Free Republic

Had a virus alert yesterday from AVAST. As usually, it allowed me to abort connection and proceed. Cyber Security popups came up on my sceen and thinking it was AVAST prompting me, I ran a program. Turns out it was a fake site trying to get info and now it's embedded in my system. CAN ANYONE HELP? It's trying to block FR as a malicious website.

Microsoft sends biggest patch on record Tue Oct 13, 2009 4:03pm EDT SEATTLE (Reuters) - Microsoft Corp issued its biggest software patch on record on Tuesday to fix a range of security issues in its programs, including the yet-to-be-released Windows 7 operating system. In a monthly update sent to users of its software, Microsoft released 13 security bulletins, or patches, to address 34 vulnerabilities it identified across its Windows, Internet Explorer, Silverlight, Office and other products. It said six of the patches were high priority and should be deployed immediately. The patches -- which update software to write over glitches...

Security: A Senate bill lets the president "declare a cybersecurity emergency" relating to "nongovernmental" computer networks and do what's needed to respond to the threat. Didn't they just collect our e-mail addresses?We wish this was just a piece of the fictional "Dr. Strangelove" that fell to the cutting-room floor, but it's not. It is a real piece of disturbingly vague legislation sponsored by Sens. Jay Rockefeller, D-W.Va., Bill Nelson, D-Fla., and Olympia Snowe, R-Maine. Senate Bill 773 would grant the administration emergency powers (where have we heard that before?) in the event of a cyberemergency that the president would have...

A Briton wanted in the United States for breaking into NASA and Pentagon networks in "the biggest military hack of all time" lost an appeal against his extradition Friday, making a U.S. trial more likely. Gary McKinnon, 43, has fought a three-year battle to avoid extradition, including going to the European Court of Human Rights, but he appeared to have run out of options as Britain's High Court ruled against his latest appeal Friday. The court rejected arguments by McKinnon's lawyers that extraditing McKinnon, who was recently diagnosed with Asperger's Syndrome, a form of autism, would have disastrous consequences for...

If you have any interest in the sporting world, you undoubtedly have heard about the recent video depicting an exposed Erin Andrews--a high-profile sports reporter for ESPN--filmed through a peephole at her hotel room. This video is now being tied to security issues on both PCs and Macs. Although, as Graham Cluley notes, Ms. Andrew's lawyers have threatened lawsuits for any Web site distributing the video, several sites have set up pages claiming to offer the footage. Cluley writes on his blog: "And - surprise surprise - if you visit those webpages you could be putting the security of your...

Survey finds one in six consumers act on spam by Jeremy Kirk, IDG News Service About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits...

PCs Used in Korean DDoS Attacks May Self Destruct There are signs that the concerted cyber attacks targeting U.S. and Korean government and commercial Web sites this past week are beginning to wane. Yet, even if the assaults were to be completely blocked tomorrow, the attackers could still have one last, inglorious weapon in their arsenal: New evidence suggests that the malicious code responsible for spreading this attack includes instructions to overwrite the infected PC's hard drive. Update: This is already happening. Please be sure to read the updates at the end of this post. Original post: According to Joe...

NRO colleague Kevin Williamson passes along this item from Wired.com’s Danger Room:  It's like Burn After Reading, the latest Coen brothers' flick, come to life. Well, kinda sorta."A New Zealand man has found confidential United States military files on an MP3 player," the Age reports. He bought at an Oklahoma thrift shop, for less than ten bucks. Chris Ogle wasn't looking for secrets during his little shopping trip, of course. But when he brought the player home and hooked it up, "he discovered a playlist he could never have imagined," New Zealand's TV One pants.The sixty files included personal details of...

Internet security is broken, and no one knows how to fix it By John Markoff Sunday, December 7, 2008 SAN FRANCISCO: Internet security is broken, and nobody seems to know quite how to fix it. Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to improve the security of its Windows operating system software, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread the software to other machines exponentially. Computer scientists and security researchers acknowledge that they cannot get ahead of the...

