|
Security Headlines
Back
September 30, 2005
New Malware Redirects Google, MSN, And Yahoo Traffic (Information Week)
PremiumSearch installs a fake "Google" toolbar and sets the
victim's browser home page to the PremiumSearch search engine. The goal
is to collect traffic-dependent advertising income.
Threat Alert: Spear Phishing (PC World)
Targeted e-mail attacks try to lure you in with specific,
convincing messages.
Unattended PCs Security Risk Underestimated (TechWeb)
Lonesome PCs pose a significant security risk that enterprises
often ignore.
Threat Alert: Instant Messaging Attacks (PC World)
Worms disguised as harmless links or attachments wriggle through
chat software.
Police blotter: Was union official hacking? (CNET)
A federal judge weighs allegations of computer hacking in a nasty
dispute between two labor unions.
Threat Alert: Antivirus Killers (PC World)
Savvy invaders can erode your PC's defenses and make it even
more vulnerable.
_____________________________________________________________________________________
September 29, 2005
Sony cracks down on PSP hacks (CNET)
Firmware update will fix flaw that lets hackers downgrade latest
console software and run their own code.
F-Secure Security Suite Tackles Spyware, Rootkits (eWeek)
The Finnish anti-virus vendor ships a new consumer-facing
security suite that features new anti-spyware and rootkit-detection
technologies.
IM Networks Under Daily Attack (TechWeb)
Threats against instant messaging (IM) networks are on a roll, a
security firm says.
Microsoft Updates Office 2003 With SP2 (Security Pipeline)
Microsoft quietly releases a service pack update for Office 2003
late to beef up security and fix stability problems.
Mobile Viruses Could Get Nasty Fast (PC World)
As security tightens on servers and PCs, cell phones and PDAs
become an attractive target.
Too many passwords create frustration, security risks (SC Magazine)
Nearly a quarter of employees have to remember 15 or more
passwords, according to a new survey.
Penn AG Shuts Web Loan Site Charging 630% Interest (TechWeb)
Pennsylvania's Attorney General says an alleged bogus Web-based
payday loan operation will shut its site.
Cybersecurity Regulation Called Possible (PC World)
If private sector and government agencies can't guard against
cyberattacks, Congress might step in.
Cisco Upgrades U.S.'s Primary Law Enforcement Network (Security
Pipeline)
Cisco Systems Inc. has signed a deal to supply technology to
upgrade the National Law Enforcement Telecommunications System (Nlets),
the United States' primary interstate law enforcement information
network.
Soldiers In Iraq Notified Of Possible Identity Theft (Information Week)
Hard drives stolen from an Army base in Colorado include
personnel records of about 15,000 active duty soldiers.
U. of Ga.: Hacker May Have Student Info (AP)
The University of Georgia said a computer hacker may have accessed
the names and Social Security numbers of at least 1,600 current and
former employees.
_____________________________________________________________________________________
September 28, 2005
Hackers Step Up Attacks on IM Networks (eWeek)
Messaging malware attacks are on the rise, according to a report
from IM security vendor Akonix. In the recent quarter, the rate rose to
one attack a day.
cups
security update (TigerTools)
A bug was found in the way CUPS processes malformed HTTP
requests. It is possible for a remote user capable of connecting to the
CUPS daemon to issue a malformed HTTP GET request that causes CUPS to
enter an infinite loop.
Trojan army invades Europe and the U.S. (SC Magazine)
Trojan-based attacks will take over from email phishing in the
U.S. and Europe as trojans become more sophisticated and harder to stop,
according to a new report.
'Fast Lane' Airport Security Test Ends (Information Week)
The trial run proved the need to continue gathering information about
airline passengers, a government official said this week.
_____________________________________________________________________________________
September 27, 2005
SanDisk unveils secure memory card (Reuters)
SanDisk Corp. on Tuesday introduced memory cards that let
consumers move digital video and music among devices like cellphones and
computers without violating copyright protection.
Anti-Spyware Suits: New Era for Security Industry? (eWeek)
Civil complaints against Direct Revenue and 180Solutions are
seeking class action status. A preliminary ruling could open the
floodgates and change the face of the adware/spyware industry.
Security Weaknesses Threaten Nation's Air Traffic Systems, GAO Says
(Security Pipeline)
The Federal Aviation Administration hasn't adequately managed its
networks, software updates, and user-access controls, congressional
auditors say.
Microsoft Previews Digital Locker Downloads (TechWeb)
Microsoft has opened a preview of its virtual lockbox that saves
rights management keys for downloaded software, letting users re-install
purchased programs without needing to search for authorization codes.
FIFA scam lures footy fans (SC Magazine)
FIFA has warned users to be wary of a phishing campaign aimed at
taking advantage of money-hungry football fans.
No SOX please, we're non-compliant (SC Magazine)
Companies will fail SOX audits in 2006, according to their IT
departments.
Linux RealPlayer Under Zero-Day Gun (TechWeb)
The Linux versions of RealNetworks' popular RealPlayer and Helix
Player can be used by attackers to load malicious code onto systems,
several security organizations say.
Bluesnarfing brings Bluetooth blues (SC Magazine)
Employees risk having confidential data accessed by hackers by
leaving their Bluetooth-enabled mobiles and PDAs open to snooping,
according to a new study.
Web mulls Google's threat to Microsoft (CNET)
Discussion grows over whether the Web will become the next
computing platform, and whether Microsoft can compete if it does.
