August 2006 - Posts

Windows patch, iPod exploited in e-mail scams


Fake Windows security patches and rogue iPod invoices have been making the rounds this week as spammers continue trying to fool people into installing Trojans on their PCs.

Internet threat-monitoring firm Websense issued an advisory on Wednesday about a fake e-mail that encourages recipients to install a patch to fix a Windows vulnerability described in Microsoft security bulletin MS05-039.

Story at news.com.com


Posted Thu, Aug 31 2006 15:57 by Don | with no comments
Filed under:

Latest polymorphism hides viruses better

A virus that infects AMD64-based Windows systems uses some tricky techniques to make defensive reverse engineering more difficult, security firm Symantec said this week.

The virus, dubbed W64.Bounds, is not spreading in the wild, but was submitted as a proof of concept to antivirus researchers. The program is not easy to detect because it encrypts itself using a new algorithm and exploits a Windows feature available only on AMD64 systems to control execution, Peter Ferrie, senior antivirus researcher for Symantec, said in a post on the company's research blog.

Securityfocus


Posted Wed, Aug 30 2006 13:59 by Don | with no comments
Filed under:

Watchdog group warns against AOL's free software


Dealing yet another blow to AOL, a leading software watchdog group warned users away from AOL's free client software Monday on the ground that it displayed characteristics consistent with "badware."

The term badware describes a wide array of downloadable applications that try to install extra components on a computer without clearly informing users of what they are or what they will do.

Story at news.com.com


Posted Tue, Aug 29 2006 17:42 by Don | with no comments
Filed under:

Most Damaging Attacks Rely On Stolen Log-ins


More than 8 out of every 10 computer attacks against businesses could be stopped if enterprises checked the identity of not only the user, but also the machine logging onto its network, a report released Monday claimed.

The study, conducted by a California research firm and paid for by BIOS maker Phoenix Technologies, used data from cases prosecuted by federal authorities between 1999 and 2006 to reach its conclusions.

Read story at techweb.com
Posted Mon, Aug 28 2006 18:34 by Don | with no comments
Filed under:

Security Vendors Mad About 'Consumer Reports' Test Methods


Consumer Reports, the independent product review and rating publication, was slammed Friday for using what security experts called "mind-boggling" and "useless" tests of anti-spyware software in its current on-the-stand issue.

"This is beyond anything I've ever seen," said Alex Eckelberry, chief executive of Sunbelt Software, a Clearwater, Fla. security company. "They ran a test that is not a full test of anti-spyware software capability. Consumer Reports scanned for and removed functionality that isn't even real. When I heard what they did, I went 'huh? They did what?' This is just mind-boggling."

Story at techweb.com


Posted Sun, Aug 27 2006 7:15 by Don | with no comments
Filed under:

Verizon gaffe lets customer details slip


Verizon Wireless this week accidentally distributed a file with limited details on more than 5,000 customers outside the company, potentially giving identity thieves a toehold.

The Microsoft Excel spreadsheet file was e-mailed on Monday and includes names, e-mail addresses, cell phone numbers and cell phone models of 5,210 Verizon Wireless customers, going by a copy of the file obtained by CNET News.com. All of the customers have Motorola Razr phones, according to the spreadsheet.

Read story at news.com.com


Posted Sat, Aug 26 2006 6:32 by Don | with no comments
Filed under:

The danger of "free"

Searching for free stuff on the Internet? Beware what you find.

That's the message form Web safety firm SiteAdvisor. Building on a Wall Street Journal analysis of the 20 million search queries leaked by America Online that found "free" to be the most popular search term, SiteAdvisor warned that the results produced by such searches frequently lead to malicious Web sites.

"Often, so-called 'free' items are anything but free," the company, recently bought by security firm McAfee, stated in its advisory. "Free screensaver and games sites are notorious for bundling spyware and adware with downloads... Free e-card sites often share users' e-mail addresses with third parties and can lead to a never-ending influx of spam... Ringtone sites frequently lure consumers with misleading offers of free tones that ultimately lead to automatic enrollment in paid subscriptions."

Story at securityfocus.com


Posted Fri, Aug 25 2006 18:32 by Don | with no comments
Filed under:

Microsoft Security Advisory Notification


Issued: August 24, 2006

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (923762)
  - Title: Microsoft Security Advisory (923762): Long
    URLs to sites using HTTP 1.1 and compression Could Cause
    Internet Explorer 6 Service Pack 1 to Unexpectedly Exit
  - Revision Note: Advisory updated to direct customers to the
    revised version of Microsoft Security Bulletin MS06-042 that
    includes new updates for Internet Explorer 6 Service Pack 1.   

Support:

Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
Posted Thu, Aug 24 2006 17:02 by Don | with no comments
Filed under:

IBM to acquire Internet Security Systems


Big Blue agrees to buy the computer security firm for $1.3 billion in an all-cash deal, the fifth largest acquisition for the technology giant.

Securityfocus
Posted Thu, Aug 24 2006 12:08 by Don | with no comments
Filed under:

Microsoft Security Bulletin Minor Revision


Issued: August 22, 2006

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS06-042

Bulletin Information:

* MS06-042

   - Reason for Revision: Bulletin caveats updated with additional
    information regarding the release status of revised Internet
    Explorer 6 Service Pack 1 updates, as well as the release of
    Security Advisory 923762.   
  - Originally posted: August 8, 2006
  - Updated: August 22, 2006
  - Bulletin Severity Rating: Critical
  - Version: 1.2
       
Support:

Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
Posted Wed, Aug 23 2006 18:07 by Don | with no comments
Filed under:

Microsoft Security Advisory Notification


Issued: August 22, 2006

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (923762)
  - Title: Microsoft Security Advisory (923762): Long
    URLs to sites using HTTP 1.1 and compression Could Cause
    Internet Explorer 6 Service Pack 1 to Unexpectedly Exit
  - Revision Note: Advisory Published   

Support:

Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131
Posted Wed, Aug 23 2006 16:54 by Don | with no comments
Filed under:

Yahoo adds phishing shield


Yahoo is testing a new security feature that lets users customize their login page, a measure designed to thwart information-thieving phishing scams.

