|
Security Headlines
Back
October 31, 2006
Enterprises beware: IM attacks break record, again (SC Magazine)
The prevalence of instant messenger (IM) attacks has reached
record numbers for the second consecutive month, an IM security firm
announced this week.
Analysts Urge Upgrade to IE7 Browser (NewsFactor)
"When in doubt, upgrade." That's what Forrester analysts Natalie
Lambert and Colin Teubner are saying about installing Microsoft's new
Internet Explorer 7 Web browser.
Tricky malware sidesteps security (PC Advisor)
A tricky malicious program has become more prevalent in spam, but
experts don't know what its creators plan to do with it
____________________________________________________________________________________
October 30, 2006
DoS exploit for Windows XP firewall, ICS in the wild (SC Magazine)
Windows XP platforms running a shared internet access service are
at risk from an in-the-wild remote DoS exploit, vulnerability management
firm nCircle reported Sunday.
Microsoft Toughens Anti-Piracy Actions (AP)
Microsoft Corp. said Monday it has filed more than 50 lawsuits
and other legal actions worldwide against people it says sold pirated
copies of its software using online auction sites such as eBay.
Windows Firewall Can Be Disabled (PC World)
Published attack code could be used to disable the firewall on some
Windows XP-based systems.
October 25, 2006
Hacker Unlocks Apple Music Download Protection (Information Week)
Jon Lech Johansen wants to allow iPod users to download songs
from other music stores other than Apple's; it would also allow users to
load iTunes songs on rival music players.
Florida hacker faces two years in jail, $400,000 fine (SC Magazine)
The U.S. Department of Justice announced today that it charged a
Florida man today in federal court for establishing a botnet from which
he launched a denial of service attack on a Massachusetts technology
firm.
_____________________________________________________________________________________
October 24, 2006
How to hacker-proof your business (CNN Money)
You're savvy. You've read lots of network security horror
stories, so you've taken all the usual precautions. You've installed
firewalls, password-protected your gear, and created offsite backups.
Voter security glitch fixed (Chicago Tribune)
Site's data vulnerable at least 5 years, say city election officials
Chicago election officials said Monday they were forced to patch a
security flaw on their Web site after a candidate found a programming
error that had made private voter information vulnerable to theft for at
least five years.
Sophos, eEye in favor of Microsoft's PatchGuard (SC Magazine)
While the largest IT security vendors continue to attack
Microsoft on the new kernel patch protection in its Vista operating
system, many of their competitors are coming forward to defend the
software giant.
Time to make security software a lot easier (CNET)
F-Secure CEO Risto Siilasmaa says complex security software shouldn't be
so complex.
_____________________________________________________________________________________
October 23, 2006
Security Service automates elimination of botnet threats. (ThomasNet)
Powered by Behavioral Analysis Security Engine (BASE), InterCloud
Security Service enables users to quarantine and optionally clean bot-infected
PCs. Solution includes Service Delivery Platform with components for
threat identification, analysis, mitigation, and remediation. Offering
centralized management of policies and updates, web-based management
portal provides administrators with holistic
Is Oracle Downplaying Security Vulnerabilities? (InformationWeek)
Is Oracle Downplaying Security Vulnerabilities?, Common
Vulnerabilities Scoring System (CVSS), Several researchers say vendor
skewed recent threat rating scores
Diebold Source Code Leaked Again (PC World)
Critic receives copies of sensitive data, as election date with e-voting
nears..
October 20, 2006
Educating retail in security (CRN)
Retailers are especially vulnerable to hacker attacks and are
crying out for resellers with security expertise, claims Keith Bird The
nature of internet-based threats has changed. Attackers have more
sophisticated weapons at their disposal, and the attacks themselves have
evolved.
Microsoft: McAfee Security Claims 'Inaccurate, Inflammatory'
(varBusiness)
Microsoft said on Friday that security software firm McAfee's
criticism of its provision of security information on the new Vista
operating system was "inaccurate and inflammatory."
China Jails 9 in Anti-Piracy Crackdown (AP)
Nine people convicted of selling illegally copied DVDs and other goods
have been jailed for up to 13 years in China's biggest anti-piracy
crackdown to date, a news report said Friday.
Microsoft's Live Meeting For Security Firms Crashes (ChannelWeb)
Microsoft says its Live Meeting software allows collaboration online in
real time among colleagues, customers and partners -- but it better not
try telling that to the nation's security software makers.
_____________________________________________________________________________________
October 19, 2006
Registered sex offenders on MySpace (Independent Online)
A former computer hacker and senior editor of Wired magazine has
made a startling discovery.
Computer security threats multiplying (The Cincinnati Enquirer)
Corporations, insecure? Yes, and increasingly under siege by threats
against their information systems and intellectual property, three
corporate security experts said this week.
Microsoft to meet security companies over Vista row (CNET)
Software giant plans to discuss creation of techniques that let
security companies use core components of 64-bit editions of the new
operating system
Save to My Web
Microsoft to Release New IE Web Browser (AP)
Microsoft Corp. is giving its Web browser software its first
major upgrade in years, amid signs that Internet Explorer's market share
is eroding.