In a move that could backfire, according to one security expert, Apple pulled out of a prominent hackers' convention taking place this week in Las Vegas. Apple abruptly canceled what would have been its first appearance at Black Hat, an annual event in Las Vegas that features presentations from the world's most preeminent security researchers – a.k.a. hackers – according to Computerworld. Speakers typically highlight security shortcomings in a number of different technologies, including operating systems, e-mail and the Internet itself. Taking one's lumps at Black Hat is a right of passage in a technology's security evolution, as companies like...

George Ledin teaches students how to write viruses, and it makes computer-security software firms sick.In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus...

Expert urges China visitors to encrypt data Aug 3, 2008 - 9:02:10 AM WASHINGTON (Reuters) - China's blocking of Web sites has embarrassed the International Olympic Committee, but a computer security expert said on Thursday that visitors to Beijing also needed to protect their data from prying eyes. "People who are going to China should take a clean computer, one with no data at all," said Phil Dunkelberger, chief executive of security software firm PGP Corp.

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web. Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses. "It's a very fundamental issue with how the entire addressing scheme of the Internet works," ... "You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything." The flaw would be a boon for "phishing"...

Symantec, Windows users beset by Vista SP1 flaws By Tom Espiner, ZDNet UK Monday, March 24, 2008 10:56 AM Security vendor Symantec has said that updated drivers to replace those adversely affected by Windows Vista Service Pack 1 are not yet available. The company said users will have to wait for the updated drivers, which will be available "in the coming weeks". The drivers in question are for Endpoint Protection and Network Access Control, two of Symantec's flagship enterprise security products. Microsoft released Vista Service Pack 1 (SP1) to Windows Update on Tuesday. However, in the Vista team blog, Vista...

Hackers have newer methods to hack into your systems. They are smart enough to detect security loop holes in your PC and enter through open ports,unencrypted Wi-Fi connections,malicious websites or internet servers. It is better you check your PC periodically for invasions and protect your system to prevent pilfering and damage of data. Detecting security loopholes. Eliminating malicious programs. Tracking hackers .

A day after Adobe patched a serious security hole in its Reader and Acrobat programs, miscreants are flooding email inboxes with malware-tainted PDF files that try to remotely hijack vulnerable computers. The malware, identified by Symantec researchers as Trojan.Pidief.A, is included in PDF files attached to a "fair number of emails," according to this blog entry. The spam typically targets specific businesses or organizations. Adobe issued a patch for the vulnerability on Monday. The revelation of in-the-wild exploits underscores the importance of updating immediately. A patch for Reader is available here; an Acrobat update is available here. Emails typically arrive...

The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite. The bugs, deemed critical, are detailed in Mozilla's Security Advisory 2007-12. They include multiple vulnerabilities in Mozilla's Layout Engine and in its JavaScript engine that can result in memory corruption and lead to system takeover or DoS (denial of service). The function of a layout engine is to handle content such as HTML, XML, image files and applets as well as formatting information including CSS (Cascading Style Sheets) and presentational...

The U.S. Agriculture Department lacked controls to protect personal information on stolen computers and often failed to notify individuals whose information had been compromised, the department's inspector general said on Tuesday. The office of inspector general said in a report that it reviewed records from the Farm Service Agency, Natural Resources Conservation Service, Rural Development and Information Technology Services and found 95 computers were stolen between October 1, 2005, and May 31, 2006. "These agencies lacked policies and procedures to adequately notify proper authorities and affected parties when thefts of computer equipment occurred," Assistant Inspector General Robert Young said in...

Excerpts - ... 1. Make ISPs (and all organizations providing computer access to more than 100 people) responsible for filtering scan and attack traffic across their networks. ... 2. Make ISPs (and all organizations providing computer access to more than 100 people) responsible for knocking customer PCs off their network if they become bots. ... 3. Make end users liable if losses are incurred because of outdated security software. ... 4. Write some kind of law concerning efficient security software. ...

About the security content of AirPort Update 2006-001 and Security Update 2006-005 This document describes Security Update 2006-005 and the security content of AirPort Update 2006-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security...

