|
Security Headlines
Back
June 30, 2005
Beware of Fake Microsoft Security Alerts (PC World)
Spam disguised as security alert gives full control of your PC to
attackers.
US-CERT warns of Veritas flaw (SC Magazine)
The U.S. Computer Emergency Readiness Team (US-CERT) has issued
an alert about a flaw in a Veritas Software data backup product, which
it says is being actively exploited.
Phishing Up By 226 Percent (TechWeb)
Phishing is up dramatically over the last two months according to
data released Thursday by computer maker IBM and message filtering firm
Postini.
Spam can help prod people to better health - study (Reuters)
Spam can be good for you if it comes as a steady stream of
e-mails nagging about healthy habits, Canadian researchers said on
Thursday.
Accused spammer to plead guilty to illegally soliciting millions of
people through e-mails (AP)
A man known as "The Timeshare Spammer" said Thursday he will
plead guilty to one count of violating anti-spam laws, marking one of
the first prosecutions using the federal statute on e-mail.
FBI hunts Norwegian phishing swine (SC Magazine)
A Norwegian phisher is being hunted by the FBI after operating a
scam from an internet radio-station.
States Aim To Protect Kids From Spam (Information Week)
Michigan and Utah are creating registries of e-mail addresses by
a means similar to "do not call" lists.
Federal agencies at risk over IPv6 (SC Magazine)
Most major federal agencies have not begun planning to transition to
Internet Protocol Version 6 (IPv6), putting agency information and
systems at risk, according to a report from the U.S. Government
Accountability Office.
_____________________________________________________________________________________
June 29, 2005
Protecting your good name from identity theft (Reuters)
By now you know that 40 million credit card account numbers are
flying around the underground economy. They were set free when hackers
implanted a virus in the computers operated by CardSystems, a
Tucson-based credit card processing firm, and they were actually let
loose way before consumers were let in on the breach recently.
Antispam proposals advance (CNET)
An Internet standards group approved two "experimental" antispam
proposals, sidestepping a controversy dividing Microsoft and its e-mail
competitors.
VERITAS Backup Exec Software is actively being exploited (TigerTools)
The VERITAS Backup Exec Remote Agent for Windows contains a
buffer overflow that may allow an unauthenticated, remote attacker to
compromise a system and execute arbitrary code with administrative
privileges.
New Worm Kedebe-F Circulates with Conspiracy Theories (NewsFactor)
In messages containing supposed news items, the links promise
exclusive material not covered in the mainstream press. One message
about the recent death of Pope John Paul II purports to contain a
document stolen from a secret government body and describes how the Pope
actually was killed as part of a larger plot.
Hacker Posts Crack for Google Software (AP)
OSLO, Norway -- The Norwegian who became a hacker hero for
developing software to unlock copy-protection codes on DVD movies said
he needed only one day to crack Google Inc.'s new video viewer...
Veritas Software Under Attack (TechWeb)
One of the seven vulnerabilities recently found in various Veritas
backup components is under attack, says security vendor Symantec.
MessageGate 4.1 Delivers Categorization And Archiving Features (CP)
New release of the E-mail Compliance System also supports additional
messaging platforms.
Scrushy experiences joy of SOX and walks free (SC Magazine)
The U.S. governments first attempted prosecution under Sarbanes-Oxley
has ended in failure.
Family postcard bears viral load (SC Magazine)
A new spam campaign claiming to be a postcard from a family member is
weaving its way through the internet.
The male of the species is more deadly than the female (SC Magazine)
Male workers are irresponsible spreaders of spyware and viruses, a new
report claims.
_____________________________________________________________________________________
June 28, 2005
Irony Of The Day: Worm Says Worm Writer Nabbed (TechWeb)
A worm now spreading gives new meaning to the word "irony," a
security firm said Tuesday, since the malware spreads by, among other
things, posing as a message about the "arrest" of the MyDoom author.
Microsoft Security Advisory Notification (TigerTools)
Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4)
Xen Developers Focus on Security (PC World)
Enhanced virtual desktop could protect remote consumer
transactions. With the next major release of the Xen Virtual Machine
Monitor expected this August, the project's developers have turned their
attention to a new issue: security.
HP Introduces Biometric Laptop (Information Week)
The nx6125 notebook PC includes a fingerprint sensor and sells
for $1000 and up.
RIM To Offer Smart Card Security (MP)
Aimed at users in government agencies, the smart card reader will
control access to BlackBerry devices that contain confidential
information.
Virus harvests nuclear secrets (SC Magazine)
A virus has leaked confidential reports from Japanese nuclear power
plants onto the internet via a peer-to-peer network.
