|
Security Headlines
Back
July 31, 2005
Five High-Tech Tactics Identity Thieves Employ (Yahoo/SmartMoney)
Identity thieves don't need to dumpster-dive anymore. Thanks to
new technologies, your data can land in the wrong hands while you're
surfing the Web or even buying gas. Here are five of the latest
high-tech forms of identity theft.
Spyware Remediation: It's Not "Mission Impossible" (WatchGuard)
Small and medium businesses are ripe targets for spyware, but they
don't have to remain so. SMBs can implement an effective anti-spyware
program without making a large-enterprise-sized investment. By adopting
programs and practices recommended here, and carefully selecting
legitimate anti-spyware helpware, you can mount an effective defense
against this serious problem. Follow the steps below and you'll break
spyware's stranglehold on your network.
_____________________________________________________________________________________
July 30, 2005
What's Risky about E-mail Attachments? (WatchGuard)
It's a typical busy day at the office. Reading your e-mail
between crises, you quickly delete that spam message that arrived with a
snappy graphic, you file away the Word-formatted resume, and you save
for later an MP3 tune from your brother. In those few moments, a quickly
propagating e-mail virus could infect and destabilize your computer, or
even erase your hard drive. All of those attacks could be carried in
attachments -- files or data that are added after the main body of
e-mail messages.
_____________________________________________________________________________________
July 29, 2005
Cisco's Black Hat Actions Spark Mixed Reactions (eWeek)
The wrangle between Cisco and a former ISS researcher has caused
mixed reactions about responsible disclosure, Cisco's security patch
policies, and even the strength of the Internet itself.
Hackers Tinker With Microsoft Program (AP)
Days after Microsoft Corp. launched a new anti-piracy program,
hackers have found a way to get around it. The software company's new
program, called Windows Genuine Advantage, requires computer users to go
through a process validating that they're running a legitimate copy of
the Windows operating system before downloading any software updates
except for security patches.
Cisco
IOS IPv6 Vulnerability (TigerTools)
Cisco IOS IPv6 processing functionality contains a vulnerability
that could allow an unauthenticated, remote attacker to execute
arbitrary code or cause a denial of service.
Cisco Comes Clean on Extent of IOS Flaw (eWeek)
Cisco Systems Inc. on Friday confirmed that a security hole in
its Internetwork Operating System could be exploited by remote attackers
to execute arbitrary code.
The Inside Story on Security Breaches (NewsFactor)
Security experts warn that lax enterprise attitudes toward
intrusion protection are exposing corporate networks to unnecessary risk
of data theft by hackers.
Cisco Settles Dispute With Security Researcher (System Management
Pipeline)
Internet Security Systems has reached a settlement with the networking
powerhouse over a researcher who quit his job to deliver a speech at the
Black Hat security conference on a purported potential vulnerability in
Cisco router software.
Researcher Defends Decision to Spill Beans on IOS Flaw (eWeek)
A former Internet Security Systems Inc. researcher sued by Cisco Systems
Inc. and ISS after he revealed the details of a serious flaw in Cisco's
Internet Operating System responded to the lawsuit Thursday, saying that
he was complying with a Federal District Court order to stop talking
about the flaw but did not regret breaking ranks with his employer and
disclosing the hole.
Court Upholds Internet Obscenity Ban (Information Week)
An appellate court said the plaintiff, a photographer specializing in
pictures of sadomasochistic sexual behavior, failed to provide
sufficient evidence that the 1996 Communications Decency Act was
un-Constitutional.
Geeks Meet at 'What the Hack' Conference (Security Pipeline)
There are hundreds of tents on the hot and soggy campground, but
this isn't your ordinary summertime outing, considering that it includes
workshops with such titles as "Politics of Psychedelic Research" or "Fun
and Mayhem with RFID." _____________________________________________________________________________________
July 28, 2005
Treat Windows Vista As A Massive Security Patch (Security Pipeline)
Microsoft's Vista offers a unique security value as it boasts the
ability to better address exposures in previous systems. But it also
gives hackers a template to attack earlier OS versions.
Researcher: CPU No-Execute Bit Is No Big Security Deal (TechWeb)
The no-execute feature that's been folded in the newest
processors to ward off malicious attacks isn't the panacea that some
users think it is, according to a security researcher at the Black Hat
conference.
Investors Warned About Accessing Accounts Via Wi-Fi (TechWeb)
The National Association of Securities Dealers is warning
investors against using public Wi-Fi connections for accessing online
accounts, saying they risk confidential information being stolen by
cyber criminals.
IDefense Ups Ante on Bug Bounties (NewsFactor)
Some application developers and security vendors do pay for
critical-flaw tip-offs. But prior to TippingPoint's announcement,
iDefense was considered the only vendor with an extensive payment
strategy, said Secunia security researcher Thomas Kristensen.
'Shadow Walker' Pushes Envelope for Stealth Rootkits (eWeek)
Just when anti-virus vendors think they have a bead on the threat
from stealth rootkits, along comes word that a pair of researchers have
discovered a new way to hide malicious programs.
Man accused of "world's biggest hack" fights extradition (SC Magazine)
The man accused of the world's biggest hack began extradition
charges yesterday in a bid to stay out of the clutches of U.S. law.
Price War: iDefense Doubles Bounty for Security Flaws (eWeek)
The decision by 3Com Corp.'s TippingPoint division to pay for the
rights to information on software vulnerabilities has triggered an
immediate response from iDefense Inc., the company that previously held
a monopoly on the flaw bounty business.
PGP inventor reveals secure interent telephony (SC Magazine)
The man behind Pretty Good Privacy (PGP) has come up with a
prototype for an encrypted internet telephone.
_____________________________________________________________________________________
July 27, 2005
PGP Inventor to Encrypt Net Calls (AP)
The creator of a well-known tool for keeping e-mail safe from
prying eyes is now working on a program that he says will help stop
eavesdroppers from listening in on Internet-based phone calls.