The new feature lets users create a unique "sign-in seal" on a specific PC. This seal, a text message or photo, will be displayed on the Yahoo login page when visited with that computer, according to a description of the feature on Yahoo's Web site.

Story at news.com.com


Posted Tue, Aug 22 2006 15:57 by Don | with no comments
Filed under:

Java Plugin and Web Start Version Specification Security Issue


Description:
A security issue has been reported in Sun Java Plugin and Sun Java Web Start, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused by an error that allows applets and applications to run with a version of the JRE that it is not specified to run with (e.g. that does not have the latest security fixes).

The security issue affects:
* Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later.
* Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2.
* Java Web Start 1.2, 1.0.2, 1.0.1, and 1.0.

Solution:
Updated to a fixed version.

- Java Plug-in --

Windows:
Update to Java Plug-in 5.0 Update 6 or later.

Linux/Solaris:
The vendor recommends using the latest JRE releases and to remove all symbolic links to earlier versions of Java Plug-in from the browser "plugins" directory.

-- Java Web Start --

Update to Web Start 5.0 Update 6 or later.

http://secunia.com/advisories/21570/
Posted Tue, Aug 22 2006 12:16 by Don | with no comments
Filed under:

Search Engine Tool Gets You Lost In The Crowd


Web developers at Unspam Technologies Inc. have created a new tool that helps consumers protect their privacy by sending erroneous search data to AOL, Ask, Google, MSN, and Yahoo on their behalf.

Unspam CEO Matthew Prince said "Lost In The Crowd" took one week to build. The company built the tool in response to the recent AOL Inc. debacle, where thousands of subscribers found their search data had spilled onto the Internet.

Read story at techweb.com
Posted Mon, Aug 21 2006 18:08 by Don | with no comments
Filed under:

Wikipedia "Vandalism" Entry Vandalized


The Wikipedia page on "vandalism" was vandalized Saturday, prompting the online encyclopedia to lock down the entry.

"On or around 19:25, 19 August 2006 (UTC), the article page associated with this talk page was linked from Fark, a high-traffic Internet site," the Wikipedia entry read Monday. Another box near the top of the entry stated "Because of vandalism, editing of this project page by anonymous or newly registered users is disabled."

TechWeb
Posted Mon, Aug 21 2006 13:59 by Don | with no comments
Filed under:

Novell aims to make Linux security easy


With its latest entry into the Linux desktop market, Novell plans to make Linux more secure and make that security easier to manage, company officials said at the LinuxWorld conference.

The software maker decided against adopting security modifications to the Linux kernel developed by the National Security Agency, known as SE Linux, because of the system is extremely difficult to configure. Instead, the Waltham, Mass. firm developed a framework for restricting applications known as AppArmor, which it released as an open-source project in January.

Securityfocus


Posted Fri, Aug 18 2006 17:17 by Don | with no comments
Filed under:

Microsoft To Fix Patch That Crashes IE

Microsoft Corp. has confirmed that it will re-release a security bulletin issued last week because it's making some users' browsers crash when they visit certain sites.

The MS06-042 bulletin, which fixed 8 flaws in Internet Explorer 5.01 and 6, will be recrafted, then re-released next Tuesday, Aug. 22, a company security program manager said Wednesday.

Techweb

Posted Fri, Aug 18 2006 10:53 by Don | with no comments
Filed under:

10 Free Ways To Keep Your PC Safe


From the moment you turn on your PC until the moment you turn it off, it's under assault. Hackers try to break into it; viruses, Trojans and worms try to crawl into it; spyware tries to watch everything you do. Then there are wireless dangers, snooping co-workers, and worse.

What to do? You could spend hundreds or thousands of dollars on software and services, and spend countless hours trying to keep yourself safe...or you could instead read on. We'll show you ten simple ways to protect your PC without spending a penny.

TechWeb


Posted Thu, Aug 17 2006 11:05 by Don | with no comments
Filed under:

Groups file FTC complaints against AOL


The Electronic Frontier Foundation and the World Privacy Forum filed separate legal complaints with the Federal Trade Commission this week claiming that America Online engaged in unfair and deceptive trade practices when the company posted its users' search data online.

On Wednesday, the World Privacy Forum filed a 19-page brief criticizing AOL's release of three-months of search data--totaling about 20 million queries--to its Web site. While AOL hid users' information using random ID numbers, information contained in the actual searches allowed the New York Times to identify one woman and could likely lead to the names of hundreds of users. The Electronic Frontier Foundation filed its own complaint to the FTC earlier this week.

Securityfocus


Posted Thu, Aug 17 2006 11:03 by Don | with no comments
Filed under:

Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update


A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006. The new update will be available on the Microsoft Download Center and by using Windows Update. Customers who are using any version of Internet Explorer other than Internet Explorer 6 Service Pack 1 together with any Windows version are not affected by this release and do not have to take any action. We recommend that customers who are not experiencing this issue continue to deploy security update 918899 in their environments to receive protection from the vulnerabilities that are documented in security bulletin MS06-042. Customers who experience this issue should apply the new security update when it is available. Customers who want to avoid the issue before the new security update is available may apply hotfix 923762.
Posted Wed, Aug 16 2006 5:11 by Don | with no comments
Filed under:
More Posts Next page »