|
|
|
Security News Archive |
     |
 |
 |
 |
         
I.S. Sentry, Inc.
|
 |
Microsoft's Own Tool May Fake
Out Its Anti-Piracy App (desktop pipeline)
05/24/05 Microsoft's anti-piracy program, Windows Genuine Advantage, can be easily sidestepped, perhaps frustrating the Redmond, Wash.-based developer's plans to check the use of unlicensed copies of Windows. According to Debasis Mohanty, an independent vulnerability researcher attributed with discovering a number of vulnerabilities, who posted a proof-of-concept walk-through in Word format on the Full Disclosure security mailing list, a tool provided by Microsoft itself can be used to generate a code that will let systems running pirated copies of Windows to download and use software that Microsoft has said will work only with legitimate operating systems. Microsoft dismissed the impact of the WGA work-around. "We don't see this as being substantial, and poses very little threat to our customers or to us," said a Microsoft spokesman. "We anticipated counterfeiters would try several different measures [to circumvent WGA], so we weren't surprised to see something like this." [Click here for Full Story] Hackers Holding Computer
Files "Hostage" (Associated Press)
05/24/05 Security researchers at San Diego-based Websense Inc. uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets. A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files. "This is equivalent to someone coming into your home, putting your valuables in a safe and not telling you the combination," said Oliver Friedrichs, a security manager for Symantec Corp. The company said Tuesday the problem was serious but not deemed a high-level threat because there were no indications it was widespread. [Click here for Full Story] Code Release Offers Sneak
Peek at Longhorn Security (server pipeline)
05/23/05 The company posted to its Microsoft Developer Network Web site "beta 1 release candidate" versions of Avalon, a 3-D graphics technology it's developing; and Indigo, software for building peer-to-peer applications. Microsoft plans to include final versions of both in the next version of Windows, code-named Longhorn and due late next year. Microsoft also released to developers on Monday code for building apps that use InfoCard technology, potentially a new way for PC users to store credentials to Web apps. This is the second time Microsoft is making code available to select audiences. These releases are aimed at developers who are getting ready for Longhorn, which would be the first major new version of desktop Windows since 2001. These--plus special compatibility extensions for the beta version of Microsoft's next set of development tools--follow "community technology preview" versions of Avalon and Indigo released in March. Microsoft since then has also made the APIs to Avalon and Indigo available to users of Windows XP and Windows Server 2003. [Click here for Full Story] The Top Five Biggest Network
Vulnerabilities (server pipeline)
05/23/05 The correct answer to the question "where is my network vulnerable to attack?" is "everywhere." To some extent, that's the nature of the Internet beast; if you have a door open to the world, then it's inevitable that someone will try to open it up. And there's a good chance that they're not doing it just to say hello. Dan Ingevalson, the director of professional security services at Internet Security Systems, says that enterprises have gotten better at managing security vulnerabilities, but the increasing complexity of networks and network-borne applications make perfect protection impossible. "There is always going to be some level of complexity in a network that will create a network security vulnerability," he says. Having said that, some open doors are bigger and more common than others. A big part of maintaining network security, says Mark Curphey, senior director of consulting at Foundstone Services, a division of McAfee Inc., is knowing where these vulnerabilities are, and knowing how to plug them up. Network edge devices: Though well-publicized, worms and viruses continue to be a common and, to some extent, under-appreciated network threat says Yankee Group senior analyst Jim Slaby. "We haven't seen a really big, really pervasive worm like Blaster or Slammer in some time, but they are waiting in the wings," he says. "It's not that people are complacent, but the problem with worms is that they're zero-day exploits. Signature defenses only work against things that you've seen before, or someone has seen before you, and they proliferate quickly." [Click here for Full Story] Web Site Flaws Let Spammers,
PHishers Build User Profiles (smallbiz pipeline)
05/23/05 Blue Security, which has offices in Menlo Park, Calif., and Israel, laid out details of what it's calling "registration attacks" and "password reminder attacks" in a report released Monday. Together, these attacks are used, said Blue Security's chief executive Eran Reshef, to conduct hostile profiling of Internet users. In a registration attack, a spammer tries to register large numbers of e-mail addresses -- using automated scripts somewhat similar to those used in directory harvest attacks -- with a variety of Web sites. Because sites typically return errors on addresses already in use -- Reshef said his research showed a majority of sites do this -- spammers and phishers can determine not only which addresses are valid, but match an address with a Web site. [Click here for Full Story] Common Sense Moves Could
Protect Privacy (security pipeline)
05/23/05 Plenty of inexpensive measures can protect data from the large-scale theft that big banks, data merchants and other companies have recently disclosed. But "security and privacy, for a lot of large organizations, are an afterthought, not a priority," said Evan Hendricks, who publishes the newsletter "Privacy Times." Consider the latest headache for some large banks: Wachovia Corp., Bank of America Corp. say they have notified more than 100,000 customers that their accounts and personal information may be at risk after former bank employees allegedly sold account numbers and balances to a man who then sold them to data collection agencies. Nine people have been arrested in New Jersey in the case. [Click here for Full Story] An Easier Way to Secure
Wireless Networks (smallbiz pipeline)
05/23/05 If you set up Wi-Fi networks for your clients with any degree of regularity, you've probably come across security set-up issues of your own. Sometimes, WPA (Wi-Fi Protected Access) won't set-up properly, so you reduce the level of security to WEP (Wired Equivalent Privacy), the older, more easily crack-able scheme. Or maybe you've thrown in the towel altogether to run wireless networks without any protection at all--a dangerous setup. Combine lax security with Wi-Fi security threats--such as drive-by spamming, man-in-the-middle attacks, and network snooping, sniffing and spoofing--and you're leading your users into trouble. They could lose intellectual property, suffer privacy breaches, or fall prey to malicious network attacks. [Click here for Full Story] Microsoft Plans Enterprise
Security Service (security pipeline)
05/20/05 The Redmond, Wash., software giant confirmed that it has an enterprise antivirus service in development, but other sources said Microsoft is developing a broad managed services platform that will also consist of antispyware and possibly Domain Name Service hardening, Wi-Fi provider ID assurance and firewall services for e-mail filtering. Sources said there may be two "flavors" of the enterprise security services offered, one for enterprise customers and one for Microsoft Business Solutions targeting the SMB market. They said the services will be bundled into licensing agreements and also offered on a subscription basis. "Initially, it will be antivirus, but there are ambitions to move beyond this as new hardware rolls out," said one partner, who requested anonymity. "The long-term aim is to have a comprehensive manageability platform. [Click here for Full Story] Netscape 8 Needs Patch Hours
After Debut (desktop pipeline)
05/20/05 Netscape 8.0 was built using the code from Firefox 1.0.3, but Mozilla recently upgraded its browser to fix several vulnerabilities. With the update released Thursday, Netscape is now a clone, security-wise, with the current Firefox 1.0.4. One of Netscape's most intriguing features is that it includes both the Gecko (used in Firefox) and Microsoft Internet Explorer rendering engines, and automatically switches from one to the other, depending on user preference or the perceived security of the site. Without the update, users visiting sites rendered with the Gecko engine could be at risk. Attackers could use the now-patched vulnerabilities to take control of a PC simply by getting a user to visit a malicious Web site. [Click here for Full Story] Opinion: Small Businesses
Need to Stop Ignoring Security (security pipeline)
05/19/05 Denial about security is self-defeating because the cost of loss is devastating. That's especially true of small businesses, where profit margins are often razor-thin. I've had personal experience working in, and near, companies that learned those lessons the hard way. The lucky companies only lost information of financial value. In one instance, a security breach resulted in seven dead. Moreover, as president and principal analyst of the Enderle Group, I'm a small businessman myself. In other words, I don't just advice small businesses on security — I live it. The time to think about preparing for a disaster or other loss is before the loss has occurred. It is not a trivial process. We'll start out by reviewing the layers of security you need and close with disaster preparedness. The Layers of Security - Physical Security: This is the first layer and often [Click here for Full Story] Netscape 8.0 Boasts