Red Hat
Enterprise Linux 4 kdelibs security update (TigerTools)
kdelibs contains libraries for the K Desktop Environment. A flaw
was discovered affecting Kate, the KDE advanced text editor, and Kwrite.
Depending on system settings, it may be possible for a local user to
read the backup files created by Kate or Kwrite.
Cisco 'Cover Up' Ignites Black Hat Controversy (CRN)
A deal between Cisco and Internet Security Systems to pull a talk
about Cisco vulnerabilities at the Black Hat conference in Las Vegas
Wednesday has attendees crying cover up and led to the resignation of a
prominent researcher.
Symantec Sends AntiVirus 2006 Into Beta (TechWeb)
Symantec releases a public beta of the 2006 edition of its
flagship Norton AntiVirus for free downloading.
Experts attack 3Com bounty program (SC Magazine)
3Com's bounty hunter-esque reward program has been blasted by
industry experts for being not quite as well-intentioned as first
thought.
Woman held over spammer death (SC Magazine)
A woman is being held in connection with the violent death of
mega-spammer Vardan Kushnir.
SANS Report: Security Threats Increase in Q2 (NewsFactor)
Of particular concern to SANS is the fact that popular back-up
products have come under increased attack by malicious hackers. Issues
with Computer Associates and Veritas products appear on SANS' list of 20
most critical vulnerabilities for the period.
Several
Red Hat Network Alerts Containing Updates Were Released (TigerTools)
From low to critical, several alerts have been released. Be sure to
run the Update Agent.
_____________________________________________________________________________________
July 26, 2005
Hackers Looking Hard For Anti-virus Software Vulnerabilities (TechWeb)
Hackers are increasingly interested in digging up dirt on
enterprise defensive software. A pair of security researchers explains
why anti-virus software vendors and their customers should worry.
The Changing Threats Facing Today's Networks (Security Pipeline)
The days when distributed computing just meant users on different
floors sharing the same server are long gone. Thanks to the advent of
IP, wireless, and a host of security technologies that have expanded the
bounds of the enterprise, a distributed corporate network can wrap
around the block or around the world. With that expansiveness comes an
incredible flexibility that has spawned entirely new business models.
Be aware! Spyware is everywhere (SC Magazine)
Spyware now accounts for up to eight percent of outbound web
traffic, according to a report.
Microsoft Requires Windows Piracy Checks (PC World)
Users will have to validate their OS before using Microsoft's
download services.
Unbeatable spammer takes beating, dies (SC Magazine)
Spam behemoth Vardan Kushnir has emailed his last Russian after
being bludgeoned to death on Sunday.
Personal websites - a hacker's paradise (SC Magazine)
Free personal web hosting is providing a safe-haven for hackers,
spammers and wielders of malicious code.
Microsoft Cracks Down on Software Piracy (NewsFactor)
Microsoft has kicked off a new program aimed at severely
curtailing the ways people using pirated copies of its Windows operating
system can get software updates.
TSA Charged With Violating Privacy Laws In Probe (Information Week)
The Transportation Security Administration violated privacy
protections by collecting personal information on at least 250,000
people, according to Congressional investigators.
Bill Would Impose Tax On Internet Porn (Security Pipeline)
A Democratic lawmaker is planning to propose a new 25 percent
federal tax on Internet pornography and new requirements for adult Web
sites to help prevent children from looking at them.
Professors' Product Protects Web Passwords (Information Week)
Pwdhash scrambles passwords typed into Web sites, then creates a
unique sign-on for each site visited.
_____________________________________________________________________________________
July 25, 2005
Professors Make Password Protection Product (AP)
The increase in identity theft has prompted two Stanford
University professors to develop software that protects computer
passwords from Internet thieves.
Symantec: SQL Server Port Under Heavy Scanning (Security Pipeline)
Symantec issued an alert that it had detected unusual amounts of
scanning of a port normally associated with Microsoft SQL Server, a
possible precursor to an attack.
Oregon Duo Charged With Selling Hot HP Gear on EBay (TechWeb)
A pair of Oregon men have been charged with stealing $300,000
worth of electronic equipment from Hewlett-Packard while working in the
company's Equipment Recovery Program, then selling some of it on eBay.
Spam, Worms, And Spyware Flourished In Spring, Says Report (Information
Week)
There were 422 new vulnerabilities discovered in the second
quarter, up 20% from the same time last year, according to SANS
Institute.
Hackers Spreading Spyware From Free Personal Web Sites (TechWeb)
Attackers are using free personal Web hosting sites provided by
nationally- and internationally-known ISPs to store their malicious
code, and to infect users with worms, viruses, and spyware, a security
firm said Monday.
Sexually explicit mail - an office superbug (SC Magazine)
Over a third of office computer users are sending or receiving
sexually explicit or racist mail, putting their companies at risk.
Airborne Viruses: Real Threat or Just Hype? (NewsFactor)
When it comes to viruses, worms and other forms of malware
infecting smartphones and PDAs, security vendors have been warning of
the possible dangers for months.
Administration Addresses Copyright Piracy (Information Week)
Christian Israel is appointed to a new position to coordinate
U.S. efforts to combat foreign intellectual-property theft.
Congress: Government Broke Privacy Laws By Collecting Commercial Data
(Security Pipeline)
The Transportation Security Administration violated privacy
protections by secretly collecting personal information on at least
250,000 people, congressional investigators said Friday.
Pressure Builds For U.S. To Use More Surveillance Cameras (Information
Week)
The calls have come over the last few weeks as British
investigators released surveillance footage of the bombers in the deadly
July 7 attacks and then put out frames of suspects in Thursday's failed
attacks.
