June 2006 - Posts


Get Vista beta 2 before we stop downloads/orders, as posted on Ian Moulster's Blog.

Update: The program will close on Friday June 30th 2006

In case you weren't aware, we are only providing a limited number of copies of Windows Vista Beta 2 - either download or physical copies - and we're fast approaching the cut-off point.

What this means is - if you want to get a copy, get it now (and I mean now). Visit www.microsoft.com/betaexperience/engb and either download or order. Because WE WILL BE WITHDRAWING ACCESS VERY SOON. Did I say that loudly enough?


Posted Fri, Jun 30 2006 9:07 by Don
Filed under:

Secunia Advisory:
SA20891
Release Date: 2006-06-30

Description:
A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error within the parsing of AAC media files (e.g. ".M4A" and ".M4P" file extensions). This can be exploited to cause a memory corruption when a malicious AAC file with a specially crafted "sample_size_table" value is opened.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in versions prior to 6.0.5.

Solution:
Update to version 6.0.5.
http://www.apple.com/itunes/download/

Two new security flaws have been discovered in Microsoft's Internet Explorer, and one could also affect Mozilla's Firefox, security experts have warned.

Code for both the vulnerabilities has been published, but there have been no reports of attacks taking advantage of the flaws, the SANS Internet Storm Center, which monitors network threats, said in an advisory released Wednesday.

CNet

Posted Fri, Jun 30 2006 5:29 by Don
Filed under:

Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday, increasing the urgency to patch.

CNet
Posted Fri, Jun 30 2006 5:26 by Don
Filed under:

Is Microsoft about to release a Windows "kill switch"? by ZDNet's Ed Bott -- Windows Genuine Activation is a mess. And according to one published report, it's about to get even messier. If Microsoft's online check determines that your copy of Windows isn't "genuine," will it shut you down completely? Microsoft says that just might be in their plans. Uh-oh.

Posted Thu, Jun 29 2006 15:47 by Don
Filed under:

Cisco has released a vulnerability disclosure for their Wireless Access Points:

The vulnerability is in the web interface for the APs and could allow wiping of the security config and access to the administrative interface without authentication.

Posted Thu, Jun 29 2006 15:37 by Don
Filed under:

The Department of Veterans Affairs said Thursday that it has recovered a laptop and external hard drive containing 26.5 million veteran and active-duty military personnel identities.

The FBI said its preliminary examination of the hardware "has determined that the database remains intact and has not been accessed since it was stolen," the Associated Press reported. The FBI is planning additional forensics tests.

TechWeb

Posted Thu, Jun 29 2006 15:29 by Don
Filed under:

A coalition of corporations, universities and federal law enforcement agencies on Wednesday opened the Center for Identity Management and Information Protection, whose mission is to research identity theft problems and solutions.

ZDNet
Posted Thu, Jun 29 2006 5:28 by Don
Filed under:

The Bush Administration is giving federal civilian agencies just 45 days to comply with new recommendations for laptop encryption and two-factor authentication.

The memo follows a wave of high profile data thefts and major security breeches involving remote access or the theft of government laptop computers containing sensitive personal information. The official memo (PDF) from the executive office of the U.S. president stipulates that all mobile devices containing sensitive information must have their data encrypted. The recommendations also say that two-factor authentication must be used for remote access, that remote access must time out after 30 minutes of inactivity, and that all data extracts must be logged. The memo does not detail any specific technology recommendations beyond this broad outline, presumably leaving agencies to decide on their own specific implementations.

SecurityFocus

Posted Wed, Jun 28 2006 17:59 by Don | 2 comment(s)
Filed under:

Apple Tuesday released Mac OS X version 10.4.7, which fixes several security vulnerabilities that at least one security vendor rated as serious.

Although the issues don't affect OS X versions prior to 10.4., and no exploits have been reported, Symantec assigned its highest severity rating -- 10 out of 10 -- to the vulnerabilities in an advisory issued Tuesday afternoon to subscribers of its DeepSight Threat Management System.

