|
Security Headlines
Back
September 29, 2006
Suspected credit card hacker picked wrong victim (Stamford Advocate)
A man accused of swiping online credit card information by
hacking into a carpet store's records apparently picked the wrong
victim.
_____________________________________________________________________________________
September 28, 2006
IE Harbors Yet Another Bug (TechWeb)
A working exploit against yet another unpatched bug in Internet
Explorer has popped up, security researchers, including those at
US-CERT, say.
CA warranty will pay customers if they're victimized (SC Magazine)
CA announced today that it is taking an unprecedented step in
consumer security protection by offering to pay its customers if they
are the victims of virus infections or identity theft.
Six Charged in AOL Phishing Scam (darkREADING)
Department of Justice alleges fraud conspiracy by attackers in
Connecticut
Army expects 'suicide hacker' attacks (ZDNet)
Australia is preparing for cyber-terrorism attacks from "suicide
hackers", who will aim to bring down critical infrastructure for a
"cause" and not worry about facing 30 years in jail for their actions..
_____________________________________________________________________________________
September 27, 2006
Attackers Target New PowerPoint Bug (PC World)
Microsoft Office app hit one day after company patches its IE
browser.
Microsoft Patches IE Browser Flaw (NewsFactor)
Although Microsoft usually releases bug patches once a month, the
company has issued a critical, mid-month fix for Internet Explorer
because of the potential risk to users.
Renaming the Administrator account in Windows XP (Tech Republic)
Make it twice as hard for a potential hacker to get into your
system by renaming the Administrator account. Here's how to do so in
Windows XP Home and Pro.
Microsoft grapples with mystery DRM cracker (silicon)
'Who's that hacker?'
Microsoft has filed a federal lawsuit against an alleged hacker who
broke through its copy protection technology, charging that the mystery
developer somehow gained access to its copyrighted source code.
_____________________________________________________________________________________
September 26, 2006
Microsoft Internet Explorer VML Buffer Overflow Update (US-CERT)
Microsoft Internet Explorer (IE) fails to properly handle Vector
Markup Language (VML) tags. This creates a buffer overflow vulnerability
that could allow a remote attacker to execute arbitrary code.
Hackers Actively Exploiting IE VML Bug (NewsFactor)
Security experts have warned of a sharp hike in the number of cyber
criminals actively exploiting the newly discovered VML vulnerability in
Microsoft's Internet Explorer browser.
Microsoft plans quick VML security patch (USATODAY)
Microsoft on Monday said it plans to take the unusual step of
issuing a security patch as quickly as possible to stem a newly
discovered flaw in its Internet Explorer Web browser that cybercrooks
have already begun exploiting to take control of victims' computers.
Philips self-destructing hacker-proof MRAM on the way (New Kerala)
The development of Magnetic Random Access Memory (MRAM) by Honeywell and
Motorola was a major breakthrough; but now electronics manufacturer
Philips plans to better it by making the chip hacker-proof.
_____________________________________________________________________________________
September 25, 2006
Unofficial IE Security Patch Released (NewsFactor)
Oliver Friedrichs, director of Symantec Security Response,
stressed that users, and especially enterprises, should first test the
patch before applying them to any mission-critical systems. "This isn't
just some off-the-cuff organization trying to make a name for
themselves. They really understand the problem."
Messages That Go `poof' After Sending Them (AP)
A hallmark of "Mission: Impossible" was the message that would
self-destruct after a spy played it. Now a startup communications
company promises that same level of secrecy with a Web-based messaging
system designed to leave no traces.
Criminals flock to the Internet, survey finds (Reuters)
Criminals are increasingly trying to trick citizens into giving them
their bank account details, according to a survey published on Monday
which showed such "phishing" attempts almost doubled in the first six
months.
Encryption Expert Teaches Security (AP)
It must say something about our times that Bruce Schneier, a geeky
computer encryption expert turned all-purpose security guru,
occasionally gets recognized in public. "My life is just plain surreal,"
he says.
September 22, 2006
Census Bureau Loses Hundreds of Laptops (AP)
The Census Bureau collects the most personal information about
Americans, from how much money they earn and where they spend it to how
they live and die. It's all confidential - as long as no one steals it.
_____________________________________________________________________________________
September 21, 2006
Google confirms phishing flaw (SC Magazine)
Google has confirmed a phishing vulnerability on its Public
Service Search, and the program remains closed for new sign-ups until it
is permanently fixed.
Hackers Reveal Vulnerable Websites (darkREADING)
Hackers are posting XSS flaws in the Websites of some
high-profile organizations
Microsoft Outlook 2003 Vulnerable to Critical IE Bug (PC World)
Addition of e-mail client makes IE vulnerability more serious.
Labour security plans stolen (BBC News)
Security for the Labour Party conference is revised after a
laptop containing top secret plans is stolen.