TSA 'broke rules on data privacy' (SC Magazine)
The U.S. Transportation Security Administration (TSA) broke
privacy rules by secretly collecting information on at least 240,000
people, according to a letter sent by the Governmental Accountability
Office (GAO) to congress.
SonicWALL Unveils New SSL VPN Line (Security Pipeline)
SonicWALL, Inc. has unveiled a new line of secure sockets layer
virtual private network (SSL VPN) appliances designed to support an
unlimited number of concurrent users at no additional cost.
SANS report flags backup software flaws (SC Magazine)
Flaws in data back-up products were among the software problems
cited as most serious in a quarterly update of the SANS top 20 most
critical vulnerabilities released Monday.
3Com targets zero-day threats with reward program (SC Magazine)
In an effort to thwart zero-day attacks, 3Com is launching a
program that rewards security researchers for finding vulnerabilities.
_____________________________________________________________________________________
July 24 , 2005
LAPD Recruits Computer to Stop Rogue Cops (AP)
Dogged by scandal, the Los Angeles Police Department is looking
beyond human judgment to technology to identify bad cops. This month,
the agency began using a $35 million computer system that tracks
complaints and other telling data about officers - then alerts top
supervisors to possible signs of misconduct.
Protecting Pocket PCs (WatchGuard)
By 2007, Internet access via 802.11, Bluetooth, and 3G wireless will
be embedded in 75 percent of Personal Digital Assistants sold. Many of
those PDAs will run Microsoft operating systems like Pocket PC 2002,
Windows Mobile 2003, or their descendents. High-speed connectivity,
combined with a familiar computing environment, will increase
productivity for mobile professionals. But these advances also create a
perfect breeding ground for trouble.
Pressure on U.S. to Use More Surveillance (AP)
Pressure is building for greater use of video cameras to keep watch
over the nation's cities - particularly in transportation systems and
other spots vulnerable to terrorism - after the bombings in London.
_____________________________________________________________________________________
July 23, 2005
Anatomy of a Cross-Site Scripting Attack (WatchGuard)
Cross-site scripting is the Web corollary of the Hydra, and like
the mythological creature, the Web Hydra has many heads. Cross-site
scripting attacks are perpetrated through Web browsers facilitated by
poorly written Web applications. No vendor operating system, Web server,
or browser can claim immunity from cross-site scripting, largely because
the root cause of the problem lies elsewhere. Attackers don't need to be
really clever or particularly selective to succeed with a cross-site
scripting attack: casual reviews of well known Web sites show many are
vulnerable to cross-site scripting.
_____________________________________________________________________________________
July 22, 2005
Virus Writers Adopting Stealth Strategy (TechWeb)
There's good news and bad news: Symantec says there has been a
big decrease in network-damaging viruses and an increase in less
destructive Trojans.
Small Businesses Increasingly Vulnerable To Security Threats (TechWeb)
As small businesses begin to depend on increasingly sophisticated
technologies to run their operations, they are also leaving themselves
wide open for security threats, according to a new survey by the Small
Business Technology Institute and Symantec Corporation.
CSOs Worry About Digital Pearl Harbor (NewsFactor)
Responding to a question about recommended actions to safeguard
against identity theft, 64 percent of CSOs suggested installing software
that prevents keystroke-logging and 88 percent suggested installing a
firewall.
Oracle reprimanded over lack of patches (SC Magazine)
Security researchers hit out at database vendor Oracle by
releasing details of workarounds for six security vulnerabilities that
remain unpatched.
Hacker Mitnick Advises on Security (PC World)
'Social engineering' gets an intruder further than coding--but is
preventable, he says.
Wireless hacker cut down to size (SC Magazine)
A man has been successfully tried as the U.K's first conviction
for using someone else's wireless connection.
Bogus iTunes file spreads worm through IM (SC Magazine)
A new worm disguised as an iTunes file is slowly infecting AOL
Instant Messenger users.
Administration Addresses Copyright Piracy (AP)
The Bush administration said Friday it created a new position to
coordinate government efforts to combat the foreign theft of copyrighted
products.
310 arrested in mammoth 419 scam manhunt (SC Magazine)
Over 300 people have been arrested in Spain in a massive 419 manhunt.
Let John the Ripper Audit Your Passwords (WatchGuard)
John the Ripper (JtR) is a free password-cracking program popular
amongst hackers and security experts alike. Provide John with an
encrypted password file, and it will rip the file apart until it knows
every password for every user on your network. JtR employs methods such
as dictionary attacks, where it tries thousands of words from a wordlist
in hopes of finding a match, or brute force, where it systematically
experiments with millions of character combinations until it stumbles
upon a password. If you think your user's passwords are safe, 24 hours
with John the Ripper might show you otherwise.
Millions stolen in Japanese spyware heist (SC Magazine)
Nearly 10 million Yen ($91,000) has been robbed from Japanese bank
accounts due to a 'Spyware bug'.
_____________________________________________________________________________________
July 21, 2005
New Steps to Reduce Identity Theft (PC World)
Visa and U.S. Chamber of Commerce launch a nationwide campaign to
educate businesses about consumer data security.
Oracle Lags In Security Fixes, German firm says (TechWeb)
A German security firm says Oracle has failed to fix security
flaws in its products, despite knowing about the vulnerabilities for as
long as two years.
Lost Dog Scams Bite Online Users (TechWeb)
Scammers have taken a traditional double-cross played on owners of lost
dogs to the Internet
European business fail to take security seriously (SC Magazine)
Businesses in Europe are adopting a "lackluster approach" to
security of data and systems, according to a new study.
Court stops spam man (SC Magazine)
A federal court in Perth, Western Australia, has issued interim
injunctions under the Spam Act against Clarity1 Pty Ltd and its managing
director Wayne Mansfield to stop them from sending unsolicited emails.
