May 2006 - Posts

MySQL issues security fix

MySQL has issued a security update to address flaws in its client-server protocol that could allow a malicious attacker to exploit buffer overflow vulnerabilities and gain access to sensitive information.

The open-source database company released its MySQL version 5.0.21 update earlier this week. The update is designed to address security flaws in database server software versions 5.1.9; 5.0.20; 4.1.18; 4.0.26 and prior versions.

Security researcher FrSIRT rates the flaws as "moderate" risk. MySQL version 5.0, which was released late last year, is in widespread use.

CNet

Posted Fri, May 5 2006 6:57 by Don
Filed under:

Yahoo Slapped with Spyware Syndication Fraud Suit

Anti-spyware activist Ben Edelman has filed a class-action lawsuit against Yahoo, accusing the online media giant of partnering with spyware purveyors to perpetrate syndication fraud against advertisers.

The bombshell suit, filed in the U.S. District Court in New Jersey, also alleges that Yahoo used its Overture pay-per-click advertising network to make money from the practice of typo-squatting, in which slight variations of popular URLs are registered so as to serve ads to users who type in misspelled versions of domain names.

eWeek

Posted Fri, May 5 2006 5:41 by Don
Filed under:

Kerio WinRoute Firewall Protocol Inspection Denial of Service

Secunia Advisory: SA19947
Release Date: 2006-05-05

Description:
A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the SMTP and POP3 protocol inspectors. This can be exploited to crash the service when a malformed e-mail is sent via SMTP or received via POP3.

The vulnerability has been reported in versions prior to 6.2.1.

Solution:
Update to version 6.2.1 or later.
http://www.kerio.com/kwf_download.html
Posted Fri, May 5 2006 5:37 by Don
Filed under:

Microsoft Security Bulletin Advanced Notification

Issued: May 04, 2006

Summary

On 9 May 2006 Microsoft is planning to release:

Security Updates

.    One Microsoft Security Bulletin affecting Microsoft Exchange.
The highest Maximum Severity rating for this is Critical. These
updates may require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer.

Note that this update will include the functionality change
discussed in Microsoft Knowledge Base Article 912918. Administrators
are urged to review this Knowledge Base article prior to release and
take steps appropriate for their environment.

.    Two Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates may require a restart. These updates will be detectable
using the Microsoft Baseline Security Analyzer and the Enterprise
Scanning Tool.

Microsoft Windows Malicious Software Removal Tool

.    Microsoft will release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

.    Microsoft will not release any NON-SECURITY High-Priority
Updates for Windows on Windows Update (WU) and Software Update
Services (SUS).

.    Microsoft will release two NON-SECURITY High-Priority Updates
on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins,
products affected, restart information and severities are subject to
change until released.

Microsoft will host a webcast next week to address customer
questions on these bulletins. For more information on this webcast
please see below:
.    TechNet Webcast: Information about Microsoft's Security
Bulletins (Level 100)   
.    Wednesday, 10 May 2006 11:00 AM (GMT-08:00) Pacific Time (US &
Canada) .
Webcast Information

At this time no additional information on these bulletins such as
details regarding severity or details regarding the vulnerability
will be made available until 9 May 2006.

Support:

Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security updates.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
Posted Thu, May 4 2006 16:29 by Don
Filed under:

Antispam list gets spammed

They may've signed up for the service to stay free of unsolicited e-mail, but people in Blue Security's "Do Not Intrude Registry" are getting spammed, the company said Wednesday.

What's more, a spammer is attempting to intimidate the Blue Security customers by sending them threatening messages, according to the Israeli company, which launched its spam-fighting service in July last year.

CNet

Posted Thu, May 4 2006 5:26 by Don
Filed under:

Massive DoS Attack Knocks TypePad, LiveJournal Blogs Offline

Millions of blogs hosted by LiveJournal and TypePad were unavailable throughout Tuesday night and into Wednesday morning as a massive denial-of-service attack struck their servers.
TechWeb
Posted Thu, May 4 2006 5:24 by Don
Filed under:

Newsgroup Chatter: Windows Anti-Counterfeit Tool Requires Loosening PC Security

Some system administrators are finding that Microsoft's new anti-piracy software is incorrectly labeling PCs used in public places, such as university computer labs, as counterfeits, and that the solution sidestep a basic security practice for out-in-the-open machines, according to a newsgroup discussion of the issue.

