|
|
|
Security News |
     |
 |
 |
 |
         
I.S. Sentry, Inc.
|
 |
After hard Lessons, the VA
Encrypts It All (TechWeb)
09/22/06 Leadership in information security coming from the federal government is uncommon, so enterprises should learn from this pioneering effort. While encrypting every device seems like overkill, the economies of scale across so many different domains may, down the road, make this move look savvy rather than wasteful. Software costs are decreased because of large block- or site-license discounts; training can be developed once and administered by a single department; and compliance with inevitable data security and privacy regulations can be streamlined. [Click here for Full Article] How To Defend Against IE's
VML Bug (TechWeb)
09/20/06 Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line. -- Click Start, choose Run, and then type -- regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll -- Click OK, then click OK again in the confirmation dialog that appears. To undo the command, use: -- regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll [Click here for Full Article] 5 Ways To Button Up Internet
Explorer (TechWeb)
07/21/06 After all, the technigentsia have long proclaimed that mentioning "IE" and "security" in the same breath is akin to oxymorons like "jumbo shrimp," "friendly fire," and "priceless junk." But nearly 80 percent of the world's surfers use IE. They can't all be dim. They're not, and neither is Microsoft, which after five years of resting on the laurels, so to speak, of IE 6, is updating the browser to version 7, both for Windows XP as well as for the upcoming Windows Vista. IE 7, promises Microsoft is more secure, and safer to use than the problem plagued earlier editions. As in last week's "5 Ways to Bulletproof Firefox," we sniffed out five tools for Internet Explorer that lock down the browser and help make online time safe time (or at least safer). [Click here for Full Article] Researcher Takes Google
Malware Search Public (Desktop Pipeline)
07/18/06 HD Moore, the lead developer for the Metasploit Framework open-source exploit project, created a tool and posted code that shows how to use Google to look for specific data strings -- which Moore dubbed "fingerprints" -- within code already defined as malicious. He worked with others, including researchers at the Offensive Computing project -- who gave him access to their malware database -- to create the code, which includes a malware signature generator, a malware Google API signature search application, and a malware downloader. Last week, San Diego-based Websense noted that Google indexes binary files, in particular some Windows executables, and in general terms described how it created a toolset that used the search engine's API to automate detection of malware and malicious code-infected sites on the Internet. [Click here for Full Article] 5 Tools To Bulletproof
Firefox (TechWeb)
07/14/06 If the most important step you can take to secure your system is to use a secure browser -- advice held by everyone apparently, including Microsoft, which is working feverishly on IE 7 to close the years'-long security gap it created by not keeping the app up to date -- then the second step is to lock down the browser beyond what it offers out of the box, and/or learn how to use the security tools it does provide. Firefox, which recently regained some of its market share momentum, fits the bill as a secure browser (more secure, anyway, than IE 6.x, its prime competitor). We've wrapped up the second step for you by sniffing out five tools -- four extras and one integrated -- that we see as the most important security add-ons. [Click here for Full Article] FTC Loses Laptop, Maybe IDs
of Spyware Spreaders (Tech Search Bets)
06/28/06 The Federal Trade Commission (FTC), the government agency whose duty it is to protect consumers from hucksters and scammers -- and which regularly sues spammers, takes on privacy-violating adware spreaders, and takes identity-stealing spyware makers to court -- today admitted it had lost a pair of laptops, and thus the identities buried in the data on the machines' hard drives. The two notebooks were stolen from a locked vehicle, said the FTC in its this-is-really-embarrassing statement. One of the portables contained identity data on 110 people; the data included names, addresses, Social Security numbers, dates of birth, and in some cases, financial account numbers. Wait, there are more ironies to come. The data, said the FTC, was acquired "in law enforcement investigations" and among the victims were "some of whom are defendants in current and past FTC cases." [Click here for Full Article] Microsoft Makes Anti-Piracy
Tool Less Intrusive (Small Business Pipeline)
06/27/06 In addition, Microsoft replaced the end user license agreement with one that the company said more clearly explains the purpose of the software and how it operates. The Redmond, Wash., company came under fire this month following media reports that WGA communicated with Microsoft each time a PC connected to the Internet. In addition, critics complained that the company mislabeled the software as a "critical update" when it was distributed through the Windows Update feature in XP, and then gave no way to remove it. [Click here for Full Article] Security Software Isolates IE
To Ward Off Threats (Small Business Pipeline)
06/27/06 GreenBorder Technologies' same-named GreenBorder Pro uses virtualization-like technologies to separate IE from the rest of the system, so that if malicious software does execute, it doesn't actually touch the computer. Instead, it runs only within the "sandbox," which can be "dumped" with a click. "But this is much more than just virtualization," argued Bernard Harguindeguy, GreenBorder's chief executive, as he cited other security provisions in the product, such as a feature that scrubs the system of personal data after an online transaction. The software also blocks keyloggers from capturing keystrokes, and cloaks all files and system resources so that they're invisible to attacks, and thus safe from remote access or modification. [Click here for Full Article] Review: McAfee Total
Protection Beta Takes On Windows Live OneCare (Small Business Pipeline)
06/26/06 McAfee's Total Protection provides an extensive set of features that go beyond security to offer data protection and system maintenance. According to McAfee, it will eventually release four security suites, the first two of which are now available as downloadable betas. McAfee Total Protection is built on previous McAfee products such as VirusScan and Personal Firewall but adds new features to deal with emerging threats such as phishing. McAfee VirusScan Plus offers a subset of Total Protection's features dealing with virus, spyware, or hacker activity. I downloaded and installed the Total Protection beta to see how it holds up. [Click here for Full Article] Flaw Found in Cisco Secure
Access Control Server (CRN)
06/26/06 Secure ACS, an identity networking solution that simplifies user management by combining authentication, user and administrator access, and policy control, includes a flaw that could enable attackers to gain administrative access to the Web-based interface used to manage network devices, according to independent security researcher Darren Bounds, who revealed the flaw in a post to the Full Disclosure security mailing list last week. Secure ACS is essentially the hub of Cisco's NAC framework and it relies heavily on the ability of the user and endpoints to authenticate against a central directory, Bounds said. "Ultimately, compromising Secure ACS grants you administrative access to any devices that the server is responsible for authenticating," said Bounds. The flaw is "fairly trivial" to exploit because the information to exploit it can be easily acquired and may already exist in some circumstances, Bounds said. For example, many companies handle access to the Secure ACS through a proxy, which means all clients have the same IP address, he noted. [Click here for Full Article] Utility Stamps Out
Microsoft's "Phone Home" Anti-Piracy App (Tech Search Bets)
06/23/06 Firewall Leak Tester, which specializes in firewall stress tests, has released RemoveWGA, a program that deletes the Windows Genuine Advantage Notification Tool. The tool is one of two components that Microsoft has been aggressively promoting as a way to detect counterfeit copies of Windows ( WGA Validation Tool), then nag the user if a bogus Windows is found (Notification Tool). Two weeks ago, Microsoft came under fire for not making it clear that WGA communicates with the company on a daily basis. Microsoft later issued a statement that denied its anti-piracy software was spyware, tried to explain why it was pushing the Notification Tool via Automatic Update, and said it would modify the software so it "phoned home" to Microsoft less frequently. [Click here for Full Article] Review: Windows Live OneCare
Protects Your PC -- Almost (Desktop Pipeline)
06/13/06 OneCare is a reasonably priced, well-integrated security and tune-up solution that will be welcomed by beginning and intermediate PC users. But power users and small businesses may be disappointed because the suite lacks some important features, with a notably weak backup module. The best thing about Windows Live OneCare is how well its different applications combine into a single solution, and how well OneCare itself integrates into Windows. OneCare's main control panel replaces Windows XP's normal Security Center. From this one location, you can use and customize all of the suite's features, including anti-virus, anti-spyware, a two-way firewall, computer tune-up, and backup. Because it replaces the Security Center, it acts as if it were a normal part of the operating system. The alerts built into OneCare are particularly useful. The OneCare icon in the System Tray stays green when no action needs to be taken; turns orange when a task needs to be performed, such as backing up your hard disk; and turns red when a danger is found. Double-click the icon, and OneCare opens and informs you about the task that needs to be performed -- after which you can set it in motion with a single click. [Click here for Full Article] Microsoft's Anti-Piracy Tool
Draws Criticism, Changes Planned (Tech Web)
06/09/06 In addition, the software maker has come under fire for failing to make it clear to people installing Windows Genuine Advantage (WGA) that the application communicates with Microsoft on a daily basis. Microsoft on Friday acknowledged that it could have done a better job in explaining how the software behaves. The application is currently in beta. "There have been some questions on this issue and Microsoft is working to more effectively communicate details of this feature to the public," a spokeswoman for the Redmond, Wash., company said in an email. [Click here for Full Article] The Inside Story Of A
Million-Dollar VoIP Scam (Networking Pipeline)
06/08/06 Federal prosecutors charge that Edwin Andres Pena of Miami hacked into the networks of Internet telephone providers and fraudulently sold more than 10 million minutes of VoIP calls. Pena allegedly sold $1 million of phone service to his customers at extremely reduced rates. But rather than buy long-distance minutes from existing providers to provide the service, he instead hacked into the networks of VoIP providers, and provided the minutes for free. Here's how he did it. [Click here for Full Article] IE And Firefox Sport New
Zero-day Flaw (Tech Web)
06/06/06 According to Symantec, which issued an alert late afternoon Tuesday, all versions of the Microsoft and Mozilla browsers could be used to harvest data through a JavaScript key-filtering vulnerability. "This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users," went the Symantec warning. [Click here for Full Article] Nightmare On Wall Street:
Prosecution Witness Describes 'Chaos' in UBS PainWebber Attack (Information
Week)
06/06/06 IT manager Elvira Maria Rodriguez told the court she arrived at work at the company's Escalation Center in Weehawkin, N.J., at 8:30 or 9 a.m. on March 4, 2002, expecting nothing out of the ordinary. She logged into the system and phoned into the weekly Monday-morning conference call. But just as it turned 9:30 and the stock market was opening for the day, Rodriguez, who was in charge of maintaining the stability of the servers in the company's branch offices, heard her computer beep. She turned to look at it and saw the words "cannot find" on her screen. She hit "enter" to see the message again but her screen was frozen. [Click here for Full Article] Cleaning Up Data Breach Costs
15x More Than Encryption (Tech Web)
06/06/06 Gartner analyst Avivah Litan said in a research note that data protection is cheaper than a data breach. She recently testified on identity theft at a Senate hearing held after the Department of Veterans Affairs lost 26.5 million vet identities. "A company with at least 10,000 accounts to protect can spend, in the first year, as little as $6 per customer account for just data encryption, or as much as $16 per customer account for data encryption, host-based intrusion prevention, and strong security audits combined," Litan said in an accompanying statement. [Click here for Full Article] Gartner: Skype Bugs Bad News
For Enterprises (Desktop Pipeline)
05/31/06 Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient's computer and data. "This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype," wrote Gartner research director Lawrence Orans in an online research note. "Because the Skype client is a free download…most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks." [Click here for Full Article] Symantec Patches AV Flaw In
Five Days (Tech Web)
05/30/06 A stack overflow in the Cupertino, Calif. security company's Client Security 3.0 and 3.1, and its AntiVirus Corporate Edition 10.0 and 10.1, were fully patched as of Sunday, according to an updated advisory on Symantec's Web site. The fixes must be downloaded and installed manually. Early Friday, Symantec confirmed that the two corporate anti-virus titles were flawed, and said it was working on a fix. Later that day, the company posted signature updates to its intrusion prevention system (IPS) appliances to protect those customers with the hardware on their networks. [Click here for Full Article] VA Had Many Security Warnings
Before Its 26.5 Million-Person Breach (Systems Management Pipeline)
05/29/06 A VA analyst took home electronic data from the office to do after-hours work on his personal computer. The data included names, Social Security numbers, and dates of birth on 26.5 million people. The laptop and an external hard drive the analyst was using, along with the data, were stolen in a May 3 burglary. The VA ran afoul of standard security practices on many levels. The analyst was authorized to access the sensitive information, which was required for a policy-related project, but not to remove it from the office. Yet that policy was little known or largely ignored. The unidentified analyst had been taking data home as part of his work routine since 2003, unbeknownst to his supervisors, the VA inspector general's investigation found. [Click here for Full Article] Symantec Says Its Own AV
Product has Zero-Day Vulnerability (Tech Web)
05/26/06 "Symantec Antivirus is susceptible to a remote code-execution vulnerability. This issue allows remote attackers to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers," the company said in an alert Friday to customers of its own DeepSight Threat Management System. Thursday, security vendor eEye Digital released a preliminary alert that said Symantec AntiVirus 10.x and Symantec Client Security 3.x included a remotely-exploitable vulnerability that could be attacked via a network-style worm which wouldn't require any user interaction to compromise a computer. [Click here for Full Article] Windows Vista Beta 2: Great
Search, Improved Security, Hardware Snags (Tech Web)
05/25/06 The much-ballyhooed search feature is turned on for the first time, and it's just about everything that Microsoft promised. The universally disliked User Account Control (UAC) has received significant work, and is finally usable, helping to lead the way to a more secure operating system. And overall, there's a better organization and "fit and finish" to this beta than previous Vista versions. Still to be resolved, though, are a variety of hardware compatibility issues that could delay the Vista launch date. And although the Windows Firewall has been improved, users may have trouble finding its advanced controls. [Click here for Full Article] Exploit of Windows 2000
Zero-Day to Hit in June (Tech Web)
05/25/06 According to the Cupertino, Calif. company's alert, an exploit for the zero-day bug in Windows 2000's SMB (Server Message Block) protocol has been created by Immunity Security, the makers of the CANVAS exploit-creation platform. By Immunity researcher Dave Aitel's account, the exploit leverages a flaw in the operating system's kernel that can be triggered through SMB, and will give an attacker full access to the PC. [Click here for Full Article] Windows Vista Beta 2 Launches
With Security Fixes (Tech Web)
05/23/06 Back in April, news reports stated that Microsoft planned to turn off half the firewall in Vista, disabling the outbound filtering capabilities by default -- making its defense identical to that of Windows XP SP2. However, according to Austin Wilson, director, Windows client for Microsoft, the Windows firewall will actually allow bidirectional filtering in Vista. Although outbound traffic will be allowed by default, there will be important exceptions, such as core Windows services. Applications, however, will not be blocked. Another security feature that created a stir was User Account Control, Microsoft's attempt to convince users to operate with standard rather than administrative rights. In Vista, a newly enhanced standard mode was supposed to allow users to perform more functions, thus avoiding the necessity for them to use admin privileges, and offering the increased protection from malware that standard mode offers. This was described as the "elevation model" -- every time a standard user tried to perform a function that demanded administrative rights, Vista would ask for consent (and a password), thus avoiding the necessity of change to administrative mode. [Click here for Full Article] Microsoft Working on Word
Patch; Don't Panic Say Experts (Desktop Management Pipeline)
05/22/06 The Microsoft Word bug first surfaced Friday, when numerous security companies, led by Symantec, said that an active exploit was using an unpatched vulnerability in Word 2003 and Word XP to drop a backdoor Trojan onto a limited number of PCs. Once in place, the Trojan -- which uses rootkit techniques to infiltrate code into difficult-to-detect locations on the drive -- provides the attacker with command shell access to the PC, effectively hijacking the machine. Friday and Saturday, Microsoft acknowledged the Word bug, said it was working on a fix, and downplayed the vulnerability. [Click here for Full Article] Microsoft's Security
Ambitions (Security Management Pipeline)
05/22/06 Once upon a time, Whale swam in a sea of SSL VPN vendors—Neoteris, URoam, SafeWeb, enKoo, Aventail, Permeo, Twingo Systems, Net6 and many more. The technology was never intended to be a standalone solution; SSL VPN is a feature set of a much larger security system. This is why it made sense when NetScreen, F5 Networks, Symantec, Citrix, Cisco Systems, Check Point and all of the other perimeter security hardware vendors snapped up the SSL VPN start-ups to incorporate the technology alongside IPSec VPNs. [Click here for Full Article] Want To Pass Your Next
Security Audit? New Standard May Be The Answer (Information Week)
05/22/06 ISO 27001 was approved in October, replacing British Standard 7799-2 as a way to position companies to pass security audits. In certifying to it, companies are in a position to move quickly when they identify a potential problem. Consulting firm Churchill & Harriman worked with the Federal Reserve Bank of New York to bring its national incident response unit into compliance with ISO 27001, putting the bank ahead of most U.S. businesses. The national incident response unit monitors, analyzes, and escalates information about security threats to the business. Out of necessity, financial services companies lead the way in technology adoption, particularly in security, says Ken Peterson, CEO of the consulting firm. [Click here for Full Article] Skype Sick With Bad Bug, Must
Be Patched (Tech Web)
05/19/06 The vulnerability, which Danish bug tracking firm Secunia rated as "moderately critical," is in the VoIP software's parsing of URLs. A malformed link -- sent in a Skype message, for instance -- can begin the transfer of a file from attacker to recipient, who does not need to have "explicitly consented to the action," Skype said in an advisory. The transfer, however, would be seen by the recipient. "If a file transfer is started, it will be visible to the user and may be cancelled by the sender by selecting 'Cancel' in the normal way," the alert continued. [Click here for Full Article] Company's Urged To Protect IP
From Employees (Systems Management Pipeline)
05/19/06 The Computer Fraud and Abuse Act, designed to protect government computers and punish hackers, has been amended and now applies to any computer connected to the Internet, said Gregory Trimarche, a partner at the influential law and lobbying firm Greenberg Traurig, whose cases range from antitrust to media and entertainment, supporting emerging companies to Fortune 500 corporations. Sensitive data can range from detailed customer and employee contact lists to internal marketing material. Trimarche defines "intellectual property" and "trade secrets" as information that derives "independent economic value" that's not "generally known or available to the general public or competitors." An employee's know-how or talent doesn't fall into this category. The company phone list with extensions could, however. [Click here for Full Article] Microsoft Word Zero-Day Hack
Under Way (Tech Web)
05/19/06 "Currently, observed attacks are limited to attacks against select targets," Symantec warned in a bulletin to customers of its DeepSight Threat Management System. The attack is successful against the newest version of Microsoft's word processor, Word 2003, but only crashes Word 2000 and Word XP, without leading to a computer compromise. [Click here for Full Article] Disable IE's Active Scripting
to Protect Against Bug (Desktop Pipeline)
03/30/06 While users wait for Microsoft to patch the most recent zero-day vulnerability in Internet Explorer, security experts agree that the best way to protect PCs is to dump the browser's Active Scripting function. Even eEye Digital Security, one of two commercial security vendors that has released unsanctioned, temporary patches for the problem, said so. "Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation," eEye warned in the advisory accompanying the patch. [Click here for Full Article] The "Worst Hack Ever" PIN
Theft Gets Everyone's Attention (Systems Management Pipeline)
03/09/06 Wednesday, Citibank confirmed that an ongoing fraud had forced it to reissue debit cards and block PIN-based transactions for users in Canada, Russia, and the U.K. But Citibank is only the tip of the iceberg, said Avivah Litan, a Gartner research vice president. The scam -- and scandal -- has hit national banks like Bank of America, Wells Fargo, and Washington Mutual, as well as smaller banks, including ones in Oregon, Ohio, and Pennsylvania, all of which have re-issued debit cards in recent weeks. "This is the worst hack ever," Litan maintained. "It's significant because not only is it a really wide-spread breach, but it affects debit cards, which everyone thought were immune to these kinds of things." [Click here for Full Article] Microsoft Fixes nasty
Outlook, Exchange E-Mail Bug (Tech Web)
01/10/06 "This one isn't an MSBlast-style bug, but it's severe enough that if someone is clever, they'll come up with a quickly-propagating worm that will do some major damage," said Murray. The problem, he added, is that it's a "dual opportunity vulnerability," since it impacts both Outlook, Microsoft's main e-mail client, and the Exchange mail server software. [Click here for Full Article] Microsoft Downplays New WMF
Bugs, Dubs Them "Performance Issues" (Tech Web)
01/10/06 Security company Symantec warned users on Monday that three new vulnerabilities in the Windows graphics engine could allow maliciously-crafted Windows Metafile (WMF) files to crash and likely compromise computers. The bugs, said Symantec, were related to the one patched last Thursday by Microsoft, but not fixed by that update. Microsoft acknowledged the problem, but contended that it wasn't serious. "Microsoft's initial investigation has found that these are not security vulnerabilities but rather performance issues that could cause an application to stop responding," a spokesperson said late Monday afternoon in an e-mail to TechWeb. [Click here for Full Article] Hot Apps: AMUST eCondom (Smallbiz
Pipeline)
01/09/06 Here’s the deal. Like others, I plead guilty to too often jumping onto the Net using an administrator account rather than a safer user account for any of a number of reasons: time pressure, inadvertence, an unwise decision, or downright laziness. The next release of Windows, Vista, is expected to address such recklessness through a Microsoft Internet Explorer Protected Mode. But until you can run Vista you can get a similar level of protection by using eCondom. (You must be running Windows XP.) Holding my breath, I launched eCondom and Internet Explorer, then visited some of the most malware-infected sites. During my browsing and afterward, I found no traces of malware gremlins or attempted hijinks. That’s especially impressive for a free product. [Click here for Full Article] Microsoft Plans Two More
Critical Patches Tuesday (Desktop Pipeline)
01/06/06 Microsoft may have released the Windows Metafile hot fix, but it has other patches still to come next Tuesday, the Redmond, Wash.-based developer said late Thursday. In the monthly pre-patch notification it puts out five days prior to releasing fixes, Microsoft warned users that two security bulletins, both tagged as "Critical," will be issued Jan. 10. In Microsoft's terminology, Critical means that a vulnerability can be remotely exploited. The just-fixed WMF bug, for instance, was also dubbed "Critical." Last month Microsoft released two bulletins, while the month before saw only one. [Click here for Full Article] Will Windows Vista Eliminate
Third-Party Security Apps? (cNet)
01/06/06 New and improved Microsoft Security Center At first glance, Windows Vista makes security maintenance easy with a more robust Security Center, adding account protection settings and antispyware protection settings. Also, it's now possible to configure automatic Windows Updates from within the Security Center. However, in this build, accessing the Windows Firewall setting still requires using the Control Panel. [Click here for Full Article] Hackers Find Security Hole in
BlackBerry Enterprise Server (Information Week)
01/03/06 Phenoelit found a problem in the way the server's BlackBerry Router handles Server Routing Protocol packets. An attacker could cause denial of service by sending "specially crafted" packets to the router, according to a vulnerability note posted on the U.S. Computer Emergency Readiness Team's Web site. The result could be disrupted communications between the BlackBerry Enterprise Server and BlackBerry devices, the note states. In a prepared statement, Research In Motion said it "has already developed software fixes for the issues identified by [the group] and although there have been no customer reports of any actual problems, RIM has also provided temporary precautionary measures that can be taken in the mean time until customers are able to implement the software updates." [Click here for Full Article] Microsoft Plans To Patch
Zero-Day Windows Bug (Server Pipeline)
01/03/06 "Microsoft has completed development of the security update for the vulnerability," a company spokesperson wrote TechWeb in an e-mail. "The security update is now being localized and tested to ensure quality and application compatibility." She stopped short of promising a patch, however, adding "This release is predicated on successful completion of quality testing." The move is just the latest in the week-long story of a new vulnerability uncovered in Windows' rendering of WMF (Windows Metafile) images, and an increasingly long list of both exploits and Web sites using these exploits to hack into PCs. As far as some researchers are concerned, Microsoft's promise is overdue. [Click here for Full Article] December IM Attacks Jump 826
Percent Over 2004 (Tech Web)
01/03/06 According to IMlogic's Threat Center, December 2005's instant message exploits jumped 826 percent over December, 2004, just the latest proof of the expanding threat facing IM users throughout the year. December, however, was slightly off the previous two months. The year's last month saw 241 new threats, said IMlogic, down from the 307 in November and the 294 in October. Combined, the three months showed a 13 percent increase in IM threats over the third quarter of 2005. [Click here for Full Article] Sad State of Data Security (Security
Pipeline)
01/02/06 It's the IT problem that just won't go away. From the time early last year that ChoicePoint Inc. admitted it had been duped into revealing personal data to identity thieves, dozens of other businesses, government agencies, and schools have followed with their own admissions of ineptitude. In most cases, victims can't do much more than keep a watchful eye on their financial statements and credit reports--and hope for the best. Not surprisingly, fraud is on the rise and consumer confidence on the decline. The Justice Department's blunder came to light when InformationWeek investigated the concerns of Nick Staff, a systems security manager at a large bank, who had grown frustrated when Justice failed to remove several Social Security numbers from its Web site, www.usdoj.gov, after Staff contacted the agency directly. In one case, the Social Security number of a woman involved in a 2003 immigration-review case was included in documentation about the case. Additional site searches yielded other peoples' numbers in a half-dozen other places. [Click here for Full Article] White House Will Continue to
Track Net (Security Pipeline)
12/31/05 The White House site uses what's known as a Web bug — a tiny graphic image that's virtually invisible — to anonymously keep track of who's visiting and when. The bug is sent by a server maintained by an outside contractor, WebTrends Inc., and lets the traffic-analysis company know that another person has visited a specific page on the site. Web bugs themselves are not prohibited. But under a directive from the White House's Office of Management and Budget, they are largely banned at government sites when linked to cookies, which are data files that let a site track Web visitors. [Click here for Full Article] How To Beat Back The New Zero-Day Windows Bug (Server Pipeline)
Several firms, Microsoft included, told users to disable the Windows Picture and Fax Viewer, the application that Internet Explorer automatically launches to display WMF image files. Microsoft's advisory instructed users to click the Start menu, choose Run, then enter "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quote marks), and click OK. Doing so, however, breaks the viewer so that it won't display other associated image file formats, such as those with the .jpg extension, a popular format used by most digital cameras. And it might not solve the problem. "Any application which automatically displays or renders WMF files is vulnerable," wrote Chris Carboni, an analyst with the Internet Storm Center, in a blog entry Thursday. [Click here for Full Document] Four Security Resolutions For The New Year (Smallbiz Pipeline)
But you should also make some reservations at the office: resolutions that you’ll actually keep. Perhaps the most important of these should be a determination to get a handle on your security strategy and the subsequent implementation. And that, of course, leads to: The First Resolution: Get To Strategy You need to actually figure out what your security strategy will be this year. In other words, look at the big picture. I realize that you’ve been intending to do this all year, but of course all those fires you have to fight, all those day-to-day decisions kept getting in the way. By figuring out your security strategy, I mean that it’s time to decide what your goals are. [Click here for Full Document] Microsoft To Beef Up Internet
Explorer 7 Security (Tech Web)
12/08/05 Like its predecessors, IE 7 enforces security policies by clumping sites into four security categories, or zones, dubbed Internet, Intranet, Trusted Sites, and Restricted Sites. Typically, the Intranet zone comes with fewer restrictions than the Internet zone. In the past, however, attackers have sometimes managed to fool IE into treating an outside site as in one of the less-secure zones; that's called a "zone-spoofing attack." To prevent some of these attacks, IE 7 will instead treat all sites as being in the more-secure Internet zone, unless the PC is really part of a managed network (such as is often the case in a corporate environment). [Click here for Full Article] Most Americans Unprepared For
Phishing (Security Pipeline)
12/07/05 Nearly a quarter of online people in the United States have found themselves the target of the online con artists, and roughly one in five knows a friend or family member who has been duped, according to the second annual survey by America Online Inc. and the National Cyber Security Alliance. Pointing to the effectiveness of phishers, 70 percent of U.S. consumers receiving scam e-mails believed they might be from legitimate companies. “Phishers are getting more adept at tricking consumers into revealing their bank account and personal financial information, and most Americans can't tell the difference between legitimate correspondence and the growing flood of scam e-mails that can lead to fraud and identity theft." Tatiana Platt, senior vice president and chief trust officer for AOL, said in a statement. [Click here for Full Article] Security Threats Up Nearly 50
Percent in 2005 (Tech Web)
12/06/05 The number of new worms, viruses, and Trojan horses jumped 48 percent in 2005, a security company said Tuesday, as it detailed the year's security woes. U.K.-based Sophos detected nearly 16,000 new threats from January to November, 2005, a major bump from the 10,724 during the same period in 2004. Every month in 2005 posted larger-than-last-year numbers, but November, which was marked by the debut of a strong Sober.z worm, outpaced all others. By Sophos' records, 1,940 new viruses, worms, Trojans, and spyware threats were spotted last month, its largest-ever monthly increase. If that pace were to continue, the next 12 months would see a whopping 23,000 threats. Topping Sophos' top-10 chart was the long-running Zafi.d, a mass-mailed worm that made itself known almost a year ago: It accounted for 16.7 percent of all threats detected during the first 11 months of 2005. Netsky.p took second place, with 15.7 percent, while the new Sober.z came in at third, with six percent. [Click here for Full Article] Security's Shaky State (Security
Pipeline)
12/05/05 The third annual Strategic Deployment Survey conducted by Secure Enterprise, an InformationWeek sister publication, polled more than 1,500 IT-security pros about their companies' security and their tactics for dealing with challenges. Follow-up interviews provided even more details on the state of IT security. Shortfalls in security staffing and budgets aren't new, of course. But what makes the situation more nerve-racking are the regulatory risks and compliance requirements that fall to the IT security department, adding cost and work at a time when budgets are growing only moderately, if at all. Case in point: One multibank holding company with 500 employees and assets of almost $2 billion recently implemented monitoring, encryption, and intrusion-prevention technologies to assist its adherence to the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, the Bank Secrecy Act, and the Health Insurance Portability and Accountability Act. But the company's chief information security officer, who asked to remain unidentified, still has a bleak security outlook. [Click here for Full Article] Network Security Hardware And
Software Sales Hit $1 Billion In 3Q (Systems Management Pipeline)
12/02/05 Though this represents 1% growth over the previous quarter, network appliance and software revenues are growing at a healthy rate. Virtual private network (VPN) and firewall appliance sales accounted for 77% of the revenues, while 14% came from sales of intrusion detection systems (IDS) and intrusion prevention systems (IPS). Gateway anti-virus products accounted for 9% of revenues. Cisco remains the overall market leader. Infonetics forecasts a 21% overall revenue increase over the next year, with annual revenues from network security product sales to reach $6 billion by 2008. By then, IDS/IPS products will make up 15% of revenues, while the gateway anti-virus revenue share will rise to 12%. [Click here for Full Article] Microsoft Likely To Break
Cycle, Patch Early (TechWeb)
12/01/05 The unpatched vulnerability in Internet Explorer is bad enough, said the company which reported the Trojan drive-by download exploit to Redmond, that Microsoft will probably fix the problem before this month's scheduled patch day, December 13th. "This is an extremely critical threat," said Alex Eckleberry, president of anti-spyware developer Sunbelt Software. "It's not widespread, it's not like a Sober or a Zotob, in fact we’ve seen it only a limited number of sites. But it's really, really bad. "Even running a fully patched Windows XP SP2 system, you can still get nailed." The hole in Microsoft's popular IE browser goes back several months, when a researcher reported the vulnerability to Microsoft. Initially, the bug was thought to only crash the browser, but new information points to a greater threat: that an attacker can run malicious code remotely on a compromised PC by luring users to a malicious Web site. [Click here for Full Article] All The Rage: Microsoft Has
Privacy Epiphany, But Laws Still A Long Way Off (Security Pipeline)
12/01/05 In a recent speech, Microsoft general counsel Brad Smith said this is the time and place for the government to adopt privacy legislation. Conflicting state laws as well as differences between state and federal laws, have created too much confusion, he said. Microsoft's revised stance is ironic: The privacy threat would not be so dire if the company could patch the plethora of security holes in Windows and IE. And, federal privacy legislation might have been passed three years ago if Microsoft hadn't so vehemently opposed it. After being a stumbling block for so long, can the software vendor now be an effective champion for privacy law? [Click here for Full Article] IE Exploit At Large,
Microsoft Urges Scan
(Security Pipeline) 11/30/05 In an update of a security advisory issued Nov. 21, Microsoft noted that both proof-of-concept code and an exploit are in circulation. The exploit can compromise PCs running IE on a host of the company's operating systems, including Windows 98, Windows Me, Windows 2000, and Windows XP. The bug, which was reported to Microsoft in May, was first thought to pose only a denial-of-service (DoS) attack risk, but more recent research by security vendor Computer Terrorism Ltd. said that the flaw could be used to hijack a machine simply by luring users to a malicious Web site. [Click here for Full Article] IM Threats Skyrocket In
November
(Security Pipeline) 11/30/05 The most significant new finding was that viruses no longer discriminate against specific IM systems, and can have a far costlier impact in terms of potential damage. Akonix reported that 36 percent of the IM attacks hit more than one public network and 13 percent of the attacks had the capability to spread through all four major IM networks. The Akonix Security Center noted that 58 of the worms detected were variants of previous worms, while four new worms were introduced during November. [Click here for Full Article] Hackers Circulate Exploit
Code For Two Windows Flaws
(security pipeline) 11/29/05 Microsoft is aware of both exploits, but doesn't see a threat. "[We are] not currently aware of active attacks utilizing the exploit code," Microsoft spokesperson Kjersti Gunderson said. According to Microsoft's security research center, neither exploit can be used to install or execute code remotely. Over the weekend, proof-of-concept code for an October vulnerability in Windows was posted by a researcher known only as "Darkeagle" of the "unl0ck" security group, said Cupertino, Calif.-based Symantec in a warning to users of its DeepSight Threat Management System. The French security vendor FrSIRT posted a "critical" warning on the exploit code, which it published in full. [Click here for Full Article] The Five Security 'Musts' You
Can't Ignore
(security pipeline) 11/28/05 This month it’s time for things you really do need to believe in and act upon if you’re to stay out of trouble. Instead of myths, they’re the “musts”: security actions you must take regardless of the size of your enterprise or your network. But be forewarned, this is not a complete list. These are just the first things you must do. There are plenty of others that depend on your specific needs and infrastructure requirements. But if you start here, you’ll be on your way to having a secure environment, whether you’re on a single computer tied to a DSL line or running an enterprise with thousands of users. 1. Know Your Network [Click here for Full Article] Three Security Perimeters
Needed For Secure Wireless (Security Pipeline)
11/22/05 As mobile technology becomes more widespread and evolves to support ever-more sophisticated business and personal applications, the security threats will only increase—making security of the wireless network infrastructure a key consideration and differentiator for service providers. Unfortunately, there is no single foolproof strategy against all of the potential threats posed by mobile technologies. To secure their wireless networks against these security threats, service providers must implement a multi-layered, multi-faceted approach to wireless security that mirrors the security infrastructure already in place for wireline networks. [Click here for Full Article] Flash: Macromedia Plugs More
Holes (Security Pipeline)
11/16/05 The new vulnerability lies in the Flash Communication Server, which apparently doesn't validate some incoming data, and so can be crashed by sending malicious data from a Flash player. Danish vulnerability tracker Secunia rated the bug as "Moderately critical" because an exploit would only result in a denial-of-service (DoS) attack; an attacker couldn't inject his own code into a vulnerable computer. [Click here for Full Article] Keyloggers Jump 65% As Info
Theft Goes Mainstream (TechWeb)
11/15/05 New York IT consulting and job-placement firm Prime View recently held its first "Hacking-Defined Training" course, aimed at retraining laid-off IT workers in relevant and marketable skills, security being top of the list. The 10-day course goes beyond security technologies and principles, teaching students to write exploit code and hack each other's computers. [Click here for Full Article] It Takes a Hacker to Catch
One (Security Pipeline)
11/14/05 "The overall number of keyloggers has just skyrocketed this year," said Ken Dunham, senior engineer with Reston, Va.-based VeriSign iDefense. "It's all part of the last year's, 18 months' change in motive toward crimeware." Keyloggers are small programs, silently installed by the attacker, typically after an earlier attack that compromised the computer through a vulnerability in the operating system or Internet browser, that record all or selected keystrokes, then sends that data to the hacker. [Click here for Full Article] Sony Drops Rootkit Copy
Protection, But It's Still On The Hot Seat (Desktop Pipeline)
11/11/05 Security experts believe that the world's second largest music label failed to see the ramifications when it chose to install the software without first seeking permission from PC users, and then using technology called a "rootkit" to hide its presence. The software came with 20 music CDs sold by Sony BMG. But some customers of the record company and its parent, Sony Corp., were far less forgiving. [Click here for Full Article] Microsoft Squashes Three New
Windows Bugs (Desktop Pipeline)
11/08/05 The MS05-053 bulletin includes patches for Windows 2000, Windows XP (SP2 included), and Windows Server 2003. The most dangerous of the three is a vulnerability in Windows' graphic rendering engine, and how it processes WMF and EMF ( Windows Metafile and Enhanced Metafile, respectively) images. By enticing users to a malicious Web site with malformed WMF and/or EMF images, or sending such an image via HTML-formatted e-mail, an attacker could remotely grab control of a PC, said Microsoft. Other attack vectors could include Office documents -- an attack might embed a WMF or EMF image in a Word document, for instance -- or post an image onto a network share and get the user to preview the folder. [Click here for Full Article] One Quarter of Enterprises
Admit to Intrusion Attempts: Survey (Systems Management Pipeline)
10/31/05 Out of the 360 enterprise IT security professionals surveyed, nearly 93% had installed a network firewall. Half of those surveyed use a network analyzer, turn off non-secure protocols, and installed a user-based firewall. More than 40% implemented WiFi security. "In the final quarter of 2005, it is somewhat surprising that only slightly more than half of enterprises indicated they have turned off nonsecure protocols like Telnet or FTP. It is an important step to decreasing intrusion vulnerability and yet the number of enterprises that actually do so is far from being an 'overwhelming majority'," Jeff P. VanDyke, president VanDyke software said in a statement. [Click here for Full Article] Researchers Warn Oracle
Database Passwords Can Be Cracked (Systems Management Pipeline)
10/28/05 The researchers, Joshua Wright of the SANS Institute and Carlos Cid, of the University of London, said that the password algorithm Oracle uses is weak -- Oracle doesn't preserve the case of the password, for example -- and provides attackers several ways to break into databases. "An adversary with limited resources can mount an attack that would reveal the plaintext password from the password hash for a known user," wrote Wright and Cid. Although an attacker would have to have one of more usernames and the associated password hashes to proceed, that's not an impossible chore, even if the assault is only a brute force attack. [Click here for Full Article] Compuware Adds Agentless
Monitoring to Vantage (Systems Management Pipeline)
10/28/05 Compuware on Monday will unveil upgraded software for its Vantage application service-management appliance, which is designed to improve response time and provide end-to-end performance analysis. Vantage adds agentless network monitoring to its current systems, which place software agents on devices to report on performance. The upgrade aims to give administrators additional information to let them identify problems and work proactively to prevent them or resolve them quickly. Some of the enhancements came from Compuware's acquisition of Adlex last May. [Click here for Full Article] Locking Down the Internet (Systems Management Pipeline)
10/27/05 Jose Negron, technical director of Layton Technology The Problems Of Unrestricted Net Access Employees spend an incredible amount of time on the Internet -- and often what they're doing is totally unrelated to their job. Jose Negron, technical director of Layton Technology, a developer of IT auditing and helpdesk software, cites a recent study by Salary.com and America Online that found that employees squander an average of two hours of company time per day online, at an annual cost of $759 billion. [Click here for Full Article] New ISS Service Helps
Enterprises ID Vulnerabilities (Systems Management Pipeline)
10/03/05 At its core, the new service promises a reporting capability which will help system administrators find and fix security holes in their enterprises quickly and efficiently. “The service adds in a workflow component that allows IT to take ownership of vulnerability remediation,” says Dave McGinnis, director of Managed Security Service Architecture for ISS, adding that an administrator can appropriate responsibility for resolving an issue to the person or group best-equipped to handle it. [Click here for Full Article] Cisco Promises 15 Minute
Security Fixes (CRN)
09/30/05 The networking giant’s new Incident Control System (ICS), launched last week, heralds a new security category. “This is different from every other security product out there,” said Pat Scheckel, vice president of the Cisco practice at Berbee Information Networks in Madison, Wis. “We have a very complete security practice, and this is outside what we’ve been offering.” Chris Vincent, senior vice president of Global Data Systems in Lafayette, La., agreed. “This is a totally different approach to threat management,” he said. “It’s fantastic.” [Click here for Full Article] Windows Vista's New Security
Features (cNet)
09/30/05 Like Linux, like Mac... Microsoft seems keenly aware of its competition. For years, Linux and the Mac OS have designated administrator privileges to a separate user account, not the default user account, so malware has found it harder to infect those OSs. Microsoft had argued that Windows was easier for everyone to use; Microsoft's user-cum-administrator access within Windows allowed you to make changes within the operating system with ease. But the downside of this convenience is steep; viruses and malicious code picked up along the Internet could also perform changes and could even take over your computer. [Click here for Full Article] Unattended PCs Security Risk
Underestimated (TechWeb)
09/30/05 "Organizations are protecting their systems and personnel against external security threats but failing to realize the very real risks that exist internally from something as basic as an unattended PC," said the U.K.-based Heiser in a statement. "Relatively simple solutions are available to address the problem but few organizations have implemented them." From Gartner's perspective, a "significant number of unauthorized access events" happen in the workplace when someone sits in front of another's PC. The possible ramifications range from accessing sensitive data to sending e-mail or IM disguised as another employee. And the lack of protection makes it difficult to discipline workers for improper online activity when the excuse of 'someone else must have sat at my PC' can't be disproved. [Click here for Full Article] IM Networks Under Daily
Attack (TechWeb)
09/29/05 "In Q1 and Q2 we saw a lot of IM virus variants," said David Jaros, the director of product marketing at San Diego-based Akonix. "Lots of Kelvir and Bropia variants. But in Q3 we started seeing new parent worms, and a new wave of attacks." In September alone, Akonix tracked seven new IM viruses, Trojans, or worms, a one-month record. Among the newcomers: Mete, Parda, Simbag, and Lewor. [Click here for Full Article] Microsoft Says Security
Efforts Showing Fruit (TechWeb)
09/20/05 "Attackers are getting more efficient," said Mike Nash, vice president for Microsoft's security business unit. "Where once there were 17 days between the disclosure of a vulnerability and the release of an exploit, with Zotob, it was just three-and-a-half days. "But Microsoft is also getting faster," said Nash. "We had Windows Malicious Software Removal Tool updated for Zotob in just hours." [Click here for Full Article] Symantec: Mozilla Suffers
Twice the Flaws of IE (TechWeb)
09/19/05 According to Symantec's Internet Security Threat Report, which used stats from January through June, 2005, Mozilla's browsers suffered from 25 vendor-confirmed bugs in the first six months of the year. Internet Explorer, on the other hand, was pegged with only 13. Of Mozilla's 25 vulnerabilities, 18, or 72 percent, were tagged as "high severity," up from the 14 most-severe flaws disclosed in the last half of 2004. Meanwhile, IE's total of 13 was fewer than half the 31 made public in the last six months of last year. [Click here for Full Article] Mozilla Fixes Firefox Flaw
with Workaround (Tech Web)
09/12/05 On Friday, just hours after Mozilla released the long-awaited Beta 1 of Firefox 1.5, a researcher posted information and proof-of-concept code for a vulnerability that could let attackers gain complete control of a PC simply by enticing users to a malicious Web site. "We’re looking into the problem," said Mike Schroepfer, Mozilla's director of engineering, on Friday in an interview, "and we'll respond with a patch as quickly as possible." [Click here for Full Article] Microsoft Delay of Patch
Underscores Slow Fix Process (Tech Web)
09/12/05 On Thursday of last week, Microsoft released its usual Advance Notification of upcoming fixes, and at that time said it was planning on a single critical bulletin. Friday, it scrapped the patch. "Late in the testing process, Microsoft encountered a quality issue that necessitated the update to go through additional testing and development before it is released," said the Redmond, Wash.-based developer in a revised advance notification e-mailed to users and posted on its Web site. [Click here for Full Article] Security Management (Microsoft)
09/08/05 I don't know at this point how many of these articles there will be, so this is part 1 of n. This article addresses something that is generally good but that causes serious problems because people often implement it incorrectly: Server Message Block (SMB) message signing. By default, as we will see later, the only problems that should be caused by SMB message signing are that older systems running Windows 9x cannot connect to a Windows Server 2003 domain... [Click here for Full Article] Critical Windows Patch
Planned (Systems Management Pipeline)
09/08/05 The single bulletin involves one or more critical vulnerabilities within Windows, said Microsoft in its monthly advance notification. The bulletin and patches for the bug(s) will roll out Tuesday, September 13. Microsoft keeps mum on details of its upcoming bulletins, so its contents are anyone's guess. One flaw that may be fixed, however, would be the bug in Internet Explorer that involves the Msdds.dll file; the Redmond, Wash.-based developer issued a security bulletin the third week of August, and said then it might patch the problem in its monthly release process. [Click here for Full Article] Microsoft to Release
Antiphishing Tool (InfoWorld)
08/25/05 Online Buyers Beware (CSO)
Added
08/24/05 For the study, titled "Open to Exploitation: American Shoppers Online and Offline," 1,500 adult U.S. Internet users were asked true-or-false questions about topics such as website privacy policies and retailers' pricing schemes. The survey was conducted by the University of Pennsylvania's Annenberg Public Policy Center and released in June. Respondents generally failed the test, answering correctly an average of only seven of the 17 questions. The study's interviews, conducted between early February and mid-March, yielded alarming findings: 75% of respondents wrongly believe that if a website has a privacy policy, it will not share their information with third parties. [Click here for Full Article] CA Struck Dumb by Yet Another
Security Hole (TechWorld)
08/23/05 CA warned has of two flaws that could allow attackers to execute malicious code or commands to be executed on enterprise systems, as well as a third, less serious bug that could allow an attacker to crash a system. The bugs affect CAM (CA Message Queuing), a component found in a large number of CA applications. Affected products include Advantage Data Transport, BrightStor Portal, CleverPath, eTrust Admin and Unicenter. CA published patches for CAM v1.11 prior to build 29_13, CAM v1.07 prior to Build 220_13, and all versions [Click here for Full Article] McAfee Secures Home Wireless
Networks (Smallbiz pipeline)
08/23/05 McAfee Wireless Home Network Security 2006 automatically generates strong encryption keys to secure an existing wireless network, eliminating the need for users to wade through complicated, confusing configurations and jargon, the Santa Clara, Calif.-based security vendor said. Once installed, the software automatically rotates security keys on the router and all devices as additional protection. The software uses the Wi-Fi Protected Access (WPA) and WPA2 security protocols built into popular wireless routers made by the likes of Belkin, D-Link, Linksys, and Netgear. A complete list has been posted on the McAfee site. [Click here for Full Article] Attacks Target Windows
Vulnerability in Just Five Days (TechWeb)
08/15/05 Although some analysts said that the sophisticated nature of the bots could cause problems, most didn't expect this attack to reach the "meta-event" level of Sasser or 2003's MSBlast. "We reverse engineered one of the bots yesterday, found the IRC channel used by the bot masters to communicate with their bots, and idled there for a while," said David Maynor, a researcher with X-force, the research arm of Internet Security Systems and the group credited with the original discovery of the Plug and Play vulnerability. "The count of infections wasn't all that high. A new system was infected about every 30 seconds. Sasser, in comparison, infected about 10 PCs every second." [Click here for Full Article] New Keylogger Steals
Passwords from IE (TechWeb)
08/11/05 Last week, Florida security company Sunbelt Software said one of its researchers had stumbled on a server that held a file containing a large number of usernames, passwords, telephone numbers, credit card and bank account numbers, and other personal information. All the information, Sunbelt now says, was gathered with a new, potentially damaging keylogger, a small program which secretly steals information. [Click here for Full Story] Editors note: Sounds like a good reason to use FireFox or at a minimum do not store passwords in Internet Explorer. Microsoft Initially Released