Identity thieves are gleaning personal information from scrapped computers. Peter Warren reports on just how insecure our sensitive data really is. Bill Kerridge is a North Shields publican who runs an award-winning pub in the Tyneside Town and whose daughter is a talented gymnast. Normally, Kerridge would be happy for the readers of a national newspaper to know those details, only he is not because along with a wealth of other information relating to his family, it was recovered from a computer hard drive bought off the internet via eBay that the Kerridges knew nothing about. The news that such...

Erasing data from a computer is not as simple as the manufacturers would have you believe. Just deleting it or reformatting the hard drive does not remove the data, and the secure removal of data about individuals by companies is now a legal requirement. There are a number of methods used to "delete" data from a hard drive. These methods do not remove the data, they simply make space available for the system to use when next required. The data remains on the disk. Readily available software tools can be used to restore the data. Some are even free. When...

*********************************************Mozilla on Wednesday released an update to its popular Firefox Web browser that fixes a dozen vulnerabilities, seven of which it deems "critical." The most serious of the flaws could be exploited by cyberattackers to commandeer a vulnerable PC, according to Mozilla. The company, which oversees Firefox development, has published security advisories for each of the flaws repaired by the Firefox update. The flaws are fixed in Firefox 1.5.0.5, which Mozilla has started pushing out to Firefox users via the update feature in the open-source Web browser. In addition to the security fixes, the browser update includes stability improvements, as...

"Overall, the research shows that many consumers have a false sense of security while online," ESET Chief Research Officer Andrew Lee said in a statement. "With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection." While nearly 90 percent of computer users have software on their machines to protect them from malware like viruses, Trojans, worms and spyware, almost two-thirds of those users are reluctant to upgrade the software after it's installed. That was the finding in a survey released Monday by security software maker ESET, of San Diego....

Computer-based fraudsters are finding new ways to trick people -- not technology -- to get the information they seek "Lawsuit against you," reads the subject line in an e-mail that hit thousands of in-boxes around the world last month. In flawless legalese, the message warns recipients that they recently sent an unsolicited fax to the sender's office. Citing U.S. civil code, its prohibition on sending junk faxes, and an actual $11 million settlement by restaurant chain Hooters, the missive threatens a lawsuit over the alleged junk fax. "If you do not pay me $500 by the deadline for payment, I...

Most people who use e-mail now know enough to be on guard against "phishing" messages that pretend to be from a bank or business but are actually attempts to steal passwords and other personal information. But there is evidence that among global cybercriminals, phishing may already be passé. In some countries, like Brazil, it has been eclipsed by an even more virulent form of electronic con — the use of keylogging programs that silently copy the keystrokes of computer users and send that information to the crooks. These programs are often hidden inside other software and then infect the machine,...

142---Number of unique I.M. viruses in 20042,403---number of unique I.M. viruses in 2005The number of viruses transmitted through instant-messaging software surged in the last year. . . . Such viruses typically arrive in innocuous-looking messages, ostensibly from an I.M. buddy, [urging] the recipient to download software that turns out to be malicious.[E]-mail inboxes are increasingly well protected against viruses, forcing hackers to look at other modes of transmission. . . . Another innovation last year was the first talking I.M. virus, which chatted with its targets. . . . [O]ne of its favorite phrases was "lol that's cool."

Some hackers like to "shoulder surf," or steal unsuspecting PC users' passwords by looking over their shoulders at the Internet café. Others prefer to crack an account's password -- using sophisticated software programs. But new developments in network security are going to wipe out the shoulder surfers, and their cracker pals, experts tell United Press International's Networking. Graphical passwords are emerging -- images, not words or phrases, which authenticate access to a computer or a network. By Gene Koprowski

How the iPod Will Change the Face of Computer Security Date: Dec 1, 2005 By Bruce Potter. Apple probably didn't intend it, but the iPod will likely prove to be an important stepping stone into solving a problem that has faced computer scientists for more than 30 years. Bruce Potter explains. The iPod has caused a bit of a revolution in the music industry. By making the iPod incredibly user-friendly and providing affordable content, Apple has put more than 28 million iPods in the hands of consumers all over the world (with 10 million more expected to be sold before...