Cisco Bolsters Network Security (Information Week)
The newest offerings are part of Cisco's Self-Defending Network
security strategy, launched a few years ago to deliver real-time
response to threats based on internal and external network intelligence.
U.S. air traffic control system 'open to hackers' (SC Magazine)
America's air traffic control systems are open to attack from hackers
and cyber-terrorists according to a new GAO report.
SSH Claims for New Secure Shell Draw Open-Source Ire (eWeek)
SSH Communications Security claims that its new Secure Shell
program is far superior to open-source alternatives do not sit well with
free-software developers.
Hack-proof handsets? (CNET)
Plan for standardized, hardware-based mobile phone security looks to
protect user data from hackers.
_____________________________________________________________________________________
September 26, 2005
Apple Plugs Critical OS X Vulnerabilities (NewsFactor)
Apple has issued fixes for 10 security holes that have been rated
as "critical" by security firms. The patches are available through the
company's Web site.
Judge Sides With Visa, Mastercard In Test Of Consumer Protection Law
(Security Pipeline)
A California judge ruled Friday that Visa USA Inc. and MasterCard
International Inc. don't have to send individual warnings to thousands
of consumers whose personal account information was stolen during a
high-tech heist uncovered earlier this year.
Vendor Adds Unified Messaging To Mobile E-Mail (Mobile Pipeline)
New software not only provides mobile e-mail support, but also
instant messaging, voice and text messaging.
Home banking users fail to keep AV up to date (SC Magazine)
Over half of all home banking users admit their PCs and laptops
have been infected by a computer virus, according to a new survey.
Business Continuity Dominates at Storage Decisions (eWeek)
Among the products promising performance improvements and
recovery at the Storage Decisions Conference are Microsoft's DPM and
EqualLogic's first SATA II-based storage array.
Report Blasts TSA's Passenger Screening Program (Information Week)
The government has spent millions since Sept. 11, 2001, to develop a
system to ensure terrorists don't board planes. But they still can't get
it right--and shouldn't do any more work on it until they do, a
government oversight panel says.
Phishers Try New Tactics (PC World)
Security firms are also quick with new protections against spoofed
e-mail and sites.
Judge Sides With Visa, Mastercard In Test Of Consumer Protection Law
(Information Week)
The credit-card companies don't have to warn thousands of people that
they may be at risk for identity theft, a California judge ruled on
Friday.
_____________________________________________________________________________________
September 25, 2005
China Imposes New Rules on News Web Sites (AP)
China is imposing new regulations to control content on its news Web
sites, the government said Sunday, another step in its ongoing effort to
police a rapidly expanding Internet population.
_____________________________________________________________________________________ September 24, 2005
Latest
Top Virus Threats (Symantec)
These are the latest top virus-related threats discovered by
Symantec Security Response:
W32.Zotob.E and
W32.Esbot.A
_____________________________________________________________________________________
September 23, 2005
mozilla
security update (TigerTools)
A bug was found in the way Mozilla processes XBM image files. If
a user views a specially crafted XBM file, it becomes possible to
execute arbitrary code as the user running Mozilla. Updated mozilla
packages that fix several security bugs are now available.
The Key to Defeating Internet Crooks (NewsFactor)
Recent high-profile security lapses have begun to make us all acutely
aware that personal information may not always have adequate levels of
protection in place.
Sophos: Cell phone virus claims are 'bonkers' (CNET)
Trend Micro admits chances of infection are relatively low but
says virus could be a forerunner of worse threats to come.
Court Battle Tests Consumer Protection Laws (Information Week)
Visa and MasterCard are heading to court over whether they must
notify customers--at least those who live in California--that a hacker
stole their account information.
Phishers set sights on AOL users (SC Magazine)
Phishers are targeting hapless AOL users in an attempt to steal
personal information and credit card details, according to Websense
Security Labs.
firefox
security update (TigerTools)
A bug was found in the way Firefox processes XBM image files. If
a user views a specially crafted XBM file, it becomes possible to
execute arbitrary code as the user running Firefox. An updated firefox
package that fixes several security bugs is now available for Red Hat
Enterprise Linux 4.
Supply Chain Security Poses Opportunities, Obstacles (eWeek)
With Hurricane Rita poised to hit Texas, showgoers at the
Maritime Security Conference in New York grappled with how to implement
supply chain security technologies adept at handling both physical
disasters and terrorist attacks.
WatchGuard Technologies' Firebox SSL-Core VPN Gateway (Security
Pipeline)
SSL VPNs have become more robust and easier to deploy, making
them ideal for keeping road warriors safely connected without the
complexities of IPsec.
Senate Introduces Funding For Emergency Communications (Information
Week)
The bill would give states and communities up to $400 million in
2006, increasing gradually to $1 billion by 2010, to improve emergency
communications capabilities.
Digital Signatures Are Key To E-Mail Security (Security Pipeline)
Spam and malware aren't the only e-mail security problems today.
You may need to verify the authenticity of an e-mail message and the
identity of its sender for commercial contract purposes or regulatory
compliance.
Symantec breaks open its wallet again (SC Magazine)
Symantec has raided the security supermarket once more and acquired
anti-phishing and anti-spyware company WholeSecurity.