Anti-Phishing Features (smallbiz pipeline)
05/19/05 Netscape 8.0 is based on the Mozilla Foundation's Firefox code, but includes both the Firefox and Microsoft IE engines, officials with Dulles, Va.-based, AOL, a division of Time Warner Inc., said. The upgrade automatically switches between engines on each web site, depending on user preference or demands of the site. Unknown sites render in Firefox for increased security, AOL said, but a user can switch to IE with a single click. The browser also remembers users' browser preferences on web sites. If a visited site is on a "black list" of suspected phishing, spyware, or virus sites, a warning page pops up and blocks access. If the user chooses to go to the site anyway, the browser disables all functionality, including cookies and Java. The black list is updated three times a day. [Click here for Full Story] New TCP/IP Flaw in Windows,
Microsoft Puts Out Alert (desktop pipeline)
05/19/05 "We do not consider this to be a significant threat to the security of the Internet," a Microsoft spokesperson said Thursday when queried about the advisory. The new vulnerability in Windows' TCP/IP implementation could allow an attacker to reset existing TCP connections on a PC, essentially taking it offline in a denial-of-serve (DoS) fashion. The attacker could not exploit this vulnerability to execute additional code or gain access to the PC, however. Because the new vulnerability is very similar to already-patched TCP reset problems, Microsoft said that users who had deployed Windows XP SP2 or Windows Server 2003 SP1, or who had applied April's MS05-019 patch, were safe. [Click here for Full Story] Bogus Microsoft Security
Update Circulates (security pipeline)
05/18/05 The newest e-mails--a sample which TechWeb received--play off the recent news that Microsoft released its May patch, a tactic so common that scams like this appear virtually every month. "This is the latest version of security update, the 'May 2005, Cumulative Patch' update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express," the official-looking e-mail reads. Astute recipients will know that Microsoft did release a patch in May, but only for a bug in Windows 2000, not IE or Redmond's e-mail clients. [Click here for Full Story] Feds Faulted For Weak
Wireless Security (security pipeline)
05/17/05 In a 31-page report issued Tuesday, the Government Accountability Office said federal agencies have yet to fully apply key controls such as policies, practices, and tools to let them operate wireless networks securely. GAO tests of the security of wireless networks at six federal agencies revealed unauthorized wireless activity and "signal leakage," wireless signals broadcasting beyond the perimeter of the building and thereby increasing the networks' susceptibility to attack. A diagram in the report shows signal leakage emanating from wireless-access points in three federal buildings onto surrounding streets and into nearby privately owned buildings in Washington, presenting security exposures. "Without implementing key controls, agencies cannot adequately secure federal wireless networks and, as a result, their information may be at increased risk of unauthorized disclosure, modification, or destruction," said the report, co-written by GAO information security issues director Gregory Wilshusen and chief technologist Keith Rhodes. [Click here for Full Story] Phishers Dodge Content
Filtering (smallbiz pipeline)
05/13/05 According to Netcraft, some fraudsters are replacing text content on their phony sites with similar-looking images, "making it much more difficult for automated systems to detect the presence of keywords such as 'PayPal' and 'credit card.'" In an online alert, Netcraft illustrated how a phisher could simply embed text within an image to hide it from filters. The text would still be readable by a possible victim, but not by a computer. "Because the content filters may not detect this [sample page] as being a PayPal phishing scam, it could slip through undetected, allowing the fraudster to harvest the credentials of thousands of PayPal customers," Netcraft went on in its alert. [Click here for Full Story] Mozilla Updates Firefox to
Fix Flaws (smallbiz pipeline)
05/12/05 The new versions -- Firefox 1.0.4 and Mozilla 1.7.8 -- patch the browsers against two vulnerabilities made public less than a week ago. Both can be downloaded from the Mozilla Foundation's Web site. Another vulnerability was also addressed in the updates, and a Dynamic HTML (DHTML) problem introduced in Firefox 1.0.3 was resolved, said Mozilla. The under-a-week response to the public vulnerability was helped in part by an early jump on the problem, said Chris Hofmann, director of engineering at Mozilla. His group was first notified of the vulnerability on May 2; it went public May 7. [Click here for Full Story] Microsoft Launches Security
Advisory Service (security pipeline)
05/11/05 Dubbed Microsoft Security Advisories, the service is a pilot program begun in response to customer requests, Stephen Toulouse, the program manager of Microsoft Security Research Center (MSRC), said. "When we got down to it, in the absence of a bulletin, customers wanted us to provide authoritative guidance on security related topics," Toulouse said. Microsoft's security advisories--the first two of which were issued Tuesday--will offer early workarounds for vulnerabilities before a patch is ready. "If there was public vulnerability posted, the advisories could be used to provide guidance on workarounds," said Toulouse. In cases such as those, expect to see the advisories morph into actual bulletins, Toulouse added. "We'd put the advisory up, and when a patch is ready, use it to point to the bulletin," he noted [Click here for Full Story] Many Would Trade Password for
a Grande Mocha (security pipeline)
05/06/05 Apparently nothing more than a latte by the results of a marketing stunt run in San Francisco Thursday. In a very unscientific poll, two-thirds of the 272 people approached by VeriSign willingly gave up an electronic password for a $3 Starbucks coupon. Among the easy marks, 79 percent admitted that they use the same password to access more than one application or Web site, a common practice that means the loss of one password increases the risk of damage or identity theft. The down-and-dirty survey also confirmed what anyone who works in an office already knows: Some people are more worried about forgetting their password than it being stolen, and scribble it on Post-Its stuck to their monitor. [Click here for Full Story] Firefox 1.0.4 Release
Candidate Patches Bugs (security pipeline)
05/11/05 The Windows, Mac, and Linux versions of Firefox 1.0.4 can be downloaded from the Firefox FTP server. Like the three previous updates released this year, 1.0.4 is a bug fix, in this case one that plugs a cross-scripting vulnerability which could let an attacker gain control of a Firefox-equipped computer if its user simply surfs to a malicious site. The time from release candidate to final is typically short in Firefox security updates; it wouldn't be out of the ordinary for Firefox 1.0.4 to wrap by the end of the week. [Click here for Full Story] Vendor Warns of New Type of 'WiPhishing'
Attack (smallbiz pipeline)
05/09/05 The company said in a statement that the new type of attack starts with a fraudulent log-in page for a public Wi-Fi network such as a hotspot. When the user logs on to the fake page, the hacker downloads as many as 45 viruses to the computer. The company said in a statement that it first detected the attack at a trade show in the U.K. and that it appeared again at last week's Interop trade show. The attack seems to be aimed at business people, the company said. As a result, the vendor warned business users to take particular precautions when logging on at hotspots such as those in airport lounges, which have a high concentration of business users. It suggested taking common security precautions such as using a firewall, using only SSL-secured Web sites and, if possible, to use hotspots only for Web surfing unless you also can use a virtual private network (VPN). [Click here for Full Story] 'Extremely Critical' Bugs
Found in Firefox (smallbiz pipeline)
05/04/05 Because proof-of-concept code has been leaked -- as were the vulnerabilities -- before a patch was ready, Mozilla recommended that Firefox users either disable JavaScript or lock down the browser so it doesn't install additional software, such as extensions" or themes, from Web sites. The vulnerabilities were discovered by a pair of security researchers, who had notified Mozilla earlier in the month, but were keeping mum until a patch was written. However, details of the vulnerabilities were leaked by someone close to one of the researchers. [Click here for Full Story] Phishers Turn to Devious DNS
Tricks (desktop pipeline)
05/04/05 "What I'll call, for lack of a better term, the 'old way' of phishing -- sending e-mail, enticing people to a bogus Web site -- didn't rise as dramatically as it has in the past," said Dan Hubbard, the senior director of security at Websense, which released the latest phishing data in concert with the APWG. "But phishers are changing to other attack vectors. The attacks have changed." The APWG's numbers bear out the flattening in the rise of both "traditional" e-mail phishing attacks and the phishing sites hosted by criminals. The number of e-mailed phishing campaigns climbed by just 2 percent in March over February, noted Hubbard, while the APWG's data showed a 6.8 percent increase in the number of active phishing sites. [Click here for Full Story] Another Sober Worm Spreading
