Free Republic

EDWARDS AFB ­- Space shuttle Endeavour astronauts are going into space wearing a mission patch designed by NASA Dryden Flight Research Center research pilot Mark Pestana. Mission STS-123 will take to the international space station the Japanese Kibo module, which will hold electronic equipment and serve as a storage area for experiment materials. It also carries the Canadian Dextre robot, which will attach to the station's robotic arm and allow astronauts to replace hardware outside the station without doing a spacewalk. Pestana's logo depicts a shuttle with its mechanical arm extending the Kibo module to the station. Behind the shuttle...

August 24, 2007 -- The tennis-prodigy niece of former Knick star Kiki Vandeweghe was stunned when a referee told her to remove her American flag patch just before her debut at the U.S. Open. Coco Vandeweghe, 15, one of the most promising young American women players, was unnerved by the bizarre incident before her first-round qualifying match at the U.S. Tennis Center in Queens on Wednesday. She was warming up for her match against Spain's Maria José Martinez Sanchez when an assistant referee pulled off Coco's Stars and Stripes patch, a U.S. Tennis Association official said yesterday. "They profusely apologized...

BEIJING (Reuters) - China is looking into claims of a herbal weight loss patch which its makers said helped former U.S. President Bill Clinton's daughter, Chelsea, shed 12 kg (26.5 lb) in under a month, state media reported on Monday. Customers are instructed to stick the patch to the area of the body where they want to lose weight and then just wait for the fat to flow out of them...

On Thursday, Apple issued a megapatch of bug-fixes for its Mac OS X desktop and OS X server systems. The fixes, 25 in all, are itemized in the company's Security Update 2007-004. Apple recommended that all OS X users install the update. It said that the vulnerabilities could lead to a system crash or allow an intruder to run unauthorized software on the computer. The fixes relate to various components and services in the Mac OS X operating system, including the AirPort driver, the Help view and the Installer application. About half of the patches relate to security Relevant Products/Services,...

Would appreciate for some guidance .. their patches have messed up my Dell Windows XP before. I have the Service Pack 2 installed. Thanks a million!

Microsoft quietly posted a Windows XP SP2 patch to make surfing public wireless hotspots safer, but did not include it with the December security updates released Tuesday and has not posted it as a download from Microsoft Update. The update fixes a long-standing security problem in Windows XP SP2, which starts an automatic scan for wireless networks when a laptop boots or powers up from hibernation. Windows' Wi-Fi client goes through a list of previously-used wireless networks, and if it finds one, connects. The convenience, however, is offset by possible "man-in-the-middle" attacks, where criminals monitor hotspot traffic and then dupe...

Microsoft on Tuesday broke with its regular security update schedule for only the second time this year to issue a patch for a critical Internet Explorer vulnerability that's been exploited for more than a week. MS06-055 provides a fix for the flaw in IE 5.01 and IE 6.0, Microsoft said in the accompany bulletin, and should be applied immediately. The Redmond, Wash. developer pegged the bug as "Critical," its most dire warning, for editions of IE running on Windows 2000, Windows XP, and Windows Server 2003 machines. Windows Server 2003 SP1 is at slightly less risk. "An attacker who successfully...

Microsoft, on Tuesday, issued yet another bumper crop of security updates to fix over 20 flaws in its software, its biggest update since it began the regular bulletins. The 12 updates fix a staggering 23 flaws in Windows software, with 15 of them rated as critical, Microsoft's most severe rating. One of the 15 critical vulnerabilities has been tagged as a possible worm candidate; anonymous users can exploit the Service Server vulnerability remotely, regardless of the operating system. Three of the flaws were discovered in Office products, including Powerpoint, while 20 were present in the Windows system. Mac users also...

Attack code for a new security hole in Excel has surfaced on the Internet, just as Microsoft is scrambling to respond to a separate bug in the spreadsheet program. The latest vulnerability could cause Excel to crash after a malicious file is opened, according to an alert Symantec sent to customers on Monday. The security company also said there was a risk that an intruder could commandeer a PC. "Attackers may also be able to execute arbitrary code…but this has not been confirmed," it said. The security hole exists because Excel fails to properly check user-supplied input before copying it...