_____________________________________________________________________________________
September 22, 2005
New Mobile Virus Also Aims At PCs (Security Pipeline)
A new Trojan aimed at Symbian-based smartphones also attempts to
infect the user's Windows PC with two viruses, according to an
anti-virus vendor.
Enterprises Need to View the Big Security Picture (eWeek)
Too many businesses of all sizes try to attack security threats
on a piecemeal basis rather than develop a strategic plan for the entire
organization.
Telecom operators twice shy as viruses go mobile (Reuters)
It is December 2007 and you have just switched on your new mobile
phone to find it has been sending thousands of unwanted photos to all
your friends and colleagues, putting you in line for a 5,000 euro bill.
Spam Rate Declines As Volume Increases (TechWeb)
Spam's slice of the e-mail pie has dropped by 12 percent so far
this year, a message filtering firm says.
Name that worm (CNET)
Plethora of different handles for same threat can confuse
security efforts. Common-ID scheme looks to fix that.
Firefox Flaws Rival Internet Explorer's (NewsFactor)
The Symantec report found that viruses were increasingly
propagated by criminals trying to glean personal information from
infected machines for use in financial fraud or identity theft, rather
than by mischievous cyber-vandals as in the past.
Bug Gets Mozilla's Bird (TechWeb)
Mozilla Corp.'s Thunderbird e-mail client for Linux suffers from
the same serious vulnerability as its Firefox browser, a security firm
says. The difference: Thunderbird has not been patched.
Canyon country clamps down on cell spam (SC Magazine)
An Arizona court has outlawed text message spam for the first time in
the U.S. _____________________________________________________________________________________
September 21, 2005
AOL Unveils New Antispyware Tools (NewsFactor)
America Online is rolling out a new suite of antispyware tools
that it claims will be faster, more effective and less confusing for its
members.
Fix in for Firefox bugs (CNET)
Security update to open-source browser patches several flaws. A
similar revamp for Mozilla is on its way.
AOL Offers New Anti-Spyware Tools (Information Week)
AOL is offering customers free software from Computer Associates
that scans a PC to detect and block more than 28,000 types of spyware,
adware, keystroke loggers, and Trojan horses.
Spam Bagle surge fills internet (SC Magazine)
A major spamming attack has sent waves of Bagle virus across the
globe, infecting thousands of computers.
Verso Applicance Lets Enterprises Block Skype (Advanced Pipeline)
Verso Technologies announced an update to their NetSpective
content filtering appliance that the company claims is the first in the
market able to monitor and block the use of Skype on enterprise
networks.
Symbian phone virus infects Windows (SC Magazine)
A mobile phone virus has been created that can infect PCs.
Is VOIP the Next Target of Worms, Spam? (PC World)
Security vendor warns that hackers and virus-writers are eyeing
Web telephony.
Mozilla nightmare continues as site hit by hackers (SC Magazine)
Not-for-profit software group Mozilla has been hit by hackers
downloading infected source code onto its website.
CA Wins Deal to Protect 20M AOL Users (eWeek)
AOL's anti-spyware protection utility uses Computer Asssociates' eTrust
PestPatrol Anti-Spyware technology to scan AOL users' systems.
_____________________________________________________________________________________
September 20, 2005
Keystrokes Reveal Passwords to Researchers (AP)
If spyware and key-logging software weren't a big enough threat
to privacy, researchers have figured out a way to eavesdrop on your
computer simply by listening to the clicks and clacks of the keyboard.
Microsoft Says Security Efforts Showing Fruit (TechWeb)
Microsoft's chief security executive says the company is
keeping pace with faster-on-their-feet attackers.
Sana Halts Viruses With New Tactic (PC World)
Primary Response identifies malware by its behavior, not through
definitions.
Malware Writers Winning Security War (NewsFactor)
Despite stepped up efforts to harden computer security and
tighten network perimeter defenses, criminals continue to outsmart
security barriers with new malware.
Expert: Converged Networks Bring Converged Threats (eWeek)
Converged networks that carry voice and data traffic using VOIP
technology can bring tremendous benefits but means extra security risks
that will add to their costs.
Microsoft Accuses Eight of Piracy (PC World)
Suits filed against companies in five states allege marketing
illegal copies of Windows.
Lawmakers Question Cyber-Disaster Preparedness (eWeek)
Ravages of Hurricane Katrina lead to questions about country's
ability to bounce back from attack on technology infrastructure.
Borderware Debuts SIP Firewall For VoIP, IP Apps (Networking Pipeline)
Borderware Technologies Inc. today unveiled SIPassure 2.0, the
latest version of its Session Initiation Protocol (SIP) firewall, which
it says will help raise the level of security for SIP-based
applications.
IBM, Cargo Firm Team On Real-Time Ship Tracking (Information Week)
The idea is to use technology to help figure out if cargo has
been tampered with since the ship left port.
Spam Slayer: Katrina Scams Proliferate (PC World)
Spammers take advantage of hurricane misery.
Hollywood studios form tech group to fight piracy (Reuters)
Hollywood's six major film studios on Monday unveiled a technology
venture to find new ways of protecting movies from illegal copying and
distribution in black markets or over the Internet.
_____________________________________________________________________________________
September 19, 2005
Malware targeting confidential data on the rise (SC Magazine)
The internet saw an increase in malicious code that exposed
confidential information as online criminals sought to make a profit,
according to Symantec.
Zombie Armies Attack British PCs (PC World)
Symantec study estimates more than 1 million computers worldwide
are infected with malicious bots.