Quickly (desktop pipeline)
05/03/05 Sober.p -- also called Sober.n and Sober.o in the confusing mishmash that's the naming structure of worms and viruses -- is epidemic in Western Europe, said two firms there, Sophos and Kaspersky Labs. Although the worm hasn't made as much headway in the U.S., it's currently the most dangerous new threat on the books, according to Symantec and McAfee, both of which raised their alert warnings to "medium" on Monday afternoon as Sober spread. "It's currently running at about 70 percent of all mail traffic, worldwide, but it seems to have plateaued," said Ted Anglace, a senior security analyst in Sophos' Boston office. "It's leveling off." Like earlier Sober variations, this one is bilingual -- it uses both English and German headings and text -- and spreads by mass mailing copies to addresses it steals from detection technologies. [Click here for Full Story] Microsoft Adds WPA2 WLAN
Security to Windows XP (Desktop Pipeline)
05/03/05 Specifically, Microsoft posted a support memo explaining the update and a link to download the update. The update itself, which is dated April 29, is for Windows XP Service Pack 2. The most significant part of the update is support for WPA2, a strong WLAN security standard that was approved last year and that is being widely adopted in enterprises. WPA2 was a significant part of the 802.11i WLAN security standard. WPA2 replaces the discredited WEP and supports 802.1X authentication and Advanced Encryption Standard (AES). It also supports optional use of Pairwise Master Key (PMK) caching and pre-authentication, which enables a wireless client such as a laptop to pre-authenticate with a wireless LAN when it still connected to another wireless LAN. [Click here for Full Story] Security Management (Part 1
of 4) - March 2005 (Microsoft)
03/09/05 Eight Top Tips for Network
Security (security pipeline)
05/01/05 However, having the hardware and software isn't enough, says James Hurley, the Aberdeen Group's Vice President Risk, Security, and Compliance. Having the tools is not the same as knowing how to use them. "Looking at security only from a technology perspective leads organizations down the wrong path," Hurley says. "The most common error is the assumption that the security capabilities on network hardware and routers is all you need. Organizations that approach security solely from a technology perspective do it very poorly." The bottom line is that protecting your network is, more than anything else, a question of policy, strategy and execution. Networks, says In-Stat group research analyst Victoria Sodale, are not insecure by definition, but by accident. "There are some basic steps all organizations can take to protect themselves," she says. It just takes the will and commitment to take them. [Click here for Full Story] Netcraft Updates
Anti-Phishing IE Toolbar (desktop pipeline)
05/02/05 The Netcraft Toolbar, which debuted December 2004, is a free-of-charge plug-in to Microsoft's IE browser that uses Netcraft's database to show several attributes of any visited site, including the doman's country location, its longevity, and its popularity. New to the toolbar is Risk Rating, a graphical indicator that appears for all new sites. The rating, said Netcraft, is generated by comparing the new site against characteristics of known phishing sites. "The ratings will evolve and adjust automatically as phishers change their behavior," promised Netcraft in a statement. "Along with pre-emptive blocking of cross-site scripting, [the rating] is particularly helpful to people who receive a phishing mail early on, before it has been reported by someone else in the community and blocked." [Click here for Full Story] Inside the Firewall (biz
intelligence pipeline)
05/01/05 Some of the attacks are intentional, but many are not. "A user can inadvertently pick up spyware or a Trojan horse outside the security bubble while, say, working at home or at a Wi-Fi hot spot," says Slaby. "These can give outsiders a back door to security profiles and the location of sensitive data." It takes sophisticated software at the network edge to detect these threats inside the firewall when the user reconnects at work. "Very few organizations have these edge systems in place," says Slaby. Cisco has Network Admission Control (NAC), "but it's big and complex and not all Cisco products support it yet." Microsoft's Network Access Protection (NAP) won't be ready until Longhorn, the next major Windows revision, is released — in a year or more. To thwart internal attacks, consider encryption inside the firewall, which offers an additional, application-level layer of security. Most business intelligence vendors offer some encryption capabilities inside the firewall. [Click here for Full Story] McAfee: Unpatched Machines a
Major Security Threat (desktop pipeline)
04/25/05 In releasing its quarterly security analysis, McAfee's "AVERT" virus research team noted that exploited vulnerabilities are becoming a dominant threat to both consumers and enterprises. "The day of the virus may have come and gone," said Vincent Gullotto, the vice president of AVERT. "One day it may swing back, but now we're looking at different types of programs, not viruses, that threaten computers. And many of them are exploiting machines' vulnerabilities." According to AVERT's estimates, half or more of the computers connected to the Internet aren't properly patched or updated. Not good, especially when the number of vulnerabilities spotted in the first quarter of 2005 was up 6 percent over the same quarter last year. [Click here for Full Story] Hotspot Hacking and How to
Fight it (smallbiz pipeline)
04/22/05 That's the word from Richard Rushing and he should know since he is chief security officer for AirDefense, which specializes in security of mobile workers. "The usage rate at hotspots has dramatically increased in the last six months or so -- more people are using them," Rushing said. "But we are starting to see more malicious activity." While some of that activity is occurring at popular wireless access locations such as Starbucks, which has deployed T-Mobile hotspots nationwide, the biggest threats are at what Rushing calls "premier hotspots," which are places like airline clubs. "If somebody really wants to do something malicious or get information, they'll go where the information is," Rushing said. Put differently, places such as Starbucks have a higher concentration of Web browsers. Airline clubs have a higher concentration of business travelers who use hotspots to access for crucial and often sensitive data. [Click here for Full Story] 7 Ways to Secure Yourself at
Wi-Fi Hotspots (smallbiz pipeline)
04/22/05 Richard Rushing, chief security officer at wireless security firm AirDefense says hotspot usage is up markedly in the past six months, and attackers are following the crowds. The attackers are especially focused on airline hubs, where business travelers congregate, sending and receiving valuable business information. They're not so keen on Starbucks, where you're likely to find the magenta-hair-and-face-piercing crowd, looking for information on, well, whatever it is that young people look up on the Web. Sites about dyeing your hair funny colors, or sticking holes in your face, or something like that. AirDefense finds that wireless trade shows are magnets for hackers. And AirDefense itself goes to the conferences to learn the hackers' latest tricks. (Dave describes a couple in the article.) The article offers tips for protecting yourself: 1. Use a VPN — and make sure it's configured right. [Click here for Full Story] Safe Hotspotting Without
Needing IT Backup (smallbiz pipeline)
04/14/05 One solution for the rest of us is to use service-by-service encryption, such as using SSL (Secure Sockets Layer) for retrieving e-mail messages, but VPNs are better because capture and encrypt all incoming and outgoing data. Combined with a firewall and an anti-virus program, a VPN-equipped laptop can be virtually impregnable. Fortunately, while VPNs have previously been the domain of enterprises, publicly available VPNs that you can use for a reasonably low monthly fee are now available for individual travelers. Two in particular, HotSpotVPN and WiTopia's personal VPN provide different approaches, but both deliver strong security. [Click here for Full Story] Mozilla Patches Firefox, But
Site Suffers Brief Outage (smallbiz pipeline)
04/18/05 The Mozilla.org site was offline and unavailable for nearly two hours Monday, but at the time of this posting, it was back up and running. Firefox updated to 1.0.3 and Mozilla to 1.7.7 on Friday, both updates essentially security fixes that plugged nine and six vulnerabilities, respectively. The most substantial vulnerability was a bug in the JavaScript engine's memory heap management, which was first reported earlier this month. [Click here for Full Story] Rootkits May Pose Serious
Security Problem (smallbiz pipeline)
