, May 27 2006 8:15 by Don
Filed under:

UPDATE: Windows 2000 Bug Alert False Alarm

A vulnerability in Windows 2000's file sharing protocol that Symantec rang the alarm on Thursday morning is actually not a new bug, but is a flaw patched more than a year ago, Microsoft claimed later in the day.
Posted Fri, May 26 2006 10:50 by Don
Filed under:

Agency delayed reporting theft of veterans' data

Investigators in the Justice Department and the Federal Bureau of Investigation were furious with the leaders of the veterans agency for initially trying to handle the loss of the data as an internal problem through the agency's inspector general before coming forward.
Posted Thu, May 25 2006 5:34 by Don
Filed under:

Black Frog leaps into fight against spam

Blue Frog out, Black Frog in.

Out of the ashes comes Black Frog, part of a project that is apparently willing to become a flag bearer in the fight against spam. The project, dubbed Okopipi, is developing the Black Frog antispam software and service as an open-source project, according to the group's wiki.

"This project aims to become a distributed replacement of antispam software Blue Frog," the Okopipi wiki states.

Posted Thu, May 25 2006 5:30 by Don
Filed under:

Academics Create Automatic Signature Generation Prototype

Security researchers at two U.S. universities create a new system for the automatic generation of vulnerability signatures to block exploits from targeting unpatched systems.
Posted Wed, May 24 2006 5:46 by Don
Filed under:

Microsoft advises 'safe mode' for Word

In the wake of at least one targeted attack that exploits a new flaw in Word, Microsoft is advising users to run the application in "safe mode."

Running Word in the restricted mode will not fix the vulnerability, but it will help block known modes of attack, Microsoft said in a security advisory published late Monday. The software maker is also developing a security update for Word, which should be available on June 13 or sooner, as warranted, the company said.

Posted Wed, May 24 2006 5:41 by Don
Filed under:

Thief Steals 26.5 Million Veterans' Identities

Secretary of Veterans Affairs R. James Nicholson said that a VA data analyst took home a laptop that contained names, Social Security numbers, and dates of birth for up to 26.5 million veterans and some spouses. The computer was stolen from the analyst's home in a recent burglary.
Posted Tue, May 23 2006 6:49 by Don
Filed under:

IM worm installs 'safe' Web browser

A new instant messaging worm installs a rogue Web browser called "Safety Browser" and hijacks the user's Internet Explorer home page, experts have warned.
The worm, dubbed "yhoo32.explr" by FaceTime Security Labs, was found two weeks ago on the Yahoo instant messaging network and was still active as of Friday, Tyler Wells, senior director of research at FaceTime, a seller of instant messaging security products, said in an interview.
Posted Tue, May 23 2006 4:33 by Don
Filed under:

Skype bug may expose user data

Skype Technologies has updated its popular Skype Internet telephony software to fix a security bug that could expose sensitive data.

The flaw could let an attacker construct a Skype hyperlink which, when clicked on by the target, sends a file from the victim's computer to another Skype user, the company said in a security alert published Friday.

Posted Mon, May 22 2006 8:12 by Don
Filed under:

U.S. Consumers Taking Steps To Stymie ID Theft

More than 7 in 10 Americans have taken steps to protect their identities. According to the Wall Street Journal/Harris Interactive poll, 73 percent of 2,100 U.S. adults surveyed said that they now monitor their bank and/or credit card accounts for suspicious activity, while 72 percent claim they shred mail that contains account numbers.
Posted Sat, May 20 2006 4:47 by Don
Filed under:

MS Word Zero-Day Attack

Internet Storm Center reported in a diary entry that it received reports of the exploit from an unnamed organization that was targeted. "The e-mail was written to look like an internal e-mail, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software," said Chris Carboni, an ISC incident handler tracking the attack.
Posted Fri, May 19 2006 14:13 by Don
Filed under:

Symantec Sues Microsoft Over Storage Technologies

Symantec seeks an injunction to stop development of Vista and the next version of Microsoft's server software.

Microsoft denied any wrongdoing. "These claims are unfounded because Microsoft actually purchased intellectual property rights for all relevant technologies from Veritas in 2004," the company said in a statement.

Posted Fri, May 19 2006 11:52 by Don
Filed under:

Blue Security folds under spammer's wrath

Spammer wins. The spammer,  identified by Blue Security as PharmaMaster attacked the company's Web site and spammed Blue Frog users with mass mailings. The attacks not only disrupted Blue Security's operations but knocked out the Web blog hosting service Six Apart and a handful of Internet service providers, including Tucows. While the company had started recovering from the initial attacks, the spammer promised more to come, said one company source. Those threats and the collateral damage led the firm to decide to shutdown its service.
Posted Thu, May 18 2006 8:12 by Don
Filed under:

Symantec Warns Of Bot Sniffing For Veritas Vulnerability

Users of Veritas Backup software are urged to update the program. Symantec warns of a bot sniffing for unpatched Veritas software. A surge in scans of TCP port 6101, which is associated with Veritas Backup Exec, was first detected by Symantec's DeepSight network earlier this week.
Posted Wed, May 17 2006 13:37 by Don
Filed under:
More Posts Next page »