The end of CardSystems? (SC Magazine)
The president of CardSystems has claimed his company could be put out
of business if Visa and American Express pull out of business with them.
More Incidents In London: Report (TechWeb)
Reports Thursday morning from the BBC indicate that there have been
explosions at three London Underground stations. Emergency services have
been called to the stations, which have been evacuated. There are also
reports of a possible explosion on a bus.
New Spam-Fighting Technique Criticized (Messaging Pipeline)
"It's the worst kind of vigilante approach."
Spam king turns back on spam (SC Magazine)
Spam king Scott Richter has cleaned up his act and turned his back on
spam.
_____________________________________________________________________________________
July 20, 2005
Finjan licenses security patents to Microsoft (SC Magazine)
Internet security company Finjan has agreed to license selected
security patents to Microsoft. Microsoft will also take a small stake in
the security company.
Buggy Firefox Extension Should Be Deleted (TechWeb)
Warnings are going out about a popular Greasemonkey extension to
Mozilla's Firefox browser.
Write down your passwords, increase security (SC Magazine)
Security buffs have urged employees to write down their passwords
in hopes that people will not use the same weak phrase repeatedly,
thereby increasing security.
Amex and Visa ditch CardSystems after data breach (SC Magazine)
CardSystems is finding out just how painful poor security is
after major credit-card companies moved to cut ties with the data broker
and payment processor.
Small businesses vulnerable to cyberthreats (SC Magazine)
Poor patch management and other security deficiencies put small
and midsize businesses at risk of internet attacks, according to a
survey released Wednesday by Computer Associates International.
Worm Posing as iTunes Reported (NewsFactor)
The creation of a worm that capitalizes on iTunes' popularity is
another indication that virus and worm writers have been focused more
than ever on keeping up with current news and using it for
social-engineering tactics, noted Sophos security consultant Carole
Theriault.
Visa, Amex Cut Ties With CardSystems (Information Week)
The credit-card giants are cutting ties with the
payment-processing company that recently left 40 accounts vulnerable to
hackers in one of the biggest consumer data-security breaches ever.
270,000 at risk after USC hack (SC Magazine)
The University of Southern California (USC) has warned 270,000
applicants their personal information may have been compromised after
its systems were hacked.
Trojan Code: Beware of Geeks Bearing Gifts (WatchGuard)
Remember the Trojan Horse story? ... Ancient history? Not entirely.
Trojans can still lead to the downfall of your own network unless you're
careful. This month a new Trojan, distastefully named Brown Orifice
HTTPD (BOH), followed other unpleasantly named Trojans, such as Back
Orifice (BO) and Deep Throat, into notoriety. What makes these programs
so dangerous is that once inside your system's "city walls," they can
slip out through your Firebox undetected--if you don't prevent them from
being installed in the first place. This ability to create a secret
connection, especially one piggybacking on another permitted protocol,
is called tunneling.
_____________________________________________________________________________________
July 19, 2005
Bank Satisfies Feds' Security Mandates With A RAID (Security Pipeline)
An Iowa bank pacified regulators and fortified its backup and
restore strategy by investing in iSCSI-based RAID.
Bill Puts Spotlight Back On Data Theft (TechWeb)
Several prominent U.S. Senators, including the leaders of the
Commerce Committee, have introduced another bill that takes on the
growing online menace of identity and data theft.
Call for Homeland Security Cybersecurity Improvements (PC World)
Recovery plan needed for widespread attack on the Internet,
Senate committee told.
E-Greetings Pose Security Risk (TechWeb)
Cyber criminals are increasingly using e-greetings to lure
consumers into clicking on links that download malicious code into their
computers, a security expert says.
Microsoft Updates Windows AntiSpyware (Security Pipeline)
Microsoft refreshed its Windows AntiSpyware application late
Monday, fixing a problem that prevented some users from updating to new
spyware signature files.
Windows vulnerable to DoS attack (SC Magazine)
A recently discovered defect in Windows has made the software
susceptible to a remotely accessed denial of service attack.
Trojan Loose That Takes On Windows Vulnerability (Security Pipeline)
The first Trojan horse that exploits a still-unpatched
vulnerability in Microsoft Windows has been seen in circulation,
security vendor Symantec said Tuesday.
Attackers Tuck Viruses Into Fake E-Mail Greeting Cards (PC World)
Malicious e-mail messages in general increase 30 percent from
last year.
Email virus hoaxers, cold as Ice (SC Magazine)
Mobile phone viruses are being used as an excuse to send a hoax
email that, ironically, does not actually contain a virus.
NIST gets busy with security draft (SC Magazine)
U.S. Commerce Department's National Institute of Standards and
Technology (NIST) has finalized a draft version of federal government
computer security.
RFID System Prevented A Possible Infant Abduction (Information Week)
VeriChip's "Hugs" Infant Protection System sounded an alarm when
the parents of an infant attempted to remove their baby without
authorization from a hospital's nursery.
Spyware as Corporate Espionage Threat (NewsFactor)
Discovering the prevalence of espionage via spyware is a tricky
endeavor. Many targeted companies might be unaware of such activities,
and those that find the spyware programs might not want to talk about
it.
ISPs versus the zombies (CNET)
Internet service providers face mounting pressure to keep their
networks free of pests--not only for the benefit of their customers, but
also for the good of the Internet in general.
Company porn creates regulatory nightmare (SC Magazine)
IT directors are putting businesses at financial risk by not
enforcing regulation linked to porn prevention in the workplace.
_____________________________________________________________________________________
July 18, 2005
The Need To Focus On Hidden Security Threats (Security Pipeline)
Keeping up with spyware, key loggers, Trojans, exploits and other
malicious software is challenge on its own. And even the best security
efforts may be missing an entire class of susceptible systems: equipment
maintained by third parties.