04/14/05 Rootkits, which hark back to Unix, are tools used by hackers to cover their tracks. Rootkits -- even the name comes from Unix, for it refers to the term for the OS's super-user, the root user -- can hide the existence of other malware on a computer by modifying file data, Windows registry keys, or active processes, all of which are used by malicious code detection software to spot worms, viruses, and spyware that's been installed on a PC. They're commonly used by spyware writers who, after all, try to play as stealthy as possible, but they're now gaining popularity among virus writers, say some security analysts. [Click here for Full Story] Hackers Use Blogs to Spread
Worms, Keyloggers (smallbiz pipeline)
04/13/05 "We're seeing that more and more of the locations where malicious code is stored is on blog sites," said Dan Hubbard, the senior director of security and technology research for San Diego-based Websense. So far this year, Hubbard said, his lab has discovered hundreds of blogs involved in the storage and delivery of harmful code. "In particular, keyloggers and other Trojan downloaders and droppers are being stored and updated from blog sites," Hubbard added. A keylogger is the term for a type of spyware that watches for, records, then transmits to the hacker identities surreptitiously hijacked from PCs. [Click here for Full Story] Tip Sheet: How to Protect
Against a Zero-Hour Attack (smallbiz pipeline)
04/15/05 In the last year, a series of viruses and worms that caused damage across the Internet in record time has made very clear how vulnerable our computer systems are. The MS Blaster, Slammer, Sasser, and Korgo.W worms have shown that signature-based antivirus software and traditional firewalls are not enough to protect networks. Everyone is worried about a zero-hour attack — an attack based on a previously unknown vulnerability and completely immune to antivirus software. What can you do to protect your network from such an event? Here are a few ideas: Use file integrity checking. [Click here for Full Story] Microsoft Baseline Security Analyzer (Microsoft)
03/02/05 MBSA 1.2.1 needed for Windows XP SP2 compatibility: Users of Windows XP Service Pack 2 will need to update their MBSA to version 1.2.1 for compatibility with SP2 security improvements. Windows XP SP2 users who are running MBSA 1.2 will be automatically notified when they run the tool from the Start menu with an Internet connection. MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform. It is a tool designed for the IT Professional that helps with the assessment phase of an overall security management strategy. MBSA Version 1.2.1 includes a graphical and command line interface that can perform local or remote scans of Windows systems. [Click here for Full Story] How to Block Unwanted Instant Messages (Microsoft)
03/16/05 IM is generally faster than e-mail and instant messages are not typically saved the way e-mail is. IM also requires a special software program like MSN Messenger, Windows Messenger, AOL Instant Messenger, Yahoo! Messenger, or others. Using an IM program, you and your friends can type what you want to say in a box and see each other's messages almost instantaneously. Just as you may receive unwanted e-mail (spam), you and your family may also receive unwanted instant messages (often called "spim"). These instant messages might be from complete strangers or from people you know but don't want to communicate with. They may even contain harmful viruses. Both Windows Messenger and MSN Messenger make it easy for you to block these unwanted messages. [Click here for Full Story] ISC Explains Microsoft Server Poisoning Vulnerabilities (system
management pipeline)
04/07/05 After consultations with Microsoft and after receiving additional reports from users on tested methods of protecting Windows servers, the ISC posted a document that outlines its recommendations. Microsoft also revised a Knowledgebase article on its support site. The design flaw ISC mentioned Wednesday relates to when Windows servers have forwarding enabled. Apparently, Windows DNS servers expect the upstream server -- the one sending data to a second server -- to scrub any cache poisoning attacks, and so accepts all data, regardless of its current setting to protect against cache poisoning. ICS is asking for help in pinning down under which circumstances this forwarding can create a vulnerability. So far, said ISC analyst Kyle Haugsness, it appears that upstream servers running BIND4 and BIND8 do not clean the poisoned cache before sending to down to the Windows DNS server, while BIND9 does. [Click here for Full Story] New Domain Poisoning Attacks Microsoft Servers (system management pipeline)
04/06/05 DNS cache poisoning occurs when an attacker hacks into a domain name server, one of the machines that translate URLs such as www.techweb.com into the appropriate IP address. The attacker then "poisons" the server by planting counterfeit data in the cache of the name server. When a user requests, say, techweb.com, and the IP address is resolved by the hacked domain server, the bogus data is fed back to the browser and the user is directed to another Web site, not the intended destination. To highlight the danger, the ISC raised its Homeland Security-esque alert color code from Green to Yellow. According to ISC, Yellow represents that "we are currently tracking a significant new threat. The impact is either unknown expected to be minor to the infrastructure. However, local impact would be significant." [Click here for Full Story] Security Flaw Found in Trillian IM Client (security pipeline)
03/24/05 To take advantage of the vulnerability, the hacker would have to use an advanced technique called DNS cache poisoning, which redirects PC users from real sites to spoofed copies, said Matt Hargett, director of development for Pittspurgh, Pa.-based, LogicLibrary Inc. The tactic involves a hacker first compromising a DNS server, which is used on the web to direct computers to websites. Once Trillian, which is made by Cerulean Studios in Connecticut, is directed to a spoofed server, a hacker could upload malware by overflowing the software's buffer, or temporary storage area, with data containing executable code. Overflowing the buffer fools the software into running the code. The damage to an infected PC could range from an annoying program crash to a hacker gaining control of the machine, Hargett said. Such an attack is particularly nasty because the user is unaware that his computer is being hijacked. [Click here for Full Story] The 10 Worst Security Practices (security pipeline)
03/24/05 If you find a security hole, buy a product to fix it. There's a prevailing, and dangerous, belief among information security pros that for every problem, there is a tool. As long as we have the right technologies in place--antivirus, antispam, firewall, patch manager, VPN, PKI, IPS, IDS--we feel safe. Trouble is, products are only as good as the person who configures and monitors them. "A tool is there to assist, not do the job for you," says John Pironti, a security consultant at Unisys. "Always remember that you are at least 50 percent smarter than computers. Computers know 'yes' and 'no,' but we know 'maybe.' We can evaluate more variables because there are only so many you can put into a tool." [Click here for Full Story] Microsoft Releases Major Windows Server 2003 Update (security pipeline)
03/31/05 Microsoft released the full first service pack for Windows Server 2003 late Wednesday, emphasizing the server software update's security features and touting improvements in overall performance and reliability of as much as 50 percent, depending on overall workload. The update's main objective, says the company, is to "reduce customer pain centered on server security." Windows Server 2003 Service Pack 1 is available for immediate download and was released to manufacturing on Wednesday, according to a company statement; the release is also available via the automatic Windows Update feature. Microsoft is offering differentiated versions for updating multiple servers and for Itanium-based servers; the company recommends using Windows Update to handle installation on single servers. [Click here for Full Story] Hacking Control More Than 1 Million PCs (security pipeline)
03/16/05 Using only three computers as "honeypots," machines deliberately left open to attack, thus attracting hackers and their bots so researchers can capture data on their actions, German security analysts at Aachen University were able to identify more than 100 botnets during a three-month project. Those botnets ranged in size from only a few hundred compromised PCs to several of up to 50,000 systems. The volume, the Honeynet Project researchers said, was staggering. Even using conservative estimates, they projected over a million PCs worldwide are currently under the control of hackers running botnets. "That number wouldn't surprise me," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based security intelligence firm. [Click here for Full Story] Microsoft at a Loss for Fighting Phising (security pipeline)
03/15/05 Among the few tidbits: use of Sender ID on Microsoft's free Web-based Hotmail service will lead to similar support for the sender authentication scheme in Outlook and Exchange later this year. Mike Nash, the chief security executive at Microsoft, and others from companies including Truste and RSA Security, pointed to the dangers of phishing to both consumers and businesses, with emphasis on the latter. "The long term damage phishing can do to brands is the real concern," said Fran Maier, the executive director and president of Truste, in an hour-long Webcast Tuesday morning. [Click here for Full Story] Controversial Report Finds Windows More Secure than Linux (security pipeline)