Microsoft acquires ID management company Alacris (CNET)
In buying its Canadian partner, the software giant plans to
bolster its Longhorn security efforts.
Viisage Adds RFID To E-Passport Smartchips (TechWeb)
Identity solutions provider Viisage has released smartchips for
its iA-thenticate product line, incorporating RFID capability for travel
credential authentication.
Colleges, Government Team on Cybersecurity (PC World)
Iowa State to house first shared research developing new security
technologies.
Microsoft: Software Security Trendsetter? (eWeek)
Company is sharing an internal blueprint that it uses to reduce
security flaws in Internet-facing applications. Will the industry accept
Microsoft as a security leader?
AirDefense Releases Personal Hotspot Security Product (Mobile Pipeline)
Software for laptops can be set to automatically shut down when it
detects security threats.
Report: Cons, not vandals, now write viruses (CNET)
Hackers seeking monetary gain rather than thrills or notoriety are
increasingly responsible for malicious software, Symantec says.
Barracuda Launches IM Server, Security, And Compliance Appliance Lineup
(Messaging Pipeline)
XMPP-based Barracuda IM Firewall series one-ups JabberNow by
including security and compliance--and at a lower entry price.
_____________________________________________________________________________________
September 18, 2005
Google to Put Copyright Laws to the Test (AP)
Tony Sanfilippo is of two minds when it comes to Google Inc.'s
ambitious program to scan millions of books and make their text fully
searchable on the Internet..
_____________________________________________________________________________________ September 17, 2005
Spyware Remediation: It's Not "Mission Impossible" (WatchGuard)
Small and medium businesses are ripe targets for spyware, but they don't
have to remain so. SMBs can implement an effective anti-spyware program
without making a large-enterprise-sized investment.
_____________________________________________________________________________________
September 16, 2005
Security Vendor Warns of Google-spoofing Worm (PC World)
Masquerades as a free version of a Lucasfilm game.
squid security update (TigerTools)
A bug was found in the way Squid displays error messages. A
remote attacker could submit a request containing an invalid hostname
which would result in Squid displaying a previously used error message.
An updated Squid package that fixes security issues is now available.
Keyboard Click-and-Clack Reveals Passwords (TechWeb)
Attackers armed with electronic equipment that costs less than
$10 can sniff out what's typed on keyboards simply by recording
keystroke sounds, a trio of researchers said in a soon-to-be-published
paper.
Bloom: Wait And See (CRN)
Symantec and Veritas Software partners looking for details on how
the combination of the two companies will play out are going to have to
wait a little longer.
Paris Hilton hacker gets prison punishment (SC Magazine)
A Massachusetts teen has pleaded guilty to hacking into Paris
Hilton's Sidekick cell phone.
Berkeley Recovers Stolen Laptop (PC World)
PC contained personal information on thousands of grad students.
Survey: Security, Risks Top Concerns (Security Pipeline)
Five years ago, everybody in IT--heck, everybody in business--was
busily thinking outside the box. It was all about building a new
mousetrap to respond to shifting paradigms, replacing legacy technology
and business processes with Internet-enabled solutions that would let
your enterprise rule the world. My, how times have changed.
IE flaw puts Windows XP SP2 at risk (CNET)
Flaw in Microsoft's Internet Explorer could launch a remote
attack on systems running Windows XP with Service Pack 2, says security
firm.
San Fran man faces can after laptop raid (SC Magazine)
A San Franciscan has been arrested after selling a laptop
containing personal information of nearly 100,000 Berkeley University
students.
Study: Employees Ignore Security Risks (NewsFactor)
The results of a study by Trend Micro reveal that many employees
in businesses around the world are more likely to engage in riskier
online behavior at work than at home.
Is the U.S. Protecting Crucial Networks? (PC World)
Businesses say power grids, communications are secure--but Congress
wonders if we're really safe.
_____________________________________________________________________________________
September 15, 2005
Microsoft Scraps Old Encryption in New Code (eWeek)
At the PDC, the company says it is banning functions that use
algorithms that have become "creaky at the edges."
Court Orders Brazen Data Thieves to Stop (eWeek)
Privacy experts say practice of tricking phone company workers is
widespread, and stolen personal information is usually gathered for
private investigators.
Businesses Grapple With Wireless Security (PC World)
Plethora of PDAs, browser-enabled phones, and other mobile
devices threaten corporate data.
Microsoft talks up Longhorn Server security (CNET)
The software maker shares more details on security, identity
management features planned for upcoming Windows Server.
Citadel offers software warranty (SC Magazine)
Citadel Security Software has teamed with an insurance company to
offer a performance warranty for its Hercules vulnerability management
product.
Hacking's a snap in Legoland (CNET)
Toy-brick fanatics decided to modify Lego's Digital Designer
product. The company's response? "It's great."
Microsoft Talks Vista Security In Online Chat (TechWeb)
Microsoft gives some incremental insight into the security
features it's planning for its upcoming Windows Vista operating system,
via a public, online chat on MSDN.
Japanese phisher gets suspended sentence (SC Magazine)
A Japanese man received a 22-month prison sentence after he
created a fake website of Yahoo Japan in order to steal personal
information from users of that portal. The sentence was suspended for
four years.
Verizon Wireless Wins Injunction Against Data Thieves (Mobile Pipeline)
Verizon Wireless said Thursday that it has received a court order
preventing a Tennessee company continuing what Verizon calls the theft
of subscriber information.