$11 million dollar phishing pair jailed (SC Magazine)
An American and a Scotsman have been jailed for their part in an
international phishing scam that netted the pair $11 million dollars
(£6.5 million). The men now face a total of ten years in prison.
_____________________________________________________________________________________
June 27, 2005
Critical RealPlayer Flaws Found (PC World)
RealNetworks has issued patches to four vulnerabilities in its
RealPlayer media software, some of which could allow an attacker to run
unauthorized code on the user's computer.
'Computer genius' jailed for hacking Pentagon (SC Magazine)
A Californian man was sentenced to four months in prison for
hacking into the computer systems of federal agencies and defacing
websites in April 2002.
RSS: Safe At Any Feed? (TechWeb)
When Microsoft laid out its plans last week for building RSS --
Real Simple Syndication -- into Longhorn, it didn't say anything about
how it might secure the automated feeds.
M7 In Partnership With Intellisync For Push E-Mail Technology (MP)
M7 is supplying the technology that "pushes" Intellisync's push
e-mail.
Phishers Scamming Data Right From E-mails (TechWeb)
Some phishing scammers are skipping the tough work of building
realistic-looking Web sites, a security firm said Monday, and are
instead taking advantage of an old vulnerability to put forms soliciting
confidential data right in their spammed messages.
Cisco Buys Security Vendor NetSift For $30 Million (CRN)
Snapping up another small security vendor, Cisco Systems on
Monday said it plans to acquire NetSift for $30 million in cash and
options.
U.S. Agencies Face Smart-Card Deadlines (Information Week)
As the business world struggles with data-security
lapses and intrusions, federal agencies are preparing for strict new
standards to protect their facilities and information systems.
Seagate preps hard-disk encryption technology (Yahoo/InfoWorld)
San Francisco (InfoWorld) - Seagate Technology announced last week
its intention to ship a security technology for some of its hard-disk
drives next year, which will make it more difficult for notebook PC
thieves to read stolen data.
_____________________________________________________________________________________
June 26, 2005
Latest Virus Threats (Symantec)
The list below provides a synopsis of the latest
virus-related threats discovered by Symantec Security Response for
today:
Trojan.Myftu,
Trojan.Binjo, and
Trojan.Alexmo.
_____________________________________________________________________________________ June 25, 2005
Lack of clarity on what constitutes spyware breeds confusion, legal
tussles in tech world (AP)
Many anti-spyware programs scour computer hard drives for those
data-tracking files called cookies that we often get from Web visits.
Microsoft Corp.'s tool does not. And there are disputes aplenty about
whether certain widely used advertising programs circulating on the
Internet are clean of spyware.
To Catch a Thief (CNET)
In an age when credit and other account information seems to easily fall
into the hands of thieves, merchants are fighting back against credit
card fraud.
_____________________________________________________________________________________
June 24, 2005
Phishing Costs Nearly $1 Billion (TechWeb)
Phishing scams cost Americans nearly $1 billion during the last
year, a research firm says in a recently-released survey.
RealNetworks Patches Player, Rhapsody Vulnerabilities (TechWeb)
RealNetworks posts patches for a quartet of serious
vulnerabilities to its flagship RealPlayer software that could give
hackers access to systems and let them corrupt files on the hard drive.
Secure those outsourcing relationships (SC Magazine)
Companies need to take a hard look before they leap into
outsourcing agreements, Pershing's IT security director said Thursday.
Pod slurping threat to company data (SC Magazine)
A security researcher has warned how easy it is to copy vast
amounts of confidential files using an iPod, a small copying program and
some social engineering.
Major Advertisers Caught in Spyware Net (AP)
Unwanted software slithered into Patti McMann's home computer
over the Internet and unleashed an annoying barrage of pop-up ads that
sometimes flashed on her screen faster than she could close them.
Red Hat
spamassassin security update (TigerTools)
An updated spamassassin package that fixes a denial of service bug
when parsing malformed messages is now available. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
Data breaches hurting online trade (SC Magazine)
The onslaught of data breaches and online fraud is putting people off
buying and banking on the internet, according to a new Gartner report.
Barracuda Adds TLS Encryption To E-Mail Firewall (TechWeb)
STARTTLS enables customers to encrypt e-mail over the Internet
when both the sender and recipient are using a STARTTLS-capable e-mail
server.
Australian man faces multi-million dollar spam fine (SC Magazine)
An Australian man faces a multi-million dollar fine after being accused
of sending 56 million spam emails. The charges are the first to be
bought under that country's stringent anti-spam laws.
_____________________________________________________________________________________
June 23, 2005
E-Commerce Hammered by Recent Hacks (NewsFactor)
"Anyone who thinks online security is under control should think
again," said Avivah Litan, vice president and research director at
Gartner. "This is a wake-up call to those involved in e-commerce, online
banking and Internet-based billing operations."
