Free Republic 3rd Quarter Fundraising Target: $85,000 Receipts & Pledges to-date: $84,076
98%  
Woo hoo!! And now less than $1k to go!! We can do this!! Thank you all very much!

Keyword: securityflaw

Brevity: Headers | « Text »
  • Microsoft Issues Zero-Day Attack Alert For Word

    12/06/2006 7:14:46 AM PST · by sionnsar · 56 replies · 2,431+ views
    Slashdot ^ | 12/05/2006 | kdawson
    0xbl00d writes "Eweek.com is reporting a new Microsoft Word zero-day attack underway. Microsoft issued a security advisory to acknowledge the unpatched flaw, which affects Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word. Simply opening a word document will launch the exploit. There are no pre-patch workarounds or anti-virus signatures available. Microsoft suggests that users 'not open or save Word files,' even from trusted sources."
  • Microsoft’s Windows Vista vulnerable to malware from 2004

    11/30/2006 8:06:57 PM PST · by Gomez · 3 replies · 393+ views
    MacDailyNews ^ | November 30, 2006
    "Microsoft's Vista may be vulnerable to at least three pieces of widespread malware, two of which date back to 2004 , according to security vendor Sophos," Tom Espiner reports for ZDNet UK. "At least three well-known Internet worms -- labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos -- are able to execute on the OS, according Sophos." "These worms comprise 39.7 percent of all malware currently in circulation, according to the security vendor. The MyDoom and Netsky variants were first detected back in 2004," Espiner reports. Espiner reports, "These are among the first flaws found in the finalised version of Vista....
  • How To Defend Against IE's VML Bug

    09/20/2006 12:41:51 PM PDT · by Eagle9 · 61 replies · 1,796+ views
    TechWeb ^ | September 20, 2006 | Gregg Keizer
    Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options. Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line. -- Click Start, choose Run, and then type -- regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll -- Click OK, then click OK again in the confirmation dialog that appears. To undo the command,...
  • Second zero-day Excel flaw emerges

    06/20/2006 7:47:56 PM PDT · by Swordmaker · 16 replies · 519+ views
    CNET News.com ^ | Published: June 20, 2006, 12:53 PM PDT | By Joris Evers
    Attack code for a new security hole in Excel has surfaced on the Internet, just as Microsoft is scrambling to respond to a separate bug in the spreadsheet program. The latest vulnerability could cause Excel to crash after a malicious file is opened, according to an alert Symantec sent to customers on Monday. The security company also said there was a risk that an intruder could commandeer a PC. "Attackers may also be able to execute arbitrary code…but this has not been confirmed," it said. The security hole exists because Excel fails to properly check user-supplied input before copying it...
  • Microsoft Releases Windows Malware Stats

    06/14/2006 7:09:04 PM PDT · by Swordmaker · 17 replies · 468+ views
    Washington Post ^ | 6/14/2006 | Brian Krebs
    Microsoft today gave the world a rare -- albeit conservative -- glimpse of its view on just how bad the virus and bot problem has gotten for Windows users worldwide. The data comes from 15 months' worth of experience scanning computers with its "malicious-software removal tool," a free component that Microsoft offers Windows XP, Windows 2000 and Windows Server 2003 users when they download security updates from Microsoft. The tool has been run approximately 2.7 billion times by at least 270 million unique computers, leading to the removal of 16 million instances of malicious software from 5.7 million unique Windows-based...
  • Microsoft Official: Malware Recovery Not Always Possible

    04/04/2006 6:41:25 PM PDT · by HAL9000 · 133 replies · 3,259+ views
    FoxNews.com (Excerpt) ^ | April 4, 2006 | Rayn Naraine
    Excerpt - LAKE BUENA VISTA, Fla. — In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at...
  • 'Critical' IE bug threatens PC users

    03/27/2006 6:58:48 PM PST · by Ernest_at_the_Beach · 43 replies · 1,238+ views
    theregister.co.uk ^ | Monday 27th March 2006 09:14 GMT | Ciara O'Brien, ElectricNews.net
    A dangerous new exploit in Internet Explorer could put PCs and data at risk, Microsoft has admitted. The flaw, for which code has already been published on the internet, could be exploited to set an email-borne virus free on the unsuspecting public. Potential viruses could come as an attachment that conceals the code, or could possibly redirect users to a site that will unleash the code on the user's machine, leaving the computer open to remote attack. Once the PC is being controlled by a malicious user, it can then be used to launch attacks on other PCs. Even supposedly...
  • Microsoft: Vista won't get a backdoor

    03/04/2006 6:22:54 AM PST · by Panerai · 53 replies · 1,168+ views
    Cnet ^ | 03/03/2006 | By Joris Evers
    Windows Vista won't have a backdoor that could be used by police forces to get into encrypted files, Microsoft has stressed. In February, a BBC News story suggested that the British government was in discussions with Microsoft over backdoor access to the operating system. A backdoor is a method of bypassing normal authentication to gain access to a computer without to the PC user knowing. But Microsoft has now quelled the suggestion that law enforcement might get such access. "Microsoft has not and will not put 'backdoors' into Windows," a company representative said in a statement sent via e-mail. The...
  • Microsoft Anti-Spyware Deleting Norton Anti-Virus

    02/12/2006 5:35:35 AM PST · by amigatec · 78 replies · 5,096+ views
    Washington Post ^ | 02/12/2006 | Brian Krebs
    Microsoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it. According to several different support threads over at Microsoft's user groups forum, the latest definitions file from Microsoft "(version 5805, 5807) detects Symantec Antivirus files as PWS.Bancos.A (Password Stealer)." When Microsoft Anti-Spyware users remove the flagged Norton file as prompted, Symantec's product gets corrupted and no longer protects the user's machine. The Norton user then has to go through the Windows registry and delete multiple...
  • The Windows MetaFile Backdoor?

    01/16/2006 9:48:37 AM PST · by ShadowAce · 106 replies · 2,183+ views
    Security Now! ^ | 13 January 2006 | Steve Gibson/Leo LaPorte
    This is a transcript from a show Steve Gibson did with Leo LaPorte. The link to the audio is at the above link. Also, I will excerpt a little of the relevant information here.Steve: And so, you know, because I'm a developer when I'm not being a hacker, I wanted to understand - oh, and the other thing is, I want to write a robust testing application, you know, that always works all the time. So I wanted to know, like, okay, what bytes have to be set which way, what matters, what doesn't. Because, you know, that's the way...
  • WMF (Windows meta file) exploit

    01/02/2006 5:07:56 AM PST · by KeyWest · 49 replies · 2,054+ views
    The SANS Institute ^ | January 2, 2005 | Various
    Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us." I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
  • Microsoft To Patch Windows on January 10th; Attack Spreads

    01/03/2006 11:42:23 AM PST · by HAL9000 · 52 replies · 3,487+ views
    Dow Jones News Service (excerpt) ^ | January 3, 2006 | Chris Reiter
    Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...
  • Windows PCs face ‘huge’ virus threat

    01/02/2006 3:54:03 PM PST · by Swordmaker · 204 replies · 7,105+ views
    Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco
    Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...
  • Potential new unpatched IE exploit ? ~ Yes...may affect other Browsers also...

    12/28/2005 2:55:03 PM PST · by Ernest_at_the_Beach · 69 replies · 3,196+ views
    Websense Security Labs ^ | Dec 28 2005 11:19AM | Websense Security Labs Blog Staff
    This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...
  • Exploit Released for Unpatched Windows Flaw

    12/28/2005 5:45:47 PM PST · by Salo · 25 replies · 1,376+ views
    Washington ComPost ^ | 12/28/05 | Brian Krebs
    Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.
  • Microsoft Update - Internet Explorer security fix

    12/15/2005 7:22:32 AM PST · by smith288 · 41 replies · 1,410+ views
    12/15/2005 | smith288
    Before all you anti-MS fanboys attack my setup let me first say I am an ASP/VB web developer for an online company and require IE and MS so save the firefox/mac posts for another day. On to the problem at hand... I got the automatic update last night on my XP pro system and now my IE acts very odd. It seems to open fine but it always opens a new window no matter how I try (ie. type in an addres, using favorites). The original window stays open but it doesnt allow any interaction with it. If I try...
  • Spy Axe 3.0

    12/06/2005 8:16:34 PM PST · by Carling · 87 replies · 5,144+ views
    My PC ^ | 12/6/05 | Me
    I hate vanity posts, but I am wondering if anyone in FR land knows anything about the Spy Axe 3.0 virus. It has set up shop in my toolbar and has hijacked my home page. eTrust isn't touching it. Help?!?!
  • UGLY SPYAXE VIRUS ALERT (VANITY)

    12/06/2005 6:38:12 PM PST · by CAWats · 61 replies · 8,523+ views
    12-06-2005 | Cawats
    My computer apparently picked up a virus from spyaxe.net. I have a pop-up window saying I have spyware and "it is recommended to use antispyware tools to prevent data loss." Everytime I close the popup it pops up again. I got tired of closing it and installed it then removed it with "Add/Remove Software" in the control panel. The pop-up is back. Can anyone help?
  • Sony Rootkits: A Sign Of Security Industry Failure (List of 52 CD Titles)

    11/18/2005 3:16:07 PM PST · by Eagle9 · 32 replies · 1,324+ views
    TechWeb News ^ | November 18, 2005 | Gregg Keizer
    Sony's controversial copy-protection scheme had been in use for seven months before its cloaking rootkit was discovered, leading one analyst to question the effectiveness of the security industry. "[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on their PCs. Why then did no security software vendor detect a problem and alert customers?" asked Joe Wilcox, an analyst with JupiterResearch. "Where the failure is, that's the question mark. Is it an indictment of how consumers view security software, that they have a sense of false protection, even when they don't update their anti-virus and...
  • MS' Reaction to Sony's Rootkit Raises Some Questions

    11/17/2005 6:09:52 AM PST · by ShadowAce · 79 replies · 1,658+ views
    Groklaw ^ | 13 November 2005 | Pamela Jones
    When the news first broke in the mainstream press that Windows expert and blogger Mark Russinovich (he wrote a book about Windows for Microsoft) had found that Sony's anti-piracy efforts had gone too far and that Sony's DRM was installing an undetectable rootkit on customers' computers which they couldn't safely remove, the first reaction from Microsoft was guarded. They were concerned, they said, and were evaluating what, if anything, to do: Microsoft, which also ships an anti-spyware program, recently renamed "Windows Defender," hasn't yet decided whether it will also flag the Sony DRM software as malicious code, the spokesperson said....
  • Sony has infected over one-half million world wide nets incl U.S. Military

    11/15/2005 1:43:21 PM PST · by dickmc · 109 replies · 4,396+ views
    Welcome to Planet Sony ^ | 2005-11-15 09:28 | Dan Kaminsky
    More than one-half million networks infected by Sony including U.S. military and various countries. Dan Kaminsky, http://www.doxpara.com/ ,is the expert who broke this and did the work. His U.S. and Europe infection maps are shown below and are frightening. Dan did a hell of a good job. Search Google News for "sony numbers trouble" for more in an excellent article today that is very worth reading.
  • First Trojan Using Sony DRM Spotted

    11/10/2005 10:03:29 AM PST · by steve-b · 29 replies · 1,611+ views
    The Register ^ | 11/10/05 | John Leyden
    Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs. Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory....
  • Outlook Express tech help needed (VANITY)

    12/05/2003 10:02:05 PM PST · by ILBBACH · 23 replies · 371+ views
    ILBBACH | 12/6/03 | ILBBACH
    I have been receiving an email since mid-afternoon. I guess its really huge and I tried to get the program to quit, but it won't. How do I stop this? PLEASE HELP!
  • Microsoft makes Outlook Express U-turn

    08/15/2003 10:30:34 AM PDT · by HAL9000 · 131 replies · 1,007+ views
    Silicon.com ^ | August 15, 2003
    Just days after announcing that it planned to halt development on Outlook Express, Microsoft has been forced to change its position following internal confusion and an outcry from customers. As reported earlier this week on silicon.com Microsoft had planned to stop product development on Outlook Express, which forms part of the Internet Explorer code bundled with consumer versions of Windows. At the time Dan Leach, Office product manager, said: "The technology doesn't go away, but no new work is being done." Under that vision, consumers would have been directed towards the company's MSN software, while businesses would be encouraged...
  • Microsoft kills off Outlook Express

    08/13/2003 2:52:32 PM PDT · by HAL9000 · 65 replies · 614+ views
    ZDNet ^ | August 13, 2003 | Angus Kidman
    It might be the world's most widely distributed e-mail client, but Microsoft has confirmed that it has no intention of further developing Outlook Express. "[Outlook Express] just sits where it is," said Dan Leach, lead product manager for Microsoft's information worker product management group. "The technology doesn't go away, but no new work is being done. It is consumer e-mail in an early iteration, and our investment in the consumer space is now focused around Hotmail and MSN. That's where we're putting the emphasis in terms of new investment and new development work." While Outlook Express has always been...
  • Microsoft Outlook Express Patch Flawed

    10/11/2002 9:45:53 PM PDT · by Ernest_at_the_Beach · 8 replies · 328+ views
    EXTREMETECH .com ^ | October 11, 2002 | Dennis Fisher, eWEEK
    <p>Microsoft Corp. on Friday said that a patch it released Thursday for an Outlook Express vulnerability erroneously tells users they need a different version of Internet Explorer in order to install the fix. In fact, the patch requires IE 6, but users who have installed Service Pack 1 for the browser are already protected against the new flaw. Thus when these users try to install the new patch, they receive an error message.</p>
  • Outlook Express flaw speeds hacking

    10/11/2002 11:31:02 AM PDT · by Bush2000 · 3 replies · 242+ views
    CNET News.com ^ | October 11, 2002, 10:40 AM PT | Robert Lemos
    Outlook Express flaw speeds hacking By Robert Lemos Staff Writer, CNET News.com October 11, 2002, 10:40 AM PT Microsoft warned Outlook Express users late Thursday that a software flaw could allow an online vandal to control their computers. A critical vulnerability in the e-mail reader could allow an attacker to send a specially formatted message that would crash the software and potentially take control of the recipient's computer. The flaw occurs in how the software handles messages that include components using secure MIME (multipurpose Internet mail extensions), a standard that allows e-mail messages to contain encrypted data and digital signatures....
  • Outlook Express - much problems

    03/06/2002 3:54:27 PM PST · by Hot Tabasco · 31 replies · 956+ views
    March 6, 2002 | zcat
    My system: Dell Dimension 8100 with windows ME which I have since upgraded to 2000 I cannot utilize Outlook Express. Everything is read-only, if I attempt to forward, reply or even open, I get the following message: msimn.exe has generated errors and will be closed by windows. You will need to restart the programs.Couple weeks ago had a major break down, lost files, computer wasnt working properly, and while on phone to Dell support, system died. Dell sent me a new mother board which I have since installed. Downloaded IE 6.0, and have since uninstalled it and loaded 5.5. Still ...
  • Severe(?) Outlook/Outlook Express Security Problem

    07/22/2002 7:33:24 AM PDT · by MikeJ · 17 replies · 487+ views
    Several vulnerabilities were reported in Outlook Express (OE). A remote user can send malicious e-mail with an attachment that will bypass OE's malicious file type filter and misrepresent the name and size of the file. http://securitytracker.com/alerts/2002/Jul/1004805.html
  • Now, Every Keystroke Can Betray You

    09/18/2005 5:35:49 PM PDT · by Crackingham · 52 replies · 2,567+ views
    LA Times ^ | 9/18/05 | Joseph Menn
    Bank customers know to shield their ATM passwords from prying eyes. But with the rise of online banking, computer users may not realize electronic snoops might be peeking over their shoulder every time they type. In a twist on online fraud, hackers and identity thieves are infecting computers with increasingly sophisticated programs that record bank passwords and other key financial data and send them to crooks over the Internet. That's what happened to Tim Brown, who had account information swiped out of the PC at his Simi Valley store. "It's scary they could see my keystrokes," said Brown, owner of...
  • Warnings of Katrina E-Mail Scams

    09/03/2005 4:15:59 AM PDT · by Our_Man_In_Gough_Island · 13 replies · 731+ views
    BBC ^ | 2 Sept 2005 | Staff
    Computer users are being urged to be on guard for a bogus e-mail that pretends to offer news updates about Hurricane Katrina as a means to infect their PCs. The malicious e-mail gives a brief news bulletin on the disaster before urging people to click "read more" and be taken to the full story on a website. Yet once directed to the website, a virus is sent to the user's computer. People are also being told to watch out for fraudulent e-mail scams pretending to raise cash for Katrina victims. It's sickening to think that hackers are prepared to exploit...
  • Microsoft sees 3 'critical' Windows security flaws

    08/09/2005 2:03:40 PM PDT · by Fractal Trader · 49 replies · 1,297+ views
    AP via Boston.com ^ | 9 August 2005
    Microsoft Corp. warned users of its Windows operating system on Tuesday of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer. Computer security experts urged users to download and install the patches, which are available at www.microsoft.com/security. "Users (should) apply the updates as quickly as possible," said Oliver Friedrichs, senior manager of Symantec Security Response, part of security software company Symantec Corp. SYMC.O. Microsoft said that vulnerabilities exist in its Internet Explorer Web browser, the most severe of which could allow an attacker to take complete control...
  • Microsoft fixes serious Windows flaws

    08/09/2005 2:56:44 PM PDT · by Panerai · 78 replies · 1,798+ views
    Cnet News ^ | August 9, 2005 | Joris Evers
    Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer. Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user. One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack,...
  • Spyware Phishing Now a World-Wide Epidemic

    07/19/2005 10:06:47 PM PDT · by ex-Texan · 16 replies · 906+ views
    Itsecurity.com ^ | 7/19/205 | Staff Writers
    Nova Scotia July 19, 2005 -- SpyCop today announced that the use of commercial monitoring spy software is on the rise in Internet phishing schemes, the latest scam used to steal personal information and even entire identities. The Anti-Phishing Working Group, web site at www.antiphishing.org, explains: "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials... Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware." The commercial spy software market has made available over 525 payware spy programs which include URL recorders, keyloggers, chat...
  • Corrupted PC's Find New Home In the Dumpster

    07/16/2005 11:54:18 AM PDT · by summer · 82 replies · 2,085+ views
    The NY Times - Business Section ^ | July 17, 2005 | MATT RICHTEL and JOHN MARKOFF
    SAN FRANCISCO, July 15 - Add personal computers to the list of throwaways in the disposable society. On a recent Sunday morning when Lew Tucker's Dell desktop computer was overrun by spyware and adware - stealth software that delivers intrusive advertising messages and even gathers data from the user's machine - he did not simply get rid of the offending programs. He discarded the whole computer. Mr. Tucker, an Internet industry executive who holds a Ph.D. in computer science, decided that rather than take the time to remove the offending software, he would spend $400 on a new machine. He...
  • Fear of Spyware Changing Online Habits (PEW "Research" Poll)

    07/07/2005 9:45:11 AM PDT · by NormsRevenge · 33 replies · 1,070+ views
    AP on Yahoo ^ | 7/7/05 | Anick Jesdanun - AP
    NEW YORK - Internet users worried about spyware and adware are shunning specific Web sites, avoiding file-sharing networks, even switching browsers. Many have also stopped opening e-mail attachments without first making sure they are safe, the Pew Internet and American Life Project said in a study issued Wednesday. "People are scaling back on some Internet activities," said Susannah Fox, the study's main author. "People are feeling less adventurous, less free to do whatever they want to do online." Like no other Internet threat before it, spyware is getting people's attention, she said. "It maybe will bring more awareness of all...
  • Critical fixes for Windows, Office coming

    07/07/2005 1:27:43 PM PDT · by Panerai · 17 replies · 948+ views
    Cnet News ^ | 07/07/2005 | Joris Evers
    As part of its monthly patching cycle, Microsoft on Tuesday plans to release three security alerts for flaws in Windows and Office. Two of the security bulletins apply to Windows, and at least one of them is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site Thursday. Its Office productivity suite will get one bulletin, also rated critical. The notice did not specify whether one of the patches will be for Internet Explorer. Microsoft earlier this week offered a workaround for a known flaw in the Web browser that opens the door...
  • Microsoft warns of unpatched IE flaw

    07/01/2005 10:53:43 AM PDT · by Redcloak · 150 replies · 2,347+ views
    ZDNet ^ | July 1, 2005, 8:55 AM PT | Dawn Kawamoto
    Microsoft warns of unpatched IE flaw By Dawn Kawamoto, CNET News.com Published on ZDNet News: July 1, 2005, 8:55 AM PT Microsoft has issued a security advisory for Internet Explorer, after a research firm published a working exploit to demonstrate how attackers could take advantage of the flaw. The vulnerability, discovered by SEC Consult, mean that attackers could cause the browser to unexpectedly exit and execute arbitrary code. Versions of IE affected by the flaw include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2. "Microsoft is investigating...
  • Is Big Brother logging your keystrokes?

    06/21/2005 4:36:58 AM PDT · by Budgie · 79 replies · 2,232+ views
    <p>I was opening up my almost brand new Dell 600m laptop, to replace a broken PCMCIA slot riser on the motherboard. As soon as I got the keyboard off, I noticed a small cable running from the keyboard connection underneath a piece of metal protecting the motherboard.</p>
  • Security Breach Could Expose 40M to Fraud -No these aren't the files Hillary stole

    06/17/2005 3:29:57 PM PDT · by Tumbleweed_Connection · 8 replies · 555+ views
    AP ^ | 6/17/05 | JOE BEL BRUNO
    A security breach of customer information at a credit card-processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday. The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants. MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem. CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon Gamsin. The FBI...
  • Security breach could expose 40M to fraud (40 million credit cards captured by computer virus)

    06/17/2005 4:13:09 PM PDT · by HAL9000 · 97 replies · 3,059+ views
    Associated Press | June 18, 2005 | JOE BEL BRUNO
    NEW YORK - A security breach of customer information at a credit card-processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday. The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants. MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem. CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon...
  • Jackson Suicide Trojan Surfaces

    06/10/2005 7:37:26 AM PDT · by COUNTrecount · 14 replies · 803+ views
    Techtree.com ^ | June 10, 2005
    Jun 10, 2005 Experts at SophosLabs, Sophos's global network of virus and spam analysis centers, have warned of a spam campaign that claims that Michael Jackson has attempted suicide in an attempt to lure innocent computer users into being infected by a Trojan horse. The email claims that Michael Jackson has attempted to commit suicide. But clicking on the link will cause infection. Sophos has identified hundreds of the spam messages being sent, preying on intense media interest in the trial of the controversial popstar. The spam emails have the following characteristics: Subject: Re: Suicidal aattempt Message text: Last night,...
  • Can You Trust Your Spyware Protection?

    05/31/2005 6:41:03 PM PDT · by El Conservador · 92 replies · 2,735+ views
    PCWorld.com through Yahoo! News ^ | May 31, 2005 | Andrew Brandt
    The next time you run a scan with your anti-spyware tool, it might miss some programs. Several anti-spyware firms, including Aluria, Lavasoft, and PestPatrol, have quietly stopped detecting adware from companies like Claria and WhenU--a process called delisting. Those adware companies have been petitioning anti-spyware firms to delist their software; other companies have resorted to sending cease-and-desist letters that threaten legal action. In most cases it's difficult for customers to determine whether their anti-spyware tool has delisted anything and, if so, which adware it skips. "When a spyware program gets delisted, users won't be aware of its presence," says Harvard...
  • Deleting spyware: a criminal act?