More spyware used in identity theft (SC Magazine)
Spyware is increasingly being used by criminals to sniff out user
passwords and log keystrokes, according to new research.
Security Patch Watch: Apple Plugs Mac OS X Java Holes (eWeek)
Security vulnerabilities are patched in Apple's Mac OS X, the Sun
Java System Application Server and Cisco's Linksys WRT54G router.
Getting A Handle On Spam (Security Pipeline)
Have any of your teachers recently complained that they're not
receiving enough e-mail? Probably not. According to some estimates, spam
now accounts for at least 75 percent of all e-mail sent through Internet
service providers, a number that's projected to grow exponentially in
the next decade. Despite legislative efforts to impose harsher penalties
on spammers, their ability to send e-mail from countries without spam
laws or from individual computers they've hijacked makes spam an
extremely difficult problem to contain.
Paris Hilton Hacker Sentenced (PC World)
Teen gets 11 months' detention for charming, hacking data out of
T-Mobile. _____________________________________________________________________________________
September 14, 2005
FBI investigating Hurricane Katrina online scams (SC Magazine)
The FBI is investigating several reports of fraudulent sites
pretending to be charitable organizations collecting money for victims
of Hurricane Katrina.
Workaround Issued for Firefox Flaw (NewsFactor)
Following the public disclosure of a Firefox security flaw, the Mozilla
Foundation has issued a temporary patch and workaround instructions for
all versions of the Internet browser.
Teen Sentenced in Hilton Phone-Hacking Case (eWeek)
The teenager is believed to be behind both the hack of cell phone
company T-Mobile's Web site that yielded Paris Hilton's account and the
hack of Lexis Nexis' Seisint database.
Alleged Zotob Hacker Appears in Moroccan Court (TechWeb)
The Moroccan man accused of writing the Zotob bot worm makes an
appearance in court, and afterward, his lawyer denied that Farid Essebar
wrote the worm.
Companies urged to move beyond passwords (CNET)
Emerging threats mean that passwords are no longer an adequate
means of authentication, Gartner analysts warn.
Hungry officials grill first Zotob suspect (SC Magazine)
An 18-year-old Moroccan has appeared in court charged with
distributing August's Zotob worm.
One-In-Six Spyware Apps Tries To Steal Identities (TechWeb)
A big portion of spyware aims to steal identities, underscoring
the trend toward more malicious use of such software by crooks, a
security firm says.
Teen pleads guilty to Paris Hilton Sidekick hack (SC Magazine)
A Massachusetts teen has pleaded guilty to hacking into Paris
Hilton's Sidekick cell phone.
Smart ID Cards Debated (PC World)
Panelists ponder whether all-in-one biometric cards are handy or
hazardous.
Malware time bomber banged to rights (SC Magazine)
A Californian man has been convicted of planting a malware "time
bomb" in his former employer's computer.
_____________________________________________________________________________________
September 13, 2005
Users likely to take more online risks at work than home (SC Magazine)
Corporate users are more apt to click on suspicious links or
visit suspicious web sites at work than home, according to a survey
conducted by anti-virus supplier Trend Micro.
Nevada Nuclear Site to Get New Virtual Survey Tool(TechWeb)
The National Nuclear Security Administration will use a new
computer-based security tool to give emergency responders complete
imaging at one of its facilities in Nevada.
xorg-x11
security update (TigerTools)
Updated X.org packages that fix several integer overflows are now
available for Red Hat Enterprise Linux 4.
Microsoft fixes Windows 2000 update (CNET)
The software maker misses Patch Tuesday but re-releases an update
pack for Windows 2000 to fix several bugs.
Phoney Anti-Spyware Software Lures Unsuspecting Users (TechWeb)
A scam that's spoofing Microsoft's Windows Security Center shows
that phishers are increasingly abandoning the traditional e-mail ploy of
telling consumers their bank accounts are at risk.
Battlefield Technology Brings Security To Iowa Buses (TechWeb)
Originally developed for battlefield communications, Motorola's
mesh-network technology is currently enjoying renewed life as wireless
routers/repeaters on city buses in Cedar Rapids, Iowa.
VoIP Provider Spills Customer E-Mail (NewsFactor)
VoIP provider Packet8 accidentally disclosed the e-mail addresses
of 21,000 of its subscribers. If criminals get the list, Packet8
customers could become the target of phishing attacks.
Rutgers Turns to Biometrics for Lab Access (TechWeb)
Rutgers University is controlling access to expensive research
equipment in its Material Science and Engineering research laboratories
by using biometrics.
Businesses And Networks Are Unprepared For Disasters: AT&T Survey
(Networking Pipeline)
Despite high-profile disasters like Katrina, a high percentage of
networks and enterprises remain unprepared.
Coming Soon To A Gateway Near You: Sendmail In A Box (Security Pipeline)
Sendmail announced announcing availability of Sendmail Sentrion, the
company's new e-mail security appliance that represents its latest
advance in e-mail security. The company's enterprise e-mail network
experience and its well-known e-mail security software have been
combined to deliver this new high-performance e-mail security appliance.
Coming Soon To A Gateway Near You: Sendmail In A Box (Messaging
Pipeline)
The Sentrion e-mail security appliance represents Sendmail's latest
advance in e-mail security. _____________________________________________________________________________________
September 12, 2005
Microsoft Delay Of Patch Underscores Slow Fix Process (TechWeb)
Microsoft has withdrawn the single security patch once scheduled
for Tuesday, saying that it needs more time to test the fix.