AT&T Plans Internet Security News Network (PC World)
CNN-style channel will deliver security news via streaming video
on the Internet.
Spanish cracker hacked code with old PC (SC Magazine)
Spanish police have arrested a 26-year-old engineer in connection
with hacking security mechanisms in software applications. The arrest in
Galicia followed a nine-month investigation by the Brigada de
Investigacion Tecnologica de la policia nacional (BIT).
Security fix installed at credit card processing firm hit by breach that
exposed 40M accounts (AP)
TUCSON, Ariz. -- The operations center for a credit card
processing firm whose security was breached by a hacker, exposing 40
million accounts to possible fraud, has put new security software in
place.
Microsoft bags Sybari, ditches Linux, Unix (SC Magazine)
Microsoft has finalized the deal to buy antivirus vendor Sybari Software
and announced it will discontinue new sales of Sybari's Linux and Unix
products.
Police investigate call center breach (SC Magazine)
City of London police are probing claims that call center workers in
India were selling the confidential information of British bank
customers. The allegations arose from a sting operation by an undercover
reporter for the Sun newspaper.
_____________________________________________________________________________________
June 22, 2005
Microsoft Won't Patch IE Spoofing Bug (TechWeb)
Hours after word broke that most browsers were vulnerable to a
spoofing flaw that phishers could use to pilfer confidential data,
Microsoft has declined to issue a security update.
Microsoft Blocks Windows Server 2003 SP1 Update (TechWeb)
Microsoft releases a tool for companies that want to block the
automatic download of Windows Server 2003 Service Pack 1 (SP1), a set of
security updates that the Redmond, Wash.-based developer released in
March.
On the Web, a Thriving Market for Stolen Data (NewsFactor)
"There's so much to this," said Jim Melnick, a former Russian
affairs analyst for the Defense Intelligence Agency, now the director of
threat development at iDefense, a company in Reston, Virginia, that
tracks cybercrime. "It's a cancer. It's not going to kill you now, but
slowly, over time."
Hackers target security product flaws (SC Magazine)
Hackers are increasingly taking aim at vulnerabilities in
security products rather than operating systems, according to a new
report.
Consumers, retailers grapple with data theft (CNET)
Consumers are being left in the dark as the credit card
industry cleans up after a digital break-in that put millions of
accounts at risk.
Common sense steps can protect consumers from credit card fraud (AP)
You may not be able to keep hackers or dishonest employees
out of your credit card processors' office, but you can keep thieves
from filching your credit card information from the garbage.
Microsoft sues German spam outfit (SC Magazine)
Microsoft is suing an alleged spam operation in Germany after
customers of its Hotmail service were bombarded with emails advertising
online casinos and porn websites.
_____________________________________________________________________________________
June 21, 2005
CardSystems Breach Highlights Best-Practice Security Measures (SC
Magazine)
There are several ways hackers can access systems like the one
operated by CardSystems, but the critical weakness was the company's
inability to thwart malicious break-ins, regardless of the data it
stored.
Don't Worry Yet; Mobile Worms Won't Show Until '07 (TechWeb)
Mobile phone and PDA users have more than two years to get ready
for a quick-spreading worm, security research analysts said as they
poked holes in anti-virus vendors' hype about the immediate need for
defenses.
IE, Firefox Spoofable, Again (TechWeb)
Internet Explorer and Firefox -- even the newest edition that's
getting ready for release -- can be spoofed by hackers intent on
stealing passwords or other confidential information, a security firm
said Tuesday.
Hackers Eye Security Software as New Target for Malware (NewsFactor)
Rather than going after operating systems like Windows,
malicious hackers have become more interested in the vulnerabilities
that might exist in commonly used security software from vendors like
Symantec, Check Point and F-Secure.
Security Lapse Reveals Holes In Credit Card Handling (Information Week)
Hundreds of companies throughout the processing chain have access
to individuals' sensitive financial data--and there's no ironclad
assurance of security.
Seagate Preps Hard-disk Encryption Technology (PC World)
TOKYO-- Seagate Technology said today it has developed a
security technology for some of its hard-disk drives that will make life
more difficult for notebook PC thieves to read stolen data, it said
Tuesday.
_____________________________________________________________________________________
June 20, 2005
Hackers Finding Flaws In Security Software (TechWeb)
Hackers are switching targets, and they are going after the very
security software that's supposed to protect PCs, a research firm says.
Organized crime possibly behind credit-card breach (SC Magazine)
The huge security breach that exposed more than 40 million credit
cards to potential fraud appears to be the work of organized criminals,
experts said Monday.