Linux/Unix e-mail flaw leaves system wide open By Matthew Broersma, Techworld Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Elm (Electronic Mail for Unix), a venerable e-mail client still used by many Linux and Unix sysadmins, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux. The Elm flaw involves a boundary error when the client reads an e-mail's "Expires" header. A specially crafted e-mail could exploit the bug to cause a buffer overflow and execute malicious code on a system, according...

A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict....

SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated. Investigators in the United States and Europe say they have spent almost a year pursuing the case involving...

Apple has announced the release of a security update for OSX.3.9 and lower. This apparently does not impact the users of OSX.4 Tiger. I suggest all Mac OSX users who have not updated to Tiger to use the Software Update option under the Apple menu to immediately update their computer's OS. Below is Apple's descriptions of the patches in this security update: -------------------------------- About Security Update 2005-005 This document describes Security Update 2005-005, which can be downloaded and installed using Software Update, or from Apple Downloads.For the protection of our customers, Apple does not disclose, discuss, or confirm security issues...

SYDNEY - Australian scientists believe they have developed an unbreakable information code to stop hackers, using a diamond, a kitchen microwave oven and an optical fibre. Researchers at Melbourne University used the microwave to "fuse" a tiny diamond, just 1/1000th of a millimetre, onto an optical fibre, which could be used to create a single photon beam of light which they say cannot be hacked. Photons are the smallest known particles of light. Until now, scientists could not produce a single-photon beam, thereby narrowing down the stream of light used to transmit information. "When it comes to cryptology, it's not...

UNITED PRESS INTERNATIONAL The nation's largest information security institute released its quarterly review of Internet threats today, highlighting the Web's growing vulnerability to a new form of online fraud called "pharming." The review also reveals that, for the first time, some security and anti-virus software is vulnerable to hackers, creating a dangerous high-level back door into users' systems. Analysts say pharming -- the redirecting of Internet users to Web pages without their knowledge -- could be used to obtain banking or other financial-services information.

iPods can be tools of espionage Graeme Kemlo APRIL 26, 2005 STOLEN laptops and lost PDAs embarrass governments and businesses. Paris Hilton's smartphone outed her contacts. But the new corporate security risk might be a seemingly innocent iPod. With gigabyte data capacities, they are the potential weak links in small-to-medium enterprises (SME) and corporate networks that are otherwise secured at significant effort and expense. Oscar Moren, Australian managing director of Pointsec Mobile Technologies, which specialises in encryption for all the main PC and mobile platforms and storage media, says Australian companies are only starting to understand how dangerous removable media...

COMPUTER criminals are coming up with ever stealthier ways to make money. Rather than attack PCs or email inboxes, their latest trick is to subvert the very infrastructure of the internet, the domain name system (DNS) that routes all net traffic. In doing so, they redirect internet users to bogus websites, where visitors could have their passwords and credit details stolen, be forced to download malicious software, or be directed to links to pay-per-click adverts. This kind of attack is called DNS cache poisoning or polluting. It was first done by pranksters in the early years of the internet, but...

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser. Details of the nine flaws were published on Mozilla's security Web site over the weekend. Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript. "There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious...

<p>Win4Lin Pro™ is the flagship product of the Win4Lin product family. Using Win4Lin’s high performance virtual computing environment (VCE), Win4Lin Pro runs virtually any Windows 2000 or Windows XP application as intended, without the need to patch the host operating system (e.g. no need to patch the Linux kernel). This next generation product is the perfect solution for the technical workstation, home, or enterprise Linux user. Organizations wishing to migrate to Linux need wait no longer because they can now run those Windows legacy business applications that until now have prevented them from moving forward.</p>

NEW YORK - The company behind those floating ads that dance across Web pages has developed a way to restore the data profiles that many privacy-conscious users try to delete from their computers. Most users don't know what they are doing when they run antispyware programs that delete the profiles, known as cookies, said Mookie Tenembaum, founder of United Virtualities Inc. By deleting cookies, he said, users thwart efforts by Web sites to prevent the same ads from appearing over and over. Tenembaum said visitors are also forced to repeatedly enter usernames and passwords, which are sometimes stored in the...