New Security Vulnerability Hits Firefox (NewsFactor)
Firefox is susceptible to a buffer overflow attack that is deemed
highly critical. The flaw was discovered by security expert Tom Ferris
and affects all versions of the open-source browser.
mozilla
security update (TigerTools)
A bug was found in the way Mozilla processes certain
international domain names. An updated mozilla package that fixes a
security bug is now available.
Schlumberger Upgrades Network Port Security (Information Week)
Schlumberger Oilfield Services deploys a security appliance from
Lockdown Networks to prevent unauthorized access to its network and to
ensure that those that do connect have updated security software
installed.
Mozilla Patches Firefox Flaw (PC World)
Workaround will prevent exploits that allow remote control of
users' systems through browser bug.
Sigaba Launches New Release of Outbound Content Control Software
(Messaging Pipeline)
The increased outbound message control is provided through
strengthened gateway content filtering capabilities.
firefox
security update (TigerTools)
An updated firefox package that fixes as security bug is now
available for Red Hat Enterprise Linux 4.
Homeland Security CTO Doesn't Mince Words (Security Pipeline)
It was a topic of discussion--even accusation--in the days
immediately following the hurricane, and then simply acknowledged last
week: Katrina revealed deficits in federal disaster-response plans, the
Department of Homeland Security's chief technology officer, Lee Holcomb,
told a gathering of IT professionals last week.
Ask Jeeves Disputes Anti-Spyware Flaggings (eWeek)
Vendors say their security apps highlight Ask Jeeves' programs
because they install without full disclosure.
Sigaba Launches New Release of Outbound Content Control Software
(Security Pipeline)
Sigaba today announced release of its new SigabaNet outbound content
control (OCC) software. The new edition features corporations, health
care organizations and government agencies more control over information
leaving the enterprise through their outbound messaging systems.
E-Mail Remains A Point Of Vulnerability (Security Pipeline)
The total cost to protect E-messaging systems ranges from $117.34 per
user per year for companies with fewer than 2,500 employees to $62.87
per user per year for companies with 2,500 or more employees. This
translates into a monthly cost per user of $9.78 and $5.24,
respectively.
_____________________________________________________________________________________
September 11, 2005
Fraud Reveals Workings of Internet Theft (AP)
The illicit haul arrived each day by e-mail, the personal details
of computer users tricked by an Internet thief: a victim's name, credit
card number, date of birth, Social Security number, mother's maiden
name.
Social Engineering (WatchGuard)
The easiest way to break into any computer system is to use a valid
username and password and the easiest way to get that information is to
ask someone for it. In the world of computer security, the term "social
engineering" refers to tricking someone into revealing information, such
as a password, useful for an attack.
_____________________________________________________________________________________
September 10, 2005
Spyware Risk: It's Time to Get Smart (WatchGuard)
Many users vaguely understand the security risks, privacy invasions, and
performance costs associated with having spyware secretly and
maliciously installed on their computers. Fewer users know the many
forms spyware takes and the truly evil activities it performs. Beyond a
general sense that spyware is uninvited, malicious software, average
users know very little about it. _____________________________________________________________________________________
September 9, 2005
Microsoft Cancels September Patch Day Update (eWeek)
After announcing plans to release a single security bulletin,
Microsoft now says a "quality issue" has forced the cancellation of the
patch rollout.
DOJ, FBI Pool Resources For Battle With Katrina Fraudsters (TechWeb)
Federal law enforcement stepped up its efforts to quash
Katrina-related fraud by setting up a special task force to deal with
the booming scam business.
pcre
security update available (TigerTools)
An integer overflow flaw was found in
PCRE, triggered by a maliciously crafted regular expression. On systems
that accept arbitrary regular expressions from untrusted users, this
could be exploited to execute arbitrary code with the privileges of the
application using the library.
Microsoft Opens Security Service Beta To All (TechWeb)
Microsoft has opened the beta program of its OneCare anti-virus service
to all comers after keeping the list short since testing began in June.
Yahoo Accused of Hosting Phishers (NewsFactor)
According to a consumer advocacy group, Yahoo and other Web site
hosts are guilty of housing thousands of fraudulent Web sites aimed at
ripping off Internet users.
IMlogic Launches IM Threat Protection (PC World)
New security system is designed to predict and fight attacks that
spread over popular instant messaging networks.
exim security update available (TigerTools)
Updated exim packages that fix a
security issue in PCRE and a free space computation on large file system
bug are now available for Red Hat Enterprise Linux 4.
Unpatched Firefox flaw may expose users (CNET)
The problem lies in the way the browser handles Web links that
are overly long and contain dashes, a researcher says.
Lancope's StealthWatch System 5 (Security Pipeline)
Network anomaly-detection systems are gaining popularity as an
added measure of protection beyond intrusion-detection and -prevention
systems.
Softly softly scammers steal money on the sly (SC Magazine)
Internet thieves are resorting to a "softly softly" approach in order to
steal money from users' accounts without arousing suspicion. _____________________________________________________________________________________
September 8, 2005
Only One Patch Due in Microsoft's Monthly Security Fix (PC World)
Expect a patch of a Windows flaw deemed critical.