Hackers Engineer Biggest Credit Card Theft in History (NewsFactor)
MasterCard's fraud-fighting tools pointed the card provider to
the hack and allowed the company to trace it back to a hack at
CardSystems Solutions. The security breach is almost certainly the
largest case of identity theft ever, and is just another occurrence in a
series of exposures of online confidential information.
Sun To Ship Identity Management Federation Services (CRN)
The availability of more advanced and secure identity-management
platforms and technology for connecting companies is making B2B more
palatable to the corporate masses. To that end, Sun Microsystems and
Microsoft are extending their identity management platforms with
federation capabilities to enable cross-company pollination.
Phishers Jump On MasterCard Breach (TechWeb)
When MasterCard went public with news that a security breach
exposed more than 40 million cards to fraud, phishers picked up on it,
too, and quickly launched a campaign to piggyback on the blunder.
RSA Struts New Authentication Token (TechWeb)
RSA Security ships a new USB-based two-factor token that lets
users manage a range of authentication schemes, including one-time
passwords and digital certificates.
Spam Slayer: Slaying Spam-Spewing Zombie PCs (PC World)
Spammers are teaming with hackers and virus writers to create
zombie PCs. Here's how to wake yours from the dead.
Visa Charges Up Detector For Credit Card Fraud (Information Week)
With the financial-services industry under increased pressure to
combat identity theft, the credit card giant has come up with a way to
detect patterns of fraud across its transaction-processing network.
Security breach hits 40 million card holders (SC Magazine)
Forty million credit cards were exposed to potential fraud in a
security breach at a payment-card processor.
_____________________________________________________________________________________
June 19, 2005
Spokane mayor debates how much privacy a public figure can expect online
(Associated Press)
After what Mayor James West called his "brutal outing" by a newspaper
that published transcripts of his conversations from a gay chat room, he
complained in an e-mail to the city's commission on race relations. West
asked: "Should we all fear that our private conversations will be
splashed publicly and out of context for all in our sphere to see?" The
answer, Internet privacy advocates say, is "yes."
_____________________________________________________________________________________
June 18, 2005
Targeted Trojan Email Attacks (NISCC)
National Infrastructure Security Co-ordination Centre is warning that
vital computer networks are at risk of attack.
_____________________________________________________________________________________
June 17, 2005
Security Breach Could Expose 40M to Fraud (AP)
A security breach of customer information at a credit card
transaction company could expose to fraud up to 40 million cardholders
of multiple brands, MasterCard International Inc. said Friday.
UK Targeted for Massive Trojan Attacks (NewsFactor)
The Trojan threat is not news to those in the UK's security labs.
"We've been banging on about Trojans for months," said Sophos security
consultant Carole Theriault. "It's great that someone else, especially
someone that's not a vendor, is saying this is a serious problem."
Pod Slurping Dangerous To Enterprises (TechWeb)
A researcher has demonstrated just how easy it is to walk off
with megabytes of sensitive material when armed with only the ubiquitous
iPod and simple software.
Symantec Tests Security Appliance (CRN)
Symantec is trying to put security into a better context—a
refrain VARs will hear repeated often this year, the company said.
Email authentication scheme 'ready soon' (SC Magazine)
An email authentication standard with broad industry support
could be ready within two months, providing e-commerce companies with a
new weapon to beat phishing attacks.
Additional low-to-moderate-rated updates
available from Red Hat (TigerTools)
Run the update agent to download and install new gaim and bzip2 updates.
_____________________________________________________________________________________
June 16, 2005
British agency warns of Asian e-mail hacker attacks on vital networks
(AP)
A well-organized group of hackers has engaged in an "industrial scale"
attack designed to cull commercially and economically valuable data from
vital computer networks across Britain, the government warned Thursday.
U.K. Under Cyber Attack (TechWeb)
Government agencies and companies in the U.K. are under attack by a
concerted series of Trojan horses out to steal information, the
country's National Infrastructure Security Co-ordination Center (NISCC)
announced Thursday.
Privacy Advocates: Look Overseas For Lower Identity Theft Rates
(Information Week)
Tighter controls in other countries could guide U.S. lawmakers.
EBay takes action against 'hoax' Live 8 bidders (Reuters)
Internet auction site eBay has suspended some of the accounts of
users who sabotaged online sales of free Live 8 concert tickets by
making hoax bids of up to 10 million pounds.
Impressive growth keeps IT sec on the up (SC Magazine)
The security server market is experiencing rapid growth in
and is worth more than £175 million this year in Western Europe alone.
New worm hits AIM network (CNET)
A new worm spread quickly on America Online's AIM instant messaging
service Wednesday afternoon but was contained within hours, experts
said.