03/14/05 The researchers found that Windows Server 2003 actually had fewer security vulnerabilities identified last year than Linux and that the holes in Windows took less time to patch. But the study is already attracting controversy for its methodology. Linux proponents note that the two systems have different configurations and are not easily comparable since they contain different functionality out of the box. "A lot of people are under the impression that one platform has more advantages," said Max Clark, a network consultant with Intercore, a Los Angeles-based consulting firm that provides support for both Windows and Linux systems. "The expertise of the person deploying it is what matters. The default configurations are important, but once you start consolidating software on top of the system, the system is only as secure as what's running on it." [Click here for Full Story] Most CA Software at Risk, Patches Available (security pipeline)
03/14/05 Wednesday, both Reston, Va.-based iDefense and Aliso Viejo, Calif.-based eEye Digital Security posted alerts describing a series of vulnerabilities within Computer Associates' License Management Software, a component in most of CA's products that's used to register software on the network and track licenses. If exploited, the vulnerabilities could allows attackers to generate buffer overflows, and from there, run code of their choice on the machines. "It's absolutely imperative that administrators scan their networks to identity vulnerable systems and take corrective actions," said Firas Raouf, the chief operating officer of eEye, in a statement. "The remotely executable nature of this threat, combined with the broad array of platforms, makes this a high priority for enterprises." [Click here for Full Story] Survey: Patch Management an Ongoing Challenge for Many Companies (security pipeline)
03/03/05 The survey, completed last month by research firm InsightExpress and commissioned by SupportSoft Inc., a developer of software for managing software updates, portrays patch management as an ongoing issue that poses a variety of risks. For example, patching still takes a week or longer at about a quarter of companies. That compares with 19% of respondents who say their IT organizations distribute patches to all computers within hours and 57% that do the job in days. When asked how well prepared their IT organizations were for a virus attack, three-quarters are only "somewhat prepared," compared with 21.3% that are completely prepared. "It shows companies are struggling to get a handle on patching," says Michael Cherry, an analyst with Directions On Microsoft. [Click here for Full Story] Hacker Helps B-School Applicants (security pipeline)
03/04/05 Few of the people who followed the hacker's directions managed to find out if their applications have been accepted, according to school officials. But many of them could end up getting rejected now that the schools are checking to see who tried to exploit the security breach. "Hacking into a system in this manner is unethical and also contrary to the behavior we expect of leaders we aspire to develop," said Steve Nelson, executive director of the MBA program at Harvard Business School. The unidentified hacker tapped into Business Week's online forum early Wednesday and posted instruction on how applicants could log onto the schools' Web sites to check their admission status. Dozens of business schools, including those at the Massachusetts Institute of Technology, Stanford, Duke, Carnegie Mellon and Dartmouth, were affected by the breach, with their Web sites vulnerable for roughly nine hours before the problem was fixed. [Click here for Full Story] IM Threats Growing 50 Percent Per Month (smallbiz pipeline)
03/08/05 According to the IMlogic Threat Center, a coordinated effort by several vendors, including IMlogic, McAfee, Symantec, and Sybari Software, IM and P2P exploits have exploded in 2005, and have grown 50 percent each month thus far. "IM viruses and worms are growing exponentially," said IMlogic chief technology officer Jon Sakoda, in a statement. The threat center has warned of more than 30 widespread incidents of IM or P2P viruses, worms, or other malicious code thus far in 2005, said Sakoda, with the bulk--81 percent--of them aimed at instant messengers. [Click here for Full Story] IM Threats Growing 50 Percent Per Month (smallbiz pipeline)
03/08/05 According to the IMlogic Threat Center, a coordinated effort by several vendors, including IMlogic, McAfee, Symantec, and Sybari Software, IM and P2P exploits have exploded in 2005, and have grown 50 percent each month thus far. "IM viruses and worms are growing exponentially," said IMlogic chief technology officer Jon Sakoda, in a statement. The threat center has warned of more than 30 widespread incidents of IM or P2P viruses, worms, or other malicious code thus far in 2005, said Sakoda, with the bulk--81 percent--of them aimed at instant messengers. [Click here for Full Story] Microsoft: No Patch Before its Time (smallbiz pipeline)
03/08/05 A spokesperson, however, intimated that the lack of patches didn't mean that Microsoft thought its products were locked down and security tight. "[The monthly release schedule] involves a significant testing focus to help ensure customers will receive updates that are of a high quality," the spokesperson said in an e-mail. "Microsoft will not release an update until it meets those standards. Occasionally the testing process and our strict focus on quality can result in a month where no security updates are released, as is the case today." While patches were AWOL, the Redmond, Wash.-based developer did revise its free Windows Malicious Software Removal Tool, another chore it's committed to doing monthly. [Click here for Full Story] Possible Domain Poisoning Underway (desktop pipeline)
03/04/05 According to the Internet Storm Center, which posted an alert on its Web site, it had received reports that the attack was redirecting traffic from popular domains such as google.com, ebay.com, and weather.com. DNS cache poisoning occurs when an attacker hacks into a domain name server, then "poisons" the cache by planting counterfeit data in the cache of the name server. When a user requests, say, ebay.com, and the IP address is resolved by the hacked domain server, the bogus data is fed back to the browser. Another tactic, dubbed "DNS hijacking," is similar, but simply changes the domain server so that traffic is actually re-routed. [Click here for Full Story] Bob Evans: Microsoft Plays High-States Poker With Customer Security (security pipeline)
03/01/05 It would seem that Gates and Microsoft are willing to play a similar gut-wrenching and all-in staredown this year over the ultimate state of the security of its products and technologies. But the odd thing about this match at this time is that the competitors in the game aren't the bad guys launching all the attacks, but rather Microsoft's customers. Microsoft and Gates are betting that their customers will give the company and its somewhat shaky security history another 6-9 months to substantially improve existing products while simultaneously releasing new software conceived and developed with security as a top priority. It's as if Gates and Co. have pushed a massive stack of chips into the middle of the table and said, "This matches what your company's already spent on Windows infrastructure and applications and standardization, and"--they push another heaping pile into the center of the table--"this raise represents what you'd have to spend on top of that to migrate to a different platform." [Click here for Full Story] 8 More Bugs Found in Firefox and Mozilla (smallbiz pipeline)
03/01/05 The Danish security firm Secunia on Tuesday laid out the flaws, most of which could be used by criminals to spoof, or fake, various aspects of a Web site, ranging from its SSL secure site icon to the contents of an inactive tab. Other bugs can be exploited remotely by hackers able to introduce code of their own choosing on the vulnerable machine, possibly taking control of it or giving them access to files. For example, Firefox's extensions -- its name for plug-ins -- can be manipulated to create a temporary directory that can then be exploited by attacks to delete files from the computer. Another flaw in the automatic form filling feature -- used to quickly complete forms with personal information, or even credit card numbers -- could be exploited to trick users into divulging some of that information. [Click here for Full Story] Mozilla, Firefox Open to Attack (desktop pipeline)
02/28/05 According to Reston, Va.-based iDefense, Mozilla 1.7.3 and Firefox 1.0 -- and likely all earlier versions as well -- include a "design error" that lets hackers create a memory heap overflow, which then allow remote code execution and a compromise of the system. Even a failed attempt to exploit this flaw could bring down the browser, added iDefense. Mozilla characterized the problem as "high" on the severity chart, but "low" on risk, in part because it said a successful exploit was dicey. "Creating the exact conditions for exploitation--including running out of memory at just the right moment--is unlikely," Mozilla said in an online security advisory. [Click here for Full Story] Trusted Computing: Just Wishful Thinking? (security pipeline)