Windows 98 in factory, AP Microsoft has decided Windows 98 is too old to continue patching One of the biggest security updates for more than a year is due to released by Microsoft to fix 12 software flaws. Nine of the updates apply to the Windows operating system and one is deemed critical, a rating reserved for the most serious security problems. At least one of the loopholes being patched is already being actively exploited by malicious hackers. Windows users are being urged to download the patches as soon as they become available on Tuesday 13 June. Support shift Microsoft...

ST. LOUIS -- Women who use the Ortho Evra birth-control patch face twice the risk of developing blood clots than those who take the pill, the patch's manufacturer said late Thursday, citing recent company-funded research. The finding comes from one of two studies comparing the patch and pill, said Ortho Women's Health & Urology, maker of the once-a-week patch. The Raritan, N.J.-based company is owned by Johnson & Johnson. The first study found no increased risk of clots while its findings on the risk of stroke or heart attack are still being evaluated. Meanwhile, interim results from the second study...

Computer code that could be used in cyberattacks on Firefox users has been released, increasing the urgency for people to upgrade to the latest version of the Web browser. The two pieces of exploit code, posted online earlier this week, take advantage of a security vulnerability in Firefox that Mozilla patched in an update Thursday. In response to the exploit release, the browser maker on Tuesday upgraded the severity rating of the flaw from "moderate" to "critical," its most serious rating. "This exploit was published after we released the 1.5.0.1 update," said Mike Schroepfer, vice president of engineering at Mozilla....

Red Hat and Suse have released patches for a critical security hole in their Linux distributions that stem from a vulnerability in the KDE desktop environment.KDE is a user interface package used with several versions of Unix and Linux. The KDE hole was discovered Thursday and rated critical by both Red Hat and the French Security Incident Response Team (FrSIRT).It affects the JavaScript engine used in various parts of KDE, including its Konqueror Web browser. The flaw could allow a remote attacker to launch an overflow attack and run arbitrary code on the user's machine, FrSIRT said.Users could disable JavaScript...

A serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won't deliver a fix until next week. That could be too late, security experts said. The vulnerability, which lies in the way the operating system renders Windows Meta File images, could infect a PC if the victim simply visits a Web site that contains a malicious image file. Consumers and businesses face a serious risk until it's fixed, experts said. "This vulnerability is rising in popularity among hackers, and it is simple to exploit," said Sam Curry, a vice president at security vendor Computer...

Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

Quick Background: The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December. Word of this spread rapidly through the hacker community — many of whom where presumably on Holiday vacation from school, bored, and looking for something to do. So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found. Note that this is not a "new vulnerability" — it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in WIndows'...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

Before all you anti-MS fanboys attack my setup let me first say I am an ASP/VB web developer for an online company and require IE and MS so save the firefox/mac posts for another day. On to the problem at hand... I got the automatic update last night on my XP pro system and now my IE acts very odd. It seems to open fine but it always opens a new window no matter how I try (ie. type in an addres, using favorites). The original window stays open but it doesnt allow any interaction with it. If I try...

Computer code posted over the weekend can crash vulnerable computers by exploiting a Windows flaw disclosed in October. The exploit code takes advantage of a flaw Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051. "Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack...and not remote code execution," a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution...

Security researchers have discovered a vulnerability in Macromedia's Flash Player that creates a mechanism for hackers to attack the PCs of users running the popular application. The security bug - described as critical - affect Macromedia Flash Player 6.x and 7.x. Macromedia has issued security updates. The flaw stems from a failure to reject malformed SWF files as invalid. This bug might be exploited by using specially crafted (malformed) SWF file to execute arbitrary code on the machines of users induced into visiting sites under the control of hackers. Flash Player version 7.0.19.0 and prior on the Windows platform, and...