    05/25/2005 12:39:09 PM PDT · by ShadowAce · 65 replies · 2,591+ views
    The Register ^ | 25 May 2005 | Mark Rasch
    Analysis On my computer right now I have three anti-spyware programs, three anti-virus programs, and three anti-spam programs, together with a hardware and software firewall, an IPsec VPN, and data level encryption on certain files (and no, this is not intended to be an invitation for you to try to test my security.) The anti-spyware, anti-virus, and anti-spam software all work in very much the same way - they have definitions of known malicious programs, and they may also have algorithms to raise flags about unknown programs which operate in an unusual way. Depending upon user preferences, the programs either...
  • Microsoft security guru: Jot down your passwords

    05/24/2005 5:59:30 PM PDT · by Panerai · 58 replies · 1,425+ views
    ZDNet News ^ | May 23, 2005 | Munir Kotadia
    Companies should not ban employees from writing down their passwords because such bans force people to use the same weak term on many systems, according to a Microsoft security guru. Speaking on the opening day of a conference hosted by Australia's national Computer Emergency Response Team, or AusCERT, Microsoft's Jesper Johansson said that the security industry has been giving out the wrong advice to users by telling them not to write down their passwords. Johansson is senior program manager for security policy at Microsoft. "How many have (a) password policy that says under penalty of death you shall not write...
  • Microsoft Readies Its Antivirus App

    05/13/2005 7:41:11 AM PDT · by Mike Bates · 62 replies · 976+ views
    Yahoo News/ IGDG News Service ^ | 5/13/2005 | oris Evers
    Microsoft is readying a new consumer security product that offers virus and spyware protection, a new firewall and several tune-up tools for Windows PCs, a move that pits the software giant squarely against traditional security software vendors. The product, dubbed Windows OneCare, will be tested internally at Microsoft starting this week. A public test, or beta, version is scheduled to be available by year's end, Microsoft said in a statement this week. The final product will be offered as a subscription service, the Redmond, Washington, software maker says. OneCare marks Microsoft's long-anticipated entry into the antivirus space, until now the...
  • DRUDGE: Feds Investigate Huge Computer Attack; Worldwide Hunt for 'Stakkato'

    05/09/2005 6:11:18 PM PDT · by West Coast Conservative · 47 replies · 3,513+ views
    Drudge Report ^ | May 9, 2005 | Matt Drudge
    1000s of computer systems serving U.S. military, NASA, prominent research labs have been penetrated by 'single intruder or a small band, apparently based in Europe'... MORE... Spokeswoman for White Sands Missile Range in New Mexico confirmed there has been 'unauthorized access'... Developing...
  • New VIRUS threat Sober.p (4% of emails contain .zip files-DO NOT OPEN!)

    05/04/2005 5:16:08 PM PDT · by Las Vegas Dave · 95 replies · 2,740+ views
    Virus Name Risk Assessment W32/Sober.p@MM Corporate User : Low-Profiled Home User : Medium Virus Information Discovery Date: 05/02/2005 Origin: Unknown Length: 53,727 bytes (zip) 53,554 bytes (executable) Type: Virus SubType: E-mail Minimum DAT: 4443 (03/09/2005) Updated DAT: 4482 (05/02/2005) Minimum Engine: 4.3.20 Description Added: 05/02/2005 Description Modified: 05/02/2005 3:59 PM (PT) Description Menu Virus Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend Virus Characteristics: -- Update 2nd May 13:00 PST -- Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM for Home Users....
  • Sober worm makes a comeback

    04/19/2005 1:52:01 PM PDT · by infocats · 24 replies · 1,116+ views
    ZD Net News ^ | April 19, 2005 | Dan Ilett
    Virus writers have resurrected the Sober worm with a new variant that is spreading quickly over the Internet. Security experts said Tuesday that the worm, dubbed Sober.M, reports e-mail addresses of victims back to its anonymous author--a technique known as harvesting. Spammers typically buy these fresh addresses to add to their lists of e-mail recipients. The e-mail containing the worm is written in bad English with the subject line: "I've got your e-mail on my account." "It looks like the virus writer is deliberately using broken English to (convince) people the e-mail is not a virus," Graham Cluley, senior technology...
  • Alternative browser spyware infects IE

    03/11/2005 10:56:57 AM PST · by ShadowAce · 77 replies · 2,280+ views
    Register ^ | 11 March 2005 | John Leyden
    Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place. Christopher Boyd, a security researchers at Vitalsecurity.org, said the malware installer was capable of working on a range of browsers with native Java support. "The spyware installer is a Java applet powered by the Sun Java Runtime Environment, which allows...