02/25/05 Still, enough major players are involved in the group that there's a corresponding load of hype. One whopper is that the TPM (Trusted Platform Module) and trusted computing are synonymous with DRM (digital-rights management). The reality is that strengthening content key distribution to enable DRM is one use of a TPM, but the main attacks against digital rights, such as copying data in memory after it has been decrypted, are possible with or without the TPM (for more on the rumors versus the reality, see "Myths and Legends,"). Have Faith, Will Compute. [Click here for Full Story] Wayne Rash: Stupid Security Tricks (security pipeline)
02/25/05 Then I saw something I couldn't believe. As the TSA guy put the laptop back into the gray plastic tray, I saw a piece of yellow paper attached to the surface. On it was a list of access numbers, user names and passwords, all neatly typed. Clearly, this computer was owned by someone who couldn't remember their login information. I wasn't surprised, considering that there were a half dozen logins written out. That was alarming, but what happened next was even more alarming: I noticed that the owner of the computer had a government ID card around his neck, identifying him as working for an agency heavily involved with fighting terrorism. An attacker could compromise agency security simply by being fast with a camera phone, or just by remembering what he read. [Click here for Full Story] Security Vulnerability Affects Entire Trend Micro Line (security pipeline)
02/25/05 As in the other two instances with Symantec and F-Secure, the Trend Micro vulnerability was discovered by Internet Security Systems, an Atlanta-based security provider, and revolved around the processing of a compressed file format. The Trend Micro flaw related to the ARJ file format, which, said ISS, could be used by a hacker to "gain unauthorized access to networks and machines being protected by Trend Micro AntiVirus Library." The affected titles include Trend Micro's Messaging Suite, VirusWall, ScanMail, and PC-cillin lines, among others. A complete list has been posted on Trend Micro's Web site. [Click here for Full Story] Opera to Beef Up Browser Security (desktop pipeline)
02/25/05 The latest beta, available for download through the Opera site, displays security information inside the address bar that can help the user determine the legitimacy of a website. By clicking on the small, yellow security bar, the user can get information on the validity of the site's security certificate. "One of the most important measures to counter phishing attacks is the use of security certificates," Christen Krogh, vice president of engineering at the Norwegian company, said in a statement. "The challenge for browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions." [Click here for Full Story] Firefox Patches Fixes Vulnerabilities (desktop pipeline)
02/24/05 It's time to update the millions of Firefox 1.0 browsers that have been downloaded over the past 11 weeks. The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent spoofing and phishing attacks and fix glitches that cause the browser to crash. The security update, Firefox 1.0.1, can be downloaded immediately at www.mozilla.org, and it will be available within a few days via Firefox's automatic update feature. "I'd encourage users to get this release, especially if they've been prone to phishing attacks or spoofing," says Chris Hofmann, director of engineering with Mozilla, a nonprofit software-development organization. "A lot of work in this release focuses on those areas." [Click here for Full Story] Microsoft Patches "Blue Screen of Death" in Windows XP SP2 (smallbiz pipeline)
02/23/05 The problem, which has actually been public since December 2004, also affects Windows Server 2003 and Windows XP Tablet PC Edition 2005. In some cases, installing third-party anti-virus or firewall software -- Microsoft didn't name makers or package titles -- can bring down the operating system in a Blue Screen of Death with a cryptic error that reads "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)." Ironically, the last time a Blue Screen of Death made the news, Microsoft Chairman Bill Gates was on the stage at January's Consumer Electronics Show in Las Vegas, demonstrating Windows Media Center. [Click here for Full Story] Browser Security: Firefox, Mozilla To Turn off IDN (smallbiz pipeline)
02/16/05 The flaw, first disclosed last week, affects nearly every browser except Internet Explorer because of a flaw in handling International Domain Names (IDN). Hackers can register domain names with certain international characters that resemble other commonly used characters to spoof the address and trick the user into thinking he's at a legitimate site and/or it's secured by SSL. (IE isn't vulnerable because unlike most browsers, it doesn't support IDN by default; instead it requires a third-party plug-in to display international characters in the address bar.) "This is a registrar/registry problem," wrote Mozilla developer Gervase Markham on his blog. "These issues were known when IDN was proposed, and the DNS registration organizations need to step up and implement them." As a short-term solution, Firefox 1.0.1, Mozilla 1.7.6, and Mozilla 1.8 beta will have IDN disabled. All three are scheduled to release in the next week or two, said Markham. [Click here for Full Story] Yahoo Messenger Bug Patch Posted (smallbiz pipeline)
02/18/05 Danish security vendor Secunia said that Yahoo Messenger doesn't correctly display long filenames in the dialog boxes which appear when users transfer files between them. "This could be exploited to trick users into accepting and potentially executing malicious files," said Secunia in an online alert. A Secunia researcher spotted the vulnerability last month, and the company notified Yahoo shortly after. Thursday, Yahoo posted a Messenger update (6.0.0.1921) that fixes the problem; the new version can be downloaded from Yahoo's Web site. [Click here for Full Story] New Tools Strengthen Windows Server Security (smallbiz pipeline)
02/18/05 In an era of heightened security worries, ScriptLogic, Boca Raton, Fla., and DesktopStandard (formerly AutoProf), Portsmouth, N.H., have stepped up with new offerings for Windows Server 2000/2003 that enable administrators and partners to limit access privileges and permissions on a more granular basis. ScriptLogic's Cloak, which began shipping earlier this month, enhances enterprise security by allowing companies to conceal secured files and folders on Windows Server NT File System (NTFS) volumes. It also provides a more accurate auditing of the file system for administrators. Once Cloak is installed on the server, users will only see the folders and files they have permission to access from their Windows desktop or thin client. The software does not require desktop configuration changes to individual desktops or installation of agents onto desktops, the company said. [Click here for Full Story] Microsoft Fesses Up to 16 Vulnerabilities, MSBlast-Level Worm Likely (smallbiz pipeline)
02/08/05 Among them is a vulnerability that will likely lead to the biggest, baddest worm since mid-2003, said Mike Murray, the director of research at vulnerability management vendor nCircle. "There's a clear 'winner' here," said Murray. " MS05-011 fixes a vulnerability in SMB [Server Message Block], which is running on every version of Microsoft's operating systems that a corporation might be using. And it's exploitable remotely, so it doesn't rely on an e-mail or getting someone to a Web site. All the attacker has to do is send a properly-formatted packet and he'll break in. [Click here for Full Story] Only IE Safe from New Spoofing Scheme (desktop pipeline)
02/07/05 A newly uncovered vulnerability in most browsers can allow hackers to spoof the URL displayed in the address bar and the SSL certificate, a security firm warned Monday. The one exception? Microsoft's Internet Explorer. Danish security company Secunia posted an alert describing the vulnerability--which affects Mozilla, Firefox, Safari, Opera, and Konqueror--as a "moderately critical" problem. The vulnerability impacts every browser built atop the open-source Gecko browser kernel--nearly all except IE--because of a flaw in handling International Domain Names (IDN). Hackers can register domain names with certain international characters that resemble other commonly used characters, said Secunia, to spoof the address and trick the user into thinking they're at a legitimate site and/or it's secured by SSL. [Click here for Full Story] Phishers Fake Message From Microsoft (desktop pipeline)
02/04/05 According to Websense Security Labs, e-mails bearing the spoofed address of security@microsoft.com and with the heading "Microsoft Windows Update" ask recipients to update and/or validate both the Windows' serial number and the customer's credit card information on a Web site. "If you do not comply with our policy, windows will ask you to reactivate your serial number, and it will become invalid," the e-mail reads, then goes on to state, "So you will lose any information on your computer. If you do not validate your serial number, your copy of windows will be labeled as piracy." [Click here for Full Story] Are You Responsible for Internet Security? (PC World.Com)
02/04/05 Phishing schemes are prevalent and EBay users are regularly targeted. Phishing scams typically use spam e-mail messages to drive people towards Web pages that look like legitimate e-commerce sites, but in fact steal sensitive information such as user names, passwords, and credit card numbers. The online auctioneer introduced a toolbar about six months ago that tells customers if they are actually on the EBay Web site or on a spoof site. The toolbar has been downloaded 1 million times, while EBay has about 135 million users. [Click here for Full Story] Microsoft plans Major Patch Day on February 8 (PC World.Com)