Security-conscious Windows users who tweaked the operating system to protect their PCs better are getting hit hardest by a flawed Microsoft patch, experts said Monday. Microsoft has acknowledged that a patch released last week can cause trouble for some users. It could lock them out of their PC, prevent the Windows Firewall from starting, block certain applicationsfrom running or installing, and empty the network connections folder,among other things, the software maker said in an advisory on Friday. The trouble occurs when default permission settings on a Windows folder have been changed, according to Microsoft. Those changes aren't common, but have...

Mozilla Thunderbird 1.0.7 Released Thursday September 29th, 2005 Mozilla Thunderbird 1.0.7 is now available for download. Amongst other changes, this minor release includes fixes for a return receipt regression introduced in version 1.0.2 (bug 289091) and the Linux command line URL parsing security flaw.Thunderbird 1.0.7 can be downloaded from the Thunderbird product page or the Thunderbird 1.0.7 directory on ftp.mozilla.org. Refer to the Thunderbird 1.0.7 Release Notes for more information. We expect details of the security fixes in this release to be added to the Mozilla Foundation's list of known security vulnerabilities soon.

http://www.kansascity.com/mld/kansascity/news/nation/12543504.htm Fri, Sep. 02, 2005 Suit: Birth control to blame for brain clot BY CARY LEIDER VOGRIN The Gazette COLORADO SPRINGS, Colo. - (KRT) - Not long after Amanda Bianchi began using a birth-control patch, she started getting incapacitating headaches, numbness in her hands and ringing in her ears. An MRI revealed a 6- to 8-inch blood clot in her brain. In July, the Colorado Springs woman and nine others from across the nation filed suit against the maker of Ortho Evra, claiming they suffered "substantial physical injuries" from using the contraceptive patch. The suit claims the patch is "unreasonably...

What Firefox and Mozilla users should know about the IDN buffer overflow security issue On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed. On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user....

As a 20-year Macintosh user going back to when the machines didn't even have hard drives, I confess to being a big fan of Apple and the Mac OS. I also confess to being a nearly-insufferable Mac evangelist (some would say "delete 'nearly'") until about seven years ago, when, as a result of Windows 98, the differences between Windows and the Mac as a platform for the average user became so small that they didn't matter. Those differences remain small, despite the exceptionally cool advances in the Mac OS through Jaguar, Panther, and Tiger. (snip) Also cooling my ardor for...

Microsoft Corp. warned users of its Windows operating system on Tuesday of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer. Computer security experts urged users to download and install the patches, which are available at www.microsoft.com/security. "Users (should) apply the updates as quickly as possible," said Oliver Friedrichs, senior manager of Symantec Security Response, part of security software company Symantec Corp. SYMC.O. Microsoft said that vulnerabilities exist in its Internet Explorer Web browser, the most severe of which could allow an attacker to take complete control...

Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer. Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user. One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack,...

About the Mac OS X 10.4.2 Update (Delta) This software updates Mac OS X 10.4.1 to version 10.4.2. Important: Please read before installing You may experience unexpected results if you have third-party system software modifications installed, or if you have modified the operating system through other means. (This does not apply to normal application software installation.)The installation process should not be interrupted. If a power outage or other interruption occurs during installation, use the standalone installer (see below) from Apple Downloads to update.If issues occur during installation--for example, Software Update quits unexpectedly--please see this document. Installation You have two...

Apple today released Mac OS X 10.4.2, which the company says delivers overall improved reliability and compatibility for Mac OS X v10.4 and is recommended for all users. It includes fixes for file sharing, authentication, autologin, AirPort/wireless access, several graphics updates, .Mac fixes, Apple's core applications, and more. The company also included security fixes for a TCP/IP denial of service attack and Dashboard, which may install widgets that override Apple-supplied widgets. It is available via the Software Update for Mac OS X Tiger users. Both a Delta update for Mac OS X 10.4.1 users and a Combo Update for Mac...