Free tool calculates cost/benefit of security (SC Magazine)
A new tool aims to help companies figure out the potential return
on IT security spending.
Google turns into ugly security risk monster (SC Magazine)
Google's email policy and rapid growth is making it the security
risk of the century, an expert is warning.
Windows XP Flaw Exposes Users to Denial-of-Service Attacks (NewsFactor)
Microsoft has known of the flaw since May, when the vulnerability
was brought to the company's attention. Microsoft said it will release a
patch in August for the flaw. The software maker has not heard of any
Windows XP users falling prey to the security hole.
Trusted Computing Group releases trusted server spec (eeTimes)
The Trusted Computer Group released its specification for trusted
servers that the group said will strengthen protections for data and
transactions.
Deep sea phishing (CNET)
Scams involving fake e-mail and Web sites are increasingly
originating overseas, making them harder to trace and block.
Spam Slayer: Bringing Spammers to Their Knees (PC World)
Blue Security hopes you'll join thousands of others in an army
capable of crippling spammers' Web sites.
More Must Be Done To Secure Nation's Rails (Security Pipeline)
Railway security in the United States is under scrutiny in the
wake of the London rush-hour bombings, with renewed calls for money to
be spent on technology to protect urban transit systems from terrorists.
Google's Growth Prompts Privacy Concerns (AP)
Google is at once a powerful search engine and a growing e-mail
provider. It runs a blogging service, makes software to speed Web
traffic and has ambitions to become a digital library. And it is
developing a payments service....
_____________________________________________________________________________________
July 17 , 2005
Spyware Risk: It's Time to Get Smart (WatchGuard)
Many users vaguely understand the security risks, privacy
invasions, and performance costs associated with having spyware secretly
and maliciously installed on their computers. Fewer users know the many
forms spyware takes and the truly evil activities it performs. Beyond a
general sense that spyware is uninvited, malicious software, average
users know very little about it.
_____________________________________________________________________________________
July 16 , 2005
Nigeria jails woman in $242 mln email fraud case (Reuters)
A Nigerian court has sentenced a woman to two and half years in
jail after she pleaded guilty to fraud charges in the country's biggest
e-mail scam case, the anti-fraud agency said on Saturday.
Vulnerability Could Lead to DoS (TigerTools)
Vulnerability in Remote Desktop Protocol (RDP) Could Lead to
Denial of Service
3 steps to help ensure your PC is protected (Microsoft)
There are three steps you can take to improve your computer's security.
You can follow the three steps online, or print them for easy reference.
_____________________________________________________________________________________
July 15 , 2005
VeriSign Acquires iDefense (NewsFactor)
"What's really neat about this merger is that VeriSign and
iDefense both have the same approach toward the marketplace and
customers," said John P. Watters, iDefense chief executive.
Phishers Up Ante With 5x Spike In Trojans (TechWeb)
Security experts think a large-scale, coordinated phishing
campaign is being waged by computer criminals, because of a big run-up
in the number of Trojan horses, Trojan horse downloaders, and new
malicious sites.
Firefox marketing site hacked (CNET)
Attack on SpreadFirefox.com, the online hub for Mozilla's Firefox
marketing efforts, may have exposed user data.
Researcher Says Windows XP SP2 Has DoS Bug (TechWeb)
Microsoft Windows XP SP2 has an unspecified bug in its kernel
that could let attackers bring down the machine with a denial-of-service
(DoS) attack, a researcher says.
Trend Micro Payout Didn't Come Ashore (CRN)
In the end, compensation from Trend Micro for a disabling glitch
in a security update back in April went to those most affected, and none
of those were VARs in the U.S.
Asian cyberwar to start mid-August (SC Magazine)
Chinese hackers are limbering up for a cyberattack on Japanese
websites on August 15.
U.S. gives cyber czar more power (SC Magazine)
The Department of Homeland Security (DHS) has upped the cyber
security ante by elevating the position of cyber security czar.
FrontBridge Reports High Spam, Low Virus Traffic In June (Messaging
Pipeline)
Company says new virsues appeared, but at very low levels.
Cybercrime up but losses down - go figure (SC Magazine)
Average cybercrime loses have halved since last year, according to
the 10th annual Computer Crime and Security Survey.
Juniper's Infranet Initiative Gets Backing of Cisco, Others (Security
Pipeline)
The "Infranet" initiative pioneered by Juniper Networks got a big
boost--and a new name--earlier this month. The upgraded initiative,
called IPSphere, now includes a key ingredient for success:
participation by Internet equipment giant Cisco Systems.
VeriSign acquires iDefense for $40 million (SC Magazine)
VeriSign bolstered its managed security services with the acquisition
of security intelligence firm iDefense for about $40 million in cash.
_____________________________________________________________________________________
July 14 , 2005
Cisco warns of security flaws (CNET)
Cisco Systems identified several vulnerabilities in its products
this week that could lead to denial-of-service attacks.
Internet Users Still Getting Scammed, Survey Says (NewsFactor)
In a study of 791 users commissioned by antispam firm Mirapoint,
market research firm The Radicati Group found that the most received
scams were prescription drug offers, financing services, phishing
e-mails and pornography.
Businesses Don't Adequately Monitor Network Risks: Report (Security
Pipeline)
Security company nCircle announced the results of an industry
trend survey showing that although businesses' primary concern is
reducing security risks, they do not have adequate risk-reporting tools
in place, and are not able to measure their level of risk.
Spainish authorities hook phishing mules (SC Magazine)
Four people face charges in Spain in connection with an internet
fraud scheme believed to have been orchestrated in Eastern Europe.
Verisign Acquires Online Security Intelligence Firm For $40 Million
(TechWeb)
VeriSign has acquired online security intelligence company
iDefense for $40 million in cash, the firm says.