Over the last four years, I've been saying that instant messaging (IM) is a security threat waiting to happen. While a few random computer viruses over the years have exploited IMs, there's been a definite uptick in IM-borne virus activity within the last few weeks. Most of these IM-borne viruses have targeted MSN Messenger, although the ever popular AOL IM is not without its own problems. Microsoft's recent announcement regarding greater IM capabilities within Microsoft Office, however, could set the stage for faster and more efficient computer virus attacks in the very near future.

As you're clicking away at your keyboard, you may be turning your telephone modem over to Internet thieves who make international calls and a profit at your expense. That's modem hijacking. New York lawmakers on Monday announced what apparently is a first of its kind measure in the nation to target the practice, which is estimated to run up millions of dollars in illicit phone calls for Americans whose service is stolen through dial-up connections from personal computers. "They are very creative in doing what they do," said Sen. James Wright, of northern New York's Jefferson County. He said the...

Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005. The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the...

DVForge Virus Prize offered, rescinded Mac and iPod peripheral maker DVForge Inc. recently sponsored a US$25,000 prize to be awarded to the first hacker who could infect two Macintosh (news - web sites) computers owned by the company. Less than a day later the company announced the cancellation of the contest, citing legal concerns. The impetus for creating the contest was a recent report from antivirus software maker Symantec Corp. "It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix (news - web...

SAN FRANCISCO -- Hacker attacks on Apple Computer Inc.'s Macintosh OS X operating system, thought by many who use the Mac to be virtually immune to attack, are on the rise, according to a report from anti-virus software vendor Symantec Corp.

A computer program designed to help parents protect youngsters from predators has received wide acceptance in Southfield, according to police Chief Joseph E. Thomas Jr. It also has an unintended - and surprising - consequence, Thomas advised the council at its March 7 meeting, when he outlined some of his department's successes. Some wives are surprised to learn their husbands may have been viewing pornography on the Internet, Thomas said. The program, called "Computer Cop," was introduced last fall as police officials became increasingly concerned about youngsters talking to strangers in Internet chat rooms. "Many of these youngsters who disappear...

Internet security takes a hit Report says computer-code experts concerned after flaw discovered in popular encryption technique. NEW YORK (CNN/Money) - The discovery of a crack in a commonly used Internet encryption technique raised concerns among government agencies and computer-code experts, according to a report by The Wall Street Journal. "Our heads have been spun around," Jon Callas, chief technology officer at encryption supplier PGP Corp., told the newspaper. The technique, called a "hash function," has been commonly used by Web site operators to scramble online transmissions containing credit-card information, Social Security numbers and other personal information. Hash functions were...

Never before in the history of telecommunications has a more important warning been needed for current and potential VoIP (computer phone) users who have joined, or will be joining, in the inevitable paradigm shift from telephone to VoIP. Warning! Warning! Warning! Beware of VoIP internet service providers that operate on industry standard codec and industry standard protocols because they are PUBLICLY OPEN and INTERPRETABLE! This also includes, but is not limited to, peer-to-peer (P2P) networks. In plain terms, this means, if you subscribe to, or considering subscribing to a VoIP internet solution provider who operates on these industry standards –...

WASHINGTON (Reuters) - A software vendor that tried to drum up sales by offering to clean up nonexistent computer "spyware" has been temporarily shut down, U.S. regulators said on Friday. The makers of Spyware Assassin tried to scare consumers into buying software through pop-up ads and e-mail that warned their computers had been infected with malicious monitoring software, the Federal Trade Commission said. Free spyware scans offered by Spokane, Washington-based MaxTheater Inc. turned up evidence of spyware even on machines that were entirely clean, and its $29.95 Spyware Assassin program did not actually remove spyware, the FTC said. A U.S....

Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place. Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows...