 |
 |
 |
|
| David Utter > |
|
Bloggers Nail China On Olympian Age Lies China's Olympic gymnasts consist of athletes under the permitted age of competition, as illustrated at length by a number of hard-charging online sources.
BitTorrent Clients Suffer Overflow Flaw Software clients from BitTorrent and uTorrent contain critical vulnerabilities that could permit remote code execution.
Microsoft Patches Fix Image Vulnerabilities Critical fixes arrived for Microsoft applications in the August edition of their Patch Tuesday round of updates, including corrections for overflow vulnerabilities in image file formats in Microsoft Office.
Georgia, Russia Engaged In Cyber War Sites for Georgia fled the country in favor of hosting elsewhere as numerous DDOS attacks from Russia took out Georgian web properties.
Subway Card Hackers Can't Talk At Defcon A trio of MIT students planned to talk about the Boston subway's inherent problems with its payment card system, but an injunction took their presentation off the Defcon slate of topics.
Critical Microsoft Patches Arriving Tuesday With a dozen patches on tap for Microsoft for August 12th, security pros should note seven of them will arrive as fixes for critical issues.
Sports, Politics Ride Latest Spam Wave The Summer Olympics, the NFL, and the ongoing Presidential campaigns all present ripe content for spammers and the malware they try to deliver to victims.
Lost TSA Data Laptop Found In Its Office A laptop containing details on 33,000 people allowed to bypass security checkpoints at airports turned up after being missing for more than a week.
Countrywide Insider Stole Data For Two Years Major mortgage lender Countrywide has more problems than those presented by the abysmal housing market: an employee pilfered data on nearly 2 million customers over a two-year period.
Worm Squirms After MySpace, Facebook Users Another pest started making the rounds of social networking recently, offering people a video but secretly dropping a Trojan onto vulnerable systems.
Google, The Lazy Path To Hacking The power of Google's search and its depth of indexing, matched with a few operators for queries, makes it a fun place to poke around for possible holes.
Trojans Prick PCs As Top Malware Threat An assessment of the leading computer threats through the first half of 2008 found malware riding along in Trojans posing the most problems for people.
Oracle WebLogic Hit With Zero-Day Exploit A workaround emerged from Oracle as news circulated of a remotely exploitable flaw, without requiring authentication, involving the WebLogic platform.
Design, Not Patching, Key To Secure Software The current DNS cache poisoning variation requiring a fix on numerous nameservers around the globe could have been anticipated and stopped; one developer did that in 2000.
Metasploit's Moore Sapped Via DNS Flaw The same critical DNS issue that HD Moore and his associates raced to include in their security testing toolkit, the Metasploit Project, bounced back against the noteworthy security researcher.
Photobucket Hack Attributed To Critical DNS Flaw When photo sharing site Photobucket suffered an attack at the hands of Turkish hackers, it turns out they exploited the serious DNS vulnerability later detailed by security researcher Dan Kaminsky.
Open Source, The Patriotic Solution Noted technologist Tim Bray repeated a call for the work of civic processes to use open source software for fulfillment.
Olympic Spam Reaching Olympian Proportions A couple of weeks ahead of the Beijing Olympics, spammers continue to rollout millions of messages with an Olympic theme.
Metasploit Loads Up DNS Attack Code Script kiddies and sophisticated hackers gained easy access to code for exploiting a critical flaw in the domain name service (DNS) system when the Metasploit Project added two attacks to its toolkit.
Romanian Pleads Guilty In US Phishing Case Eighteen months after being indicted by a federal court, one of a group of seven Romanian citizens pleaded guilty to involvement with phishing bank details from people.
DNS Flaw Details Emerge Security pros have been urged to patch vulnerable DNS systems if they have not done so already.
Server Theft Trumps Server Hacking The brute force technique applied to physical goods long before it ever came up in the conversation about breaking passwords to gain access to resources.
Critical DNS Issue Threatens Internet No hyperbole, no joke. People familiar with a flaw in the domain name system sounded a sobering call to administrators everywhere to fix their systems.
Mozilla Patches Firefox 3 A fix for a vulnerability reported a few hours after the Firefox 3 Download Day opened began arriving on people's computers.
Oracle Troubled By Web Component Security The latest run of vulnerability fixes released by Oracle showed troubling trends with making services available with web-facing resources.
Unpatched Systems Survive Four Minutes Online The presence of a firewall helps, but without something blocking the path from automated probes to one's PC, its survivability declines rapidly.
Internet Cafes Threatened Ahead Of Olympics Throngs of visitors to China during the Summer Olympics will include many who want to check up on their email or other online resources. That could be a problem.
Swiss Slammed By Lots Of Spam Inboxes in the tiny European country picked up far more spam than anywhere else in the world during the month of June.
Microsoft Patch, ZoneAlarm Make PCs Too Secure A little incompatibility between a fix for the Windows Domain Name System caused users of a popular firewall product to lose their Internet connections.
Get Ready: Windows XP SP3 On Tap Microsoft pegged July 10th at 1 pm EDT as the release date and time for the third service pack for the Windows XP operating system.
Fortune 500 Lacking In Email Validation One vendor claimed some 60 percent of the Fortune 500 do not use methods of qualifying outgoing email, which could leave them open to being spoofed by forgers.
Google Discovers Privacy "Privacy" became part of Google's home page just before the 4th of July. You're forgiven if you missed the switch.
Google Open-Sources Ratproxy Security Tool An internally-used web application security assessment tool called ratproxy gained broader availability with Google's decision to release it publicly.
Software Should Be Like Food Researchers of web browser security suggested a "best before" approach to informing people their software may not be so fresh any longer.
Feds Slowly Improving In Computer Security Federal Information Security Management Act (FISMA) requirements pad on the paperwork for agencies, but the demands of the Act have made a positive impact in computer security.
Canned Air Helped Beat Encrypted Hard Drives Sure the custom software had something to do with it, but some students at Princeton also found that compressed air enabled an unlikely crack.
ICANN, IANA, Fall Prey To Hacks Turkish hackers believed responsible for shenanigans with image site Photobucket.com's domain earlier in June struck at two major domains that hold responsibilities affecting the entire Internet.
Microsoft, Google Endorse Health Records Standard The two big tech companies joined with a variety of insurers and consumer groups in backing standards governing the privacy and accessibility of health information online.
HP Writes Scrawlr For SQL Injection Detection A recent spate of thousands of SQL injection attacks across the Internet created the need for a tool to diagnose a website's potential vulnerability to them.
Judge, Jury, And Google Trends A Florida trial will serve as the venue for an interesting defense: determining if searching for adult content is mainstream enough to get a defendant out of an obscenity charge.
Early Russert Wikipedia Update Leads To Firing Securing confidential trade secrets poses one challenge to security pros, but the spread of private inside chatter via the Internet makes for an impossible task.
Mozilla Sees Little Risk In Firefox 3 Flaw A vulnerability affecting both the latest version of the Firefox browser as well as the previous one, Firefox 2, poses minimal concerns for users according to Mozilla.
Instant Worm Creation Software Hits The Web A point and click interface for turning .exe files into self-replicating worms makes malware creation an easy prospect for attackers.
Router Attacks Witnessed In The Wild A variant of the Zlob Trojan may be carrying an exploit against routers, subjecting them to brute force attacks against login procedures.
Spammers Shield Junk With Google Docs Another tool in the arsenal of spammers comes courtesy of a well-meaning service from Google.
Universities Show Little Control Over Personal Data Columbia and the University of Florida are two of the latest schools with personally identifiable information about their students posted by the thousands online.
Voice Phishing Rising In Threat Vishing, or voice over Internet Protocol phishing, attempts to steal information from people via the phone rather than the computer.
Once Again, China Implicated In Computer Espionage At the highest levels of government in the United States, some Congressmen believe attackers from China infiltrated their computers.
Microsoft Closes Critical Bluetooth Flaw The monthly updates from Microsoft brought a few Critical repairs to its customers; one fix corrected a remotely executable vulnerability in the Bluetooth stack.
Microsoft Sues Repeat Offenders Over Piracy Sellers of counterfeit software continue to bedevil Microsoft, as the company announced a new series of lawsuits against sellers of pirated versions of Windows.
Economy, IRS Figure In May Spam The monthly look at the State of Spam by security vendor Symantec found the usual efforts to take advantage of current events by spammers.
4Chan Stadium Threat Hoaxer Sentenced An ex-grocery clerk in Wisconsin who repeatedly posted threats of stadium bombings to a website will spend six months in jail.
Romania, Hong Kong Top List Of Dangerous TLDs Whatever the reason, .ro domains figured prominently in a look at where the most dangerous sites on the Internet reside.
Walter Reed Medical Suffers Data Breach File sharing blamed for compromise that may have exposed patient data from the military health system with an outsider.
Gutierrez Possible Victim Of Chinese Cyber Spying Whispers about a potential malware compromise of computers used by Commerce Secretary Carlos Gutierrez during a trip to China raises suspicions in Washington.
Unlocking The Security Of Locks Hackers at New York's 'The Last HOPE' conference in July plan to discuss security of a different sort: the humble, physical lock.
TJX Dinged Over Security-Related Firing A former employee of TJX, which suffered one of the hugest security breaches and exposures of consumer information in recorded history, claimed he had been fired for whistleblowing the company's practices.
Dell Slapped In NY Fraud Case New York's Attorney General Andrew Cuomo won big against the computer maker, with Dell accused of numerous unsavory business practices regarding its financial and tech support offerings.
Aussie Telco Hands Out Infected USB Drives A little perk delivered to AusCERT attendees by national telco Telstra contained a little something extra besides their storage capability.
Woops: Oklahoma Auctions Tax Data-Loaded Drive A computer labeled as coming from the Oklahoma Tax Commission ended up in an auction with personally identifiable information, including Social Security numbers, intact and unencrypted.
White House Parody Site Pranked With Malware A malicious bit of code injection into whitehouse.org poses a concern because some people don't realize the authentic White House site is at whitehouse.gov.
Terrorism Courts The Web A Senate Committee isn't happy with the way terrorist groups embraced online video and the web browser as a recruitment tool.
Chinese Sites Hit With Script Injections A malware attack using a Javascript injection to exploit several old flaws targeted over 327,000 sites in Asia.
Apple's Odd Attitude About Safari The hallmark of Apple's products makes them work as invisibly as possible for their users. In the case of the Safari web browser, it downloads items without letting people know it's happening.
Rumor: Cisco Rootkit Coming To EuSecWest A researcher at Core Security allegedly created a rootkit for the widely-used Cisco brand of routers, and will reveal his research next week in London.
Microsoft Fixes Long-Standing MDB Flaw Remote code execution vulnerabilities received attention from Microsoft in its most recent edition of Patch Tuesday updates; one has been publicly known for seven months.
America's Botnet Needed, Says AF Colonel An Air Force colonel's suggestion that American needs a botnet provokes a strange idea: that the military and intelligence communities don't have one now.
Gas Savings Spam Fills Inboxes The inevitable attention of spammers turned to soaring gas prices, with one set of junk messages promising a way to save at the pump.
Google Expands Enterprise Web Security Security vendors had a stealth competitor enter the marketplace when Google announced it would offer a product that provides web security; Google recently extended security coverage to roaming enterprise users.
Utilities At Risk Over Network Security Utilities' legacy systems receive updates to allow centralized management of their resources over a computer network. Convenient? Sure. Safe? Questionable.
Trojan Plaguing File Sharing Networks A massive outbreak of malware began hitting media swappers hundreds of thousands of times nearly a week ago.
EFF Wonders About Digital Music Rights The disclosure by Microsoft that they will disable license servers and eliminate the ability for MSN Music customers to listen to music purchased from the service on new computers drove the Electronic Frontier Foundation to cry foul.
India Cites Ongoing Chinese Cyber Attacks A year and a half of electronic warfare against public and private network resources in India has been traced back to a variety of attacks and antagonists in China.
McAfee Digests Spam Experiment The 30-day challenge to run an unprotected computer and surf the Internet while filling out every form and answering every spam ended with the reinforcement of a lesson: nothing comes for free.
Storm Botnet Subsides Something new may be on tap to replace Storm as the big botnet pest, as its size decreased substantially in April.
Forgery Spam Still Hammering Inboxes Junk mailings touting all kinds of products, including steeply discounted luxury item knockoffs, pose threats beyond dodgy products.
Israeli Private Eyes Stole Corporate Secrets A private investigation firm made use of spyware to pilfer secrets from companies in Israel; four of their staffers received criminal sentences.
iPhone Gains VPN Boost With Check Point VPN-1 support from security vendor Check Point for Apple's iPhone arrived as the glitzy gadget continues to gain fans from enterprise users.
Microsoft Patch Process Called Security Risk Patch Tuesday could be Exploit Tuesday if malicious hackers escalate the rate at which they reverse engineer security patches.
SQL Injections Hitting Thousands Of Sites The dynamic capabilities of websites powered by back-end databases made thousands of them targets for injections of unsanitized code.
Baker College Takes Cyber Defense Crown The 3rd annual National Collegiate Cyber Defense Competition (CCDC) featured teams of students working to be the best at defending a business network from threats.
More ISPs Quietly Interfere With P2P Comcast serves as the most visible target for Internet users' anger over tampering with BitTorrent and other peer to peer traffic, but the issue may extend beyond them to other Internet service providers.
Microsoft Won't Sue Over Legitimate Flaw Discovery Security researchers do not want to end up being arrested or sued for pointing out problems on a website, and Microsoft would rather know the awful truth than prosecute.
eBay Has Its Romanian Hacker An arrest in Budapest turned up one Vlad Constantin Duiculescu, aka Vladuz, a thorn in the side of the online marketplace.
Google Touts Malware Fight, Skips Real Question The ongoing battle against malware brought plenty of good guys to the fight, but Google's latest discussion of its role leaves out a key question.
Mozilla Fixes Critical Firefox JavaScript Issue Garbage collection in the Firefox JavaScript engine caused browser crashes for some people.
Oracle Issues Critical Product Fixes Patches for the Oracle database and other products arrived as part of the company's quarterly fix cycle.
US District Court Spoofed By Malware Criminals A wave of phishing spam tries to fake out recipients by spoofing a subpoena from a US District Court.
Google Builds Tools To Fight Child Porn An ongoing effort with the National Center for Missing & Exploited Children (NCMEC) by Google produced video tools for use in finding exploitative images and videos.
Old Mistakes Cause New Security Problems The more things change, the more developers keep making the same mistakes, leading to exploits and other problems for visitors.
PayPal Calls For Partnerships Against Phishing One of the most popular phishing targets on the Internet wants to thwart criminals, but needs a lot of help to do so.
Should We Know Where To Find Google? A publication recently put out a list of Google's datacenters by city; though it's interesting to us, Google probably has good reasons for not appreciating it.
Damballa Responds To Kraken Criticisms Security researchers at Damballa who discussed a big new botnet received lots of pushback from the security community.
Microsoft Patches Crack Down On Drive-Bys Malicious websites could exploit unpatched components in Internet Explorer and other Microsoft technologies.
Kraken Exceeds Storm Botnet In Size A new headache for security pros from the Fortune 500 on down emerged in accounts of a wider-reaching botnet called Kraken.
Online Criminals Outsource Their Work A study by security vendor Finjan suggested a trend in criminal behavior has them farming work out to established rings with a technology infrastructure in place.
EU: 18 Months Too Long To Keep Search Data The Article 29 Data Protection Working Party in Europe wants search engines to commit to a much shorter period of data retention than they enjoy today.
Google Street View Becomes Driveway View While one Pittsburgh couple sues Google over its Street View pictures of their residence, another neighboring home found itself the focus of a Google camera car that drove up its driveway.
Google Dinged Over SEO Poisoning The search optimization poisoning attacks against dozens of websites continues its onslaught, with infected search results showing up in Google.
Identity Info Breaches Hitting Everywhere In 2008 Commercial businesses, colleges and universities, government offices, and medical facilities of varying sizes share the common label of being hit by identity thieves.
Another Young Cyber Criminal Eludes Jail Botnet runner Owen Walker, aka AKILL and other names, committed and profited from his role in a gang that infected over a million computers, but did so under the age of 18.
RealPlayer, QuickTime Get Urgent Updates Fixes for both products emerged to counter threats against vulnerabilities in these popular multimedia applications.
Hannaford Grocery Breached With Malware The introduction of malware into the grocery chain's network allowed outsiders to grab credit card information as it traveled from the point-of-sale to the company's back end systems.
IBM Banned From New Government Contracts An ongoing dispute with the Environmental Protection Agency led to the EPA, and all government agencies by extension, banning IBM from receiving new contracts and other federal business.
Advance Auto Parts Compromised For Card Data People who used credit or debit cards at one of 14 locations identified by Advance Auto Parts may have had that information accessed via a network breach.
Virgin Media To Strike Out Music Downloaders The British ISP plans to obey the will of the music industry by warning and shutting off accounts for individuals accused of illicit file sharing.
McAfee Feeding Volunteers Spam For A Month Fifty global volunteers armed with clean laptops and new email addresses will spend 30 days exploring the Internet while unprotected from its threats.
Euro 2008 Ticket Reseller Infecting Site Visitors It appears another code injection attack at a site reselling tickets for the Euro 2008 soccer matches put visitors at risk of a drive-by infection.
IM, P2P Attacks Persist, Pose Low Risk The immediacy of someone potentially clicking on a malicious link delivered by instant messenger or a peer to peer network conversely makes these attacks a low risk.
SafeCentral Locks Down Online Transactions Authentium's Virtual ATM concept reemerged as a secure desktop-to-web application called SafeCentral, which looks like an ideal choice to prevent identity theft.
Porn, Viagra Ads Hawk Fake Security Software A case in Washington state concerns a man using bogus security software to spam other computers via a Windows service.
NSA End Run Gave It Total Information Awareness When Congress ended funding for TIA in 2003, the Bush Administration simply packed up the pieces and sent them to the National Security Agency.
Microsoft Admits Ignoring Jet Flaw Security engineers at Microsoft ignored addressing this latest exploit for years, as they believed existing protections mitigated the threat.
Canadian Privacy, US Laws, And Google
Google AdWords Phish In The Wild Don't get reeled in by this one if you are a Google AdWords client: a new stream of phishing emails aimed at you have been hitting inboxes.
Sequoia Voting Thwarts New Jersey Investigation Discrepancies in the vote recording by machines provided by Sequoia Voting Systems for the New Jersey primary spurred calls for an investigation, one that Sequoia fought off with legal threats.
Government Digital Security Leaks, We Bleed A glacial readjustment of security priorities from the evil-outsider model to the accidental internal leaker of data leaves federal resources playing a frantic game of catch-up.
Justice Catching Up To Spammers Daniel Mascia and Robert Soloway face federal penalties for their spamming, while Robert Bentley awaits a decision on leniency in exchange for his help in tracking down botnetters.
Software Spotlighted Spitzer Shenanigans The US Government hates money laundering and anything that might indicate someone trying to evade taxes, or worse, fund terrorist activity.
Grocery Chain Bagged By Online Criminals As many as 4.2 million credit card numbers were exposed during a security breach lasting several months at East Coast grocer Hannaford Bros.
Berners-Lee: Protect Consumers From Online Tracking The man who gave the world the World Wide Web would give its users much more protection from tracking than they have today.
Google Keeps Safe With Log Data The voluminous log files Google retains on the activities of its users actually helps the search company combat threats.
Trend Micro Toasted By Hack Attack Among the many sites impacted by a massive outbreak of code injection attacks, security vendor Trend Micro suffered an embarrassing breach itself.
Massive Attack: 10,000 Pages Compromised A large scale assault on computer users began with the corruption of over 10,000 web pages through code injection. The attackers are looking for online gaming passwords.
IBM Securing Mashups With SMash IBM gives the OpenAjax Alliance a new toy to play with for securing mashup applications and safeguarding systems from malicious code.
Seven Virus Pieces In Tibet Bad puns on movie titles aside, the various components of a recently spotted computer threat uses images from Tibet to entice people to accept an attack on their systems.
Click Fraud Trojan Targets Google, Yahoo Top search engines Google, Yahoo, along with China's Baidu, received attention from the ongoing work of click fraudsters distributing a Trojan to boost ad click revenue.
Bloggies Award Site Hands Out Malware Ahead of their awards ceremony at SXSW Interactive, the website for the Bloggies received a nasty dose of code injection.
G-Archiver Swears Password Theft An Accident Testing code left within the release version of Gmail backup software G-Archiver sent usernames and passwords to a developer's Gmail account.
Microsoft Fixes Word, Excel Flaws Patch Tuesday, March 2008 edition, arrived today with new bulletins for Microsoft Office productivity programs Word and Excel.
Amazing Pentagon Breach Happened Last Summer A vulnerability in Windows found itself at the end of accusatory fingers of blame over a June 2007 Pentagon hack that led to the theft of sensitive information from the nation's defense epicenter.
Little Islands Do Big-Time Spamming Not on a scale with the worst offenders for volumes of spam, but on a per-person basis, some very small places push out a lot of junk mailings.
Pentagon Declares War On Google Mappers After Google Street View images of Fort Sam Houston appeared online, the Pentagon declared all US military installations off limits to Google's vehicles.
WikiLeaks Gets Its Domain Back Swiss bank Julius Baer backed off its legal efforts to thwart WikiLeaks, after a judge rescinded a prior order that took the company's wikileaks.org domain name offline.
Social Networking Blocks Increasing MessageLabs believes more businesses have been blocking access to social networking sites to safeguard users; companies block from 13 to 47 percent of such sites by their analysis.
Oodle Suggests Safety For Online Classified Deals Meeting a seller in a dark and distant parking lot at 3 am with a large amount of cash to complete a transaction could be a really bad idea.
Spammers Fix On Presidential Candidates For Scams Junk email based on interest in US Presidential hopefuls and other celebrities tries to hook people into handing over money.
Oxfam Charity Spoofed By Lottery Scammers You haven't won £850,000 ($1.68 million) from humanitarian charity Oxfam, no matter what an email message may tell you to the contrary.
Email, Web Monitoring Leads To Firings As security pros battle to keep their enterprises secure and sensitive data inside the network, their monitoring efforts have yielded plenty of real-world impacts.
DOJ Spoofers Spamming The Web Again Email spam made to look like an official Department of Justice message carries a payload no computer user will find just or fair.
Arsenal Fan Site Smacked With Malware The Online Gooner website picked up a nasty malware injection, filled with an assortment of malicious treats for vulnerable visitors.
AVG Says It Has It All In Security The recent arrival of Grisoft's AVG Internet Security version 8.0 throws a battery of solutions at the myriad threats on the Internet.
Criminals Stepping Up Healthcare Attacks People working in the healthcare industry need to be as aware of digital threats as anyone else. Patient data has real value to identity thieves.
VMware Bug Threatens Host A problem in the client-side Windows hosted VMWare products could let a malicious guest into the host system.
Phishers Love Online Gambling Countries with favorable laws permitting the hosting of online gambling sites also draw the attention of criminals looking for places to host phishing sites.
New Worm Same As The Old Worm We have all heard of security by obscurity, but some malware creators are opting for attacking from obscurity.
Pakistan Caused Global YouTube Problems An outage lasting about two hours took YouTube off the Internet due to an attempt by the Pakistani government to block the site.
Spammers Find Way To Abuse Auto-Responders A new trick from spammers utilizes accounts created on webmail services, with auto-responder messages established, to get junk mailings into people's inboxes.
Network Solutions, ICANN Sued Over Domain Frontrunning A filing in US District Court for the Central District of California seeks satisfaction from ICANN and Network Solutions over the latter's practice of locking up domains searched for through its site.
EFF Challenges Adobe On Flash DRM Digital rights management technology being applied to Flash will limit what can be done with streamed Flash content. The EFF questioned the practice, but we think it's here to stay.
Odd Canadian Interest In Money Laundering Online enticements to engage in money laundering appear to have a following among Canadians, thanks to certain laws in the country.
Japan Nails Massive Spammer Yuki Shiina reputedly sent more than 2 billion junk messages promoting gambling and dating websites.
Warcraft Scammers Phishing For Gold Criminals continue to plague World of Warcraft players with attempts to phish their login details and other information, and steal their gold and loot.
Trojan Poses As Hillary Clinton A purported link to a Hillary Clinton interview video leads to a malicious download, through a Google redirection link.
Happy Spamentine's Day Spam messages with a Valentine's theme reach out for the lovestruck and the lovelorn, in some cases with targeted messages.
Big Patch Tuesday Prompts Responses Security companies weighed in with opinions about Microsoft's substantial February updates.
Firefox 3 Beta 3 Released The next version of the Firefox web browser moved a step closer to full release with the formal debut of the latest beta.
Russia Acknowledged As Spam Superpower The United States may send out the most spam due to botnetted computers, but Russia has gained second place.
Valentine Malware No Lovely Gift Artistry rather than a lengthy text come-on represents the attack vector some spammers took with their Valentine's holiday mailing.
Industry Group Defining Malware Testing To fight the enemy, one has to know the enemy, and the security vendors backing the recently formed Anti-Malware Testing Standards Organization (AMTSO) wish to do that.
Adobe Patches Several Reader Issues Users of Adobe Reader or Acrobat likely witnessed updates arrive on their computers as Adobe pushed out security fixes.
Critical Microsoft Office Patches On Tap February's Patch Tuesday will have a dozen security bulletins hitting installs around the globe. Seven of the twelve received a Critical rating.
IBM Patches DB2 Flaws A couple of dodgy issues with IBM's DB2 Universal Database required attention from security engineers to thwart potential problems.
Tech, Media, Telco Companies Stink At Security Woeful preparedness for security breaches and a reactive mindset prevail among industries that collectively should really know better.
YouTube A Hit With The CIA Social media may hold something more than Star Wars kids or weeping Britney fans; it could be key to tracking down terrorism.
Swedish Viagra Sellers Boned By Cops Authorities in Sweden cracked down on seven men for operating an illegal online pharmacy that sold drugs to 65 countries.
Europe Keeps Passing Out Spam For the third month in a row, spam originating from North America trailed that coming out of Europe, at least at first glance.
Facebook May Suffer Image Uploader Flaw An unpatched vulnerability in an Active X library for an image uploading tool used by the social networking site has exploit code in the wild.
TSA Blogs The Unfriendly Skies Anyone who has to fly probably has a beef with the Transportation Security Administration and its seemingly-bizarre policies, and the initial flood of comments at the TSA's new blog demonstrated that.
Managing Risk A Risky Business Security vendor Symantec looked at IT risk management in its report on trends. Availability proved the key idea for security pros.
Digg Can Kill You With Generosity As the social media site Digg gains in membership, more people will try to hit links from its front page to a destination hosting a featured story. That could be bad.
Unbloating Vista Could Be Security Risk A frustrated Windows Vista user who turns to the vLite application to shrink the OS can pick and choose components to remove, including the Windows Firewall.
Redirection Key To Phishing Attacks More phishing efforts by criminals make use of redirection and other DNS tricks to keep investigators from tracking down their sites.
Bad Banners Hit Expedia, Rhapsody Malicious Flash banner ads appearing on the Expedia travel site, and on Rhapsody's music site, deliver unwanted programs to unsuspecting visitors.
Mozilla Prepping Firefox Chrome Fix Though Firefox users would only be vulnerable if a chrome package is flat, rather than contained in a jar, Mozilla plans a quick fix.
Snopes Pushing Popup Zango Adware Sunbelt Software's Alex Eckelberry has become tired of seeing Fastclick ads popping up on Snopes, pushing an adware-laden product.
HR Application Process May Endanger Companies It does no good to tell people not to open email from untrusted sources, much less attachments, only to have one department do so all the time.
Most Phishers Clueless, Say Researchers The use of pre-made phishing kits by less than detail-oriented phishers gives lie to the belief that phishers tend to be savvy and sophisticated criminals.
Domain Tasting Not Just For Speculators Criminal spammers using fast-flux and rockphish techniques to hide their machines from investigators also acquire and release thousands of domains in the five-day grace period allowed for domain registrations.
Authentify Wants To Rock Out-of-Band Authentication A second line of authentication could be all it takes to make a disappearing data tape with details on thousands of people worthless to whoever stole it.
Apple Altered DTrace Tool, Says Leventhal The debugging tool DTrace has been ported to Apple's architecture, but it has been changed to prevent it from being used against iTunes.
Facebook Shoots Down Gun Ads The owner of a firearms training center in Nevada had his advertising campaign on Facebook scuttled by the social networking site.
Second Life Economy, Banks Crushed People who plugged real money into the online world Second Life and its virtual banks promising rich returns have been left holding the bag.
Drive-By Pharming Now A Reality What had been suggested as a potential threat a year ago, an attack that would alter a victim's DNS settings simply by visiting a malicious web page, surfaced as a recent threat.
Master Boot Records Endangered Again New rootkits have a familiar target - the master boot record, where they can hide from detection and removal.
Storm Worm Marks One Year The massive botnet of thousands of machines co-opted by the Storm worm began around this time last year with a huge spam outbreak.
Skype Vulnerability Threatens Video Searchers Looking for video through Skype could expose a computer to a cross-zone scripting vulnerability that could lead to remote code execution.
Window Snyder Says Firefox Fixed Faster In response to a publication's comparison of Firefox and Internet Explorer fix times, Snyder showed how they missed a few key points.
Zero Day Excel Threat Vexes Microsoft Public disclosure of a newly found vulnerability in several versions of the Microsoft Excel spreadsheet program have the software company racing to repair it.
Phishers Griefing World Of Warcraft Players Criminals seeking valid players logins for MMORPGs have turned their phishing attention to the best-known presence in online gaming.
Sunbelt, Dell Unsheathe Ninja Blade An email security appliance from Sunbelt debuted on Dell's PowerEdge server line; the device takes the spam fight to the gateway and off the desktop.
MySpace Not A Source Of Microsoft Updates Bogus friend requests on MySpace led people to malware downloads purporting to be a Windows 'Automatic Update'.
Q4 2007 Spam Reached 96 Percent Of Email Global spam levels measured by Commtouch swelled through the fourth quarter of 2007, hitting a high of 96 percent of all email in October 2007.
TSA Website Slammed Over Security Flaws A blistering report from the House Oversight Government Reform Committee bashed the Transportation Security Administration over its website's failings.
Nigerian Spam Restitution Latest Scam Attempt Members of Nigerian royalty seeking help expatriating money are so five years ago. The newest scheme offer people reimbursement for their losses to 419 scams.
Barbara Moratek Leads To Malware Criminals have been packing an assortment of sites with malware and other junk, and are using the name "Barbara Moratek" to get those sites indexed by Google and others.
SQL Injection Hitting Numerous Websites Web applications have long been targeted when injection flaws could be exploited, with one automated bot stepping up its injection attacks.
Microsoft Patches Critical Vista Vulnerability The first Patch Tuesday of 2008 for Microsoft led off with only one Critical-rated issue to fix, along with an Important-rated patch for Windows.
Facebook Secret Crush On Sleazy Apps The Secret Crush/My Admirer app tossed off the Facebook social networking site required people to send it to other users, who would have to install it so the sender could use it.
Products, Scams Made In China A hot product at a wholesale price may lead shoppers to questionable websites; the unwary could have their greed turned against them.
Storm Botnet Triples In Size Holiday infections from Christmas to New Years led to the Storm botnet increasing by more than 200 percent.
Beware The Facebook Phish Compromised accounts on Facebook have enabled criminals to try and entice people into logging in to the site from a fake login page.
Trojan Malware Dials It In Getting infected by one particular Trojan will lock up the PC and try to extort the victim into calling in a payment to get it unlocked.
Spammers Use Video In Stock Scams Forget the simple plaintext email of stock symbols and Buy Now messages. Some scammers have turned to video to promote their pump and dump schemes.
Storm Worm Gets Sexy For Holidays The persistent malware pest returned in a volley of spam to thousands of email inboxes around the world.
Russians Pestered By Online Hacks Too In 2007, Russia suffered its share of online attacks, and needed to repel over 1.4 million of them this year.
Twitter Presents Reasons To Fear It The one-to-many model of "tweeting" a message to a broad group of people on Twitter could pose a challenge to the more highly paranoid security pros out there.
Internet Explorer Update Gets An Update Post-installation issues caused by Microsoft's cumulative fix for Internet Explorer this month affected a "small number of customers."
Caller ID Spoofing The Next Big Threat Some enterprising websites offer ways to spoof a Caller ID for pranking purposes. Criminals have figured out how to scam people with this spoofing in a virtually foolproof way.
Canadian ISPs Caught Up In Facebook Lawsuit Canadian company SlickCash hammered Facebook's servers for two weeks in June, the social networking site alleged in court documents.
It's Time To Block Russia And China Many security pros working in corporate environments routinely block access to sites on the Internet, for security reasons. The time has come to take the fight to the places that harbor spies and thieves.
Windows Vista SP1 Drops To Customers An early Christmas present containing hundreds of fixes for the Vista operating system popped up on Microsoft's website.
Spammers Love Free Stuff Easy registrations for free accounts on website or blog hosts, and websites with poor security, provide spammers with lots of ways to try and pull in victims.
Patch Tuesday Draws Industry Comments PC security firms offered opinions on Microsoft's December patch releases, which included three critical fixes.
Rogers Internet Injects Itself Into Google A Canadian ISP has attracted attention by tucking a little bit of JavaScript into the Internet datastream to present subscriber notification messages.
Critical IE Update Arrives Tomorrow The December 2007 edition of Microsoft's regular patch schedule has fixes for critical issues in Internet Explorer and Windows in store.
Fasthosts Hacked, Sites Taken Offline A break-in at the UK-based site host resulted in the loss of banking information and other details to criminal hackers.
Google Search Revealed A British man who purportedly vanished while canoing years ago, and turned up recently claiming amnesia, showed up in a photograph in a Google search.
Behind The Scenes: Secunia Spars With Autonomy A spat over the disclosure of vulnerabilities and patches with Autonomy's KeyView software has blown up as Secunia published Autonomy's threats against the firm.
Fake Yahoo Greetings Site Pushes Malware Greeting card spam serving as a cover for malicious downloads has been hitting inboxes recently in the form of fake Christmas cards.
AVG Picks Up Exploit Prevention Labs Roger Thompson's company, featuring the LinkScanner search results inspector, has been purchased by AVG's owner, Grisoft.
Bilked Canadian Blasts eBay Over $20K Loss A car buyer lost a substantial sum after wiring money to someone he thought was the seller but turned out to be someone who hijacked the seller's page.
MPAA Crocked For Software Copyright Violation A "University Toolkit" made available to schools to spy on network traffic for infringing content proved to be infringing itself, and embarrassing the Motion Picture Association of America.
British Firms Warned Of Chinese Threat Aggressive attacks by Chinese state organizations against business interests in the United Kingdom have the country's MI5 agency sounding an alarm.
Imperva Offers Stop Sign To Web Threats JavaScript highjacking and cross-site request forgeries threaten to make a mockery of modern Web 2.0 applications unless app providers do something to secure them.
New Zealand Rousts Teenaged Botherder The 18-year-old going by the alias 'Akill' received a visit from cops in New Zealand after the FBI pegged him as the ringleader of an international criminal group.
Free Gift Advertiser Settles With FTC The Federal Trade Commission won a settlement with Adteractive over its free gift online promotions that actually required people to pay money or participate in other promotions to be eligible.
Cyber 'Cold War' Exists With China State sponsored threats comprise part of the problems McAfee warned security pros about in their latest report on cybercrime and the threat to the government and private sector.
SANS Cites Users, Apps As Main Threat Targets Computer users and custom applications created with minimal attention to security emerged as the top two attack targets favored by criminals.
Symantec Predicts Security Trends For 2008 The ongoing Presidential campaigns by candidates for the Oval Office could be misrepresented by online criminals seeking financial gains or information from voters.
New Apple QuickTime Vulnerability Exposed A zero-day exploit in Apple's QuickTime software now has accompanying proof of concept code that can affect version 7.3 of the player.
Kiwi Finds Ripe Flaw In Windows A partially-corrected vulnerability leaves Windows users, including people running the latest version, Vista, potentially open to attack.
United Kingdom Loses Millions Of Identities An astonishing combination of poor judgment and lack of information control led to a junior functionary being able to lose personal banking details about 25 million Britons.
Firefox 3 Beta 1 Out For Testing Security updates rate among the numerous tweaks made by the Mozilla Foundation to the next version of Firefox.
China Poses Major Tech Threat To US Espionage against corporate and government systems in the United States and Europe represents only one portion of the Chinese threat to critical technology infrastructures.
Smartphone Security Concerns Slowly Arriving A rise in threats to smartphones, as their capabilities have approached those of a typical laptop computer, looks like a credible problem in the future of mobile platforms.
YouTube, GeoCities Used Again By Spammers Malware attacks using YouTube and GeoCities as fronts for phishing scams have been spotted in the wild.
Apple Plugs Holes In Tiger, Safari A massive 41 bugs needed attention from Apple engineers to correct them in a round of security fixes for Mac OS X Tiger and the Safari web browser.
Swedish Embassy Email Hacker Busted Police hauled off Dan Egerstad for questioning over his publishing of email account information belonging to government entities.
Jarring Firefox Exploit Endangers Google Accounts Through the use of a malicious .jar file, an attacker could grab details of a victim's Google Account, and the flaw enabling this has been known for months.
Notes: Patch Tuesday And Remote Management The mildest patch update from Microsoft since it skipped one in March 2007 took place this week, and LANDesk launched its Gateway Appliance for managing patches and other updates for remote devices.
Government Wants To Redefine Privacy Forget about anonymity. A highly-placed government intelligence official thinks it's time for Americans to get used to domestic spying.
Botnet Master 'Acid' Busted By Feds A plea agreement by John Kenneth "acid/acidstorm" Schiefer for his role in cracking 250,000 PCs likely made him the first person indicted for wiretapping by botnet.
Alicia Keys Victimized By MySpace Hack The injection of a large image background on a page full of rich media content from the Grammy winning musician included a link to a malware server in China.
Whistleblower Lobbies Against Telco Immunity Mark Klein has been at the epicenter of a class-action lawsuit against AT&T to determine if they illegally wiretapped millions of Americans and shared their findings with the National Security Agency.
Alert Logic Automates Log Management The company's latest service, on-demand log management, arrived to complement Alert Logic's product line.
Salesforce.com Falls For Phishing Attack Software as a Service took a credibility hit as news emerged of a successful phish against a Salesforce.com staffer, which resulted in a loss of data to criminal spammers.
Microsoft Vexed By Macrovision Zero-Day A critical flaw in the secdrv.sys driver affects some versions of Windows, but Macrovision has a fix available.
Commtouch Offers New Malware Outbreak Center Email security company Commtouch unveiled its Malware Outbreak Center and associated tools today, to provide a look at various aspects of spam and viruses.
Spammers Exploiting Advanced Google Search No one should be feeling lucky with spam that sends them to a purported retail site via the use of advanced search operators in Google.
Feds Contend Email Privacy Ends At The ISP The Sixth Circuit will hear an appeal by the US Government that seeks to treat email as being outside the usual Fourth Amendment protections against unreasonable search.
Firefox Quietly Updates To 2.0.0.9 Several previously fixed items regressed to an unfixed state in Firefox 2.0.0.8, requiring Mozilla to quickly release a new version.
Presidential Hopefuls Threaten The Browser Criminals who are registering domain names that resemble legitimate websites for campaigning Presidential candidates hope to infect visitors with malware.
Macs Victimized By Naughty Video Trojan The Mac platform received unwanted attention from a group of professional malware writers, who crafted a Trojan and placed it on several pornography sites.
Gmail Close To Spam Fighting Perfection Although Google sees about 70 percent of incoming mail to Gmail users as being spam, less than a percent of that junk makes it through their filters to recipients.
Melissa Strips For Captcha Translations Some enterprising malware creators have created an enticing piece of software to help them break common captcha schemes on Yahoo's sites.
Trailing A Spam Transaction A security researcher at CA took a trip through a typical spam offer, by making a purchase to see how the pieces of a scam all fit together.
House Committee Screws Up Whistleblower Email Someone accidentally sent an email containing all the whistleblower email addresses to the entire list of addresses that submitted tips about abuse in the Justice Department. Then it gets worse.
NVidia Chip Helps Vista Password Cracking Elcomsoft didn't need Blue Gene or a similar supercomputer to speed up their password cracking 25 times faster. They needed a GeForce 8800 Ultra off the shelf.
Teens Online No Big Deal To Parents People with teenagers may not think the Internet is as good for kids as they thought it was a couple of years ago, but they don't think it's any worse, either.
Anonymity Leaves Usenet Providers GigaNews and Usenet Server have made changes to their terms of service, quietly removing references that touted the anonymity features for their subscribers.
Malicious PDFs Try To Exploit Adobe Flaw Fixes for Adobe Reader and Acrobat versions 8.1 or prior need to be installed to mitigate a critical vulnerability and the exploits flying around the Internet trying to penetrate those flaws.
Anonymous On Craigslist? Maybe Not One security researcher found his interest in one particular post on Craigslist piqued so much, he decided to try and track down the poster.
OiNK Torrent Tracker Slaughtered By IFPI Invitation-only music tracker OiNK.cd has been shut down, with its 24-year-old administrator arrested in Britain in connection with the investigation.
Boo! Halloween Spam Arrives Holidays have always been a favorite time to try and scam people, and the fall party that is Halloween is no exception.
Mozilla Releases Firefox 2.0.0.8 Automatic update screens should be popping up for Firefox users, as a new release of the browser with security fixes and Mac OS X Leopard support arrived online.
Social Networking Means No More Secrets A social networking profile only contains what its owner adds to it. In this modern Internet age, some people put in way too much information and endanger themselves.
Insiders And The Risky Business Of Security One person with an administrator password and access to critical systems can cause chaos within a business.
The Absolute Poker Kerfuffle A losing player at an online tournament at Absolute Poker asked for, and received, a hand history file from the site. The file showed the tournament winner either had the most amazing run of luck in the history of the playing card, or that someone helped the winner see hole cards.
Storm Botnets Using Encrypted Traffic A 40-byte key used to communicate with specific nodes on a Storm botnet could be a harbinger of an even greater Storm threat.
Yowza! Oracle Has 51 Patches Pending Microsoft gets way too much blame for needing lots of patches for their products; Oracle will ship 51 fixes for its products in October.
Stuff The Military-Industrial Complex Should Use An embarrassing breach of Department of Homeland Security computers from a Chinese site has at least one Congressman fuming, and the rest of us wondering what $1.7 billion buys in security these days.
Word Exploiter: Hi, I'm A Mac An attack targeted at a newly-patched flaw in Microsoft Word came from a document created on an Apple Macintosh.
International Websites Plagued By Attacks Government websites in the US and abroad suffered hacks that caused them to point to pharmaceutical and adult content sites.
Russian Spammer Gunned Down The murder of Alexey Tolstokozhev ended with a calling card - a final head shot by the killers.
Critical Fixes Arrive For Outlook Express, Word, IE Patch Tuesday may as well have arrived with a siren screaming, considering the fixes needed for three of Microsoft's most widely used products.
Ca.Gov Shutdown Avoidable, Says DNS Inventor Dr. Paul Mockapetris had some comments to make after the federal General Services Administration caused California IT pros grief with a shutdown of their domain record.
Election 2008 Faces Cybercrime Risks The various threats that plague users of technology could be a problem for the people who want to settle in to 1600 Pennsylvania Avenue with an election win next year.
Prof's Laptops Stolen At Carnegie Mellon Two laptops were removed from a locked office during the first weekend of September at Carnegie Mellon University; these laptops contained personally identifying information about students.
Hallmark, YouTube Vexed By Spammers Malicious greeting card payloads and abuse of YouTube's 'invite-a-friend' email feature have posed issues for everyday users and security pros.
Got AV? Maybe You Don't Having antivirus software installed on a system is not the same as having an updated antivirus solution in place; surprisingly, some people don't understand the difference.
Critical Fixes Coming For Office, Windows Microsoft's regularly scheduled monthly patches arrive on Tuesday with fixes for issues rated Critical in the Windows operating system and the Office productivity suite.
Ca.Gov Domain Still Plagued By Spammers The kerfuffle that erupted when the General Services Administration evaporated California's ca.gov domain still hasn't yielded a full cleaning of that domain's websites.
Feds Deleted California's .Gov Domains What started as an action to correct a hacked website from redirecting traffic to a porn domain ended up with the entire ca.gov domain being deleted.
Criminals Hitting Inboxes With Housing Spam Scams on the rise in September aimed at taking advantage of a drop in interest rates by soliciting personal information for housing-related "offers."
The Biggest Enemy Of Security Pros Chinese spies and Russian profiteers may be near the top of the list of what vexes security professionals the most, but user apathy has to be considered too.
Feds Crack Down On Spyware, DDoS Perps Media Motor has been shutdown by the Federal Trade Commission as part of a settlement, and a 21 year-old male from California was arrested in connection with a DDoS attack on Castlecops.
Gap Has One: 800,000 Identities Stolen A stolen laptop was at the center of the latest episode of massive identity theft when a contractor working for Gap clothing reported the loss of the device.
ABN Amro Data Leaked On P2P The use of a P2P program on a computer in ABN Amro Mortgage Group's network revealed over 5,000 security numbers to unknown parties.
Phishers Bait People With IRS Refunds The latest scam making the rounds of inboxes promises refunds of $109.30 from the Internal Revenue Service, directly to one's Visa or MasterCard debit card.
Shocking: Hackers Could Crack Electrical Grid The Department of Homeland Security was so alarmed at the emergence of a video of a generator being hacked remotely, they asked CNN to withhold certain details about it.
Beware The Gmail Filter Attack An issue with Google's Gmail service could lead to one's email with attachments being quietly forwarded to a third party.
Google Preaches On Privacy Again The search advertising company followed up an earlier video about general practices like the use of cookies and IP addresses to improve search results with another video about their personalization and privacy tools.
Spammers Opting For Text Again Image and PDF spam have been on the downturn, with plain old text and a tricky use of the mailto tag arriving in pump and dump spams.
DHS Blasts Unisys Over Chinese Hack They have sent the FBI after Unisys to find out why a $1.7 billion contract to provide security for Department of Homeland Security computers failed to do so.
Shavlik Goes Google For Patch Gadget A new gadget for systems with Windows 2000 SP4 or Windows XP SP2 running Google Desktop arrived from patch management software maker Shavlik today.
Apple Used In Money Laundering Scam Apple has been victimized by job recruitments for freelance financial representatives in Europe that lead to a counterfeit Apple reseller site.
Webmasters Shouldn't Be Insecure Various injection attacks against websites have compromised some and turned them into covert malware distributors. Google has a few tips on keeping sites safe.
Firefox Updated, Fixes QuickTime Flaw Apple has yet to patch a critical security vulnerability in QuickTime, but the latest update to the Firefox browser protects its users from an exploit of that issue.
Monster Breach Extended Into Fed Jobs Bank USAjobs.gov, managed by the federal Office of Personnel Management, has been warning its users that the attack on Monster.com also exposed their personal information.
Iran Blocks Google Iranian web surfers have been unable to reach Google or its services like Gmail, thanks to active blocking by the government.
Microsoft Calls Stealth Updates Necessary Although a Windows user may opt to not have updates applied automatically, the Windows Update service can and will grab its own updates, a practice that raised some security pro eyebrows.
Governments Stink At Protecting Computers Countries besides the United States have complained of attacks by Chinese hackers, some of them successful.
Microsoft Goes Light On Latest Patches Only one Critical issue emerged with this month's security bulletin from Microsoft, along with three other Issues rated Important.
EU Official Wants Bomb Queries Censored Search engines that can connect dangerous people with details on bomb-making should not be able to provide those results, according to the European Union's top security official.
China Preps Cyber Attack On Carrier Groups Detailed plans to cripple a pair of US aircraft carrier battle groups through electronic warfare are just part of China's ongoing attacks against targets in the US and other countries.
Something Strange About AdsOnCraigs A software package aimed at people who want to manage multiple listings on popular classifieds site Craigslist should be viewed with suspicion by potential buyers.
PDFs Down, Greeting Cards Up In Spam The massive crush of PDF spam that had filled inboxes in early August, but receded dramatically through the month.
Rutkowska, McAfee Sparring Again Joanna Rutkowska, creator of the proof-of-concept Blue Pill malicious hypervisor, and security firm McAfee, have posted points and counter-points about the direction of the security industry.
Pfizer Exposes 34,000 To Identity Theft It's the third breach of data security this summer for pharmaceutical giant Pfizer, and the Connecticut Attorney General wants answers.
China Accused Of Pentagon Cyber Espionage Beijing's government has denied involvement in a June incursion into the Pentagon's computer network.
Trend Micro Targeted By Phishing Scam A just-arrived spam claimed "Your Money on Bank Account has Been Stolen" and provided a link to a Chinese site for a free trial of "TrendMicro AntiSpyware."
Windows Vista SP1 Arrives In Beta Microsoft's heavily touted, latest version of Windows finally gains a much-needed service pack, but it's still just a little out of reach.
Blogger Users Under Storm Advisory The Storm worm has been appearing in comments on blogs hosted on Google's Blogger platform.
PDF Spam Scourge May Be Over Criminals using PDFs as a way to slip spam and Trojans to email recipients may be backing off their once-heavy usage of the PDF to do so.
Sony Has Another Rootkit Issue It's not Velvet Revolver CDs at risk this time, but USB sticks distributed under Sony's name that show up with hidden software.
Double V Could Be Double Trouble Using a pair of Vs to make a W in a URL could lead to troubling results for the unwary web surfer.
iPhone Cracker Swaps Phone For 350Z George Hotz managed to unlock an iPhone so a T-Mobile SIM card would work in it and connect Apple's mobile phone product to that network.
US Searchers Kept Out Of TorrentSpy Anyone in the US who still uses TorrentSpy will want to find alternatives, as the search site no longer welcomes visitors from US IP addresses.
Mobile DoS Threats Enabled By Flaws Researchers have found several ways that a persistent attacker can cause problems for users of a wireless phone network.
The Wrap: Fujacks, E-Cards, And Google Gamers who were infected with the Fujacks worm should be pleased to know four people have been charged with creating and distributing it online.
Monster.com Recruiter Accounts Compromised Job hunters on Monster who have posted resumes may have had their personal details exposed through phished recruiter accounts, which would permit criminals to browse hundreds of thousands of profiles.
Haste Urged With Latest Microsoft Patches Those who have not updated their PCs with recent patches from Microsoft for VML and for Excel risk having flaws in those vectors exploited by attackers.
Internet Gunned Down Near Cleveland Someone shot up a fiber-optic cable and caused significant Internet slowdowns throughout the US on Monday.
Monster.com Visitors Victimized By Malware Malicious ads appearing on Monster and other job sites have led to Trojans being placed on job seekers' computers, leading to thousands of cases of identity theft.
ZoneAlarm Affected By Several Flaws Check Point Zone Labs was forced to patch a number of vulnerabilities with its products, including their firewall and anti-virus software.
Storm Gang Offering Fake Microsoft Tool A component called Microsoft Data Access allows applications to connect to various data sources, but the one being offered by scammers will drop a worm onto a PC.
McAfee Helps Efforts Against Domestic Violence The security company has been working with the National Network to End Domestic Violence's 'Safety Net' program, and educating law enforcement and others about the role of spyware in these cases.
Info Theft Threats Will Rise Through 2007 The last half of the year looks like it will be accompanied by a continued rise in information stealing malware.
Microsoft Fixes Another Vista Problem Nine security bulletins from Microsoft for its 'Patch Tuesday' monthly update included fixes for several critical vulnerabilities in their software. One of the fixes covered a problem in the newest Microsoft operating system, Vista.
More Facebook Code Emerges A couple of days after publishing the home page source code for Facebook, the bloggers behind Facebook Secrets revealed the source code for search functionality on the social networking site.
Facebook Opened Its Source Code Anyone with a fascination for seeing a PHP-powered page make calls to a bunch of PHP scripts got an eyeful from social networking site Facebook over the weekend.
United Nations Website Defaced Attackers used a SQL injection attack to deface the United Nations web page containing speeches by its Secretary-General, Ban Ki-Moon.
New Cybersecurity Laws A "Waste of Time" Roger Thompson of Exploit Prevention Labs took a few minutes to talk about botnets, foreign security threats, and the likelihood new US laws on computer security will have any effect.
Pearl Jam Hit By AT&T Censorship A webcast of Pearl Jam's Lollapalooza performance suffered some censorship at the hands of AT&T's content monitor.
Google Uses YouTube To Explain Privacy A video produced by the search advertising company explained some of Google's most basic privacy practices.
Storm Worm Surging Again Electronic greeting card spam has been the most recent way criminals try to infect people's computers with botnet software.
Mozilla Clarifies Ten Day Claim Even though it seems like Mozilla cranks out its patches in record time, the truth is it usually takes longer than ten days to test and evaluate patches for products like Mozilla.
Dateline Producer Cracked At Defcon Defcon 15 enjoyed the attentions of a would-be undercover Dateline producer, whose escapades at the conference ended with her being asked to leave the Las Vegas gathering.
Security Pros, Beware Of No-Tech Hacks Focus too much on Metasploit and application exploits, and you may be too engrossed to pay attention to the guy wearing a jumpsuit and carrying a toolbox.
Malware Count Will Reach 300,000 A troublesome milestone rests on the horizon, as McAfee expects to record the 300,000th unique piece of malware very soon.
Brazilian Spammers Hit MSN Users A new greeting card spam hitting people using Microsoft's MSN Messenger will drop a Trojan with similar characteristics to a notorious family of bank credential stealing Trojans.
Lost Cellphones Add Up For Owners We worry so much about software security, be it applications or operating systems, that it's easy to forget softer targets like cellphones. Losing one can have consequences beyond mere inconvenience.
Google Zaps Malware Spam Blogs A large number of Blogspot blogs appeared in July, toting malicious JavaScript and sending visitors to some seriously undesirable content and malware.
Publicizing Software Flaws Still Controversial To disclose or not disclose publicly has been a topic for security professionals in the technology realm for some time, and both points of view could be correct.
Zango Still Misbehaving, Says Researcher Spyware researcher Ben Edelman has been following Zango's software installation practices before and since their November 2006 settlement with the FTC, and found the company still doing some questionable practices.
YouTube Plans Video Fingerprinting Lawsuits from several organizations about copyright infringing videos appearing on YouTube has Google's video service readying a screening solution to stop them from being uploaded.
Personalized Spam May Lead To Infection Social engineering through data mining allows criminals to make their email come-ons look legitimate, but visiting included links could lead to a system being compromised.
Apache Neglect Leads To Problems It's difficult to imagine a responsible webmaster leaving the core server software unpatched when fixes for exploits emerge, but that seems to be happening on a number of legitimate websites.
Firefox Fixes FileType Flaw A serious zero-day flaw in Firefox on Windows XP could allow local programs to be executed after certain URLs launch the wrong handler in the system.
Beware Of Natalie From Facebook There may have been a real Natalie behind the social engineering scam found by a McAfee researcher, but her Facebook connection is a total fake.
EFF Smacks Universal Music Over DMCA A short video of a toddler dancing to part of Prince's 'Let's Go Crazy' got yanked from YouTube after Universal complained about copyright infringement.
Fox News Gaffe Revealed Personal Data As many as 1.5 million email addresses may have been revealed to visitors arriving at an unsecured FTP server courtesy of a login left available by an error on the Fox News website.
Microsoft Helps Shutter Chinese Counterfeiters The FBI and Chinese authorities wrapped up a syndicate that may have put more than $2 billion in counterfeit Microsoft products into circulation.
Fox News Forgets About Directory Security Most webmasters prefer not to allow visitors to browse their directory structures, but somebody on the Fox News online staff forgot this step.
Maiffret Talks REM, Apple, And Black Hat eEye CTO Marc Maiffret chatted with SecurityProNews ahead of his firm's release of their hardware appliance for managing security and asset vulnerability assessment ahead of the Black Hat conference.
eBay Scammers Working Hard Against Sellers Beware of aggressive attempts by Nigerian scam artists who work somewhat sophisticated ploys to separate people from their merchandise without paying.
Opera Updated To Fix BitTorrent Flaw A problem in Opera 9.2 could allow a malicious torrent to cause the execution of arbitrary code with the local user's privileges.
Phishing Quiz Tests Its Takers An online quiz hosted at McAfee's SiteAdvisor website challenges people to pick out authentic sites and messages from pairs of real and fake ones.
Disney Victimized By Account Data Thief Credit card numbers and other personal information made their way to undercover investigators from an order processing subcontractor for the Disney Movie Club.
Oracle Releases Numerous Critical Patches Products ranging from databases to application serves and the PeopleSoft product line required a vast number of security fixes.
Firefox Fixes Flaws, Releases 2.0.0.5 An issue with the firefoxurl URI handler has been corrected by the Mozilla Foundation, which began pushing out a patched version of Firefox 2 to its users.
Safari Calls On iPhone Endanger Users Apple has been working on fixing an issue with the iPhone's native Safari web browser, where dialing a number from a page displayed in Safari could be exploited.
Overflow Problem Spotted In Yahoo Messenger A specially crafted address book entry in Yahoo Messenger could cause the product to crash, and may present an arbitrary code execution problem.
Several Flaws Fixed In Flash, Java The presence of the Flash Player and the Java Runtime Environment on millions of PCs worldwide makes them a massive target for attackers.
EFF Uncovers FBI Abuses In Documents The Electronic Frontier Foundation published hundreds of FBI documents obtained under the Freedom of Information Act; some of those documents revealed requests made for phone records when no court order supporting the request had been filed.
Boeing Employee Busted For Stealing Data Gerald Eastman claimed his downloading and dissemination of Boeing documents over a couple of years amounted to whistle-blowing, not theft.
Storm Botnet Driving PDF Spam The latest plague of spam arriving in PDF attachments probably comes from a stunningly huge botnet operated by some familiar names.
AP Easily Grabs Sensitive Military Documents Associated Press found it could obtain a number of sensitive military documents from file servers simply by connecting to them.
Apple Patches QuickTime Vulnerability A remotely exploitable problem in QuickTime's SMIL file processing integer handling could lead to overflow conditions.
FTC Spam Summit Opens Today Microsoft and Yahoo will be among the panel participants at the Federal Trade Commission's two-day Spam Summit in Washington DC.
Firefox To Fix Handler Vulnerability A problem with the 'firefoxurl' URI handler had been partially blamed on Internet Explorer's failure to properly validate input sent to the handler. Mozilla plans to fix its component.
Stock Scammers Spam SEC Lawyer The penny stock pump-and-dump scheme run by two Texas men used zombie computers to push out their spams.
Firefox Process Enables IE Flaw Both the Internet Explorer and Firefox browsers are to blame for an input validation problem similar to one seen in Apple's Safari browser.
The Trojan That Talks Trash A new trojan making the rounds will taunt its victims vocally as it deletes files from a compromised PC.
Fraud Spam Continues To Rise Levels of scam and fraud spam persist in harassing email users, as Symantec's monthly spam landscape report showed an increase in those junk messages.
Three Critical Patches Pending For Microsoft The advance notification from Microsoft for its next patch release showed six patches, three of them for Critical issues, are on tap for July.
Card Scammers Act Like Robin Hood It may be hard to believe, but some Internet-based credit card thieves have been making charitable contributions of small amounts to verify if a card is valid or not.
Free iPhone Sites Full Of Spam You get what you pay for, so the saying goes, and those expecting a free Apple iPhone in exchange for filling out a form are getting plenty of junk email in return.
iPhone Fakery In Circulation A trojan-driven phishing site offering non-existent iPhones for sale serves only to part the unwary from their cash.
Fake DOJ Messages Hide Trojans Spam messages claiming to be from the Department of Justice have been hitting inboxes and bringing along a Trojan downloader.
Undetectable Rootkit? Prove It A quartet of security researchers want Joanna Rutkowska to build a version of her Blue Pill rootkit and show it can be made undetectable.
Harry Potter And The Annoying Worm Along with the fifth movie and the seventh book about JK Rowling's young wizard, a worm is coming to unwary PC users.
Facebook Tightens Up Security The ability to do a kind of advanced search on Facebook could have revealed information from private profiles to anyone who knew how to look for it.
PDF Spam Pumps Stock Scam A classic pump-and-dump stock scam has been hitting inboxes, with PDF messages containing image-based stock spam.
Keep iPhone Security In Mind Before plunking down $499 or more, plus AT&T's plan charges, for a shiny new Apple iPhone on Friday evening, be sure to remember that the Internet aspect of the device could be targeted by malicious attackers.
WordPress Vulnerable To Custom Field Uploads Those who have not upgraded WordPress to 2.2.1, or WordPress MU to 1.2.3, should do so to help mitigate a newly disclosed vulnerability.
CNBC Million Dollar Challenge Contested Various stock-related shenanigans may have influenced the results of a contest on CNBC, with a $1 million prize at stake.
Homeland Security Suffers Hacks Scores of attacks against Department of Homeland Security machines led lawmakers on Capitol Hill to lambaste the Department's CIO.
McAfee Predictions Mixed To Date The computer security software company made some predictions for 2007, and nailed some of them while missing on others.
Google Publishes Safe Browsing API Developers can connect to Google's blacklists of websites through the use of a newly launched API and use it to help protect application users.
The Horror Of Spyware Coding Horror's Jeff Atwood ventured onto the Internet in search of no-cd game patches for a fresh re-installation of Windows XP SP2, and got nailed by a drive-by malware installation.
Malware Pummels Italian Websites A major attack in Europe has hit sites in Italy particularly hard, with cracked websites now hosting code leading to drive-by malware downloads.
Yahoo Webcam Exploits Emerge A pair of zero-day exploits for part of Yahoo's Messenger service can cause arbitrary code execution at the user's level of access.
Smog: Spam Comes To Games While the issue of spam in multiplayer online games isn't as massive as the general spam problem, there are spammers who plague gamers with their ads for services.
Symantec Ghost Spooked By DoS Flaws Symantec had to patch a bunch of problems with its Ghost Solution Suite to fend off possible denial of service exploits.
Google Earth Helped Alleged Terrorists The schemers behind planning a plot against JFK International Airport used Google's sophisticated mapping tool to help them.
Image Spam Persists As A Problem Messaging security firm MessageLabs said image spam accounted for between 15 and 20 percent of the volume of spam seen in May 2007.
ISPs, Users Slammed For Botnet Problem Frustrated security professionals want to do something to stem the tide of computer botnets, and suggest among other ideas that people should need to get an Internet license before they surf.
Anti-Forensics Thwarts Investigations The bad guys who can do the most damage to a network aren't bashing their way through the front door, but slipping in with what look like legitimate deliveries. They are sticking around undetected as well.
Spammer Bust Could Lower Junk Email Robert Alan Soloway has been a fixture on the Spamhaus list of prolific spammers, but now he'll be known as "defendant."
YouTube Fixes Privacy Issue What had appeared to pose a serious privacy concern with YouTube and observed by several people for about a month has been corrected.
Social Media Threatened By Malware As Conde Nast and regular web surfers discovered on Reddit last week, a promoted story could be linked to a drive-by download of malware online.
Child's Disappearance Fuels Scammers The vanishing of Madeleine McCann from a Portuguese hotel spurred an effort to fund her search, followed by the attempts to exploit her abduction for financial gain.
Trojan Injects Fields Into Secure Forms People who do any sort of online secure access need to be aware of an even more insidious threat to them via infected machines.
Microsoft Wants To Learn Your Life Through the wonders of technology, Microsoft thinks it can figure you out based on your web browsing history.
Turkey Trashing Australian Websites Malicious hacking activity affecting websites in Australia has been originating mostly from Turkey over the past eight years.
Spam Is Up, Few People Care The amount of spam peppering inboxes has increased, but fewer people are bothered by the endless parade of phishing and stock scams.
Sophos Finds A BadBunny A low-threat worm affecting the OpenOffice productivity suite arrived at the offices of security firm Sophos, complete with a pornographic bunny suit picture attached.
MSDN Touting Silverlight Security Developers commenting on the security model for Microsoft's Silverlight application development platform have extolled its virtues.
Google Debuts Security Blog Online security efforts at the world's dominant search engine will be the focus of posts from Google's researchers on a newly created Online Security blog.
Microsoft Offers Two Office Security Tools A pair of new tools from Microsoft could help mitigate threats from attacks that target Office and component programs like Word and PowerPoint.
Symantec Crashes Chinese Computers The company's Norton antivirus product declared a couple of important Windows components to be malware after a flawed signature update.
Word Files Increasingly Targeted In April Single email attacks have been used with greater frequency as criminal spammers attempt to evade detection of mass mailing efforts.
Months Of Bugs Good For Users The past few months of daily bug releases for technologies like browsers, kernels, and the ongoing ActiveX are having an impact on the updates of those products.
Two-Factor Security Threats Still Exist Two factors of security are better than one, but the extra factor does not guarantee complete safety from potential threats.
Changes Coming To Microsoft Bulletins Administrators will see something different in the advanced notifications Microsoft releases ahead of their security updates, as well as update to the actual security bulletins.
IBM Contractor Lost Employee Information Data tapes vanished in February, taking with them the personally identifiable information about mainly retired employees.
Secure Computing Checks Domain Health Administrators can find out if their domains or associated netblocks are being identified as security risks based on their messaging or web behaviors.
Signed Spyware Threatens Mobile Users Mobile devices running the Windows Mobile and Symbian S60 3rd edition operating systems face potential abuse from a couple of new spying tools.
Military Blocked From MySpace, YouTube A global ban on popular websites like YouTube and MySpace takes effect today on US military networks.
Botnet Backers Battle For Bucks A trio of groups distributing bots through mass mailing campaigns have been fighting each other through their software to build the bigger bot network.
BlueHat Busts Microsoft Products Taking a cue from the BlackHat conferences, Microsoft runs an internal-only security event where speakers illustrate security issues for their fellow workers.
USB Worm Has Taste For Firefox, YouTube Even Google's Orkut social networking site gets some attention from a worm that spreads to machines from USB drives.
Google Seeks Better Web Page Security The threat of malicious websites hosting exploits has reached a point where Google's engineers have decided to respond with a security analysis of the pages they index.
Microsoft Patches Code Execution Flaws Critical vulnerabilities posing remote code execution threats to several Microsoft products received fixes with the company's monthly patch updates.
Unhappiness Abounds Over Pay For Mac Hack Gartner Research, and representatives from McAfee and Secure Computing expressed outrage over 3Com's TippingPoint paying $10,000 for a QuickTime hack.
Malware Evolving In Nastiness Social engineering and deeper hooks for rootkits are the focal areas for new malware spotted by a couple of security companies.
Microsoft Readies Critical Exchange Update Next week's Patch Tuesday for Microsoft will include a patch to fix a critical issue with the company's Exchange email server software.
New Spam Attacks Company Reputations Symantec's latest monthly spam report noted some new types of junk flowing into inboxes, including one type that impugns the reputation of the company it supposedly promotes.
'I Love You' Marks Seventh Anniversary The Love Letter virus that used a Visual Basic script to infect millions of machines and caused billions in damages in 2000 marked a turning point in virus fighting efforts.
Spam Could Be Replacing DoS Threats Committing a bot network to a denial of service attack against a website for extortion purposes may be a fading tactic.
PayPal, eBay Phishes Continue Swimming PhishTank, a community project by OpenDNS to identify phishing threats, found PayPal and eBay atop its list of top ten targets for April 2007.
Naming Names: Big Brands With Bots The Support Intelligence security monitoring firm has turned its blog into a playground of brand name companies that have been victimized by spammers planting bots on their networks.
Security Turns On A Friendly Card Innovative Card Technologies has made deals with VeriSign and Actividentity that should spur its smart card technology into the pockets of consumers.
DoJ Indicts E-Gold On Money Laundering A digital currency company that has been known to be favored by criminals in their illicit online activities found itself on the receiving end of federal indictments.
Spammers Hit With Billion Dollar Lawsuit Unspam Technologies' Project Honey Pot filed a federal lawsuit against spammers as part of their efforts to root out email and comment spam.
Google Ads Led To PC Infections Paid search ads appearing in Google's search result pages held a trap for people who clicked on them when searching for certain keywords.
US Dominates Top 20 DNS Servers Sixteen of the twenty largest DNS servers reside in the United States, and they account for 32 percent of the .com, .net, .org, .biz and .info top-level domains.
Military Banks Targeted By Phishers Overseas deployments force military personnel to use online banking, and criminals have tried to take advantage of that by hitting them with phishing attacks aimed at the institutions they use.
Phishers Could Trawl With Pre-Phishing Attacks If a pre-phishing attack works, it gives up a couple of pieces of information to the attacker: a username and password combo for a 'non-critical' website, and the fact the recipient might be credulous enough to fall for other phishing attacks.
Bored Searcher Finds Federal Privacy Breach A farmer who queried Google about her family's farm discovered a website operated by the USDA and the Census Bureau displaying 63,000 Social Security numbers.
Trojans Arriving as Virginia Tech News Online scammers continue to prove that they'll race anyone to the moral bottom as some have started sending out Trojans by email under the banner of news about the Virginia Tech shootings.
PowerPoint More Attractive To Virus Writers Microsoft Word had been the target of choice for attackers, but more active patching of Word issues by Microsoft has pushed malefactors to target PowerPoint.
Ohio State Cracked For Personal Data Two separate incidents of identity theft have affected 14,000 former and current Ohio State staffers and faculty, and 3,500 chemistry students, the University has revealed.
Skype Hears A New Worm Another exploit affecting Skype users has been circulating through that network, using Skype's API to send messages with malicious links.
Time For Domains To Get .Safe Security firm F-Secure thinks the ICANN board needs to consider a new top level domain (TLD) for banks and financial institutions to help cut down on fraud.
Microsoft Hunting For DNS Fix A remote procedure call (RPC) problem with the DNS Server in Windows 2000 and 2003 could permit remote code execution.
Storm Worm Storms Back ZIP files in password protected email bodies have replaced EXE files as the payload of choice for delivering Storm worm files to unsuspecting users.
FTC Wants Greater Spyware Crackdowns The Federal Trade Commission told Congress that fighting data security violators, telephone pretexters, and spyware distributors would be easier with legislation to back up the FTC's work.
Zero Day Exploits Emerge For Microsoft The pattern of releasing exploits right around the time Microsoft patches its products on a monthly basis has emerged again with the sighting of more attacks against newly found flaws.
Study: Data Breaches Break Consumer Trust E-commerce sites that have not been diligent in protecting their consumer information from attacks may find their customer bases drop off as a result.
ICQ, AIM Flaw Poses File Transfer Trouble People who use AIM or ICQ for instant messaging are vulnerable to a file transfer path traversal vulnerability that could be remotely exploited.
Patched Microsoft Flaw Threatens Universal PnP Users of Windows XP and other versions as designated in the latest advisory should apply a fix to a critical problem in Universal Plug and Play as soon as possible.
Easter Trojans Email Fake War News The latest effort at fooling people into installing malware on their systems comes in the form of email claiming a war in the Middle East has erupted with Iran and Israel taking part.
Google Nailed For Copying Sohu Software Google has been caught appropriating software developed by Chinese search engine Sohu.com for the purpose of easing the way for typing Chinese characters into an application.
More Criticals Coming For Microsoft The regular Patch Tuesday updates from Microsoft will take place next week, just after their out of band fix for the animated cursor problem and six other patches arrived on Windows systems.
Kaspersky Products Patching Problems Security firm Kaspersky had to patch vulnerabilities in their products that could have resulted in theft of files or remote code execution.
Why The ANI Fix Took Three Months Microsoft's patch update process requires a lot of testing, but the urgency of the animated cursor flaw problem, where numerous websites are hosting attacks against it, led them to cut some corners.
Yahoo Messenger Fixes ActiveX Flaw A buffer overflow in the audio conferencing feature of Yahoo Messenger could have been exploited by attackers.
Microsoft Fixes Animated Cursor Flaw The out of band advisory issued by Microsoft corrected the critical animated cursor problem that had been seeing exploits in the wild.
Twitter Your Way To Insecurity Web 2.0 concepts offer a lot of ways to make a lot of information about people available to others; Anonymizer's Lance Cottrell suggested this isn't always a great idea.
Jikto Hits The Web The source code for the JavaScript web scanner Jikto has made it into the wild, making it easier for attackers to silently turn PCs into scanners for sites vulnerable to cross-site scripting exploits.
Microsoft Pummels Education Software Thieves Heavily discounted software intended for the education market had been redirected to the consumer market by international smugglers.
Microsoft Plans To Fix ANI Flaw Early An escalation of attacks against Internet Explorer through a vulnerability in the handling of animated cursor files will receive a patch ahead of Microsoft's customary patch date.
MovieCommander Will Redirect DNS Requests One of the latest viruses making the rounds attempts to infect systems and send their DNS lookups to sites operated for criminal gain.
Spam Relays Found In Surprising Places Major tech companies and corporations with significant IT resources may have something extra on their networks: a spam relay pumping out millions of junk messages.
New Drive-By Exploit Threatens IE Versions 6 and 7 of Internet Explorer running on fully patched Windows XP SP2 systems are vulnerable to a silent exploit.
America's Spam Shame About forty-five percent of the spam sent out to infest inboxes worldwide comes from a US-based machine.
I Have Your Password Your weak password creation skills are no match for the determined miscreant, who can probably finagle his way into your accounts with ease unless you put some effort into making a stronger one.
ActiveX Undermining IE Security Although ActiveX is part of Microsoft's components beyond the Internet Explorer browser, its place in IE has made it an ongoing concern for users and security companies.
Kitties, Hotties, And Captchas The use of captcha technology has helped limit the impact of spam on sites that accept comments or other submissions from users; a couple of photo-oriented options offer something different from the usual hard-to-read letters and numbers in captcha forms.
MSN Closes Soapbox Over Infringing Videos YouTube isn't the only video sharing site receiving uploads containing copyrighted works; Microsoft has had to shutter its Soapbox site to new users.
Fake Online Druggist Deadly For Canadian Marcia Bergeron died from taking pills she purchased over the Internet, through a website plastered with fake medical agency endorsements.
Online Auction Fraud Tops FBI Complaint List The Internet Crime Complaint Center (IC3) said in its annual Internet Fraud Crime Report that nearly 45 percent of referred complaints centered on fraudulent auction activity.
Apple Involvement Cited In Smear Campaign ZDNet blogger George Ou, the technical director for TechRepublic, has published a scathing account of how Apple played puppet master to a whispering campaign against a couple of security researchers who found issues with MacBook wireless drivers.
Life Is Cheap Online Symantec said in its latest Internet Security Threat Report, for the period of July through December 2006, that the access to essential details about a person's identity could be had for a low price of $14.
Secure Your OS, Courtesy Of The NSA The National Security Agency has guides available for people who want to make their Windows, Mac OS X, and Solaris installations as secure as those used by government employees.
Disclosure Debate On Security Problems A post by PHP security expert Chris Shiflett about a flaw in Amazon's 1-Click process that he disclosed to them a year ago does not appear to be fixed; his discussion of the issue brings up the problem of publicly disclosing security problems.
New Flaw Spotted In IE Internet Explorer suffers from an input validation error that could be exploited by phishing scammers to steal information from users of that browser.
MySpace Faces Age Verification Law The state of Connecticut has a proposal in play that would require social networking sites and chat room operators to verify ages of their users.
Meet The Carding Crew Forget about selling drugs, the real money is in information, and according to an Australian security professional, the United States served as a more profitable territory for illicit hacking than illicit drugs.
OneCare Chews Up Outlook Email Users of Microsoft's antivirus product OneCare have reported on its support forums that it has deleted the email stores in Outlook and Outlook Express on some machines.
SEC Halts Spam Related Stock Trading The Securities and Exchange Commission suspended trading on 35 companies that have been featured in millions of spam messages.
Identity Theft Jumps By 50 Percent Over the past three years, around 15 million Americans suffered an identity theft loss, with retail e-commerce breaches, phishing, and online auction scams among the reasons.
From Michaelangelo To Anti-Scam Scamming It has been 15 years since a virus dubbed Michaelangelo first brought the threat of viruses to the computer-using public. The aims of virus writers have changed since then, but some of the criminals behind illicit computer activities haven't become any smarter.
IPSwitch IMail Server Has A Glitch Multiple ActiveX control buffer overflow issues could lead to an IPSwitch-equipped machine being compromised if someone uses it to visit a malicious website.
Apples, Forgeries, Scanners, And Bagles Eight vulnerabilities in Apple's QuickTime product received fixes to stop potential exploits from crashing the application or running arbitrary code; this and more in a SecurityProNews roundup.
Adult Spam Fell Limp In February The State of Spam Report distributed by Symantec for February 2007 noted adult spam has continued to decline, going down to a new low of 3 percent of all spam.
NOAA Cracked By Russian Pill Hackers A section of the National Oceanic and Atmospheric Administration website has been stuffed with a few dozen pages containing promotions for a muscle relaxant.
WordPress Open To Script Injection Multiple vulnerabilities in the WordPress blogging platform have been found, leaving it open to potential HTML or JavaScript injection by remote attackers.
McAfee Goes Podcasting McAfee has launched a twice-monthly podcast series about topics related to computer and Internet security, starting with a discussion of the Nordea Bank phishing incident, and information disclosure.
Texas A&M Stopped Password Crackers An attack against servers containing encrypted passwords for some university accounts was detected and stopped by Texas A&M staffers.
Symantec's UAC Worries Challenged Windows Vista has a security feature called User Account Control that helps inform users about applications attempting to run on their systems; UAC's potential exploitability has been the subject of debate.
Symantec Breaks Down Vista Security The security company has been looking into Windows Vista since 2005, and published an assessment of its security implications.
Houston Chronicle Clueless On User Privacy A publicly available area on the Houston Chronicle's website allowed visitors to easily view text and spreadsheet files containing names, addresses, phone numbers, and emails of contest entrants.
New Storm Variant Hits Blogs, Emails A polymorphic version of the Storm worm will deliver a rootkit to an unsuspecting victim's machine, and from there will post a link to itself in the blog entries, forum posts, and emails coming from the now-infected system.
Firefox Plugs Gaps With Latest Update Along with fixing several issues in the Firefox browser, the most recent update from Mozilla included some focused on supporting Windows Vista.
TJX Data Breach Grows Wider The hole in the security for the clothing chain was wider than initially reported, and it could spur legislation holding companies responsible for these breaches.
IBM Patches Serious DB2 Flaws Multiple vulnerabilities in IBM's DB2 Universal Database presented the potential for local exploitation, which could have led to privilege escalation to root.
FTC Charges Consumerinfo.com Over Fees For the second time in less than two years, Consumerinfo's website has run afoul of the Federal Trade Commission.
Google Seals Desktop XSS Hole A vulnerability in the Google Desktop product could have exposed files on a machine running it to an external attacker.
CastleCops Draws DDoS Attack The security site had been facing a distributed denial of service attack for several hours; the attack hit 1 Gb/second at its peak.
Spammers Love MySpace Logins There have been a number of faked MySpace front pages found scattered around the Internet. As with everything else associated with online criminals, the profit motive is at work here too.
When Social Engineering Gets Physical Criminals may be a superstitious, cowardly lot in Batman's world, but an evildoer in the real world may be ready to fight as one security company learned.
Australian PM Latest Hacker Spam Subject News of Australian Prime Minister John Howard surviving a heart attack has become the latest enticement to trick people into clicking a malware loaded link and corrupting their machines.
FTC Tags DirectRevenue For $1.5 Million A settlement with DirectRevenue and four of its principals will bar the company from offering future downloads without the express consent of users, and a straightforward way to uninstall it.
Discovery Upset About Parody Spanking The Electronic Frontier Foundation sparred with Discovery Communications over the media company's efforts to silence a website that criticized a Discovery marketing campaign.
Russians Aided Turkish Bank Hackers Computers instead of handguns were the weapons of choice of Turkish hackers who stole $300,000 from online banking customers, with the help of three Russians who sold them login data.
Aliens, Geeks, And A Stolen Laptop Do not trifle in the affairs of geeks, let alone pilfer their wives' laptops, for they are subtle and quick to track you down.
Clicking A Link Gets More Dangerous The developers who built a proof of concept they call Drive-By Pharming said that by simply viewing the malicious web page would trigger major changes in someone's home broadband router or wireless access point.
Microsoft Backfills Twenty Security Holes Even though a dozen security bulletins emerged from Microsoft on Patch Tuesday, some of them delivered multiple fixes to Windows systems.
Don't Get Flashed This Valentine's Day Greeting cards arriving in inboxes may be more than just humble messengers of love; they could be the gateway to a painful infection for your computer.
China Busts Notorious Virus Suspects Several people believed to be creators of the W32/Fujacks worm, known for the panda icon appearing on infected files, have been arrested by Chinese authorities.
Internet Explorer Open To New Flaw An issue with the WinInet module (wininet.dll), used in Internet Explorer and other applications, has a vulnerability in its handling of FTP sessions. Microsoft has posted updates to address the problem.
PayPal Grinds Out New Security Key PayPal and eBay users will be able to enhance their online security on those sites by adopting the forthcoming PayPal Security Key.
Solaris Admins, Your Telnet Is In Danger A zero-day exploit affecting Telnet in Solaris 10 and 11 has emerged, which makes us wonder just who in the world is running Telnet as a public service these days.
SPN Roundup: Microsoft, Botnets, and Tor It's one of those days where several things seem to be happening at once, so we'll do a quick recap of three stories of interest.
Adult Spam Has Been Going Down Symantec's most recent State of Spam report found a spike in the amount of image spam in January decreased by the end of the month, while another trend indicated adult spam has decreased its penetration.
Hack Attack Smacks Root Servers Several of the main root servers for the Internet withstood immense saturation coming from unknown attackers who may have been traced to South Korea.
Office Zero-Day Still Plaguing Users Although the most recent zero-day exploit affects Microsoft Office, Excel has been the most frequently targeted application for attacks against this latest vulnerability.
Small Fine A Dutch Treat For Spammer For sending out some 9 billion junk emails through the use of zombied computers, the Dutch telecom regulator Opta fined the spammer known as Mr. X the paltry sum of $97,500 for his actions.
Casino Spam Royale One of the biggest betting days of the year will happen on Sunday when the Super Bowl takes place, and US-owned betting firms have turned to spamming in Europe to get customers to replace American ones prohibited by laws from gambling online.
Storm Worm Dancing Past PC Defenses Short life times for the Storm worms, and a multitude of variants, have combined to be part of the reason why fighting them has become a difficult effort for security companies.
Bot Battlers Bruised By Botnets The scary part of bot infestations running on millions of PCs connected to the Internet comes from the revelation that sometimes the bot herders work cooperatively rather than competitively.
Vermont Victimized By Virus A bot attack against a state computer in Vermont may have yielded information on 70,000 people to the criminals responsible for the intrusion.
NEC To Seal Out VoIP Spit NEC Corporation claims to have a new technology called VoIP SEAL that can prevent Spam over Internet Technology (SPIT) through the use of a Turing test to detect spam-generated calls.
MySpace Asked GoDaddy To Drop SecLists At the request of MySpace, domain registrar GoDaddy removed DNS records for SecLists.org after the security site published a list of 56,000 MySpace usernames and passwords that has been circulating the Internet.
419 Scams Lure In Government Worker The treasurer for Altona County in Michigan has been arrested for siphoning over a quarter of the county's budget to send to Nigerian scammers.
Storm Trojans Raining On Internet An outbreak of Trojans has been escalating since December, with security companies observing a lot of activity surrounding them.
No Friends On MySpace For Spam King Scott Richter gained a notorious footnote in the history of the Internet for his mass email activities, and has now been accused of using MySpace to send millions of spam messages.
Swedish Bank Tapped By Cybercrime The $1.1 million lost to Russian criminals by a Swedish bank took place over a three-month period, with a keylogging Trojan at the heart of the scheme.
Spammers Target Email Newsletters Criminals have started to mimic newsletters to carry their product promotion messages, and that imitation includes forging message headers to make it look like the real publisher sent them.
Tokyo Doc Loses Patient Information A physician with the University of Tokyo Hospital placed personal information about 150 patients on his home computer, only to have that data leaked online.
Image Spam Goes Boom Spammers switched tactics with millions of junk messages by sending them as images instead of text, and that exploded to account for a huge portion of all spam sent in 2006.
Identity Theft Attacks Up 250 Percent The threat to home and business computer users rose dramatically between January 2004 and May 2006, with a 250 percent rise in the number of keylogging utilities found on the Internet.
Serenity HD-DVD Cracked And Torrented Hackers have found a way around the protection used for the next-generation HD-DVD format and enabled the distribution of the Firefly movie, Serenity, over the Internet.
HP Spy Pleas Guilty To Charges Colorado private investigator Bryan Wagner used pretexting tactics to gain access to personal phone records of members of the Hewlett Packard board as part of tracking down who leaked information to reporters about the company.
Microsoft Patches Lack Word Fixes A trio of zero-day exploits for Word emerged in December around the time of Microsoft's last patch release. Their most recent updates for January contained four fixes, but none for Word.
Adobe Reader Still Open To Exploits The continued shift of attacks from operating system components to application software has compelled security researchers to comb popular apps for vulnerabilities. Older versions of Adobe Reader have again been found with a weak spot.
Strange Excel Advisory Appears Online An advisory about Microsoft Excel rated Highly Critical by Secunia appeared this morning, but the source for the advisory seems to be lacking supporting information.
New Excel Flaw Does Exist A highly critical problem in Microsoft's much-utilized spreadsheet program Excel will be formally disclosed and patched by Microsoft later today.
Early Vista Bug Not A Reliable Threat Although the debut of a threat affecting Windows component csrss.exe could impact the new Vista operating system, it does not appear to have a clear chance of doing so in every case.
Scammers Go Phishing With Flash Since anti-phishing measures can involve analyzing the content of a page to determine if it is a phish or not, some criminals have shifted to Flash to evade their notice.
Windows Getting Critical Fix Next Week Only a few fixes have been planned for January's 'Patch Tuesday' from Microsoft, with Windows scheduled to receive an update to a critical issue.
Online Theft Snared 401k Account Although the story of one man's lost of $179,000 from a retirement account appears to be headed for a happy ending, the article leaves out some crucial information.
Adobe Reader Needs An Update Users of versions 6.x and 7.x of the Adobe Reader browser plug-in should go ahead and upgrade to version 8 to avoid a nasty little sanitization flaw.
Firewall Fright Tops 2006 Hacks Amid a year of worms, cracks, phishes, and other computer security nastiness, a method of port scanning intranets from the outside topped the list.
Gmail Rings In New Year With XSS Users of Google's Gmail service should avoid staying logged in to it until a cross-site scripting issue can be completely fixed.
Rootkits Pose Big 2007 Threat Escalating efforts to increase the capabilities of rootkits could lead to them becoming a greater presence on the computer security landscape.
Criminals Loved Password Stealers In 2006 A lot of the spam that crawled into inboxes all over the world arrived with one mission - trick the person into dropping a password stealing program onto the system.
Vista Open To Proof Of Concept Attack The public release of code that can escalate the privileges of a user with authenticated access to a Vista system has Microsoft tracking down a fix.
Microsoft's Long Year Of Zero-Days From May through December 2006, Microsoft endured the emergence of ten zero-day exploits affecting their products.
Allchin Disputes Sophos Vista Claims After the Sophos security firm claimed three of the top ten pieces of malware in the wild in November 2006 could affect the new Vista operating system, Microsoft executive Jim Allchin had his engineers investigate the claim.
Spam Problem Begs For Global Response The ongoing criminal abuse of email by spammers who pump out billions of messages are reaching the point where technology solutions may not be the ultimate weapon against spam.
Big Yellow Big Problem For Symantec A worm discovered by security firm eEye exploits a vulnerability in Symantec's software that unwary administrators may have left unpatched.
UBS Logic Bomber Sentenced To Jail Roger Duronio picked up an eight-year and one month prison term in New Jersey for trashing the computers at UBS PaineWebber with a logic bomb in 2002.
VirtualATM To Key Secure Online Banking The Authentium security firm has a product nearing launch that could eliminate keyloggers and man in the middle attacks from plaguing users of online financial services.
Microsoft Slips In A Seventh Patch The company had announced six security bulletins would be released with its monthly patch cycle, but a seventh addressing a flaw in Windows Media Player entered the group at the last minute.
UCLA Suffers Massive Security Breach While it's not on the level of the CardSystems crack of 2005, attackers did manage to access UCLA's systems, putting some 800,000 people at risk.
Microsoft Tagged With Second Word Flaw Yet another zero-day vulnerability affecting Microsoft Word became known only five days after Microsoft acknowledged limited attacks were targeting the previously disclosed flaw.
QuickTime Issues Still Plague Websites Similar to the issue that allowed the MySpace worm to parade through the popular social networking site, another flaw in Apple's QuickTime can be exploited.
Patch Tuesday May Not Close Word Flaw The zero-day exploit being actively attacked in Microsoft Word on the Windows and Mac platforms probably hit too late in Microsoft's cycle to be addressed with its monthly patch releases.
F-Secure Dings Registrars Over Fake Domains Dropping a well-known and trademarked name like "eBay" into a domain name registration should cause registrars to give them a glance and make sure they aren't being purchased by someone who is not entitled to use the term.
Data Thieves Drop In On Your Phone Spyware geared toward stealing data from a mobile device has been spotted accompanying phone-infecting viruses; this early effort probably signals more sophisticated attacks are in the offing.
Zero-Day Exploit Corrupts Microsoft Word Uses of Microsoft Office and Microsoft Works have been cautioned that a proof-of-concept exploit affecting the suites' word processing program has been observed in the wild.
Microsoft RSS Blog Burned By Image Prank When the RSS team posted an image taken by a former employee to their blog, they did so without asking the photographer for permission, and he responded by swapping the image with a pornographic one.
Keeping An 'eEye' On Zero-Day Exploits Marc Maiffret's eEye security firm recently launched the Zero-Day Tracker, a website where the company will post and archive information on vulnerabilities hit by zero-day exploits.
Vista To Force Shift In Attacks Much of the current popular malware that can infest Windows PCs will have a harder time doing so in Vista, and that will have attackers changing the way they attempt to compromise Vista systems.
Vista Open To Current Trio Of Threats Out of the Sophos list of the top ten malware threats the company has observed globally, three of them can evade the default security of the new Microsoft Vista operating system.
McAfee Reveals Top Ten Threats For 2007 Mobile devices and videos will be potential targets along with PCs for various attacks, as bots and parasitic malware threaten to deliver a tremendous downside to our increasingly technology-oriented lifestyles.
BuddyProfile Sending AIM Users To Malware A site that allows visitors to embed content in their AIM buddy profiles is being exploited by malware and adware distributors who create profiles laden with links to unwanted content.
Bot Attacks Old Symantec Flaw An issue with Symantec Client Security and its Antivirus Corporate Edition had to be fixed after a bot program began exploiting it at universities.
CAN-SPAM Has Minimal Spam Impact About three years after the debut of the CAN-SPAM act, very little impact has been made on the volume of spam deluging inboxes, a problem that has worsened each year.
Security Concerns Crimping Online Shopping As well as websites did at the start of the holiday shopping season, there is a concern that the numerous incidents of security breaches that have made news over the past year may keep some otherwise energetic shoppers and their wallets offline.
CIA Quizzes Would-Be James Bonds Online The tradecraft of decades ago, where spy recruiters would go forth to make surreptitious contacts with potential agents, has a complementary modern tool online to gain interest from the CIA's desired audience.
Mac OS X Receives Unwanted Attention A zero-day exploit that takes advantage of the way Mac OS X handles disk image (.dmg) files provided an exclamation point to the growing belief that security researchers are spending more time on the platform.
Code Injection Beyond SQL Although SQL injection attacks have been a threat to websites, other types of code injection could be equally as toxic.
Patch Tuesday Is Exploit Tuesday Too Security researchers have been reporting newly found vulnerabilities on the same day Microsoft releases its monthly slate of patches, in an apparent effort to gain more notice.
Firefox Open To New XSS Flaw An in-the-wild phish found on MySpace exposes unwary users to a flaw in Mozilla's Password Manager that allows a cross site scripting exploit to steal login information.
Zango Defies FTC Settlement Terms The $3 million fine and other restrictions meted out by the Federal Trade Commission to Zango for their adware installation practices does not appear to have had the desired effect.
IT Boss Busted For Computer Access A former IT executive for a publishing company was arrested and charged with a single count of unauthorized computer access for tracking emails making the rounds of his old employer and informing his old co-workers when they were about to be fired.
Deworming The Globe Of Windows 2000 It's been several years since Windows 2000 finally arrived as a replacement for Windows NT and Windows 98. For those locations that have ignored the move to XP and yawned at all the news about Vista going gold, it may be time to break out a purchase order and join the 21st Century.
SANS Updates Its Attack Target List The Top 20 list published by the SANS Institute received a name change as its annual update of the top 20 Internet security attack targets hit the Web.
Mozilla Claims Phishing Win Over IE The Mozilla development team tested Firefox 2 against Internet Explorer 7 to see which browser fared better at flagging phishing sites.
Real Media Files Owned By Virus McAfee's Avert Labs has discovered a virus in the wild, W32/Realor.worm, that goes around modifying all of the Real Media files it encounters.
Sites Want To Hook And Gut Phishers A trio of websites offer people the opportunity to report the phish emails they receive in order to thwart the various scams and their perpetrators.
FTC Pops The Clutch On Media Motor Notorious PC hijacker software Media Motor had its doors blown off by the Federal Trade Commission, which persuaded a US District Court to shut down its distributors. That's just the start of ERG Ventures' troubles.
200 Spammers Create 80 Percent Of Spam Email users in North America and Europe who find themselves plagued with the incessant bombardment of spam can blame 200 spammers singled out by junk mail fighter Spamhaus for the unwanted messages.
Jim Hurley Has Noted Your Compliance The former Aberdeen Group VP now works as managing director of the IT Policy Compliance Group founded by Symantec, the Computer Security Institute (CSI), and the Institute of Internal Auditors (IIA); we talked about the group's recent study of factors that motivate companies to ensure better compliance with policies by their staffs.
XML Fix Ready For Patch Tuesday Microsoft's monthly patch release date will see the company provide a fix for a zero-day exploit affecting a Critical issue with its XML Core Services, along with repairs for other problems.
Vista Arriving With New Security Features Microsoft's volume licensing customers will get their hands on the latest operating system from the company first, as Vista entered the manufacturing process.
US Slithers Atop Spam Producing Heap The United States again took the dubious honor of being the worst spam relaying country in the world, with over 300 versions of the Stratio worm emerging in the third quarter helping things along.
The President Is Not Dead If you receive an email claiming either President Bush or Russian president Putin is dead, there may be a worm attached to that message.
Microsoft XML Exploit Running Wild A zero-day exploit affecting Microsoft XML Core Services has been circulating online, and poses a remote code execution threat to Windows XP, 2003, and 2000 operating systems.
Wikipedia Targeted By Malware Distributors The issue of trusting material on user-contributed websites took a turn on Wikipedia, with malicious links being placed on the well-known site.
McAfee Puts A Plus On SiteAdvisor The security software company has disclosed a premium version of its SiteAdvisor web safety tool called SiteAdvisor Plus, and touted a multitude of factors of its proactive approach to protecting computer users.
FTC Asked To Investigate Online Ads A pair of advocacy groups have filed a complaint with the Federal Trade Commission over the various practices of online advertising companies, including Google, Yahoo, and Microsoft.
IE6 Not Forgotten By Attackers Internet Explorer 7 has been available for a few days, but with millions of installations of IE6 in the world there are plenty of PCs that have not opted for the latest release from Microsoft.
Google, YouTube Motivated By Landmark Motivational and self-help workshop group Landmark Education has hit Google, YouTube, and the Internet Archive with subpoenas to find out who uploaded a video that presented a critical look at Landmark's methods.
Microsoft Bids For Software Convictions A flurry of fifty-five criminal and civil lawsuits against sellers of counterfeit software hit targets in the United States and ten other countries as Microsoft tries to crack down on the threat to its main revenue business.
Secunia Spars With Microsoft Over IE7 Denmark-based Secunia has brought up a trio of Internet Explorer 7 issues since Microsoft formally launched its new browser, and both sides have traded pointed comments about its vulnerabilities.
NWA Pass Creator Boarded By FBI Indiana University PhD student Chris Soghoian had an eventful week following the debut of his online Northwest Airlines boarding pass creator, but pointing out a flaw in the Transportation Security Administration's security process brought him some unwanted attention.
Prison Time For Elite Torrent Tracker Grant Stanley picked up a five-month prison sentence for his role in creating EliteTorrents, a BitTorrent tracker site that had been one of the most heavily used in the world.
Identity Theft Leads To Stock Fraud Criminals outside the United States finessed their way into accounts held by customers of E*Trade and Ameritrade to engage in some profitable pump and dump stock fraud.
CWSandbox Automates Malware Analysis The manual demands of analyzing a piece of malware and developing a signature to defend against it have been sped up dramatically with Sunbelt's latest product.
Microsoft Finds Need For Trust Ecosystem A Microsoft executive speaking at the RSA Conference Europe 2006 called for the computer security industry to help build a "trust ecosystem" for computing environments.
Schneier's Counterpane Sells To BT BT Group, the formerly-called British Telecom, has acquired the Counterpane Internet Security firm, which lists well-known cryptography and security expert Bruce Schneier as its CTO.
MySpace Zero Day Shows XSS Vulnerability A cross-site scripting (XSS) issue demonstrated with MySpace as a guinea pig should be noted by security administrators due to its potential for evading XSS filters.
SpamThru Trojan Includes AV Software The sophistication of malware showed a dramatic increase with the assessment of the SpamThru Trojan, which brings along a copy of Kaspersky AntiVirus for WinGate to scan for and delete rival malware on a victim's system.
Losing The Botnet War The sophisticated SpamThru Trojan delivers a client that performs AV scans to get rid of rivals on a victim's computer and communicates through peer to peer technology. That is just one of many examples of bots that plague people from non-technical web surfers to administrators of vast enterprise networks.
Microsoft Wrestling With Regulators, McAfee The Gartner research firm believes Microsoft will need years to make updates to the Vista operating system to satisfy antitrust regulators in Europe and Korea; Microsoft also responded to harsh criticism from McAfee.
Microsoft Battles IE7 Reports, McAfee Complaints The launch of Internet Explorer 7 soon saw a followup advisory that a vulnerability had been found in the browser, which Microsoft disputed. That was promptly followed by some heated rhetoric from security firm McAfee over Vista security.
Secunia Refutes Microsoft IE7 Argument Microsoft's contention that the vulnerability reported by advisory firm Secunia exists because of an issue in Outlook Express drew a strong response from Secunia's CTO Thomas Kristensen.
Fake Journalist Phish Delivered Keyloggers Social engineering proved effective at enticing bank employees to click a link in an email that pulled a keylogger onto 60 machines.
Microsoft Is The Least Of Your Worries Even though the official announcement of the availability of Internet Explorer 7 was quickly followed by news of its first zero-day exploit, eEye founder, CTO, and chief hacking officer Marc Maiffret thinks people need to realize that when it comes to technology, it's more than a Microsoft world out there.
Windows Bitten By Apple iPod Virus A small number of Apple's 5th generation video iPods arrived in the eager hands of Windows users with an irritating pest on board - a virus.
Ask Toolbars Hit With Spyware Claim Spyware researcher Ben Edelman has documented several issues with toolbars distributed by IAC Search and Media's FunWebProducts that lead him to criticize how those toolbars function.
Apple Bites Windows With iPod Virus A small number of Apple's 5th generation video iPods arrived in the eager hands of Windows users with an irritating pest on board - a virus.
Beware Of PC Buyers Bearing Fraps A nice little scam making the rounds victimizes sellers of computer hardware as the scamster asks for benchmarks of the system for sale, provides a link to Fraps for the vicitm to use, and delivers a keylogger with it.
Time Warner Grumbling Over YouTube The billion-dollar deal Time Warner wrangled from Google for AOL in December 2005 looks like a distant memory, as CEO Dick Parsons wants Google's latest acquisition YouTube to pay up for copyright infringement.
New PowerPoint Vulnerability Exposed It looks like Patch Tuesday came too soon this month, as a highly critical issue with Microsoft PowerPoint 2003 has been revealed to the company.
British PCs Under Attack From The US Computers in the US have been the staging point for a dramatic increase in criminal attacks against PCs in Britain.
Webroot Licenses Sophos To Combat Cyberthreats The antivirus technology developed by Sophos will be paired with Webroot's anti-spyware solutions and marketed as a combined solution in some of Webroot's product line.
Microsoft Patches Nailed Critical Flaws The company distributed ten security bulletins on Patch Tuesday, with several Critical bulletins correcting multiple problems in Windows and Office applications.
Spybot And Symantec In Spyware Spat Safer Networking, the maker of Spybot-S&D, has been battling with Symantec for a year and a half over Symantec's Norton products, leading to an ultimatum calling for Symantec to leave the Anti-Spyware Coalition, or Safer Networking will depart.
Spammer Cajoles ICANN To Ban Spamhaus The Realtime Blackhole List (RBL) published by Spamhaus.org could be in jeopardy as a potential court order may compel ICANN to suspend the Spamhaus domain name, all at the behest of a mass mailer.
Google Blog Has A Rough Weekend A strangely worded post that appeared on Google's official blog over the weekend proved to be a hack, and the company took it down a few hours later.
Microsoft Fighting 11 Flaws On Tuesday Every system and network administrator's favorite time of the month, the unofficially-celebrated Patch Tuesday, arrives next week with eleven patches ready to battle a host of vulnerabilities.
Professor Studies Why Phishing Works Those who have spent a long time working with and learning about technology have found it hard to determine why non-techies seem more vulnerable to phishing attacks.
Social Networker, Meet Identity Thief The National Cyber Security Alliance and technology firm CA announced results of their study into social networking behavior and how it could expose people to criminals.
Botnet Tactics Enable Click Fraud An instant messaging botnet attack that plagued users of Yahoo's Messenger client has been revamped into a more sophisticated approach that could lure people into clicking lucrative ads for the attacker's benefit.
Firefox Javascript Vulnerability Was A Joke Instead of a dramatically vulnerable JavaScript engine in the Firefox browser, the speakers at ToorCon were presenting code that one admitted will not enable remote code execution.
Firefox Accused Of JavaScript Mess A "complete mess" in the implementation of JavaScript in the Firefox browser leaves its users vulnerable to an assortment of stack overflow attacks, according to accusations made at the ToorCon hacker and security conference in San Diego.
Social Engineering Helped Spyware Spread As the saying goes, a lie can spread around the world while the truth is still putting its boots on, and this continues to apply to enabling worms and malware to spread online.
Site Promises Digg Promotion For Cash Looking at the User/Submitter website, it's hard not to think the site, if it is legitimate, is an inevitable development for those who are desperate for a promotion to the front page of the popular news aggregating site, Digg.com.
Microsoft Buys Boost Email Security Gartner published its 2006 E-Mail Security Boundary Magic Quadrant and rated Microsoft a leader in the category for its efforts.
Microsoft Sues Mystery Hacker Over DRM The FairUse4WM utility released by the hacker known as Viodentia has led Microsoft to file a federal lawsuit, which the company will use to try and track down the person behind the DRM-cracking tool.
AOL Search Data Flap Draws Lawsuit The inevitable legal action against AOL for releasing details on the queries performed by 658,000 of its users began with a suit seeking class action status filed in a California court.
Microsoft Releases VML Patch A rare out-of-band patch release began hitting Windows PCs last night and today, as Microsoft responded to reports of widening attacks against the Internet Explorer VML flaw and the arrival of an unofficial patch by third-party security researchers at ZERT for the problem.
ZERT Patches IE VML Flaw While Microsoft continues testing a fix, a group of security researchers have responded to the escalating attacks vectoring on the VML vulnerability in Internet Explorer by releasing an unofficial patch for the problem.
Massive Spam Campaign Amazes Researchers A bunch of junk messages hawking a variety of pharmaceuticals made the rounds on the Internet in April and May of 2006, and those were just the tip of a deep and dark iceberg of online crime.
Blue Pill Returning In Stealthier Mode Researcher Joanna Rutkowska made headlines when news of her Blue Pill virtualization rootkit became widely known; now she is working on ways to make it even harder to detect.
Torpark Anonymizes Online Browsing The Electronic Frontier Foundation's release of Torpark, a modified version of the Firefox browser that surfs the Internet in a secure and portable way.
Emails May Exploit VML Flaw The Internet Explorer vulnerability in its Vector Markup Language rendering ActiveX control may be just as exploitable through email as it is from a malicious website.
Gonzales Demanding Data Retention Law US Attorney General Alberto Gonzales cited the proliferation of child pornography as the reason Congress needs to enact legislation requiring Internet service providers to retain customer data.
Gartner: Six Top Security Threats To IT Pros The recently concluded IT Security Summit in London held by Gartner listed a sextet of threats that will give IT managers headaches over the next two years.
Google Public Service Fileted By Phish The Public Service Search site at Google proved susceptible to creation of a page on Google's domain, as one software developer demonstrated.
VML Flaw Threatens IE Microsoft's implementation of the Vector Markup Language rendering engine has a vulnerability that could lead to a buffer overflow and execution of arbitrary code.
Lonely Wives Spam Email Users The Federal Trade Commission put a stop to four spamming operations, including one that sent out messages offering the recipient a chance to "date lonely wives."
SiteAdvisor Answering 100M Queries Daily Lots of users seem to be turning to the McAfee SiteAdvisor service to identify sites appearing in search results as legitimate or potentially hazardous.
AIM Flooding With Malicious Bots FaceTime Security Labs have reported a worm traveling over the AIM network that will place bots on unsuspecting user PCs.
Microsoft Tracking ActiveX Issue A zero-day vulnerability in the Microsoft DirectAnimation Path ActiveX control could permit remote code execution via Internet Explorer.
No iTunes Movies For Asia Fears of fueling the rampant movie piracy business in places like China and Hong Kong likely prevents Apple from offering movie downloads in most of Asia.
EarthLink Hammers Spammer For $11M A federal court in Atlanta sided with Internet services provider EarthLink against KSTM, a Nevada firm accused of massively spamming EarthLink customers.
Governator, Rival Spar Over Audio The campaign manager for Democrat Phil Anglides, a challenger for California Governor Arnold Schwarzenegger, admitted the campaign downloaded an audio file from the governor's web site and passed it along to the Los Angeles Times.
EFF Raises A FLAG The FOIA Litigation for Accountable Government project will use Freedom of Information Act requests to expose the more egregious infringements on privacy by the federal government.
Second Life Cracked In Real Life All users of the online 3D virtual community Second Life were forced to reset their passwords after someone broke into the company's database of user information.
FTC Spanks Xanga Over Child Privacy The Xanga online networking site drew a record $1 million fine from the Federal Trade Commission over its account registration practices.
Chase Dumps 2.6M Customers In Landfill Although it is not definite, Chase believes lost backup tapes of current and former Circuit City credit cardholder information have ended up in a landfill somewhere.
Google Query Reveals Federal Health Surveillance An off-the-cuff search on Google revealed all kinds of interesting goodies, including a case study showing how routine public health surveillance to determine if a disease outbreak may be taking place.
CastleCops Feeds Phishers To Authorities Several organizations pick up the reported phishing attempts that are submitted daily to the Phishing Incident Reporting and Termination (PIRT) Squad.
Microsoft Speeds Up DRM Patch Cryptography and security expert Bruce Schneier observed that Microsoft's reaction to having its digital rights management scheme cracked was a far cry from its IE or Windows patch efforts.
Spammers Wrecked Talent Firm's Credibility When spammers adopted the look and feel of an Australian talent agency's online advertisement for their mass mailing, the company behind the ad received the brunt of the criticism afterwards.
Error Exposes 1,195 Ex-TSA Workers' Data Once again a government agency is under the microscope thanks to personally identifiable information being mailed to incorrect addresses for former employees.
Apple Cracker Breaks Silence It appears that the duo who claimed to be able to break into a MacBook through its wireless connection are being muzzled from discussing an Apple vulnerability.
Critical Zero-Day Exploit Hits Word Microsoft Word 2000 has a new exploit in the wild that could force remote code execution in a vulnerable machine.
Spammers Move Scams Into Attachments To evade anti-spam scanners, URLs linked to websites run by the spammer appear inside file attachments on email messages instead of in the email body.
Smart Is More Important Than Secure Flaws, exploits, and patches for vulnerabilities all put the topic of computer security in the news regularly, but the typical PC user has more to fear from social engineering than malicious code.
Wells Fargo Data Lost By Auditor A two-page letter obtained by SecurityProNews claimed a notebook computer containing personal information about Wells Fargo employees has been stolen from an auditor's vehicle.
AT&T Crack One Part Of Attack The breach in the AT&T online store that exposed details of customers who purchased DSL equipment through the site was just the first step in a much deeper criminal scheme.
Biometrics Comes To Disney World Visitors to the Orlando theme park will eventually see the finger geometry readers replaced with fingerprint scanners, as The Walt Disney Company fights illegally resold park passes with biometrics.
Spaghetti Threatens Italian Computers A convoluted puzzle of malicious code lays at the end of URLs being spammed into Italian blogs and forums, as attackers deploy a lengthy string of code that leads to malware.
AT&T Cracked For Credit Cards An online store used by AT&T for selling DSL equipment experienced a break-in over the weekend, and attackers made off with credit card numbers and personal information on around 19,000 customers.
Study Claims Many Network Attacks Preventable But the study commissioned by Phoenix Technologies found that the worst cases of damage to organizations impacted by a network attack came from computers where attackers logged into accounts with elevated privileges.
CIA's In-Q-Tel Spies New CEO Nanotechnology and longer-lived batteries will be at the top of Christopher Darby's list of priorities once he assumes the helm at In-Q-Tel, the Central Intelligence Agency's non-profit venture capital arm.
Ubuntu Update Undermines UI Users of Ubuntu Linux found themselves locked out of the user interface after their PCs received an update that broke the windowing system for the OS.
Click-To-Call Gets A Wake Up Call The usefulness of Skype as a potentially interoperable partner to Google Talk could be hampered by adoption of anti-Skype software by telecoms, ISPs, and corporate networks.
McAfee Says Watch Out For SMiShing The newest word in security is SMiShing, which McAfee's Avert Labs described as an emerging threat vector for mobile phone users.
Apple Battery Recall A Hot Issue Batteries manufactured by Sony have been the culprit in some Apple notebook overheating issues, forcing the company to recall 1.8 million batteries.
Judge Sends Young Spammer To His Room A judge in Great Britain imposed a two-month long curfew on David Lennon, who had been facing a sizable fine for his malicious spamming.
Qantas Watching Out For Dell Users Boarding a flight on Australia's Qantas Airlines with a Dell notebook computer will require passengers to comply with their new policy on safety.
The Return Of The Microsoft Patch MS06-042 has been re-released for IE 6.0 SP1, after issues with the initial release proved very problematic.
Microsoft Patch For Patch Needs A Patch Just before rolling out a fix for the MS06-042 patch, Microsoft learned that a new issue causing crashes had been discovered, and that will require the company to re-release that patch at a later date.
IBM Secures ISS For $1.3 Billion Internet Security Systems became a hot topic when one of its researchers quit the company last year to deliver a presentation at the Black Hat conference.
Fake Alerts Could Leads To Viruses Spammers have attempted to fool people into downloading malware by sending out messages claiming an upgrade to security software will be required.
Yahoo Seals Up Site Against Phishers Through the use of a sign-in seal, users of Yahoo websites will be able to verify visually that they have signed in to a legitimate Yahoo page and not a phishing site instead.
UK Cops Want Your Encryption Keys An effort to activate part of the Regulation of Investigatory Powers Act in Great Britain would make it a crime to refuse to hand over encryption keys on official request.
AOL Axes Three Over Search Data Fiasco There are some twenty-million search queries floating around on the Internet, generated by 658,000 users and never meant for broad distribution; the ill-advised release of that data forced AOL to remove three people from the company.
Tibetan Exiles Hit With DDoS After reports of a wireless mesh network serving Tibetan refugee camps emerged online, a heavy attack hit the Tibetan Technology Center website.
Microsoft Patch Gets A Patch The MS06-040 security bulletin proved to be such a critical threat that the Department of Homeland Security urged Windows users to implement the patch, but it now appears the patch itself had some issues as well.
AOL Digs For Gold In Spammer's Yard The company believes that notorious spammer Davis Wolfgang Hawke buried over $350,000 in gold and platinum in his backyard, and now the company wants to take a backhoe to the property.
Italian PM Focus Of Trojan Email A bogus email claiming Italian prime minister Silvio Berlusconi has been murdered by an Israeli soldier contains a Trojan file that can infect a Windows PC.
RIAA Ends Suit Against Deceased Man A lawsuit filed by the RIAA against a man accused of unlawful file sharing took a bizarre twist after the man died and the RIAA asked the court for a 60-day break to permit his family to grieve before continuing the legal action against his estate.
ConsumerReports Creates 5,500 Viruses A host of critics assailed the online home of Consumer Reports for creating thousands of new viruses to test a dozen popular antivirus programs.
Bots Attacking Microsoft Flaw The Windows Server service vulnerability called MS06-040 has been the target of a worm attack run by an automated program, reinforcing the need to get this flaw patched as soon as possible.
Worms AIM At Microsoft Flaw The Department of Homeland Security warned Windows users to patch MS06-040, and the threat to that vulnerability has been reported by Sophos as a pair of worms that travel over AOL instant messenger to exploit it.
EFF Calls For AOL Investigation The Electronic Frontier Foundation asked the Federal Trade Commission to investigate AOL over its ill-considered release of search data from over 650,000 users.
Attackers Winning The Hacking War Enhanced tools for exploiting flaws in computer systems have been growing in sophistication, and there is a concern that they are ahead of what the good guys have in their toolboxes.
DOT Anti-Fraud Computer Stolen A federal agent left a notebook computer in a government vehicle in the Miami area, and unsurprisingly it was promptly stolen.
IBM Staffer Crushes Blue Pill The potential for an undetectable piece of malware to invisibly take over a PC raised a lot of eyebrows on the Internet and at the Black Hat conference in Las Vegas; the threat of the Blue Pill virtualization method may be less than it seems.
Identity Angel Could Thwart ID Theft An artificial intelligence program in development at Carnegie-Mellon University will search the Web for personally identifiable information, and alert potential victims that such data is in the wild online.
Microsoft Responds On RSS Concerns After a Black Hat presentation called the potential of RSS feeds as an attack vector into question, Microsoft described steps they have taken to mitigate this.
DHS: Patch Windows Now The importance of one Microsoft fix is so critical that the Department of Homeland Security is advising Windows users to apply it as soon as possible.
Plenty Of Fallout From AOL "Screw Up" After leaving a sizable table of user search data online for several days, AOL removed it from the Internet; naturally, numerous sites mirrored the search data, while other sites have been delving into its contents.
Vista Beta Vulnerable To Blue Pill The virtualization technique used by researcher Joanna Rutkowska can invisibly reside on an operating system, and at the Black Hat conference she demonstrated its potency.
AOL Publishes, Withdraws User Search Data Data on searches performed by hundreds of thousands of users reached the Internet, then was promptly withdrawn by AOL after its release on an AOL Research site.
Google Warning Users About Badware Links Users who like to use Google to find things like cracks or license key generators are now receiving the online equivalent of a finger wagged in the face, as Google has started to warn people who click on certain search result links that the destination may be dangerous.
IT Manager Concerns At Black Hat Security firm Symantec, via Applied Research-West quizzed attendees of the Black Hat conference in Las Vegas, and 400 respondents revealed their concerns about computer security.
Microsoft: 12 Updates For Patch Tuesday Ten Windows and two Office security bulletins will be made available on August 8th as part of Microsoft's typical monthly release schedule.
Cisco PIX Could Be Picked Open The Cisco PIX Firewall has a vulnerability the could be blown open to allow attackers into a corporate network, but details of the flaw were not disclosed by the security researcher who discussed it during a Black Hat session on VoIP security.
10K Aussie PCs Affected By Trojan The Australian Tax Office has already identified 178 cases where people who submitted tax returns online also had their personal information sent to identity thieves.
RSS Worries – Black Hat Asks What If? RSS feeds provide a site publisher with the mechanism to quickly deliver content to an opt-in audience; if the feed can be compromised, an attacker can send exploit code to every subscriber.
Korean ID Numbers Found On Google South Korean resident registration numbers have turned up on Google, and the company will be asked to remove them from its index.
MacBook Highly Vulnerable Via Wireless Even if a MacBook's wireless card is powered on but not connected to a wireless network, it can be taken over by a malicious attacker.
Penny Deals, Bots Power eBay Scammers Automation allows a criminal to quickly establish a new eBay profile, purchase a bunch of one-cent items, and have those profiles populated with lots of positive feedback.
Intel Patches Centrino Vulnerabilities Intel identified three issues, two with Centrino device drivers and one for the PROSet management software, that required updates.
NASA Site Attacks Reported Defacements of NASA, government, military, and UC Berkeley websites have all taken place in the past week, prompted by the current Israel/Hezbollah conflict in Lebanon.
Microsoft Responds On New Flaw Although it is a mildly critical problem that can hit a server with a denial of service attack from a local network, Microsoft has verified a workaround for a newly reported Windows vulnerability that affects XP, Server 2003, and Windows 2000 Server versions.
Secret Service Busts ID Reseller Sentry Insurance and the US Secret Service identified the thief as a computer consultant with a nationally known contracting firm.
SiteKey Security Can Be Defeated The SiteKey system used by financial institutions like Bank of America can offer a false sense of security due to the potential for a man-in-the-middle attack exploiting the system.
Phishers Love eBay And PayPal An astonishing 75 percent of all emails that attempt to phish information from victims targeted users of eBay and its PayPal payment processing division.
Phish Shut Down At American Express Someone who did the coding for the American Express website made an error that allowed a redirect to load a fake Italian bank website into a frame on American Express' search page.
The Russians Are Everywhere There are two truisms in the technology world that few in government want to state with any conviction - intellectual property piracy is rampant in China, and online crime operates unabated in Russia.
Zango Affiliate Still Luring MySpace Users An affiliate who had been posting Zango content on MySpace against both companies' terms of service has switched to using a new domain, despite Zango's public claims that such activity would result in the termination of the affiliate account.
Tougher Crypto Seen In Ransomware Early attempts to extort money from people victimized by viruses that cannot be defeated without a key have grown in sophistication, with tougher encryption being employed.
Lots Of Spam For Stock Pumping Scams About 15 percent of junk email infesting inboxes around the world contain "pump and dump" scams intended to inflate a stock price quickly and allow the spammers a profitable return on their shares.
Hacker Conference Interrupted By Arrest The FBI executed an arrest warrant at a New York City hotel, where the Hackers on Planet Earth conference was taking place, and led off one man before his scheduled presentation began.
EFF Lawsuit Against AT&T Can Continue US District Court Judge Vaughn Walker refused to dismiss the case despite the federal government moving to do so under state secrets privilege.
LinkScanner Enters SiteAdvisor Turf A new tool that preemptively detects dangerous URLs before a user can click on one has debuted from Atlanta-based Exploit Prevention Labs.
Bank Attacks Grow In Sophistication Many attacks that attempt to use SQL injection have been targeting an array of banks and credit unions in an increasing number of attacks each day.
Google Earth Probing North Korea Military Naval vessels and military installations in North Korea have been chronicled by Google Earth, and its community of users has been combing over and identifying the various images picked up by the program.
Vishing – VoIP Scams On The Rise We have a new buzzword to remember as criminals use Voice over Internet Protocol to scam people by telephone out of credit card numbers and other information.
Microsoft Wins Over Winternals The Austin-based company recently settled a lawsuit with electronics retailer Best Buy, and will now be part of the operating system company their software was designed to troubleshoot.
MySpace Flash Attack Corrupts Profiles A Flash-based attack embedded into a MySpace profile will redirect the visitor to a blog post on 9/11 conspiracy theories while the exploit embeds itself into the MySpace profile of the user who just visited the infected profile.
Torpark Provides Route Around India Censors India's Department of Telecommunications has ordered Internet service providers to block several websites, including Blogger, Geocities, and Typepad.
Skype Cracked In China Reports have begun to circulate that a team of Chinese engineers has been able to reverse engineer the Skype protocol, which now makes people wonder what eBay got for its $2.6 billion.
Still No Viruses For Mac OS X Symantec's Security Response Weblog said there are no OS X viruses, but a discussion on the operating system and security still needs to take place.
Zango Admits To Placing MySpace Profiles The company has blamed one of its developers for creating two profiles on networking site MySpace that served to distribute Zango's adware products.
A Rootkit Under The Radar Although the threat of a virtualization rootkit, undetectable by normal means, has been proven, it is not in the wild yet; Rustock/Mailbot has been floating around since June, and is nearly impossible to track down.
Web Threats Get Smaller, Stealthier ScanSafe reported that global threats on the Web increased 13 percent in June, with malware creators using more tricks to slip their products into systems.
Microsoft Patches Remote Execution Flaws All but one of the seven fixes in July's version of Microsoft's 'Patch Tuesday' updates closes a remote code execution vulnerability; the seventh fixes a hole that could allow access to information that in turn could be used to attack a system.
State Department Computers Have Anomalies Attacks against computers in the headquarters of the US State Department, and its offices that deal with China and North Korea, took place on a large scale in June.
Cisco Scammers Lassoed In London American law enforcement agencies worked with counterparts in the United Kingdom to takedown a pair of Russians accused of working a warranty scam against networking giant Cisco.
FBI Warns Online Job Seekers The Internet has made it much easier to find job opportunities, but it has also created opportunities for criminals as well.
Netsky, Mytob Still A Threat The figures for the first six months of 2006 as collected by the Sophos security firm show variants of the Netsky and Mytob worms continue to make the rounds of the Internet.
ChronoPay Is Hacker Safe Now The Amsterdam-based online payment service has joined the HACKER SAFE world by picking up its certification from ScanAlert.
Winternals, Best Buy Settle Over Geek Squad A confidential settlement has ended litigation initiated by Winternals over copyright infringement regarding Geek Squad's use of its ERD Commander software.
Zango Accused Of Deceiving MySpace Users Users of MySpace who find a link to a video and press the Play button may have just agreed to install adware from 180solutions' Zango division.
Microsoft Plans Seven Patches For July Patch Tuesday arrives next week, and Microsoft will provide a total of seven updates for the Windows operating system and the Office productivity suite.
V.i. Labs Dons Its CodeArmor After picking up a first-round of funding from a group led by Rockford Capital, V.i. Labs is ready to ride the wave of software protection needs of application developers.
McAfee Sees 400,000 Security Threats By 2008 The computer security firm logged the 200,000th entry in its database of threats, and predicts it will grow to 400,000 in two years or less.
Google Makes Its Sanity Check The search engine's personalized homepage service had been vulnerable to cross-site scripting attacks due to a failure to sanitize query strings.
ActiveX Poses New Problem For IE A highly critical vulnerability in the Internet Explorer browser's HTML Help could be exploited to gain remote system access on a machine.
Robber Using Craigslist To Meet Victims A criminal described as a serial robber has been drawing victims to him by using ads on Craigslist to entice them into meetings.
Security Firm Says Get A Mac Before a brutal wave of Trojan horses can invade PCs globally, one security company recommends switching from the world of Windows to the joy of Macs.
Workers Feel Railroaded After ID Theft Names and Social Security numbers belonging to 30,000 Union Pacific railroad workers could be in the hands of thieves after someone stole a computer containing that information from an employee.
Microsoft Draws Second WGA Lawsuit A collection of plaintiffs in Microsoft's home state of Washington has accused the company of dropping spyware onto their machines.
Software Flaws Can Be Predicted A model developed at Colorado State University can make more accurate estimates of the number and severity of vulnerabilities a piece of software may contain.
Nebraska Child Support Server Cracked An attack from a location in Asia may have garnered the thief the names and Social Security numbers of 300,000 people in the state's KidCare program from a backup server.
Agnitum Criticizes OneCare Firewall The security offering from Microsoft includes a firewall, but competitor Agnitum claims it leaks when faced with all but the simplest tests of its integrity.
OpenOffice Requires An Update Multiple vulnerabilities have been reported with the freely available OpenOffice productivity suite, requiring an update to a later incremental version or a patch depending on the version in use.
Microsoft Sued Over WGA Check A Los Angeles resident wants class-action status for his lawsuit over the Windows Genuine Advantage check, and claims the software operates in violation of spyware laws.
Careless Staffers Biggest Data Threat Those underpaid employees or indifferent consultants can do a lot of harm to a business by failing to secure sensitive data.
Blue Pill A Threat To Vista x64 Hypervisor technology will allow a prototype malware rootkit to take control of a system and do so in a way that even advanced Windows x64 systems will not be able to detect.
Veterans Affairs Recovers Stolen Data The $50,000 reward for the return of data stolen from the home of an analyst with the federal agency has paid off as someone turned in the missing hardware containing the personal information about 26.5 million military personnel.
Microsoft Offers Uninstall For Antipiracy Tool The Windows Genuine Advantage Notifications software has been rereleased in a new package that disables the "phone home" component.
Apple Fixes Five Issue With 10.4.7 The incremental update to Mac OS X released yesterday includes patches for five security issues, two of which posed arbitrary code execution threats.
Symantec Debuts Preemptive Security Option The Threat and Vulnerability Management Program from Symantec offers a security option that helps business users develop strategies and processes for meeting security threats.
FTC Wants Whois Databases Kept Open The Internet Corporation for Assigned Names and Numbers (ICANN) has considered limiting requests to the Whois databases of domain name information to just "technical purposes only."
Nessus Tops Security Tools Survey The vulnerability scanner topped the list published by Insecure.org as a followup to their 2003 survey on the top 100 network security tools available.
Rasman Exploit Razzes Microsoft Although the issue was fixed with Microsoft's June patch update, Microsoft wants its XP SP1 and 2000 SP4 users to make sure they have indeed picked up the re-release of the fix.
Virus Gang Busted Up In Europe Three people in two countries found themselves in handcuffs as law enforcement cracked down on a trio alleged to have been involved with computer worm attacks.
Google Accused Of Pilfering Data A North Carolina school district claimed Google cracked its server to index a page containing the names, test scores, and Social Security numbers of 619 students.
Claria Tells Users To Uninstall Adware The GAIN platform delivers popup and pop-under advertisements, but Claria is changing direction with its business and suggesting users drop its software.
Navy Investigating Sailor Data Exposure About 28,000 sailors and family members have had their personally identifiable information put on display on a civilian website.
EFF Fights AT&T Over State Secrets The latest battle in the class action suit filed by the Electronic Frontier Foundation over allegations of wholesale electronic surveillance of Internet traffic by AT&T focused on the federal government's assertion that the case should be dismissed under state secrets privilege.
Yahoo Services May Need Some Patching An obscure security website has published a lengthy list of vulnerabilities in assorted Yahoo services like Yahoo Mail Beta and the Calendar service.
Antispam Market Benefits From Spam The 2005 revenues for the antispam software industry hit $4 billion for the year, a 13.6 percent jump from 2004.
Deloitte Calls Out Tech Firms On Security More than half of technology, media, and telecom (TMT) firms experienced security breaches over the past 12 months, but few adequately fund or deliver resources to improve the situation.
Microsoft Helps Feds Nail Phisher Jayson Harris, 23, of Davenport, Iowa, picked up a jail sentence and fines as handed down by a federal judge for his role in crafting and operating a phishing site that spoofed MSN.
Opera Browser Has JPEG Flaw The 8.54 version of the Opera web browser could be exploited with a newly uncovered vulnerability in how it handles JPEG images.
USDA May Have Been Breached An outside attacker attempted to gain access to systems at the US Department of Agriculture and could have compromised personal information on 26,000 DC-area employees, contractors, and retirees.
Excel Vulnerability Issues, Take Two Hot on the heels of the news of one extremely critical remote code execution flaw in Excel comes the news of a second problem with Microsoft's spreadsheet program.
Microsoft Posts Excel Advisory A recent advisory posted by Microsoft in response to a report of a remote code execution vulnerability in Excel confirmed the existence of the flaw.
NSA Looking Into MySpace Social networking sites allow their users to post all kinds of personal details about themselves, and data mining technologies backed by federal agencies will make sure the government can easily review those details too.
Duronio Logic Bomb Trial Begins Ex-UBS PaineWebber system administrator Roger Duronio has been accused of planting a logic bomb in the financial company's computers.
IRS Staffer Loses Laptop Fortunately, the fallout from the latest incident of someone in the federal government failing to keep a laptop in close proximity only affects 291 people.
AOL Will Soon Offer Security Bundle A software package called Total Care will bundle antivirus, anti-spyware, and firewall utilities in a package AOL plans to market to the general public.
VA Data Theft Included Active Duty Info Personal information on almost 80 percent of the United States' active military personnel also resided in the digital media stolen from a Veterans Affairs analyst's home.
Microsoft Hits Spammer For $1 Million Settlements between one of the world's worst spammers, and plaintiffs Microsoft and the state of Texas, will cost Ryan Pitylak at least a million dollars.
Pirate Bay Partially Returns Online The "victory" celebrated by the major media companies when Swedish authorities confiscated servers belonging to torrent search engine Pirate Bay has been met with a yawn by the site's ownership, who have once again deployed their service on new hardware.
The Pirate Bay Plans A Return Even as the entertainment industry congratulates itself over the raids in Sweden that shut down the notorious BitTorrent search engine, plans to have it back up and running in a few days are under way.
Pirate Bay Blockaded By Police Swedish police have seized the servers belonging to one of the most popular BitTorrent trackers in the world as part of an investigation into illicit file sharing.
StarOffice Sees Its First Virus Researchers at antivirus firm Kaspersky have found a proof-of-concept virus for the StarOffice productivity suite floating in the wild.
Fake Microsoft Email Carries A Trojan An email circulating on the Internet claims to contain a patch for the WinLogon service in Microsoft Windows, but instead delivers an unwelcome payload.
Symantec Posts Fix To AV Flaw A vulnerability in Symantec's Antivirus Corporate Edition and Client Security products has been patched by the company.
Symantec Antivirus Vulnerability Revealed A flaw in Symantec's Antivirus and Client Security products could leave the machines they are protecting subject to exploitation.
Red Cross Warns Donors About Breach A former employee of the Red Cross stole personal information obtained from a donor database to open credit card accounts, causing the Red Cross to warn more than 1 million donors in Missouri and Illinois of the problem.
Microsoft IE 7 Bids For Security A number of security changes in Internet Explorer 7 beta 2 demonstrate how Microsoft developers have tried to address those concerns.
MPAA Countersued For Hacking The Motion Picture Association of America has been sued by Valence Media, parent company of the TorrentSpy search engine, over its employment of a person to steal private information from them.
Gartner Warns Firms Against US Telecoms The analyst firm Gartner has advised international companies to rethink their options for maintaining data outside the US and how they connect to it.
Info For 26.5 Million Veterans Stolen An employee of the federal Department of Veterans Affairs took home data containing Social Security numbers and other personal information about 26.5 million, and that data was subsequently stolen during a burglary.
Microsoft Staff Faces Change In Status Securing the Windows desktop could start at home, with employees of Microsoft facing the prospect of losing admin rights when they move to the Vista operating system.
Web Inventor Slams Telecoms Tim Berners-Lee suggested a chilling effect on voting and democracy could happen should telecom companies gain the right to enforce a tiered Internet.
Symantec Finds Microsoft Word Trojan The security company advised users of Microsoft Word 2003 that a zero-day exploit has been detected in the wild, and it targets a vulnerability in that program.
DHS RFID RFC Q&A TBD ASAP The Department of Homeland Security's Privacy Office issued a request for comments on a highly critical report it completed on the use of RFID for human identification, ahead of a public meeting about the use of that technology.
Microsoft Makes Whale Of A Buy The company will enhance the secure access solution it offers by acquiring Whale Communications and its line of remote access security products.
EFF Can Use AT&T Docs In Case US District Judge Vaughn Walker allowed the Electronic Frontier Foundation to use whistleblower Mark Klein's documents in its class action lawsuit against AT&T over domestic surveillance.
Blue Frog Killed By Spammers The Israeli-based Blue Security firm had taken on spammers with its Blue Frog software, but the continued online attacks by those spammers has forced the company to shut down.
Oh No Ofoto Busted For Spamming Kodak Image Gallery, formerly called Ofoto, sent out a lot of emails without the federally required opt-out information included.
DoJ Files To Dismiss AT&T Spying Suit The Department of Justice waited until the wee hours of early morning on May 13th to file a motion to dismiss a suit brought against AT&T over its monitoring of communications.
Congress May Finally Limit SSN Sales The online trading of Social Security numbers has led in some cases to identity theft, and both houses on Capitol Hill have bills in the works to stop those SSN sales.
Stolen Identities Found On Server A malicious program called Trojan-Phisher-Rebery has been stealing personal information and placing it onto a remote server where it would likely be sold to other criminals.
SiteAdvisor Warns Users About E-Cards Nothing beats the feeling of assuaged guilt quite like a $5.89 greeting card purchased and sent to Mom for Mother's Day, and for those who want to take a shortcut and send her an e-card instead, beware of what you choose for that service.
Spam Botmaster Going To Jail A federal judge in Los Angeles sentenced Jeanson James Ancheta of the "Botmaster Underground" to 57 months in prison for his malicious computer hacking.
Hospital Hacker Pleads Guilty To Bot Attack Christopher Maxwell will have to pay more than $252,000 in restitution to a hospital and the Department of Defense for his role in attacking thousands of computers with a botnet that installed adware on target machines.
Politician Sues Google Over Child Porn Ads Jeffrey Toback, a member of the Nassau County Legislature on Long Island, filed a 16-page complaint against Google in New York State Supreme Court.
Oracle April Patches Pushed Into May April showers bring May flowers, but Oracle has been showered with criticism over its patch release woes; users of Oracle's various applications will have to wait until May 15th for the quarterly update that had been planned for April.
TypePad Hit By DDoS Aimed At Blue Frog When Blue Frog's creator Blue Security redirected traffic from its URL to the blog it maintains on the TypePad service, the distributed denial of service attack aimed at BlueSecurity then affected TypePad.
Court Slams Sanford Wallace Over Spyware The case against infamous spammer Wallace has seen a judge order Wallace and his Smartbot.Net company to shut down and turn over its ill-gotten gains.
Blue Frog Spam War Escalates A Russian spammer claimed he possesses the email addresses of everyone using Blue Security's anti-spam Blue Frog software and threatened to spam members of that list continually unless they leave Blue Security.
AIM Battling Nefarious Bots AOL has cut off access to certain IP addresses from its instant messenger network in order to slow down the possible impact of a bot spreading over AIM.
Mac Security Reputation 'is in Tatters' The SANS Institute released its spring update of the top 20 Internet security vulnerabilities, and the increased adoption of Mac OS X and the Firefox browser have made them more tempting to malicious hackers.
Government Intervenes In AT&T Case The federal government wants the case brought against AT&T by the Electronic Frontier Foundation dismissed on the grounds of military and state secrets privilege.
Apple No Longer Secure Through Obscurity A scary story about a Mac OS X virus began making the rounds today, started by AP and carried on CNN, but as with many stories in the mainstream media, things may not be all they seem to be.
Firefox Fixing DoS Flaw Soon Another incremental release of the Firefox browser should be available online today in response to a zero-day exploit that became public earlier in the week.
Thieves Using VoIP To Phish Information Instead of luring victims to a maliciously crafted website to steal bank login information, some enterprising criminals use VoIP to mimic a bank telephone voice system.
Technorati Slams Into China's Firewall The blog search engine has received and is looking into reports that users in China cannot get to Technorati from there.
Virus Holds Your PC for Ransom Troj/Ransom-A has started making the rounds and demanding the user of an infected PC send ransom via Western Union to the extortionist.
Aetna Loses Data On 38,000 Members The latest edition of the SPN Idiot Watch award goes to an unnamed and presumably former employee of the Aetna insurance firm for taking the company's "We want you to know" far too literally.
Microsoft Repatches Shell Patch Curing a critical vulnerability in Windows XP, 2000, and 2003 proved more troublesome to a lot of users than the vulnerability itself.
Firefox Zero-Day DoS Discovered A Javascript handling issue in the latest version of the Firefox browser can be exploited to cause a buffer overflow and crash the browser.
Password Change Myth Discounted If your network manager requires you to change your password frequently, he or she may need to put aside the tie-dyed t-shirts and park the VW Van someplace with a For Sale sign.
Symantec Scan Engine Needs A Tuneup Three moderately critical flaws in the Symantec Scan Engine pose a potential threat of exposing sensitive information through a man-in-the-middle attack.
Gonzales Targeting Online Child Predators US Attorney General Alberto Gonzales spoke candidly about the growing threat of child porn and a need to take greater action against those who commit the acts and distribute them online.
US Tops Spam Relaying Nation List Only a couple of years back, the United States accounted for more than half of the spam being excreted into people's inboxes, but heightened user awareness of security and the prosecution of large-scale spammers has dropped that number.
Oracle Sews Up 36 Security Holes A number of Oracle's enterprise level products picked up security updates from the company's latest quarterly patch release.
More Malware Entering Stealth Mode Creators of destructive and malicious computer programs have been utilizing stealth technology in far greater numbers over the past three years.
Yahoo Mail Slowed To Fight Spam When a security company tested the ability to reach mail servers at Yahoo, it found half of the listed public servers unavailable to receive email messages.
Firefox Reveals New Critical Update The Mozilla Corporation recommends users still on the 1.0 versions of the Firefox browser should update it to the latest release, 1.5.0.2.
Security Officer Patrolling MySpace Former Microsoft child-safe computing director and federal prosecutor Hemanshu (Hemu) Nigam joined Fox Interactive Media as chief security officer for MySpace.
Winternals Picks A Fight With Geek Squad The white-shirt, black-tie clad, VW-driving computer support crew at Geek Squad have been using Winternals software to diagnose customer computer problems; unfortunately, they apparently didn't bother to license the software from Winternals first.
Microsoft Fields Fourteen Flaw Fixes The April update from Microsoft patched a lot of critical vulnerabilities, including the createTextRange() problem that prompted a pair of security companies to release temporary patches for users.
Spyware Bill Microsoft Crafted Not OK Legislation pending in the Oklahoma House greatly expands the types of companies exempted from prohibitions against peeking into someone's PC.
EFF Has Evidence Of AT&T, NSA Spying The Electronic Frontier Foundation recently bolstered its class-action suit against AT&T by submitting evidence that the telecom provided the National Security Agency with open access to Internet traffic it handled.
Microsoft Plans Five Fixes For Patch Tuesday At least one update to be delivered with the next round of patches addresses a Critical-rated issue, the createTextRange() vulnerability in Internet Explorer.
McAfee Buys SiteAdvisor For Rumored $75 Million While terms were not disclosed for the deal, McAfee may have paid $75 million to pick up the website safety service SiteAdvisor.
IE Address Bar Spoof Discovered An address bar spoof can be conducted by a malicious phisher taking advantage of a race condition in Internet Explorer.
IRS Hunting For Its Phishers In response to the news that criminals have been sending phishing emails disguised as communications from the IRS, the tax agency has provided instructions on how to report these messages.
Online Child Sex Probe Stings DHS Official A deputy press secretary with the Department of Homeland Security has been put on leave with his security clearance suspended after his arrest on charges of propositioning a deputy sheriff he believed was a 14-year-old girl.
Apple Bakes 10.4.6 Update For OS X Several fixes arrived for the Mac OS X operating system, including a patch for a recently discovered flaw in Intel-based Macintoshes.
MySpace Securing Itself For Advertisers Some 200,000 profiles containing content ranging from hate speech to racy images have been purged from MySpace by News Corp as the company fights negative perceptions about the popular site.
Lucent Tries Placating US Concerns Over Alcatel By creating a separate unit based in the United States to specifically handle US government contracts for networking equipment, Alcatel and Lucent hope to avoid the scrutiny that Lenovo and Check Point have received from politicians.
Can Bad Guys Google Your Passwords? An article discussing the use of various operators for advanced searches on Google revealed just how effective they can be in malicious hands.
Rolling Stone Gathers Debit Card Criminals A lengthy investigation of online fraud and identity theft led the US Secret Service to seven arrests with some linked to a string of debit card and PIN compromises.
Gutting Phishers With PIRT The nascent Phishing Incident Reporting and Termination project sponsored by CastleCops and Sunbelt Software encourages people to report phishing attempts so they can be tracked down and terminated.
IE Flaw Fears Prompt Non-MS Patch Downloads More than 70,000 users hit the eEye security website to pick up the third-party patch they created to fix the createTextRange() vulnerability in Internet Explorer.
eBay Account Reseller Shut Down A Russian-language site had been selling stolen eBay accounts along with a few pilfered PayPal accounts until their operation was uncovered and put to an end.
YouTube Pops A Cap In Infringement Users of the video sharing website have been gleefully posting all kinds of entertaining video content for others to see; unfortunately, quite a bit of that content has not been shared with the express consent of copyright holders for those works.
The Case Of The Missing Google Blog For a short time last night, the Official Google Blog contained a single entry - Google, fix your blog pleeasssee! - until intrepid Googlers solved the mystery.
Child Porn Spam On The Rise Exceptionally offensive emails that attempt to lure recipients to child-porn sites have been increasing in number.
Bots Hunting Bank Information Verisign's security research firm iDefense thinks the Metafisher bot (aka Spy-Agent and PWS) has a presence on a million computers and could leap into millions more.
US PC Purchase From Lenovo Prompts Paranoia Lenovo has a deal in play to provide 15,000 PCs to the State Department, but fears that the Chinese government may have stuffed those computers with bugging equipment have prompted calls for a probe into the matter.
MySpace Used To Nail Crime Suspects A party in Boulder, Colorado turned into an ugly scene of rape and robbery, and police turned to the MySpace networking site to identify those responsible.
WAA Sets Anti-Spyware Principles A group of companies like Google, Yahoo, and Webtrends back the Web Analytics Association, announced they have formed and adopted an anti-spyware statement of principles.
FreeFlixTix Paying FTC $900,000 For Spam Jumpstart Technologies received a hefty civil penalty for violating the federal CAN-SPAM Act, with the Federal Trade Commission securing a permanent prohibition on the company preventing it from committing future unlawful spam practices.
IE Exploits Hit The Web The createTextRange() method exploit could permit the arbitrary execution of code through Internet Explorer, and malicious sites that take advantage of the as-yet-unpatched flaw have been sighted online.
Microsoft Details IE Vulnerability A trio of mitigating factors has removed some of the sting from the latest flaw discovered in Internet Explorer by a security researcher.
Snort Acquisition Stuffed Up By Feds The purchase of network security company Sourcefire, the makers of the Snort intrusion detection and prevention system, by Israel's Check Point has been withdrawn in the face of withering government scrutiny of the deal.
Spitzer Accuses FreeiPods.com Of Privacy Breach New York Attorney General Eliot Spitzer's office believes FreeiPods.com's owner Gratis Internet committed "the largest deliberate breach of privacy in internet history."
Fidelity Fumbles, Loses Laptop, HP Data Idiot Watch VI, Hewlett Packard edition: Fidelity Investments has lost a laptop containing lots of personal data for some 80,000 HP employees.
Microsoft Prepping IE Pre-Patch Tuesday Fix A highly-critical vulnerability in Internet Explorer has prompted Microsoft to scramble for a workaround to the flaw.
Did Your SEO Just Scam You? A nebulous job description related to search engine success that the non-technical entrepreneur needs could be what parts you from your cash and enriches her $200k/year "SEO business."
Double Trouble For Internet Explorer A pair of flaws in Microsoft's IE web browser could lead to it crashing during use or being taken over by a remote attacker.
Securing Firefox With Extensions A handful of extensions for the Firefox web browser can help users enjoy a safer surfing experience on the Internet.
DNS Attack Threat May Be Overstated The simplicity of how attackers can turn thousands of domain name servers against a target not only boggles the mind but constitutes a tremendous threat to Internet resources; however, the vulnerability may be more a matter of poorly configured machines.
Homeland Insecurity: Feds Flunk Security Test Not only did several federal agencies fail to pass muster in the annual review made by Congress, Homeland Security received a big fat red F for their efforts.
Chertoff Knows You Paid Your Credit Card Most typical credit card users do not send in a large payment to cover an outstanding balance, and one customer found out that those who do make a big payment trigger an alarm at Michael Chertoff's Department of Homeland Security.
Marriott Timeshare Becomes ID Share Instead Another case of vanishing backup tapes, this time from an Orlando office of Marriott, may have exposed the personal details of over 200,000 people to an unknown party.
Snort Vulnerable To Back Orifice Packets ISS X-Force has reported the Snort intrusion detection system is vulnerable to a stack-based overflow when parsing Back Orifice packets.
Check Point Inhales Snort The Israeli-based Zone Alarm maker Check Point Technology has acquired Sourcefire, the distributor of the Snort intrusion detection system.
Symantec Complains To EU About Microsoft Microsoft plans to bundle its Client Protection software with the Vista operating system, and Symantec has asked the EU to investigate.
TK Worm Gets UK Creators Jailed Two men from Britain have each received short jail terms for their role in helping spread the TK worm around the globe.
eEye Spots IE, Outlook Install Issue More vulnerability problems for Redmond, as the eEye security firm notes the presence of a new vulnerability.
Attacker Drinks In Sonoma State Student Info Sonoma State University has disclosed unauthorized access to seven of its workstations happened in July.
Cisco, ISS, And The Lynn Conundrum It started as a proposed presentation for the Black Hat security conference in Las Vegas, and turned into a call to arms for the hacker community.
3Com Tipping On Flaw Disclosures 3Com and its Tipping Point division have established a web site, where security researchers can be rewarded for disclosing vulnerabilities.
This Just In: New Worm Poses As Breaking News The new worm making the rounds poses as a variety of purported breaking news stories online.
Bush Creating National Security Service Within FBI The President has accepted and will implement many of the Robb-Silberman WMD Report recommendations on intelligence reform.
One In Ten Admins Use Default Passwords A European survey conducted by a security software company finds quite a few people have not changed key passwords.
US Slips National ID Card Into The REAL ID Deck The recently passed REAL ID Act provides for uniform standards in state-issued driver licenses, effectively making them a national ID card.
Mobile Phones Put Virus Threat On Hold Several factors have to come into play before the breathless hype of antivirus vendors matches the reality.
World Cup Fans Sober Up On Worm Attack A variant of the Sober worm has been appearing as an enticement to fans seeking World Cup tickets.
Web Server Cracks And Defacements Increase Crackers increasingly focus on web servers, and sites belonging to govenments or the military were not immune.
Los Alamos Hacker Sentenced US District Court sentences Jerome Heckenkamp to eight months in prison and orders restitution paid to firms he compromised.
MP3 Files Targeted Across P2P Networks A recent outbreak of the Nopir worm takes aim at file-swappers, but does not discriminate between illegal swapping and legitimate music files created by owners.
Cisco Vulnerable To ICMP DoS Remote Denial of Service exploit poses threat to TCP/IP implementations of ICMP on Cisco and other vendor platforms.
Merchandisers Respond To Recent Data Thefts High profile thefts from Polo Ralph Lauren and shoe merchant DSW prompt industry to implement better security measures.
Red Hat Reports Firefox Vulnerability Multiple bugs affecting user security while using the Firefox browser have prompted the release of this update.
Microsoft To Open French Security Research Center CEO Steve Ballmer to visit Paris next week, and the visit may include the formal announcement of the center.
Adware Adds Up to Cash Webroot VP for Threat Research Richard Stiennon looked into adware profitability. He found billions of reasons why adware isn't going away.
|
|
 |
iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us |
 |
| Contact
Us | Advertise
| Newsletter
Archive | Sitemap
| Submit an
Article | News
Feeds SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal |
Join the WebProWorld Forums: Click Here |
|
|||||||||||||||||||||||||