Trend Micro Bug Cost $8 Million (TechWeb)
The April release of buggy anti-virus software by Trend Micro
cost the company $8.2 million (903 million yen) and forced it to lower
revenue and profit forecasts for the next quarter, the Tokyo-based
security firm says.
One Solution Alone Doesn't Provide Antivirus Satisfaction (Security
Pipeline)
Electric Mail has seen every major virus outbreak in the last 9
years. That's because the company was one of the first e-mail service
providers in 1994, and the first to provide outsourced e-mail virus
scanning to businesses in 1996. What has changed over this period of
time is the "time to fix" response from the major antivirus vendors, and
things are hardly trending in the right direction.
MP calls for tougher DoS legislation (SC Magazine)
An MP has proposed tougher laws against computer crime in a
presentation to the British Parliament.
Bank of America Corp. rolls out new security system aimed at thwarting
online crooks (AP)
Bank of America Corp. is rolling out a new security system aimed at
thwarting efforts by online crooks to access its customers' accounts.
Passwords will no longer be enough.
_____________________________________________________________________________________
July 13 , 2005
U.S. Cybersecurity Czar Post Created (PC World)
U.S. Homeland Security reorganization includes a position for a
high-level tech champion.
Oracle
Products Contain Multiple Vulnerabilities (TigerTools)
Various Oracle products and components are affected by multiple
vulnerabilities. The impacts of these vulnerabilities include
unauthenticated, remote code execution, information disclosure, and
denial of service.
Australian accused of downloading company secrets (SC Magazine)
An Australian software developer could be out of a job after a
court found he may have intended to share trade secrets about
multi-million deal involving that country's telcom provider. The verdict
may force him out of his job.
Bank of America Adds New Online Security (Security Pipeline)
Stung by recent high-profile security breaches, Bank of America
Corp. is rolling out a new online banking security system aimed at
making it harder for cyberthieves to crack customer accounts.
WLAN Security Market To Hit $278M By 2009 (Security Pipeline)
The WLAN market is set to grow at an annual rate of 30% per year
to nearly $5 billion by 2006, and will drive significant growth in the
WLAN security market, according to the new report "Wireless LAN Security
--- An Industry Outlook" by Research and Markets.
Trial Begins In Credit-Card Hacking Case (Information Week)
In one of the largest computer crime cases ever, a Florida
spammer has gone on trial under a 144-count indictment for allegedly
stealing 8 Gbytes of bank account, Social Security, and credit card
information from database giant Acxiom Corp.
Spammers bypass filters with anti-phishing tech (SC Magazine)
Spammers are using technology designed to prevent phishing to beat
spam filters.
_____________________________________________________________________________________
July 12 , 2005
The Five Top Network Security Secrets (Security Pipeline)
What is the secret to network security? In the wake of recent
high-profile security breaches like at LexisNexis and MasterCard, it's
worth asking what it takes to nail down network security --- and what
are the secrets not everyone knows?
krb5
security update (TigerTools)
Updated krb5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4.
Microsoft Windows, Internet Explorer, and Word Vulnerabilities
(TigerTools)
Microsoft has released updates that address critical
vulnerabilities in Windows, Office, and Internet Explorer. Exploitation
of these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code on an affected system.
Hackers Grow Armies of Zombie PCs (PC World)
Number of systems infected with malicious software has jumped
more than 300 percent, McAfee says.
IT Compliance Institute Launches The Unified Compliance Project
(TechWeb)
Initiative looks to align more than 60 regulations and standards
and deconstruct their requirements into a consolidated IT compliance
view.
Yahoo and Cisco submit email authentication scheme (SC Magazine)
Yahoo and Cisco's joint email authentication technology has
finally been submitted as a standard to the Internet Engineering Task
Force (IETF).
ChoicePoint Exec: No Employees Involved In Breach (Information Week)
No willful mistakes were made in last fall's massive breach of
customer information, according to ChoicePoint's new privacy and
compliance officer, although she concedes that procedures do need
improvement.
Vendors Seek Consensus On Spyware, Adware (Networking Pipeline)
Anti-spyware vendors and consumer groups take a stab at issuing
uniform definitions for "spyware'' and "adware'' but it's unclear how
effective the work will be.
Thieves steal UK government computers (SC Magazine)
The UK government has been hit by over 150 cases of computer
theft in the last year, newly released figures show.
Look for security updates from Microsoft today
(TigerTools)
On July 7 Microsoft released a security bulletin that claims they
will be releasing important security updates on July 12.
Coalition hopes "spyware" definitions lead to better control of machines
(AP)
Anti-spyware vendors and consumer groups took a stab at issuing
uniform definitions for "spyware" and "adware" on Tuesday in hopes of
giving computer users more control over their machines.
_____________________________________________________________________________________
July 11 , 2005
London Bombing Virus Attacks PCs (NewsFactor)
The virus, which can affect Windows 2000, 95, 98, Me, NT, XP and
Windows Server 2003, arrives in an e-mail message with "TERROR HITS
LONDON" in the subject line.
Spammers Most Likely Users Of E-Mail Authentication (TechWeb)
On the eve of an industry summit to discuss how e-mail
authentication can stem the flood of spam, one security firm says that
spammers are already using the protocols -- to slip their junk mail past
filters.
Microsoft denies its antispyware favors Claria (CNET)
Claria gets downgrade in threat level on Microsoft AntiSpyware
beta, as software giant reportedly mulls buying the adware maker.
'Spam Report' Trojan Sparks Warnings (NewsFactor)
Users are told that their e-mail accounts have been used to send
out a "huge amount of unsolicited spam messages during the recent week,"
and are asked to take five to 10 minutes to confirm information that
supposedly is included in an attached document.
Akonix Poll Says Half Of IT Managers Don't Monitor IM Use (Messaging
Pipeline)
"It's remarkable that organizations are still leaving their door
wide open to security attacks and legal repercussions."