As part of its monthly patching cycle, Microsoft on Tuesday plans to release three security alerts for flaws in Windows and Office. Two of the security bulletins apply to Windows, and at least one of them is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site Thursday. Its Office productivity suite will get one bulletin, also rated critical. The notice did not specify whether one of the patches will be for Internet Explorer. Microsoft earlier this week offered a workaround for a known flaw in the Web browser that opens the door...

Microsoft warns of unpatched IE flaw By Dawn Kawamoto, CNET News.com Published on ZDNet News: July 1, 2005, 8:55 AM PT Microsoft has issued a security advisory for Internet Explorer, after a research firm published a working exploit to demonstrate how attackers could take advantage of the flaw. The vulnerability, discovered by SEC Consult, mean that attackers could cause the browser to unexpectedly exit and execute arbitrary code. Versions of IE affected by the flaw include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2. "Microsoft is investigating...

A security breach of customer information at a credit card-processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday. The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants. MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem. CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon Gamsin. The FBI...

NEW YORK - A security breach of customer information at a credit card-processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday. The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants. MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem. CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon...

Microsoft is readying a new consumer security product that offers virus and spyware protection, a new firewall and several tune-up tools for Windows PCs, a move that pits the software giant squarely against traditional security software vendors. The product, dubbed Windows OneCare, will be tested internally at Microsoft starting this week. A public test, or beta, version is scheduled to be available by year's end, Microsoft said in a statement this week. The final product will be offered as a subscription service, the Redmond, Washington, software maker says. OneCare marks Microsoft's long-anticipated entry into the antivirus space, until now the...

A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two "extremely critical" vulnerabilities. Mozilla Firefox 1.0.4, released Wednesday, addresses vulnerabilities that surfaced earlier this week. The update includes several security fixes, as well as a fix to DHTML errors that were encountered at some Web sites, according to a posting on Mozilla's Web site. The update is designed to address the two flaws, which when combined could allow malicious attackers to engage in cross-site scripting and remote system access. Although the two vulnerabilities...

Virus Name Risk Assessment W32/Sober.p@MM Corporate User : Low-Profiled Home User : Medium Virus Information Discovery Date: 05/02/2005 Origin: Unknown Length: 53,727 bytes (zip) 53,554 bytes (executable) Type: Virus SubType: E-mail Minimum DAT: 4443 (03/09/2005) Updated DAT: 4482 (05/02/2005) Minimum Engine: 4.3.20 Description Added: 05/02/2005 Description Modified: 05/02/2005 3:59 PM (PT) Description Menu Virus Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend Virus Characteristics: -- Update 2nd May 13:00 PST -- Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM for Home Users....

RealNetworks has released a security patch to fix a flaw in its RealPlayer software that could allow compromised code to be run on users computers. The flaw, which was rated "highly critical" by Secunia, is in the most recent versions of the software for both Windows and OS X. Also, Secunia said that some of the older Linux versions were at risk for the flaw. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said on its website. "RealNetworks takes all security vulnerabilities very seriously."

Virus writers have resurrected the Sober worm with a new variant that is spreading quickly over the Internet. Security experts said Tuesday that the worm, dubbed Sober.M, reports e-mail addresses of victims back to its anonymous author--a technique known as harvesting. Spammers typically buy these fresh addresses to add to their lists of e-mail recipients. The e-mail containing the worm is written in bad English with the subject line: "I've got your e-mail on my account." "It looks like the virus writer is deliberately using broken English to (convince) people the e-mail is not a virus," Graham Cluley, senior technology...

The 'relatively serious' flaw could allow remote execution of malicious code on computers running OpenOffice. A patch is said to be imminent OpenOffice.org has confirmed a buffer overflow issue that could allow remote attacks. The problem in its freely distributed productivity applications has been fixed, the organisation said late on Tuesday. Representatives said the group hoped to release a patch within the following 48 hours. The flaw, first discovered in late March, according to postings on the group's Web site, is present in OpenOffice Version 1.1.4 and the OpenOffice Version 2.0 beta release of the applications, as well as in...