_____________________________________________________________________________________
October 18, 2006
Oracle Updates for Multiple Vulnerabilities (US-CERT)
Oracle has released patch to address numerous vulnerabilities in
different Oracle products. The impacts of these vulnerabilities include
remote execution of arbitrary code, information disclosure, and denial
of service.
BT launches zombie and spam buster (SC Magazine)
BT is to launch a spam blocking system which aims to cut junk
email off at the source within its broadband network.
Hacker hides browser-busting code (PC Advisor)
Hackers are developing new software that will help hide browser
attack code from some types of security software.
Hackers' Project Hides Browser-Busting Code (PC World)
Method avoids several common antivirus techniques, security experts say.
Cyberclinic: What do these strange web words mean?
(The Independent)
DECIPHERING HACKER SLANG
McAfee unveils new strategy (SC Magazine)
Building off of several months worth of key acquisitions, McAfee
announced this week a new comprehensive security risk management
strategy that it hopes enterprises will take advantage of to comply with
regulatory requirements and shore up security in one fell swoop.
_____________________________________________________________________________________
October 17, 2006
One in three workers jot down passwords (Reuters)
One in three people write down computer passwords, undermining
their security, and companies should look to more advanced methods,
including biometrics, to ensure their systems are safe, a new study
shows.
Microsoft Releases Guidelines for Customer Privacy (PC World)
Microsoft hopes its internal practices to protect customer
privacy will be emulated by other companies.
Microsoft changes course, opens kernel code through APIs (SC Magazine)
After several weeks of heated fingerpointing from major security
firms about getting locked out of Windows Vista, Microsoft has slightly
switched course with two key security features in the
soon-to-be-released operating system.
Microsoft Gives Vista Data to Security Software Firms (Los Angeles
Times)
Microsoft Corp. said Monday that it had given Symantec Corp. and McAfee
Inc. some of the information they wanted to make their security products
work with Microsoft's new operating system, Vista.
_____________________________________________________________________________________
October 16, 2006
Lenovo Introduces Newly Secure ThinkPads (AP)
ThinkPad notebooks from Chinese computer-maker Lenovo Ltd., which
already let the user log on with a thumbprint instead of a password,
will now allow users to encrypt their hard drives at the press of a
finger.
Security experts warn that malicious code lurks in web caches (Computer
Weekly)
Security experts have warned of malicious code residing in cached
web pages on servers used by ISPs, search engines and businesses.
Apple more secure than Windows NT? (ZDNet)
With exploit code for an OS X vulnerability released last week
and a compromised Australian university Mac server caught hosting
malware in August, it may be time Apple admitted its platform is no more
secure than any other.
October 13, 2006
Bush to sign security, Internet bill (AP)
President Bush can promote fellow Republicans as tough-on-terror
protectors, thanks to legislation that tightens security and closes a
loophole in anti-terror defenses.
Spammers use MySpace in phishing attack (SC Magazine)
Spammers are using the MySpace brand in a phishing attack on
music fans, it is reported today.
Anti-Piracy System Could Hurt YouTube (AP)
A technology designed to detect copyright material could give YouTube a
needed dose of legal legitimacy and calm any concerns Google Inc. has
about spending $1.65 billion on the Internet video site. But that same
technology could hurt YouTube's edgy appeal..
_____________________________________________________________________________________
October 12, 2006
Cybercrime flourishes in online hacker forums (USATODAY)
Criminals covet your identity data like never before. What's
more, they've perfected more ways to access your bank accounts, grab
your Social Security number and manipulate your identity than you can
imagine.
Symantec and Accenture create risk management service (SC Magazine)
Symantec and Accenture announced yesterday they are to join
forces and create an independent organisation to assist businesses with
IT risk management.
Microsoft rolls out online safety initiative (Reuters)
Mcrosoft Corp. is launching a new educational campaign to help
parents take control of the games and other content their children
consume using its new Xbox 360 video game console, an executive said on
Wednesday.
_____________________________________________________________________________________
October 11, 2006
Symantec Says Microsoft Should Level The Vista Security Playing Field
(ChannelWeb)
Symantec may be launching its next generation of security
offerings, but antivirus software is its cash cow. Which is why the
company's jostling with Microsoft over Vista
Report claims caching servers store malicious code (SC Magazine)
Caching servers used by leading search engines have become
malicious code repositories, according to a report published yesterday.
Microsoft Releases 6 Patches for Flaws (AP)
Microsoft Corp. on Tuesday released six patches to fix software
flaws that carry its highest threat rating, including three for defects
that attackers were already trying to exploit.
Google's official blog gets hacked (PC Advisor)
A hacker broke into Google's main official blog and posted a
false message, saying the company had decided to cancel a joint project
with eBay.