_____________________________________________________________________________________
June 15, 2005
Additional low-rated updates available from Red
Hat (TigerTools)
Run the update agent to download and install new tcpdump, squid, gftp,
and gzip updates.
Company settles spyware suit for $7.5 million (CNET)
New York suit had charged that Intermix's practice of bundling spyware
with other software violated laws on false advertising.
Researchers Stymied By Microsoft Vulnerability (TechWeb)
Computer security researchers are still perplexed by one of the
vulnerabilities patched this week by Microsoft.
AOL: We're Not Zombie Haven (TechWeb)
America Online hosts more denial-of-service (DoS) spewing zombie PCs
than any other ISP in the world, a report says. AOL thinks that's just
fine.
Microsoft Tool Squashes Mytob, Kelvir Worms (TechWeb)
As is its custom, Microsoft updated its Windows Malicious Software Tool
Tuesday as part of the monthly security bulletin roll-out, adding
detection and deletion routines for four additional worm families.
Americans Want New Laws To Make Internet Safe (Networking Pipeline)
Some 70 percent of Americans want additional laws to protect against
identity theft and spam, but they're not sure Congress and the Federal
Trade Commission are up to the task, a new survey finds.
_____________________________________________________________________________________
June 14, 2005
Microsoft Windows and Internet Explorer Vulnerabilities (US-CERT)
Microsoft has released updates that address critical
vulnerabilities in Windows and Internet Explorer. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service.
Companies Crack Down on Employee E-Mail (NewsFactor)
"E-mail is the worst way to communicate information that's
confidential, potentially embarrassing, extremely personal or that could
in some way harm you, your family, your friends or your employer," said
Nancy Flynn, executive director of the ePolicy Institute, a Columbus,
Ohio-based consulting firm.
Microsoft Patches 12 Vulnerabilities, New SMB Bug "Definitely Serious" (TechWeb)
Microsoft on Tuesday rolled out 10 security bulletins that
covered 12 vulnerabilities, and for the first time, offered up its
monthly patch batch using the revamped update services and tools for
both individuals and enterprises.
Outsourced WLAN Security Service Launched (Mobile Pipeline)
WiTopia.Net launches outsourced 802.1x support, including
RADIUS servers, aimed at securing WLANs used by small businesses.
Security Updates from Microsoft Today (TigerTools)
Look for potential security updates today from Microsoft. In the
Microsoft Advanced Notification issued on June 09, the company stated
they are planning to release several security updates on June 14
including an updated version of the Microsoft Windows Malicious Software
Removal Tool.
_____________________________________________________________________________________
June 13, 2005
Secure Computing Eases Security Incident Reporting (CRN)
In the spirit of making things simpler, Secure Computing on Monday
shipped new integrated security-incident reporting software.
"Puddle Phishing" Hits Small Banks, Credit Unions (TechWeb)
Phishers are baiting users of smaller banks, a security firm says,
calling the practice "puddle phishing."
Man Charged for Trying to Steal User Data (AP)
TOKYO (AP) -- A man was arrested Monday for allegedly setting up a phony
Internet portal site to lure victims into giving personal data, an
official said. Police said it was Japan's first arrest linked to a form
of identity theft called phishing...
Man Arrested For Setting Up Japanese Phishing Scheme (Information Week)
Police arrest man for allegedly setting up fake Yahoo! Japan Web site to
steal users' credit-card data and other personal information.
Battle Test For Cutting-Edge Tech (Information Week)
The U.S. military, joined by law-enforcement and emergency-response
agencies, on Monday is beginning a two-week test of more than 100
technologies with the potential to serve on the front lines of the war
against terrorism.
Hong Kong hits spammers where it hurts (SC Magazine)
Hong Kong is to implement tough anti-spam laws to combat companies that
send unsolicited emails.
Behind the antivirus mask lies a deadly Skull (SC Magazine)
Mobile phone users are being warned about a new trojan that disguises
itself as an antivirus application.
Microsoft hides chequered past with new patchwork (SC Magazine)
Microsoft's will roll out ten of its monthly patches tomorrow (Tuesday)
with one of them rated as "critical."
_____________________________________________________________________________________
June 12, 2005
Hong Kong Plans to Enact Anti-Spam Law (AP)
HONG KONG - Hong Kong plans to enact an anti-spam law next year to crack
down on companies that send unsolicited e-mails or make automated
telemarketing calls to consumers, an official has said.
_____________________________________________________________________________________
June 11, 2005
six more
security updates (Red Hat Network Alert)
More critical updates are now available.