Important information about current security risks. Worm.Win32.Sober.L Alert! A new variant of the Sober worm is spreading fast. As it's predecessors, Sober.L spreads as an email attachment in emails which are sent to all email addresses found on the victim's harddisk. Even if the executable file is packed in a .ZIP file, many users open the file and activate the worm this way. For novice users it's hard to see that it is a worm generated email because the email subject is "your password + accountnumber !". The email body text is the following: hi, i've got an admin mail...

Microsoft's top security honcho insisted Thursday that Microsoft "is making progress on security using any reasonable metric." Mike Nash, the company's chief security executive, made the comment during an online chat session just days after Microsoft rolled out its biggest bunch of Windows patches since April 2004. Nash staunchly defended the Redmond, Wash.-based developer's progress, and compared Windows' flaws with those in open-source Linux operating systems from Red Hat and Novell's SuSE. "Even with the relatively large number of bulletins we released this week, we compare favorably," he said. "Year-to-date for 2005, Microsoft has fixed 15 vulnerabilities affecting Windows Server...

Microsoft Tuesday released its largest group security patches in nearly a year as it posted 12 security bulletins encompassing 19 vulnerabilities, 14 of which it marked "Critical," its highest patch-now warning. Among them is a vulnerability that will likely lead to the biggest, baddest worm in since mid-2003, said Mike Murray, the director of research at vulnerability management vendor nCircle. "There's a clear 'winner' here," said Murray. " MS05-011 fixes a vulnerability in SMB [Server Message Block], which is running on every version of Microsoft's operating systems that a corporation might be using. And it's exploitable remotely, so it doesn't...

Microsoft to release bumper Windows patch February 04 2005 by Karen Said February's release to fix 'critical' flaws... "A bumper crop of Microsoft patches will be released next week, including nine fixes for Windows flaws. At least one of the updates for the Windows operating system is rated "critical", its highest rating, Microsoft said on Thursday in a posting to its TechNet site. The forewarning is part of the company's programme to give regular computer users notice of monthly security bulletins before the patches themselves are released. There will be 13 updates in total, Microsoft said. That includes a critical...

Microsoft on Thursday gave early warning that next week's monthly dose of security bulletins and patches will be among its biggest ever. According to the Advance Notification service, which pre-announces upcoming patches but limits the information disclosed, next Tuesday's roundup will include 13 security bulletins, at least three of which will be marked "Critical," the Redmond, Wash.-based developer's most dire warning. Nine of the bulletins affect Microsoft Windows. That's a much-higher-than-normal number, and three times what the company published in January. Other patches will be published to fix bugs in SharePoint Services, Microsoft Office, the .Net Framework, Visual Studio, Windows...

Aiming to crack down on counterfeit software, Microsoft plans later this year to require customers to verify that their copy of Windows is genuine before downloading security patches and other add-ons to the operating system. Since last fall the company has been testing a tool that can check whether a particular version of Windows is legitimate, but until now the checks have been voluntary. Starting Feb. 7, the verification will be mandatory for many downloads for people in three countries: China, Norway and the Czech Republic. In those countries, people whose copies are found not to be legitimate can get...

Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows. The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers. GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not...

Full text of a letter from Microsoft, in response to coverage of companies moving from IE to Firefox and other alternative browsers. InformationWeek Editor's note: the following is the full text of Microsoft's response to an InformationWeek.com poll and related story regarding Internet Explorer, and whether companies are switching to the Mozilla browser. It came from Waggener Edstrom, Microsoft's public-relations agency. You mentioned that many or the respondents in the self-selecting survey recommended against IE and that many people have said Microsoft needs to address security issues more fully. Regarding the recommendation, we're aware that some people have recommended against...

Last Updated: Thursday, 13 January, 2005, 11:29 GMT Windows worm travels with Tetris The version of Tetris is recognisable and just as playable. Users are being warned about a Windows virus that poses as the hugely popular Tetris game. The Cellery worm installs a playable version of the classic falling blocks game on PCs that it has infected. While users play the game, the worm spends its time using the machine to search for new victims to infect on nearby networks. The risk of infection by Cellery is thought to be very low as few copies of the worm have...