_____________________________________________________________________________________
September 20, 2006
From Interop:Survey shows 40 percent of organizations experienced a
breach last year (SC Magazine)
A survey conducted today at NY Interop found that 40 percent of those
polled worked for organizations that experienced at least one security
breach within the past 12 months.
Tweaked Firefox Lets You Surf Internet Without a Trace (PC World)
Torpark browser makes Web surfing more anonymous.
Hackers Building Botnet with AOL Worm (NewsFactor)
Porn Scammers Hit New IE Vulnerability Task Force Tackles
Identity Theft High Stakes in the Ongoing Spam Wars Spamhaus Still Lists
e360 as Spammer Security Products Still Sell Well
Gonzales Wants ISPs to Save User Data (AP)
Attorney General Alberto Gonzales said Tuesday that Congress should
require Internet providers to preserve customer records, asserting that
prosecutors need them to fight child pornography
_____________________________________________________________________________________
September 19, 2006
IE flaw bypasses fully patched systems (SC Magazine)
Users of Microsoft's Internet Explorer (IE) browser were warned
today of new exploits that affect even fully patched systems.
Porn Sites Use New IE Bug to Install Spyware (PC World)
Visit a Russian porn site using IE 6, risk a spyware
installation.
Visa Outlines Credit Card Risks (darkREADING)
Visa, US Chamber of Commerce list top five causes of credit card data
breaches
High Stakes in the Ongoing Spam Wars (NewsFactor)
Anti-spamming legislation has made its way onto the books and is
having some impact. On Sept. 14, the Federal Trade Commission announced
it had shut down four spamming operations for violating provisions of
the 2004 federal CAN-SPAM Act, which requires bulk e-mails to be marked
as advertising and to have an opt-out method, among other things.
EMC finishes RSA buy, also picks up Network Intelligence (SC Magazine)
EMC completed the acquisition of one security company while starting the
acquisition of another on Monday.
_____________________________________________________________________________________
September 18, 2006
What's Wrong With Google? (darkREADING)
New vulnerability in its Public Search Service is the latest in a
series of security headaches for Google
Citrix finds flaw, offers hotfix (SC Magazine)
The French Security Incident Response Team (FrSIRT) has identified a
vulnerability in Citrix Access Gateway that could allow attackers to
gain access to critical applications without providing proper
authentication.
Spamhaus Still Lists e360 as Spammer, Despite $11.7M Judgment (NewsFactor)
ISPs use Spamhaus lists to help identify spammers and block
e-mail coming from their Internet addresses. The listing hurt e360's
ability to do business as a direct e-mail marketer, the lawsuit claimed.
"Spam is a big problem, but the way Spamhaus administers its blocking
technology is not a reasonable solution to this problem," said Dave
Linhardt, president of e360.
Security Products Sold Despite Freeware (AP)
Microsoft gives away a security firewall with its latest operating
system. Many high-speed Internet service providers offer free anti-virus
protection for subscribers. And several Web sites distribute free
toolbars to warn of Web scams.
September 15, 2006
Microsoft Works to Update Windows Media (AP)
Microsoft Corp. is scrambling to update its Windows Media software after
a hacker released a program that circumvents a safeguard designed to
prevent people from freely copying digital movies and songs.
_____________________________________________________________________________________
September 14, 2006
Cybersecurity Holes Found in Mock Attacks (NewsFactor)
While the hacker test found gaps in security, the report did say
that "by and large, the participating organizations and their practices
met the challenges presented." It also said "the cybercommunity must
continue to improve its ability to effectively respond to and recover
from the most sophisticated of cyberattacks."
Mozilla's New Security Chief: Dump Old Code (TechWeb)
Mozilla Corp. has hired a former Microsoft security strategist to
help secure its open-source software, particularly its Firefox browser.
Feds Shut Down Illegal Spammers (PC World)
Unwanted e-mails included sexual explict come-ons.
Researchers believe spam should be fought at network level (SC Magazine)
A pair of Georgia Tech researchers suggested this week that internet
service providers (ISPs) might be able to fight junk email more
efficiently at the network level rather than using message content
filters.
_____________________________________________________________________________________
September 13, 2006
Six Tips To Protect Online Search Privacy (TechWeb)
Concern over privacy and the use of online search is at an
all-time high. Here's how-to create a strong shield for privacy
Microsoft Takes Third Shot at Buggy Security Patch (PC World)
Will a trifecta try at fixing Internet Explorer patch be the
charm?
FCC To Bolster Call Record Security (VAR Business)
The U.S. Federal Communications Commission plans to increase safeguards
on telephone records in the wake of Hewlett-Packard obtaining such data
as it pursued board leaks, the agency's chairman said Tuesday.
Group Releases Spec For Cellphone Security (eeTimes)
The Trusted Computing Group officially rolls out its standard for
cellphone security, a specification three years in the making.