_____________________________________________________________________________________
June 10, 2005
selinux-policy-targeted bug fix update (Red Hat Network Alert)
Updated selinux-policy-targeted
packages that fix several bugs for various daemons are now available.
pciutils
bug fix update (Red Hat Network Alert)
Updated pciutils packages that fix a
bug in lspci when used on a system with PCI domains are now available.
policycoreutils bug fix update (Red Hat Network Alert)
An updated policycoreutils package that fixes various bugs is
now available.
dmraid
bug fix update (Red Hat Network Alert)
An updated dmraid package that fixes various bugs concerning
the grouping of Promise and Intel ATARAID sets is now available.
system-config-lvm bug fix update (Red Hat Network Alert)
An updated system-config-lvm package that fixes a main
desktop menu bug is now available.
Mobile Trojan Masquerades As Anti-Virus Software (TechWeb)
A new variant of a Trojan, dubbed the Skulls.L virus, is aimed at Nokia
smartphones and draws users in by pretending to be legitimate anti-virus
software.
Infranet inititaive opens up as Cisco, Alcatel join the fray (TechWeb)
Two of the biggest communications equipment suppliers, Cisco and
Alcatel, have joined the successor to the Infranet Initiative Council,
prompting the enlarged group to form an open standards-based forum that
will link with an established standards organization.
Gartner certainly fears fear uncertainty and doubt (SC Magazine)
Progress in business is suffering because security companies over-hype
threats concerned with new technology, Gartner claims. _____________________________________________________________________________________
June 9, 2005
Research Shows Bluetooth Can Be Hacked In Milliseconds (TechWeb)
Bluetooth devices -- including phones, PDAs, and personal
computers -- can be hacked even when Bluetooth's security is enabled, a
pair of researchers say.
Password safety 'foreign' to most staff (SC Magazine)
Nearly half of all IT managers have major concerns about the level of
password management within their company, a report has revealed.
U.S. Military Hacker Freed on Bail (NewsFactor)
McKinnon's lawyer estimates that he could face a maximum 70-year jail
sentence if convicted in the U.S. She says he does not deny infiltrating
U.S. systems but says his motivation was to try to prove the existence
of UFOs and to expose security failures.
Apple Releases Patches for 12 OS X Vulnerabilities (TigerTools, Net)
Apple released security updates regarding issues including
PHP, the AFP Server and VPN. Some exploits allow an attacker to execute
arbitrary code, possibly gaining full control of the system. Be sure to
download, test, and install Apple's security updates. Find out more at
Apple's site
here. _____________________________________________________________________________________
June 8, 2005
Cyber Security Bulletin SB05-159 (US-CERT)
Summary of Security Items from June 1 through June 7, 2005
London man arrested for 2001 Nasa hacking (InfoWorld)
Police in London arrested an unemployed computer systems
administrator on Tuesday, over two years after U.S. authorities said
they would request his extradition to answer charges of hacking U.S.
government computer systems.
Debian 3.1 debuts with a security flaw (InfoWorld)
Debian 3.1 has finally arrived after a wait of nearly three years
-- to be followed a few hours later by an update fixing a security
configuration problem.
IBM, Oracle Update ID Management Software (NewsFactor)
IBM and Oracle are introducing ID management software
upgrades in an effort to address security threats from increasingly
sophisticated attacks that are plaguing the enterprise.
In Brief: IronPort introduces X1000 e-mail security appliance
(InfoWorld)
San Francisco - IronPort Systems announced the IronPort
X1000e-mail security appliance, which provides an outer layer of defense
against e-mail threats. The IronPort X1000 integrates Domain Keys to
fight e-mail fraud and secure business' identity on the Internet. The
appliance uses IronPort's AsyncOS to ensure enterprise e-mail systems
are not overwhelmed during virus or spam attacks. IronPort offers e-mail
administrators centralized reporting and management tools that enable
them to control a global deployment, as well as the Mail Flow Monitor
and Email Security Manager to help make complex administration tasks
easier.
IBM Attacking Identity Theft With Software, Services (TechWeb)
Tivoli Identity Manager Version 4.6 helps enterprises securely manage
user accounts and passwords.
US military super-hacker arrested in UK (SC Magazine)
A man suspected of committing one of history's biggest
military computer hacks has been arrested by extradition forces.
Extradition Hearing Set For Brit Accused Of U.S. Hacking (TechWeb)
The U.S. government wants to try Gary McKinnon on charges he
successfully hacked into computers belonging to NASA, the Army, and
others.
Caring sharing scheme defends against net attacks (SC Magazine)
Service providers and network operators will be able to share
internet attack information thanks to a fledgling industry group.
_____________________________________________________________________________________
June 7, 2005
Secunia Discovers Vulnerability in Firefox and Others (SecurityProNews)
Danish security firm Secunia discovered a 7-year vulnerability in a
number of browsers last year. It popped up again in Firefox and other
Mozilla products. The problem is called a "frame injection"
vulnerability and it can be quite annoying.