02/08/05 The release, part of Microsoft's regularly scheduled monthly security update, is the company's biggest patch roundup in months. Included will be nine Windows updates, with at least one rated "critical." Also in the update bundle will be a "moderate-risk" update for Microsoft's SharePoint Services and Office; a.Net framework update rated "important"; a "critical" update affecting Office and Visual Studio; and a "critical" update affecting Windows, Windows Media Player, and MSN Messenger. Microsoft announced the number of planned patches in a security bulletin advance-notification message posted to its TechNet Web site. The company has adopted a schedule of releasing security patches in batches on the second Tuesday of each month. [Click here for Full Story] Browser Feature Could Make Scams Easier (Associated Press)
02/07/05 For once, the affected browser is not the industry-leading Internet Explorer from Microsoft Corp. but rather several of its more robust competitors. That's because the aging IE lacks support for internationalized domain names — at least without a plug-in, which would then make IE vulnerable. [Click here for Full Story] Desktop Search: Proceed With Caution (desktop pipeline)
01/18/05 The software released over the last several months by the three rivals performs a keyword-based search of users' email and files stored on their hard drives. Google integrates web and local search results, the other two do not. Microsoft, however, does let the user perform a separate web search, and Yahoo intends to eventually allow users to search the Yahoo network of online stores and services. Because the applications are available in beta, it's unclear what features will be contained in the production version of the software. As a result, users are being told to proceed with caution. [Click here for Full Story] Hackers Eavesdrop on Phone Networks to Steal Data (Reuters)
01/23/05 The danger of attacks with insider information was illustrated earlier this month with the arrest of a California man accused of breaking into mobile phone network T-Mobile USA Inc.'s database and reading e-mails and files of the U.S. Secret Service, and by the exploits of a hacker who breached a hospital's database and changed mammogram results. The nature of threats to network security has changed as sophisticated hackers learned to tap into sensitive information flowing through telecommunications' servers, especially those that provide wireless and Internet access. [Click here for Full Story] Wayne Rash: Security Your Starbucks Experience (security pipeline)
01/19/05 But one thing that wouldn't have been risky is using the T-Mobile hotspot at my local Starbucks. I could have settled in next to the fireplace (we have a nice Starbucks) and written my column, knowing that prying eyes would never see it before it reached my editor. The reason? I know that my ISP uses a secure connection to its Web mail site, so that anything I do there is encrypted using SSL. But before you just assume that everything you do at a convenient hotspot is safe, there are some things you should know. [Click here for Full Story] Automated Tools Fight Security Wars (security pipeline)
01/17/05 Ticket scalpers, meanwhile, use software that deciphers the wavy words that need to be entered to make purchases on E-commerce sites, hoping to scarf up automatically masses of tickets they then can sell at outrageous rates. Spammers are bypassing similar image-recognition challenges, used by Internet service providers to prevent bulk registration of E-mail accounts, with scripts that trick Web surfers into solving picture puzzles for them. And 24 hours a day, bots search the Net for vulnerable systems. Welcome to the machine wars, where zombie armies--computers compromised and subverted by hackers--churn out spam and malicious code in relentless raids on the PCs of home users and the commercial world's IT systems. Security vendors say it takes as little as six to 15 seconds for a software-driven attack to find and infect an unprotected PC connected to the Internet. "Automated tools that scan IP address blocks are relentless and never get tired," says Bill Hancock, VP and chief security officer at IT service provider Savvis Communications Inc., via E-mail. [Click here for Full Story] Review: Intrusion-Protection Systems (security pipeline)
01/14/05 Detecting network intrusions is no longer enough. Smart organizations aim to prevent them. No wonder: The lag between vulnerability announcement, patch release and exploit is shrinking like a cheap trade-show T-shirt. The Blaster attack came only 25 days after the patch was released, and Sasser was even faster--18 days. In March, the Witty worm struck a buffer-overflow vulnerability one day after the flaw was discovered. Network IPSs (intrusion-prevention systems) can help keep your systems safe by identifying and blocking suspicious traffic. Fully 80 percent of respondents to Network Computing's 2004 Reader Poll have a NIP in place or plan to implement one within a year. We invited vendors to send their systems to our University of Florida partner labs during the height of the 2004 hurricane season for what turned out to be a storm-wracked test--literally. [Click here for Full Story] Army to Hackers: We Know Where You Live (security pipeline)
01/13/05 In a posting to the game's official forum, Phil DeLuca, said that hackers infiltrating the game were not only "breaking the EULA you're misusing Army property " and, worse, you're misusing US Army computer programs and equipment." DeLuca's post, which has since been removed from the site, went on to say that "we know who you are, and can track down where you play from." He also went so far as to cite 20th century tensions between Japan and the United States to lambaste who he called "the bad guys." [Click here for Full Story] Security Guidance Center for Small Business (Microsoft)
01/13/05 When you run a business, sometimes you have to spend money to make money. Sometimes you have to take precautions today to avoid pitfalls tomorrow. That's certainly true when it comes to protecting your business from computer viruses, crashes, hackers, annoying pop-up ads and other threats to productivity. Downloading the powerful new Windows XP Service Pack 2 now will help prevent costly business interruptions later. SP2 is a free download for Windows XP users. [Click here for Full Story] Security Tip of the Month - January 2005 (Microsoft)
01/13/05 A good social engineer is an accomplished actor who tries to charm or intimidate network users into giving him sensitive information. Common ploys include pretending to be an organization executive or member of the IT staff, a fellow worker, or a member of an outside organization, such as a network consultant or phone company employee. A survey by BBC News indicated that more than 70 percent of people who work with computers were willing to reveal their passwords and information that could be used to steal their identities. Information about the survey is available in the article "Passwords revealed by sweet deal". Kevin Mitnick was one of the most famous hackers of the 1980s and 1990s, and served five years in prison for breaking into telephone and computer systems. He now lectures and writes about computer security, and says that social engineering is one of the most dangerous hacking techniques because the best technology in the world cannot defend against it. This human factor is one of the most often overlooked threats to computer security. [Click here for Full Story] 5 Tips for Top-Notch Password Security (Microsoft)
01/13/05 Why? Hackers want access to anything and everything. If they can guess your user name and password, you might as well have given them your wallet and the keys to your building. On This Page 1. Don't be complacent: Attacks can and do happen. 1. Don't be complacent: Attacks can and do happen. 2. Know what makes for a bad password. 2. Know what makes for a bad password. 3. Get proficient at creating good passwords. 3. Get proficient at creating good passwords. 4. By all means, safeguard your password. 4. By all means, safeguard your password. 5. Change your password often — as in several times a year. 5. Change your password often — as in several times a year. Before we talk about what makes a good password, let's begin with the first of five things to know and practice in using passwords. [Click here for Full Story] Why You Should Use a Computer Firewall (Microsoft)
03/09/04 (and still relevant) So what can a hacker do? It depends on the nature of the attack. While some attacks are just nuisances that may play simple pranks, others are created with malicious intent. These more severe strains may attempt to delete information from your computer, crash it, or even steal personal information, such as passwords or credit card numbers. Some hackers enjoy nothing better than breaking into vulnerable computers. Viruses, worms, and Trojan horses are scary. Fortunately, you can reduce your risk of infection by using a firewall. [Click here for Full Story] Security Software: Downloads and Trials (Microsoft)