_____________________________________________________________________________________
September 12, 2006
Security Software Revenues Up Nearly 15 Percent (TechWeb)
Revenues from security software rose nearly 15 percent last year,
driven by continued growth in the antivirus market.
Microsoft Patches Its Patches (darkREADING)
Microsoft released patches for Publisher and two Windows
vulnerabilites plus re-patched an Internet Explorer patch
Microsoft Patches New Office Flaw (PC World)
Monthly set of security patches does not include a fix for Word
bug that was identified last week.
Toward a Better Security Architecture (NewsFactor)
It seems like we read about an I.T. security infraction just
about every day. This ought to be somewhat surprising, given the large
amounts of emphasis placed on security over the past 25 years.
Authors of Zotob Worm Jailed (PC World)
Two Moroccan men have been sentenced in connection with last
year's highly-publicized Zotob outbreak.
AOL Adds Free Insurance Coverage (AP)
Free insurance coverage for identity theft and computer damage is among
the premium security offerings AOL is making available to its dwindling
base of paying subscribers.
_____________________________________________________________________________________
September 11, 2006
Schwarzenegger Computer May Have Been Hacked: Police (InformationWeek)
California police are looking to find out whether hackers broke
into the governor's computer and downloaded a recording of a private
conversation in which he said African-Americans and Latinos are
"hot-blooded."
Crypto Flaw Prone to Spoofing (darkREADING)
Newly discovered flaw in OpenSSL leaves some RSA cryptography
implementations vulnerable
Five years after 9-11, most believe feds unprepared for cyberterrorism
(SC Magazine)
It has been five years since hijackers slammed jetliners into the
World Trade Center and the Pentagon, killing nearly 3,000 people, but
nine out of 10 information security professionals believe federal
government agencies are unprepared should the terrorist attacks turn to
cyberspace.
Second Life Site Reports Security Breach (AP)
Second Life, a three-dimensional virtual world for entrepreneurs, is
asking its 660,000 members to change passwords after a security breach
may have exposed users' confidential data, including credit card numbers
and passwords.
September 8, 2006
Payment card companies announce new PCI organization, update standard
(SC Magazine)
The five leading payment card companies joined together today to update
to announce the formation of an independent council to manage and
enforce the Payment Card Industry (PCI) Data Security Standard.
_____________________________________________________________________________________
September 7, 2006
Stolen Data's Black Market (darkREADING)
Organized crime is chief buyer for information stolen by hackers and
insiders, experts say
EMC Links Content with Security Apps (NewsFactor)
In an effort to give companies better control over their data,
EMC has integrated content and digital rights management software from
two of its recent company acquisitions.
Web social site Facebook hit by privacy protests (Reuters)
Facebook.com, the No. 2 U.S. social network site that is quickly
expanding beyond its college student base, has been met with a sudden
privacy backlash by users after it made design changes this week.
_____________________________________________________________________________________
September 6, 2006
Cisco, Microsoft Join Forces on Security (CRN)
Cisco Systems and Microsoft on Wednesday said they are delivering
on a two-year old promise to provide interoperability between their
respective network access security offerings.
New Word Flaw Being Used in Attacks (PC World)
Software giant confirms that a critical vulnerability exists in
Microsoft Office 2000.
Digital Resolve to add real-time phishing warnings to Internet Explorer
7 (SC Magazine)
Microsoft is beefing up customer protection from fraudulent
phishing websites by adding real-time data feeds from Digital Resolve,
the Georgia-based firm announced this week.
UF employees honored as hackers (Bradenton Herald)
The University of Florida honored two employees Tuesday for their
ability to hack into computers.
_____________________________________________________________________________________
September 5, 2006
GAO Report Finds Healthcare Privacy Breaches Rampant (InformationWeek)
Agencies and contractors who experienced privacy breaches
collectively have access to medical data for more than 100 million
Americans.
Gromozon rootkit has infected 250,000 PCs (SC Magazine)
A leading malware research firm in the UK warned on Friday that
the nearly undetectable Gromozon rootkit has infected a quarter of a
million computers.
Zero-Day Exploit Targets Word (darkREADING)
A new exploit circulating in the wild goes after Word 2000
New "extremely critical" unpatched flaw reported in Microsoft Office (SC
Magazine)
Security experts today are warning of a trojan that is actively
exploiting a new, unpatched Microsoft Word zero-day vulnerability.
Microsoft Nets New Phishing Filters for IE (PC World)
Company will use technology from Digital Resolve that builds
lists of Web sites and their legitimate IP address..
_____________________________________________________________________________________
September 4, 2006
9/11 Spawned Tech-Security Market (AP)
During the Cold War, Canada's National Optics Institute developed
a system to detect which type of enemy tank or fighter jet was
approaching. After the Soviet Union's demise, such threats were deemed
less likely, and the technology sat on the shelf.
|