Identity Theft: Count The Ways (WebProNews)
I received an e-mail message from "Paypal" not too long ago. The e-mail
stated that PayPal needed me to update and verify my security
information for their database. I didn't.
Citigroup Data of 3.9M Customers Is Lost (AP)
NEW YORK - CitiFinancial, the consumer finance division of Citigroup
Inc., announced Monday that it has begun notifying some 3.9 million U.S.
customers that computer tapes containing information about their
accounts have been lost.
Microsoft Releases Patching Tools (PC World)
Microsoft made available this week the much-delayed Windows Server
Update Services (WSUS) patching tool and Microsoft Update software
patching service, which the company had originally planned to ship in
the first half of 2004.
Seven year itch bugs Mozilla (SC Magazine)
Mozilla has been hit by a seven-year-old vulnerability that could
compromise the security of those using its Firefox browser. _____________________________________________________________________________________
June 6, 2005
Citigroup notifies 3.9 million customers of lost tapes with their data
(SC Magazine)
Citigroup on Monday said it is notifying 3.9 million consumer lending
customers that computer tapes containing their personal data were lost
by UPS while enroute to a credit bureau.
Risk associated with outbound email spurs corporate monitoring (SC
Magazine)
Sixty-three percent of companies with 1,000 or more employees use or
plan to use staff to read outgoing email, according to a survey by email
security supplier Proofpoint.
Mytob Morphs Again, Targets Windows (NewsFactor)
The latest Mytob virus employs some of the same techniques used by its
predecessors to get e-mail recipients to open the attachment and thus
launch the malware. Subject lines of the bogus e-mails appear to be
security warnings themselves.
In Brief: Kenai ships Web services vulnerability testing solution
(InfoWorld)
Kenai Systems announced at the Gartner IT Security Summit the
availability of eXamineXT, an automated Web services vulnerability
assessment solution. eXamineXT makes it easier for software developers
who lack security training to build, test, and deploy secure Web
services. The product ships with more than 20 Security Test Profiles
that automatically generate test cases for particular Web services
vulnerabilities. eXamineXT supports SOAP with Attachments, including
MIME and DIME, as well as SSL client authentication. It offers authoring
tools for creating customized tests with SOAP Requests, and integrated
testing for WS-I Basic Profile and WS-Security compliance. It is
available in stand-alone and Eclipse plug-in versions. A free 30-day
trial of eXamineXT, priced at $800 per seat, is available for
download.
Protecting your Privacy on the Internet (OFPC)
The Internet is a network which has much to offer but you can give away
a lot of information about yourself if you are not careful. This may not
worry you but if it does read on. It's important to realize that the
Internet is international and largely unregulated. This means that the
laws of any one country don't usually apply to Internet activities
originating in other countries. If you suffer a privacy invasion via the
Internet the Federal Privacy Commissioner will only be able to help you
if the matter involves an organization or agency subject to the Privacy
Act.
_____________________________________________________________________________________
June 5, 2005
Ransomware: Learning from Cryptovirology? (NewsFactor)
At Columbia University in 1995, Moti Yung and I discovered something
startling about public-key cryptography: It has great potential to
sidestep traditional antiviral defenses.
_____________________________________________________________________________________
June 4, 2005
MSN Site Hacking Went Undetected for Days (AP)
WASHINGTON - Password-stealing software planted by hackers was active on
Microsoft's popular MSN Web site in South Korea for days before the
world's largest software company learned about the break-in and removed
the computer code.
McAfee's Wi-Fi Security Play (Motley Fool)
... McAfee -- a key player in the antivirus market -- does not appear to
be afraid of Microsoft. If anything, it's seeking ways to enhance its
market position. Yesterday, McAfee announced that it is purchasing
Wireless Security Corp., a privately held company. ...
_____________________________________________________________________________________
June 3, 2005
Microsoft Says MSN Site Hacked in S. Korea (AP)
WASHINGTON - Microsoft Corp. says hackers booby-trapped its popular
MSN Web site in South Korea to try to steal passwords from visitors. The
company said it was unclear how many Internet users might have been
victimized.
Google's long memory stirs privacy concerns (Reuters)
WASHINGTON (Reuters) - When Google Inc.'s 19 million daily users look
up a long-lost classmate, send e-mail or bounce around the Web more
quickly with its new Web Accelerator, records of that activity don't go
away.