_____________________________________________________________________________________
October 10, 2006
Microsoft Updates for Vulnerabilities in Windows, Office, and Internet
Explorer (US-CERT)
Microsoft has released updates that address critical
vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft
Office. Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause a denial of
service on a vulnerable system.
Group Warns of More Junk E-Mail (AP)
The anti-spam group Spamhaus Project warned more junk e-mail could be on
the way as it prepares to lose its domain name thanks to a company it
has accused of sending spam.
Chaos Computer Club condemns e-voting machine (The Register)
Flaws detected The German Computer Chaos Club, Europe's largest
hacker group, has called for a ban on the Nedap ES3B voting machine and
similar computers after a Dutch citizens group found flaws in the dated
e-voting machine.
_____________________________________________________________________________________
October 9, 2006
Ex-HP Chair Dunn Says Charges She Led Spying A Lie (Information Week)
Patricia Dunn says former board member Thomas Perkins waged a
campaign of 'disinformation' against her.
Chinese Hackers Attack Commerce Dept. (NewsFactor)
For the second time in four months, Chinese hackers have been
discovered trying to crack U.S. government computers. This time, the
brazen attacks zeroed in on the Commerce Department.
Hacker attacks hit home computers 50 times a night (Guardian Unlimited)
Technology: Home computers can be attacked by hackers more than
50 times a night, experiment shows.
Security on $100 laptop draws interest (The Columbus Dispatch)
The $100 laptops planned for children around the world might turn
out to be as revolutionary for their security measures as for their
low-cost economics.
October 6, 2006
Compliance no longer number one driver for archiving (SC Magazine)
A new survey showed this week that while archiving technology
continues to be more prevalent in the data center, regulatory compliance
is no longer the number one driver to adopt new archiving equipment and
software.. _____________________________________________________________________________________
October 5, 2006
Microsoft to release 11 fixes on Patch Tuesday (SC Magazine)
Microsoft plans to release 11 patches on Tuesday as part of its
monthly fix cycle, the software giant announced today.
Service Taps Community to ID Mail Scams (AP)
A new service for fighting e-mail fraud seeks to tap the wisdom
of the Internet community: Anyone will be able to submit suspected scams
for others to vote up or down.
Microsoft aims to scuttle pirated copies of Vista (Reuters)
Microsoft Corp's upcoming Windows Vista computer operating system
will include technology that is designed to prevent pirated copies from
fully functioning, the software giant said. _____________________________________________________________________________________
October 4, 2006
Dunn and Four Others Named in Criminal Complaint in HP Spy Scandal (PC
World)
State of California includes former HP senior lawyer, a security
consultant, and two others in the criminal complaint filed today.
Hacker backpedals on Firefox zero-day (USA Today)
A hacker who claimed to have found a serious zero-day bug in
Firefox now says he was never able to exploit the supposed vulnerability
to hijack computers.
Security Software Makers Upset Over Windows Vista (New York Times)
The companies say the new version of Windows hinders them and
steers users to Microsoft?s security offerings.
Firefox hacker exposed as a fraud (Computer Active)
A security expert who claimed to have discovered a critical
vulnerability in the open source Firefox browser has retracted his
original claims. Mischa Spiegelmock demonstrated what he claimed was a
JavaScript vulnerability in Firefox at the ToorCon hacker conference in
San Diego over the weekend. _____________________________________________________________________________________
October 3, 2006
SPI Dynamics: Java capability puts search users at risk (SC Magazine)
A leading researcher with SPI Dynamics announced at ToorCon last
week that search engine users are at risk of having their sensitive
search terms revealed with a simple technique using JavaScript.
Hackers Crash the Social Networking Party (PC World)
Huge crowds in social networking sites draw money-minded malware
authors. _____________________________________________________________________________________
October 2, 2006
Multiple Vulnerabilities in Apple and Adobe Products (US-CERT)
Apple has released Security Update 2006-006 and Mac OS X 10.4.8
Update to correct multiple vulnerabilities affecting Mac OS X, OS X
Server, Safari, Adobe Flash Player, and other products. The most serious
of these vulnerabilities may allow a remote attacker to execute
arbitrary code. Impacts of other vulnerabilities include bypass of
security restrictions and denial of service.
Phone Data Privacy Bill Stalls In House Again (Information Week)
Bickering between Republicans and Democrats erupted late Friday over
whether to add provisions to address intelligence gathering methods by
government agencies.
Security on Firefox seems poorer than it should be (EARTHtimes)
The open source web browser Firefox is a mess as far as it's handling of
JavaScript is concerned, two hackers revealed on Saturday. Mischa
Spiegelmock and Andrew Wbeelsoi said at the ToorCon hacker conference in
San Diego that Firefox leaves a computer vulnerable because malicious
hackers can takeover by creating a web page containing malicious
JavaScript code.
IT managers weighed down by using too many security products (Computing)
Reseach commissioned by McAfee shows that businesses want
security to be more simple A desire for easier management of IT security
is being undermined by complex security purchasing strategies, according
to research by Ipsos MORI, commissioned by security vendor McAfee.
|