CardSystems submits PCI compliance report (SC Magazine)
Credit card processing company CardSystems is banking on an
independent assessment validating its compliance with the Payment Card
Industry (PCI) data security standard to convince former clients to take
it back, but so far none are biting.
Symantec Plugs DoS Flaws in Brightmail (eWeek)
The enterprise-facing anti-spam product gets a security makeover
to patch a pair of "moderately critical" vulnerabilities.
Religious trojan nabs naughty surfers (SC Magazine)
A trojan is spying on surfers and displaying messages from the
Koran if they look at naughty websites.
McAfee Releases Internet Security Suite 2006 (PC World)
Software is designed to protect consumers from viruses, spyware,
phishing scams, and identity theft.
Half of companies have no data leakage strategy (SC Magazine)
Nearly half of companies do not have a strategy to deal with data
leakage and information management, according to a new study.
Cisco Issues IOS Vulnerability Warning (NewsFactor)
Cisco has revealed that routers and other devices running new
versions of its Internetwork Operating System (IOS) are vulnerable to
attack. The company has urged users to patch.
VoIP Fuels Security Appliance Growth: Report (Security Pipeline)
Enterprise voice over IP (VoIP) adoption is fueling a growing and
robust security appliance market, as organizations adapt existing
security systems to the demands of the new technology according to new
research from In-Stat.
_____________________________________________________________________________________
September 7, 2005
Cisco Gear Hackable, Net Security Risk Rises (TechWeb)
Cisco has confirmed that routers and other devices running the
newest versions of its IOS (Internetwork Operating System) may be
vulnerable to serious attack.
IM threats decline but grow in sophistication (SC Magazine)
Threats to instant-messaging systems dropped 33 percent last
month, according to Akonix Systems, a supplier of IM security products.
Koran-Spouting Trojan Is First Example of 'Moralityware' (eWeek)
Malicious software monitors IE title bar and displays religious
warning and freezes system whenever user visits a porn-like site.
CA Rolls Protection Suite For Midmarket Windows (Security Pipeline)
Computer Associates has introduced a package of protection
software for Microsoft's new mid-market version of its Windows Server
System. The announcement was made at Microsoft's Business Summit
Wednesday in Redmond, Wash.
Nigerian Scams Spin Katrina Disaster (TechWeb)
Nigerian-style scams that use the ongoing Katrina disaster are
beginning to appear.
Firestarters more dangerous than hackers (SC Magazine)
Fire is a bigger threat than viruses, according to a survey of
more than 800 IT directors, even though only a third of them backup data
remotely.
Group Spearheads Security Compliance (NewsFactor)
CIOs plagued with the ever-increasing challenges of meeting
security-compliance requirements might soon get help from a new group
formed to promote research in this area.
Court Orders Kazaa Owners To Block Pirated Content (Security Pipeline)
A federal judge on Monday ordered distributors of the popular
file-swapping program Kazaa to alter the software, which millions have
downloaded, so it can no longer be used for music piracy.
Ex-Student Sentenced for Computer Hacking (AP)
A former University of Texas at Austin student has been sentenced
to five years of probation and ordered to pay more than $170,000 in
restitution for hacking into the school's computer system and taking
Social Security numbers and other personal information from tens of
thousands of people.
Canadian Builder Selects Mirapoint Anti-Spam Appliance (Security
Pipeline)
Mirapoint announced that Jayman MasterBuilt, one of Western
Canada's largest homebuilders, has selected the Mirapoint's RazorGate
100 e-mail security appliance to protect its network against spam.
httpd
and cvs security updates available (TigerTools)
Updated Apache httpd packages that correct two security
issues are now available for Red Hat Enterprise Linux 3 and 4. Also, an
updated cvs package that fixes a security bug is now available.
_____________________________________________________________________________________
September 6, 2005
New Trojan Swaps Porn for Koran (PC World)
Koran message chastises user when browser title bar shows
something 'objectionable.'
Symantec Launches First Security, Backup Bundle (CRN)
Symantec has released to partners its first bundles combining
products from its security line with backup solutions from recently
acquired Veritas Software.
Symantec Patches Antivirus App (PC World)
Flaw found in corporate software could allow unauthorized access
to a company's servers.
Spamhaus: Yahoo major phishing site host (CNET)
Anti-spam group Spamhaus says almost 5,000 sites on Yahoo use the
words "bank," "eBay" and "PayPal" in their domain names.
Court Orders Kazaa Owners To Block Pirated Content (Internet Week)
A federal judge orders distributors of the popular file-swapping
program to alter the software, which millions have downloaded, so it can
no longer be used for music piracy.
IMLogic Launches Preemptive IM Threat Protection System (Messaging
Pipeline)
New level of protection designed to respond to new, higher levels
of IM-specific threats and malware.
Katrina heralds wave of phishing fraud (SC Magazine)
Spammers and phishers hoping to profit from hurricane Katrina
have been waging a week-long email campaign.
Court Orders Kazaa to Stop Pirates (AP)
A federal judge on Monday ordered distributors of the popular
file-swapping program Kazaa to alter the software, which millions have
downloaded, so it can no longer be used for music piracy.
_____________________________________________________________________________________
September 5, 2005
New technology may increase identity theft (CNET)
New technology could increase rather than solve the problem of
identity theft and fraud, a British criminologist said Monday.