CRN

Posted Wed, Jun 28 2006 5:49 by Don
Filed under:

Issued: June 27, 2006


Summary

The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS06-025
 
Bulletin Information:

* MS06-025

  - Reason for Revision: Microsoft updated this bulletin and the
    associated security updates to address the issues affecting
    customers identified in Microsoft Knowledge Base Article 911280.
  - Originally posted: June 13, 2006
  - Updated: June 27, 2006
  - Bulletin Severity Rating: Critical
  - Version: 2.0
   
Support:

Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

Five major Internet service providers announced on Tuesday that they have banded together to develop technological measures for detecting users who deal in child pornography.

The companies have pledged a combined $1 million in initial funding to the National Center for Missing and Exploited Children (NCMEC) to create the Technology Coalition within the non-profit organization. The group--which includes AOL, Yahoo!, Microsoft, EarthLink and United Online--will research and develop technological tools to combat child pornography, establish a database of signature of illegal images, develop better law enforcement tools, and investigate the tactics of child pornographers and people who exchange images.

SecurityFocus

Posted Tue, Jun 27 2006 18:26 by Don
Filed under:

Authorities in the U.K. and Finland said Tuesday that they had arrested three men suspected of being part of the M00P hacker gang, which has created and distributed numerous worms and Trojan horses for at least the last year.

TechWeb
Posted Tue, Jun 27 2006 16:43 by Don
Filed under:

Police in London, acting in conjunction with Finnish law-enforcement authorities, arrested three suspected virus writers on Tuesday.

A 63-year-old man in Suffolk, a 28-year-old man in Scotland, and a 19-year-old man in Finland were arrested in connection with "an international conspiracy to infect computers using viruses attached to unsolicited commercial e-mail," a representative for the Metropolitan Police said.

ZDNet News

Posted Tue, Jun 27 2006 15:40 by Don
Filed under:

Microsoft on Tuesday said it had completed the pilot phase for WGA Notifications, officially rolling out the anti-piracy reminders to Windows XP users worldwide. The company has made minor changes to the program in response to customer concern regarding its "phone home" functionality.

BetaNews
Posted Tue, Jun 27 2006 14:27 by Don
Filed under:

GreenBorder Technologies, a venture-backed start-up,  to release a consumer security tool that puts Microsoft's IE in a virtual sandbox. Called GreenBorder Pro, the product uses virtualization technology similar to what researchers at antivirus companies have been using for years. In a virtual environment, malicious software is allowed to execute, but it can't touch the underlying operating system.
Posted Tue, Jun 27 2006 5:14 by Don
Filed under:

Claria will stop displaying GAIN pop-up and other ads on July 1, 2006 and will stop supporting all GAIN Supported Software on October 1, 2006.

Posted Mon, Jun 26 2006 5:42 by Don
Filed under:

Websense® Security Labs™ has received reports of users being lured to install malicious code via Short Message Service (SMS) messages (also known as text messages). Victims receive an SMS message on their mobile phone, thanking them for subscribing to a fictitious dating service. The message states that the subscription fee of $2.00 per day will be automatically charged to their cell phone bill until their subscription is cancelled at the online site.
Posted Sun, Jun 25 2006 5:31 by Don
Filed under:

Symantec said Friday it's "focused" on delivering a response to Windows Live OneCare before the end of the year, but if a summer beta reveals problems that would delay the subscription service beyond November, it may hold the software until 2007.
Full Story on TechWeb
Posted Fri, Jun 23 2006 15:12 by Don
Filed under:

Secunia Advisory:
SA20787
Release Date: 2006-06-23

Software: Opera 8.x
Description:
VigilantMinds has reported a vulnerability in Opera browser, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow when processing JPEG images. This can be exploited to cause a buffer overflow via a specially crafted JPEG image.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 8.54. Prior versions may also be affected.

Solution:
Upgrade to version 9.0.
More Posts Next page »