In Brief: Microsoft investigates MSN Korea hack (InfoWorld)
San Francisco (InfoWorld) - Microsoft had to take part of its MSN Korea
property offline earlier this week after hackers attempted to compromise
a section of the site. A hack into the site's news section was
discovered around noon local time on Wednesday and the news page was
taken down for around 24 hours to fix the problem, MSN Korea Marketing
Manager Yena Kim said Friday. Kim confirmed that the hack was a
so-called iFrame attack, which exploits a flaw in Microsoft's Internet
Explorer browser, but declined to give any further details. IFrame
elements are inline floating frames in IE where content is displayed,
according to Microsoft's Web site. The software maker released a patch
for an iFrame vulnerability in December. The MSN Korea property is
hosted by a third party and it was unclear whether their servers were
patched against the flaw. Microsoft said it was not aware of any
customers having been affected as a result of the hack, but it is
continuing to investigate the incident. The company is cooperating with
law enforcement agents and said it will take legal action against those
responsible.
gnutls security
update (Red Hat Network Alert)
Updated GnuTLS packages that fix a remote denial of service
vulnerability are available for Red Hat Enterprise Linux 4.
postgresql
security update (Red Hat Network Alert)
Updated postgresql packages that fix several security vulnerabilities
and risks of data loss are now available.
openssl security update (Red Hat Network Alert)
Updated OpenSSL packages that fix security issues are now available.
ImageMagick security update (Red Hat Network Alert)
Updated ImageMagick packages that fix a denial of service issue are now
available.
_____________________________________________________________________________________
June 2, 2005
McAfee buys WiFi firm Wireless Security Corp. (Reuters)
SAN FRANCISCO (Reuters) - McAfee Inc., the world's
second-biggest maker of security software that protects personal
computers from Internet viruses, on Thursday said it has bought software
maker Wireless Security Corp. and continues to look for other
acquisitions.
Discarded Hard Drives Still Contain Data (NewsFactor)
A study commissioned by the German firm O&O
Software, a developer of hard-drive utilities, found that of 200 hard
drives purchased through eBay, 71 percent had data that could be
reconstructed.
Yahoo!, Cisco Combine Antispam Efforts (AP)
SAN JOSE, Calif. - Network equipment maker Cisco Systems Inc. and
Internet portal Yahoo Inc. are combining their efforts to combat e-mail
spam and forgery in a step that's expected to help expand adoption of
the technology.
Spy Software Code Had Design Flaw (AP)
WASHINGTON - The spy software at the center of an Israeli economic
espionage scandal quietly harvested stolen business documents and
e-mails from victims' computers and secretly transmitted them to a
computer in London, where police arrested a key suspect.
Banks Try Tokens to Protect Online Users (AP)
SAN JOSE, Calif. - Several small banks are launching heightened security
programs this month to try to thwart identity theft and make customers
feel more comfortable with online transactions. \
Sober-N Worm Tops List of Viruses (NewsFactor)
The new Sober-N worm surpassed Zafi-D in May as the leading virus
causing problems for businesses, according to a recent report.
Mytob, Bagle Variants on the Prowl (NewsFactor)
Security firms are reporting a jump in the number of variants of the
Mytob and Bagle e-mail viruses.
Mytob uses its own e-mail engine to mail itself to addresses in the
contact list of infected computers. Bagle downloads Trojan code from a
variety of Web sites and then uses that code to gather e-mail addresses
from infected computers.
_____________________________________________________________________________________
June 1, 2005
Internet fraudsters make simultaneous attack on four
French banks (AFP)
PARIS (AFP) - Four major French banks have issued warnings to their
clients after Internet fraudsters made a simultaneous attempt to gain
access to confidential customer information, a bank spokeswoman said.
Developing Countries Hit Hardest By Spam (TechWeb)
Developing nations are struck hardest by spam, which sucks up
capacity and resources of Internet service providers and discourages
consumers from using the web, an international body said.
Trojan horse holds computers to ransom (AFP)
PARIS (AFP) - Software protection companies are warning that a vicious
new form of cyber-attack known as "ransomware" is threatening computers
by encrypting documents and demanding money for them to be decrypted.
Making Security Products Smarter (NewsFactor)
The enterprise security space has been dominated for years by a
castle-and-moat mentality in which firewalls and software security
patches are viewed as effective protection.
Can You Trust Your Spyware Protection? (PC World)
The next time you run a scan with your anti-spyware tool, it might miss
some programs. Several anti-spyware firms, including Aluria, Lavasoft,
and PestPatrol, have quietly stopped detecting adware from companies
like Claria and WhenU--a process called delisting. Those adware
companies have been petitioning anti-spyware firms to delist their
software; other companies have resorted to sending cease-and-desist
letters that threaten legal action.
18 Arrested In Israeli Probe Of Computer Espionage (Washington Post)
JERUSALEM, May 30 -- Israel's business sector has been rocked
by a major computer espionage scandal that was uncovered when a
husband-and-wife book-writing team complained to police that someone had
hacked into their computer system and stolen files.
|