Collaboration Helps Nab Cybercriminals (Security Pipeline)
The quick arrests of two of the people allegedly involved in the
Zotob and Mytob worms show how international coordination is crucial to
curbing Internet-related crimes. The FBI says it worked with Turkish and
Moroccan law-enforcement agencies and Microsoft in tracking down the
suspects, and the collaboration also aided in the identification of
another 15 possible suspects.
IMLogic Curbs IM Threats in Real Time (eWeek)
As instant messaging usage grows in the enterprise, so does
security concern about the messaging stream.
Tighter Security For PDAs (Security Pipeline)
Many PDA users want E-mail access to business networks, but IT
security administrators don't want the PDA security risks. Without help
from third-party vendors, BlackBerrys and Palms would remain nifty
calendars and address books for many users, rather than the laptop
substitutes they're meant to be.
Companies ignore dos and don'ts of DoS (SC Magazine)
Nearly three-quarters of businesses think they are safe from DoS
attacks when they have less than adequate protection in place.
Australian Court: Kazaa Breached Copyright (AP)
A court ruled Monday that popular file-swapping network Kazaa
breaches copyright in Australia and gave the service's owners two months
to modify their Web site to prevent further piracy by its millions of
users.
_____________________________________________________________________________________
September 4, 2005
Why Hackers Want You (WatchGuard)
You're not the Pentagon. Or Microsoft. Or NASA, Wells Fargo, AOL Time
Warner, or Daimler Chrysler. You're not even headquarters for a burger
franchise. No, you're just part of a small- or medium-sized enterprise (SME),
perhaps even a home-based business with enough employees to count on one
hand. There are a gajillion companies in the world larger and more
affluent than yours, so they'd be more logical targets for a hacker,
right? After all, what does your network have that any e-punk would
want?
_____________________________________________________________________________________
September 3, 2005
Top 10 Security Tips for Network Users (WatchGuard)
Share these Top Ten Tips with your network users for instant
security payback. NOTE: This is a
PDF file.
_____________________________________________________________________________________
September 2, 2005
Symantec Enterprise AV Open To Multiple Attacks (TechWeb)
Security researchers have posted information about the second
report this week of bugs in Symantec's enterprise anti-virus software.
Maintaining Continuity In Face Of Disaster (Security Pipeline)
In the wake of Hurricane Katrina and the massive disruption to
life and property that will be felt well beyond the Gulf states, much of
the technology discussion will likely focus on backup systems and
disaster-recovery procedures.
Windows Firewall Flaw No Vulnerability, Says Microsoft (TechWeb)
Although Microsoft doesn't consider the bug a security
vulnerability, it has posted a fix for users to download.
McAfee Offers Clean Pipes to Service Providers (eWeek)
The McAfee Clean Pipes initiative will provide McAfee technology
to service providers to help them offer data and infrastructure security
services to customers.
Roaring Penguin Rates The Words That Spammers Use (Security Pipeline)
Roaring Penguin, a company best known for its spam-fighting
server software, has recently decided to publicize the most "popular"
words found in the spam messages its softwar has trapped. The list is to
be published monthly, and is being offered to interested sites,
including this one. We thought publishing it would be a nice way to end
the summer season.
IMlogic Curbs IM Threats in Real Time (eWeek)
As instant messaging usage grows in the enterprise, so does
security concern about the messaging stream.
Status Quo as viruses are down down, deeper and down (SC Magazine)
Spam is rising but viruses and phishing attacks have gone on
holiday, according to the latest malware stats.
Symantec Anti-Virus Tool Puts Server Passwords in Danger (eWeek)
A hole in Symantec's Anti Virus Corporate Edition Version 9 could
allow an attacker to obtain sensitive server log-in information.
Blizzard wins lawsuit on video game hacking (CNET)
Players do not have the right to reverse-engineer the company's
games to improve their playability, a court rules.
Network security appliance market worth $6.4 billion by 2008 (SC
Magazine)
Growing fears of hacking, malware and virus infections have
increased sales of security appliances and software, rising four percent
to $1 billion in the first half of this year, according to new figures.
_____________________________________________________________________________________
September 1, 2005
Closing In On Fraudsters By Closing The Loop (Security Pipeline)
Stolen and cloned payment cards already cost the financial
industry on the order of $2 billion per year, and the bad guys are
getting smarter. That's why HSBC, the global bank and financial services
firm, recently hired data analysis software company SAS to improve its
ability to quickly identify payment card fraud.
ChoicePoint hacker indicted (SC Magazine)
The man who received 16 months jail time for dealing in personal
information taken from ChoicePoint has now also been indicted for
fraudulently accessing consumer financial records.
Microsoft Adds Antiphishing to IE Toolbar (PC World)
Add-ins to MSN Search Toolbar with Windows Desktop Search available
now.
Anti-Spyware Gets HIP (Security Pipeline)
The growing spyware problem may drive proactive, behavioral-based
intrusion prevention onto enterprise desktops.
ID Keepers Hit The Mainstream (Security Pipeline)
A broadly accepted standard has given federated identity
management a push into the mainstream.
Windows
Firewall Exception May Not Display in the User Interface (TigerTools)
Microsoft has received a report of an unexpected behavior in the way
that the Windows Firewall User Interface handles malformed entries in
the Windows Registry.
Needle Exchange For Hackers (Security Pipeline)
Needle exchange programs operate on the gritty premise that junkies will
shoot up regardless of risk, so you might as well give them clean
needles to prevent the spread of disease.
|