After Microsoft unveiled its Windows Genuine Advantage Notifications tool last week, a university system administrator -- who preferred to remain anonymous but took the name "GodOfLions" on the Microsoft "WGA Validation Problems" newsgroup -- said that lab PCs came back as running fake copies.

TechWeb

Posted Thu, May 4 2006 5:22 by Don
Filed under:

Malware analysis reveals families of code

A project focused on automating the process of classifying malicious software found that many programs have similar ancestors but that the names assigned by security firms don't always highlight common code.

The project, pursued over the past few weeks by Sabre Security, used the company's reverse engineering tool to identify the functional components in more than 200 samples of malicious code. Using a clustering algorithm, the samples were classified into code families, forming two large clusters, three smaller ones and several pairs of siblings and outliers.

SecurityFocus

Posted Wed, May 3 2006 13:10 by Don
Filed under:

Firefox Updated With Critical Security Fix

Mozilla Corp. on Tuesday released a patch for a zero-day critical security hole in Firefox that could be exploited to crash the browser or install malicious code.

Firefox 1.5.0.3 fixes a zero-day vulnerability, which first appeared April 18 on Mozilla's Bugzilla listing. The flaw was found in Firefox 1.5.0.2, an update of the open-source browser that was released in mid-April.

TechWeb

Posted Wed, May 3 2006 6:10 by Don
Filed under:

AOL IM bot cloaked in encryption

America Online on Monday said it is blocking malicious links tied to a recently discovered bot that uses encryption to increase the range of its targets and make eradication more difficult.

The bot software, which can only infect those who click on a malicious link sent via AIM, may infect upwards of a few tens of thousands of users, said Johannes Ullrich, chief research officer at the Sans Institute. San's Internet Storm Center released a report on the issue Sunday night.

CNet

Posted Tue, May 2 2006 5:45 by Don
Filed under:

Symantec Relaunches Phishing Info Sharing Network

Symantec on Monday relaunched an anti-phishing fraud service it acquired in its 2005 acquisition of WholeSecurity, and said major Internet players including eBay, Google, Yahoo, RSA Security, and Wells Fargo will participate in the data sharing group.

Microsoft, however, has dropped out.

TechWeb

Posted Tue, May 2 2006 5:42 by Don
Filed under:

Smarter Spam Could Mimic Friends' Mail

The next generation of spam and phishing e-mails could fool both software filters and the most cautious people, Canadian researchers said Sunday, by mimicking the way friends and real companies write messages.
TechWeb
Posted Mon, May 1 2006 13:54 by Don
Filed under:

ClamAV Freshclam HTTP Header Buffer Overflow Vulnerability

Secunia Advisory: SA19880
Release Date: 2006-05-01

Description:
A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line utility. This can be exploited to cause a stack-based buffer overflow when the HTTP headers received from a web server exceeds 8KB.

Successful exploitation requires that Freshclam is used to download virus signature updates from a malicious mirror web server e.g. via DNS poisoning.

The vulnerability has been reported in version 0.80 through 0.88.1.

Solution:
Update to version 0.88.2.
http://sourceforge.net/project/s...p_id=86638&release_id=407078
Posted Mon, May 1 2006 9:25 by Don
Filed under:

Macs no longer immune to viruses, experts say

Apple’s iconic status, growing market share and adoption of same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.

Apple’s most recent wake-up call came last week, as a Southern California researcher reported seven new vulnerabilities. Tom Ferris said malicious Web sites can exploit the holes without a user’s knowledge, potentially allowing a criminal to execute code remotely and gain access to passwords and other sensitive information.

Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world’s largest software company was criticized for being slow to respond to weaknesses in its products.

MSNBC

Posted Mon, May 1 2006 5:46 by Don
Filed under:

Security tool aims to stop drive-by installs

Veterans of antispyware specialist PestPatrol have developed a new tool that throws up roadblocks for so-called drive-by installs of malicious code onto vulnerable PCs.

The tool, called SocketShield, monitors Internet traffic as it enters a PC and takes action based on a blacklist of known bad Web sites and vulnerability signatures, Roger Thompson, chief technology officer at Exploit Prevention Labs, said in an interview Friday. "Before you can open a poisoned page and get infected, we can stop it," he said.

CNet

Posted Mon, May 1 2006 5:31 by Don
Filed under:
More Posts « Previous page