Solid State Of Security (CRN)
VAR program tied to technology that lets only the 'good' code run
Linux Gets High Marks For Security (Security Pipeline)
The IT world may be an insecure place, but don't blame Linux. In
fact, very few IT pros say Linux has introduced security problems into
their IT environments.
_____________________________________________________________________________________
July 10, 2005
Hacker May Have Accessed University Applicants' Records (Information
Week)
The University of Southern California is warning 270,000
applicants that a hacker may have gotten access to their files.
Google Wins 'Typosquatting' Dispute (AP)
An Internet arbitrator has awarded Google Inc. the rights to several
Web site addresses that relied on typographical errors to exploit the
online search engine's popularity so computer viruses and other
malicious software could be unleashed on unsuspecting visitors...
_____________________________________________________________________________________
July 9 , 2005
USC: Applicants' Files May Have Been Read (AP)
LOS ANGELES (AP) -- Officials of the University of Southern
California said they will contact everyone who used the school's online
application system in the past eight years to warn them that a hacker
may have been able to read their files...
Sasser Worm Creator's Sentence Suspended (AP)
VERDEN, Germany (AP) -- The teen creator of the "Sasser" Internet
worm, which caused millions of dollars in damage worldwide, won't be
going to jail despite his conviction Friday on charges including
computer sabotage....
_____________________________________________________________________________________
July 8 , 2005
Microsoft Defends Claria Adware Changes (TechWeb)
Microsoft issues an open letter to customers explaining why it
changed how its anti-spyware software handles adware from Claria, a
pervasive brand of adware.
Microsoft Draws Criticism Over AntiSpyware Definitions (TechWeb)
Microsoft quietly changed how its for-free AntiSpyware program
handles a pervasive form of adware, a move that has drawn criticism
because of recent reports that Microsoft is interested in buying adware-maker
Claria.
Nine Indicted In Israeli Spyware Espionage Case (TechWeb)
Indictments were filed by an Israeli prosecutor Thursday against
nine men in the industrial espionage case that involved planting Trojan
horses on rival companies' computers to spy out their secrets.
Targeted
Trojan Email Attacks (TigerTools)
The United States Computer Emergency Readiness Team (US-CERT) has
received reports of an email based technique for spreading trojan horse
programs.
Open-source C++ project offer basics of verification system (EE Times)
Teal, an open-source project on the SourceForge network,
encourages C++ verification strategies by providing a set C++ classes
that access HDL signals and enable actions based on changes in the
values of these signals.
Informants Reap Rewards For Sasser Conviction (Information Week)
Microsoft pays $250,000, though even bounties like this may not
be enough against today's more-sophisticated virus writers
Sasser teen escapes spell in jail (SC Magazine)
The teen behind the Sasser and Netsky computer worms has avoided
a prison sentence, despite admitting he was responsible for the worms
that brought computers around the world to a grinding halt and caused
millions of dollars was damage.
Feds & Security: Pot Calls Kettle Black (Security Pipeline)
This week the news headlines were chock-full of insight from the
feds--they've very big lately on getting involved to stop the stream of
corporate data breaches.
Man Arrested for Accessing Wi-Fi Network (PC World)
Florida man is charged with a felony after allegedly using
someone else's home Wi-Fi network.
German Sasser worm author gets suspended sentence (Reuters)
The German computer whizz-kid who wrote the crippling Sasser
Internet worm was convicted of computer sabotage on Friday and given a
suspended sentence of one year and nine months, a court official said.
_____________________________________________________________________________________
July 7 , 2005
Adobe Warns of Reader Security Flaw (NewsFactor)
Adobe Systems issued a warning on its Web site saying that the
flaw affects only the Adobe Reader versions 5.0.9, 5.0.10, which were
written for the Unix computer operating system.
Internet Users Get Wise to Spyware Pandemic (NewsFactor)
The Pew Internet and American Life Project surveyed thousands of
adults about their online experiences and found that the vast majority
of Internet users -- 81 percent -- reported that they have stopped
opening any e-mail attachments unless they are certain the attached
items are legitimate.
Florida Man Charged With Stealing Wi-Fi Signal (Security Pipeline)
ST. PETERSBURG, Fla. (AP)--Police have arrested a man for using
someone else's wireless Internet network in one of the first criminal
cases involving this fairly common practice.
Spyware Criminal Hits Japan Bank Accounts (TechWeb)
Several Japanese banks have reported that a spyware thief tapped
compromised accounts more or less simultaneously, and spirited away
hundreds of thousands of yen.
Airline Tests Biometric Tickets (Information Week)
Trying to walk the line between security and quick check-in,
Lufthansa is testing tickets encoded with passengers' fingerprint data.
RHELinux
zlib security update (TigerTools)
Updated Zlib packages that fix a buffer overflow are now
available.
File Sharing and the Supreme Court (PC World)
The decision on file-sharing networks has set a new standard for
determining copyright liability that will affect both tech companies and
users.
_____________________________________________________________________________________
July 6 , 2005
PCs Have 50-50 Shot At Infection In Just 12 Minutes (TechWeb)
The number of new viruses, worms, and Trojans are up nearly 60
percent in the first half of 2005, a U.K.-based security company says.
Spyware, Viruses Changing Consumers' Online Behavior (Internet Week)
The threat of spyware and viruses being secretly downloaded on
their computers has caused the majority of consumers to change their
online behavior over the last year, a research firm says.
Internet users worried about spyware and adware are changing online
habits, study finds (AP)
Internet users worried about spyware and adware are shunning
specific Web sites, avoiding file-sharing networks, even switching
browsers.
Instant Messaging Threats Still Rising (NewsFactor)
According to IMlogic, there were only 20 kinds of
instant-messaging attacks in 2004, compared to 571 in the second quarter
of 2005 alone. About 70 percent of the attacks targeted public messaging
networks, with the other 30 percent focusing on enterprises, the report
noted.