01/13/05 Get better protection against viruses, hackers, and worms. This service pack includes Windows Firewall, Pop-up Blocker for Internet Explorer, and the Windows Security Center. Microsoft Windows AntiSpyware (Beta) Microsoft Windows AntiSpyware (Beta) Download our new anti-spyware software to help protect your PC from spyware and other potentially unwanted software. MSN Toolbar MSN Toolbar Block pop-up ads with Pop-up Guard. Help prevent pop-up windows from appearing while you browse the Web (works with Windows 98 and later). [Click here for Website] Microsoft Fixes First Three Windows Flaws of 2005 (smallbiz pipeline)
01/10/05 "These are exactly what we expected this month, a couple of patches against threats that are 'wormable'," said Mike Murray, the director of research at nCircle, the vulnerability management vendor whose flagship product is IP360. The first critical flaw is in Windows Server 2003, and in Windows 98, Me, 2000, and XP, including Service Pack 2, the security update that Microsoft rolled out last October. The ancient Windows NT 4.0 is also affected if Internet Explorer 6.0 SP1 has been installed. [Click here for Full Story] IE Bugs Now 'Extremely Critical' (Information Week)
01/10/05 An unpatched, months-old vulnerability in Microsoft's Internet Explorer is now even more dangerous, security firms reported Monday. Danish security vendor Secunia warned that new exploits of an earlier series of vulnerabilities in IE now let hackers compromise Windows computers without any more work than enticing users to malicious Web sites. [Click here for Full Story] Phishers Seen As Ever Bigger Threat In 2005 (Information Week)
01/05/05 One of 2005's biggest security stories will be ever-more-sophisticated phishing attacks that dupe not only consumers into divulging information, but target enterprises, that use not just e-mail to badger users into revealing identities, but make the browser do criminals' work. Although 2004 may have been the year when phishing made waves and grabbed headlines, 2005 will be even worse, messaging and security analysts said Wednesday. [Click here for Full Story] Hackers Sniffing For Vulnerable Microsoft Servers (smallbiz pipeline)
01/04/05 Although the vulnerability was patched in mid-December by Microsoft, the Internet Storm Center and the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) at the Indiana University have seen a drastic increase in the number of probes directed at WINS services (TCP and UDP ports 42). "Patching these systems is now overdue," said the SAN Institute's Internet Storm Center in an online alert. [Click here for Full Story] Happy Not-So-Secure New Year (Information Week)
12/29/04 Microsoft blasted XForce for releasing the detailed information about the flaws before giving the vendor the opportunity to proffer a patch. This gives attackers the jump on developing attacks long before any software company could develop, test, and deploy a patch. And within days that’s exactly what happened: Attacks began to surface, placing systems at risk until Microsoft publishes an update. Hopefully, by its next scheduled “Patch Tuesday” Jan. 11. [Click here for Full Story] Phishers Have Joined The Holiday Shopping Spree (Information Week)
12/22/04 It's no surprise that phishing attacks are on the rise during this holiday season. After all, the season that brings out the best in people also, sadly and inevitably, brings out the worst. And what better way is there for a crook to go on a Christmas shopping binge than to go with someone else's money? Proofpoint's Anti-Spam Lab has identified nearly 100 new and unique phishing attacks that were started in November. That's an increase in their measure over the previous month of 80 percent, and an increase of more than 1,000 percent, which reflects the growing popularity of the technique among identity thieves. The company expects a similar, or even larger, increase this month. [Click here for Full Story] Gartner: Don't Use Google Desktop In Enterprise (Information Week)
12/21/04 The recently-disclosed -- and patched -- flaw in Google Desktop Search drew a repeated warning Monday from research analysts about the danger of using first-generation local search tools from the likes of Google, Microsoft, and others. In an alert posted on the Gartner Web site, analysts Whit Andrews and Ray Wagner said that even though Google quickly fixed the bug by rolling out an auto update, "Gartner still advises caution in enterprise deployment of this tool." [Click here for Full Story] National Cyber Security Month - Five key things you can do to improve
your online security (Microsoft)
12/14/04 Securing Wireless E-Records (Information Week)
12/13/04 Few understand how tough it can be to lock down wireless networks better than Stephen Lewack, director of technical services and communications at Columbus Regional Healthcare System. Lewack is protecting a growing number of wireless devices throughout the Georgia hospital, which includes more than 400 in-patient beds, more than 200 long-term care beds, and a pharmacy. [Click here for Full Story] 'Critical' Security Flaw Found in Internet Explorer (Information Week)
12/01/04 Microsoft is warning of a "critical" security flaw in Internet Explorer. Hackers could use the vulnerability, called "iFrame," to put software on an infected computer's hard drive. The bulletin states: "If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges." [Click here for Full Story] The Threats to Com (Information Week)
11/30/04 As security pros protect their applications and networks from today's most common attacks, hackers are preparing to wage new wars. As new technologies such as Web services, radio-frequency identification, and smart phones loaded with complex operating systems become prevalent, new attack techniques against business-technology systems will follow. [Click here for Full Story] Microsoft Windows Name Service (WINS) Said to be Vulnerable (TechWeb.Com)
11/30/04 Microsoft says it's looking into reports of a security screw-up in Windows Internet Name Service (WINS), a component of its most popular server software, including Windows NT 4 Server, Windows 2000 Server, and Windows Server 2003. In a posting to its online support center, Microsoft said: "this security issue could make it possible for an attacker to take control of a WINS server remotely." As of Nov. 26, however, Microsoft said it didn't know of any actual exploit of the possible vulnerability. Microsoft recommended that network administrators remove WINS if it's not needed, and/or block TCP and UDP ports 42 at the firewall. [Click here for Full Story] Unprotected PCs can be hijacked in minutes (USA Today.Com)
11/30/04 While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams. [Click here for Full Story] Hackers Take Aim At Ad-Server Networks (Information Week)
11/29/04 On Nov. 20, attackers infiltrated the ad-server network of German Internet marketing company Falk eSolutions AG. They compromised one of the company's servers, inserting code that caused some Web surfers who visited sites displaying Falk's banner ads to become infected by a Trojan horse located on other Web sites that opens their systems to attack. The hackers took advantage of a known but unpatched flaw in Internet Explorer 6.0, and Web surfers running that browser didn't have to click on the banner ad to get infected, says Joe Stewart, senior security researcher for security services firm LURHQ Corp. Systems running Internet Explorer 6.0 on Service Pack 2 aren't vulnerable. [Click here for Full Story] Government Uses Color Laser Printer Technology to Track Documents (PC
World.Com)
11/22/04 According to experts, several printer companies quietly encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. Governments, including the United States, already use the hidden markings to track counterfeiters. [Click here for Full Story] Hacked European Ad Server Infects IE Users (Information
Week)
11/22/04 The affected Web sites included trusted sites in the U.K., the Netherlands, and Sweden, according to the Internet Storm Center of the SANS Institute. Users who visited one of the impacted sites stood a 1-in-30 chance of being infected with a worm that exploits the still-unpatched IFRAME vulnerability in Microsoft's Internet Explorer 6.0. [Click here for Full Story] Researcher Finds Linux, Samba Security Bugs (Information
Week)
11/18/04 According to Stefan Lesser, chief security officer at e-matters GmbH, a German security consulting firm, the first vulnerability affects Samba, an open-source product that provides file and print services to SMB/CIFS clients, including those using Windows. Esser said an attacker could use a buffer overflow exploit to execute arbitrary code on an unpatched Samba server. [Click here for Full Story] Sloppy Admins Leave Linux Vulnerable To Security Breaches (Information
Week)
11/11/04 Linux has gaping security holes caused by systems administrators who either can't or won't keep up with the latest patches, according to a report from British security firm mi2g. [Click here for Full Story] Small Business Security Computer Check List (Microsoft) 12/17/04 Protect Your Desktops and Laptops 5 Tips for Top-Notch Password Security (Microsoft) 12/17/04 Whether it's a few PCs or hundreds on your network, there’s one thing that can separate your system from being compromised: a great password. Why? Hackers want access to anything and everything. If they can guess your user name and password, you might as well have given them your wallet and the keys to your building. On This Page 1. Don't be complacent: Attacks can and do happen. 1. Don't be complacent: Attacks can and do happen. Creating Stronger Passwords
(Microsoft)
05/03/04 |
 |
|
||||
| Copyright © 2004 I.S. Sentry, Inc. All rights reserved |
New Microsoft Critical
Patches. Go