DP's Security Bits

LogMeIn, a remote access and support services provider, this week said it plans to offer a service that gives laptop owners a way to mitigate the disaster of a lost or stolen machine.

LogMeIn's Instant Shredding service, due out early next year, enables users to have their data encrypted or deleted if their notebook PC is stolen or lost, said Michael Simon, CEO of the Woburn, Mass.-based vendor. Users of LogMeIn's remote backup service, which provides a continuous remote mirror of hard-drive data, also can choose to erase all traces of data from stolen laptop hard drives, he added.

Story at crn.com 

A group of software engineers with ZERT has issued what it characterizes as an interim patch for the VML exploit, possibly closing the door to a new series of Trojans. In so doing, a new group resurrects some old questions about whether third parties should be trusted to patch Microsoft products.

Betanews 

Technology giant Hewlett-Packard's CEO Mark Hurd announced on Friday that he would replace the board's chair Patricia Dunn immediately and apologized for the extent of the spying that took place in the chairwoman's investigation of media leak on the board of directors.

Story at securityfocus.com 

The Mac maker releases an update to fix critical flaws that could allow attackers to remotely take control of a system and denies the flaws were demonstrated at the Black Hat Security Briefings.

Securityfocus 

A tweaked version of the Firefox browser that makes Web browsing anonymous has been released by a group of privacy-minded coders.

Every few minutes, the Torpark browser causes a computer's IP (Internet Protocol) address to appear to change.

Torpark's creators, a group of computer security gurus and privacy experts named Hactivismo, said they want to expand privacy rights on the Internet as new technologies increasingly collect online data.

Infoworld 

Dell and Symantec are teaming up to deliver protection for Microsoft Exchange-based e-mail systems, the companies plan to announce Wednesday.

The Round Rock, Texas, PC and server maker and the Cupertino, Calif., software vendor are combining their products in an offering dubbed Secure Exchange. The product is designed to take time and complexity out of running a secure, reliable Microsoft Exchange e-mail system with archiving capabilities, the companies said.

Story at news.com.com 

Green Border Technologies Inc. on Monday updated its virtual sandbox to support Firefox so that users of that browser can block malware from reaching the operating system and "wipe" the application's slate clean after a surfing session.

In June, Green Border introduced a consumer version of its enterprise-grade sandbox, but supported only Microsoft's Internet Explorer out of the gate. Version 2.9.2, however, adds Firefox to the list.

TechWeb 

Online attackers have created an instant-messaging bot program that chains together a number of executable files, similar to the combination moves in fight games, depending on the attacker's need.

Securityfocus 

You've tried blacklisting. And whitelisting. And half a dozen content-filtering tools. But every day, you and your users still paw through multiple spam messages, trying to find the stuff that's real email.

There's gotta be a better way, you say. And a couple of researchers at Georgia Tech think they've found it.

Story continues at darkreading.com 

September 12, 2006

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

Critical Bulletins:
 
MS06-054 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)

Important Bulletins:

MS06-052 - Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)

Moderate Bulletins:

MS06-053 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

Re-Released Bulletins:

MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883)

MS06-042 - Cumulative Security Update for Internet Explorer (918899)

Security Advisories:

Microsoft Security Advisory (922582)
Update for Windows
 
Microsoft Security Advisory (925143)
Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities

 
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

This is the most comprehensive beta program that GRISOFT has launched for its users to test. AVG Internet Security 7.5 is a comprehensive suite of computer security tools – tools users need to protect themselves again a growing cyber and computer threats including worms, viruses, Trojans, spam and keyloggers. The new security solution incorporates anti-spyware, easy to use personal firewall, spam filter, anti-phishing tools, as well as an updated version of AVG Anti-Virus. As with all other AVG products, AVG Internet Security offers automatic high-speed updates, and it provides complete protection while consuming low levels of system resources.

Story continues