Flaw Found in Adobe Acrobat (PC World)
PDF files could be used to take control of your system,
security firm warns.
IMBrella Launches IM Security, Compliance Product For SMB's (Security
Pipeline)
IMbrella Software has released a new set of products designed to
help small and medium-sized companies (SMB's) control instant messaging
use. IMbrella's new product line provides modules to detect, block,
control, secure and archive instant messaging on an SMB company's
network.
Microsoft Offers Download Workaround For IE Bug (TechWeb)
Microsoft posts a temporary workaround to a bug in Internet
Explorer that could let an attacker grab control of a PC. A patch to
actually fix the problem, however, is not yet available.
Hacking for dollars (CNET)
These days, attackers are motivated more by money than the desire
to write disruptive worms like Sasser.
Commtouch Launches Threat Data Lab (Messaging Pipeline)
Data can be downloaded either in JPG graphic or as data in Excel
spreadsheet format.
_____________________________________________________________________________________
July 5 , 2005
Hackers make way for criminals, experts say (Reuters)
Spotty teenage hackers who set off global email viruses are being
replaced by serious online crooks whose stealth attacks don't make
headlines but cause more damage, security software makers said on
Tuesday.
IM threats skyrocket (SC Magazine)
The number of attacks targeting instant message programs shot up
400 percent in the second quarter of this year, according to research
from IM security firm Akonix.
Symbian Smartphones Hit By New Trojan (TechWeb)
A wily, Bluetooth-enabled Trojan capable of ruining smartphones
running the Symbian Series 60 operating system has been uncovered.
Phishing Attacks Reach All-Time High (NewsFactor)
The world of phishing has changed, said senior technology
consultant Graham Cluley of computer security firm Sophos. Increasingly,
the people who send e-mail laden with malicious packages are involved in
criminal gangs that are reaping enormous financial benefit from the
security breaches they exploit.
Symantec Seals Deal With Veritas (Security Pipeline)
Symantec became a much larger company over the weekend. The
Cupertino, Calif.-based security vendor on Saturday finalized its $13.5
billion merger deal with Veritas Software. Also on Saturday, Symantec
said shares of Veritas stock were converted into Symantec stock, and
Veritas shares will no longer be traded.
Sasser computer worm author confesses in trial (Reuters)
The man on trial for writing the Sasser computer worm which
wreaked havoc in big businesses and homes across the world last year has
confessed to all the charges against him, a German court said on
Tuesday.
Trend Micro Extends Security To IM (Security Pipeline)
Trend Micro is extending its e-mail security coverage to instant
messaging.
China to toughen up porcelain spam record (SC Magazine)
China has formerly agreed to tackle unsolicited mail by signing up to
the London Action Plan on Spam Enforcement Collaboration.
Sasser worm teen on trial (SC Magazine)
The German teenager behind the Sasser worm finally goes on trial
today.
_____________________________________________________________________________________
July 4 , 2005
FTC wins injunction over 'deceptive' spyware claims (SC Magazine)
The Federal Trade Commission has won an injunction against a
Houston-based company for making "deceptive" anti-spyware claims.
Internet Explorer hit by critical flaw (SC Magazine)
Microsoft is warning users about an unpatched vulnerability within
Internet Explorer. The warning arrives after research company SEC
Consult published a demonstration how hackers could use the
vulnerability to implant malware.
_____________________________________________________________________________________
July 3, 2005
Alliance Raised Hope in Fight Against Spam (Washington Post)
In 2003, Meng Wong and a friend wrote a program with the bold goal of
helping to save e-mail. Wong, a 29-year-old tech entrepreneur, worried
that the worldwide message system was in danger of being overwhelmed by
spam, phishing and other online scourges. He released the software on
the Internet for everyone to use free.
_____________________________________________________________________________________
July 2, 2005
New Michigan Law Means Kids Can Opt Out of Spam (Slashdot)
Thanks to a new Michigan Law, parents can now opt their kids out of
Spam. One wonders whether or not such severe penalty will make Spammers
think twice ($30,000 fine and 3 yrs/jail).
_____________________________________________________________________________________
July 1, 2005
Report: Virus Writers Get Even Nastier (NewsFactor)
For users, the latest virus report should serve as an incentive
to be more diligent with security patches and other software updates,
said Gregg Mastoras, senior security analyst at Sophos.
Hackers exploit university and airport weakspots (SC Magazine)
U.S. regional press is reporting two hacking incidents, affecting
a University database and Erie International Airport.
Banks Face Challenge In Screening Employees (Information Week)
The human factor is the greatest security threat of all, as
proven by recent identity theft cases.
IE Bug Can Crash Browser (PC World)
Vulnerability could also allow an attacker to run software on
compromised machines.
Appeals Court Sides With Adware Firm (Information Week)
Adware firms do not break laws when using retailers' Web
addresses to trigger coupons and other ads for rival products, a recent
decision says.
Feds Target Internet Piracy Organizations (CRN)
The government said Thursday that an 11-nation crackdown on
Internet piracy organizations responsible for stealing copies of the
latest "Star Wars" film and other movies, games and software programs
worth at least $50 million.
Massive rise in phishing attacks (SC Magazine)
The number of phishing attacks in May increased by 226 percent,
according to a new report by IBM.
Lobby groups urges ratification of cybercrime convention (SC Magazine)
A coalition of industry groups has urged the Senate to ratify the
Convention on Cybercrime and help prevent internet abuse.
Feds target Internet piracy organizations, seize $50 million in stolen
movies, games (AP)
The government announced Thursday an 11-nation crackdown on Internet
piracy organizations responsible for stealing copies of the latest "Star
Wars" film and other movies, games and software programs worth at least
$50 million.
|