Corrupted IE Patch (TechWeb)
08/10/05 Several of the Internet Explorer updates initially provided via the Download Center were corrupted, Microsoft officials said, and couldn't be installed. "The updates were corrupted, breaking the digital signatures," a member of the IE development team wrote on the browser's official blog on Tuesday. "We've identified the problem [and] removed the affected updates from the Download Center." [Click here for Full Article] Auction Blocks (CSO)
Added
08/10/05 Many pairs of panties. Lacy panties, colorful panties, plain cotton panties, thongs—and not clearance ones, either. They were being stolen by the armful from Victoria's Secret stores in the Boston area, with losses in the thousands of dollars. Simultaneously, an unusually large number of new Victoria's Secret panties were appearing in eBay auctions. In volume. [Click here for Full Article] Password Palooza (CSO)
Added
08/10/05 Because CSOs will be stuck with passwords for the foreseeable future, organizations need to give their employees tools, policies and training to intelligently manage the passwords they have, while simultaneously minimizing the damage that can occur if those passwords are compromised. [Click here for Full Article] Microsoft's Piracy Check
Hacked Again (TechWeb)
08/08/05 WGA is intended to crack down on pirated use of Windows by requiring validation before letting users download non-security software from Microsoft. But according to the Web site noted in a posting to the Full Disclosure mailing list last Thursday, users can easily side-step the check by generating a code on a PC running an illegal copy of Windows XP. Rather than let WGA run the ActiveX command -- which works only in Internet Explorer -- the crack suggests that people use the downloaded form of the anti-piracy verification -- a program called "GenuinueCheck.exe" -- run the illegal version of Windows XP in Windows 2000 compatibility mode, and then copy and paste the resulting code into the software. [Click here for Full Article] Six (6) Windows Security
Fixes Slated (TechWeb)
08/05/05 As usual, Microsoft gave users a heads-up on the number and maximum severity of the bulletins it expects to post August 9. All six planned patches involve Windows, Microsoft said. One of the six will likely be a patch for the bug in the remote desktop code of all supported editions of Windows. In July, Microsoft posted one of its rare security advisories on the unpatched problem, and although it didn't actually promise a fix in August, one is anticipated. [Click here for Full Article] A Credible Plan to Take Down
the Internet (cNet)
08/05/05 Hyperbole? Perhaps, but a credible threat to the infrastructure of the Internet does exist. All indications suggest that the clock is ticking toward some kind of showdown between criminal hackers and the good guys. Unfortunately, the bad guys have a head start [Click here for Full Article] Reducing Password Security
Risks (TechRepublic)
Added 08/05/05 Critical Infrastructure:
Securing Wireless Networks (TechRepublic)
Added 08/05/05 Exploits For CA Backup Bug
Appear (TechWeb)
08/04/05 "If you haven't already patched your BrightStor ARCserve Backup software, now would be a really good time," said an analyst with the Internet Storm Center on the organization's handler's diary. "At least three different exploit codes and the code for a scanner have now been released." Symantec confirmed that exploits were in the wild in an update to its DeepSight Threat Management System alert on the CA ARCserve for Windows vulnerability. "Two exploit programs have been released, by a security researcher known as 'cybertronic,' which simply send a port binding or connect back payload to a vulnerable system," said Symantec. "[And] the public availability of an exploit tool designed to scan for and exploit hosts increases the likelihood of widespread exploitation occurring. [Click here for Full Article] Cisco Web Site Breached, All
Passwords Reset (TechWeb)
08/03/05 Beginning early Wednesday, registered users who tried to log in were greeted with a page that began "Cisco has determined that Cisco.com password protection has been compromised." The warning said that all passwords had been reset as a precaution, and then instructed users to e-mail Cisco for their new password. Failing an answer in five minutes, users were told to call technical support. One Cisco user who contacted TechWeb reported that he had followed those instructions, and when he hadn't received an e-mail with his new password after 45 minutes, phoned technical support. There he said he was told that the system had suffered a "security breach" and that Cisco was working on the problem. [Click here for Full Article] Cybercrooks Target ATM and
Debit Cards, Steal Billions (TechWeb)
08/02/05 The problem, said Gartner research director Avivah Litan, is that half of the country's banks don't use secondary security codes that can be placed on an ATM or debit card's magnetic strip. "ATMs are the pot of gold for criminals," said Litan. "Their ultimate goal is to get cash." And increasingly, they're getting to that pot of gold. In the past 12 months, Gartner estimated that $2.75 billion was pillaged using forged ATM/debit cards, with another $1.9 billion sucked up by checking account fraud. That's almost as much as all credit card fraud combined. [Click here for Full Article] Inside Job (systems
management pipeline)
08/01/05 At the same time, enterprises are under increasing regulatory and market pressure to protect sensitive information. Thanks to recent laws, businesses are often compelled to report database breaches or information loss. The resulting public relations disaster can destroy customer trust, invoke government and industry fines, cause stock prices to plummet, and bring class-action litigators running. The bottom line? Enterprises that don't address the insider threat may find themselves strung up on the twin gallows of regulatory penalties and customer outrage. The only solution to this problem is vigilance. [Click here for Full Article] Hackers Working On Cisco
Exploit (TechWeb)
08/01/05 And over the weekend, the Reuters wire service reported that hackers have started to work on a Cisco router exploit using former ISS employee Michael Lynn's information. As expected, some sites were served Friday with legal letters demanding that the PDF copy of Lynn's Black Hat presentation be removed, and have complied. The hard copy of the 35-slide presentation, however, is still available elsewhere on the Internet. Richard Forno, who hosts the Infowarrior site, posted a copy of the fax he received from ISS attorney Andrew Valentine. [Click here for Full Article] Cisco Threatens Web Site That
Leaked Exploit Presentation (TechWeb)
07/29/05 Late Friday afternoon, Rick Forno, a security consultant who had put a copy of Michael Lynn's briefing on his Web site had replaced the PDF file with a notice that began, "I am awaiting a copy of what I understand is a cease-and-desist (or takedown) notice that was sent to my Web host earlier this evening. "Upon review of the notice, I will respond accordingly and immediately, but have no intention of rolling over," Forno went on. He had moved the file from its earlier location and placed it here, at least temporarily. (Note: the link may be inactive if Forno removes the file.) [Click here for Full Article] Cisco Details IOS
Vulnerability Spilled at Black Hat (TechWeb)
07/29/05 Michael Lynn, a researcher for Internet Security Systems (ISS) who resigned from his post to present his findings at the security conference, outlined how new exploitation techniques could be applied to old vulnerabilities to seize control of Cisco routers or render them inoperative. Cisco's hardware plays a dominant role in the Internet's infrastructure, and any mass attack on its routers could cripple the Net. While it hasn't had a chance to confirm Lynn's claims -- and may never, now that a gag order has been placed on both the Black Hat conference and Lynn from further discussion -- Symantec's alert noted that the disclosure "represents a potentially significant threat against existing infrastructure currently deployed." [Click here for Full Article] Phishing Economics 101
Reveals Collectors and Cashers (TechWeb)
07/29/05 "Phishing economies are self-organized merchants and consumers governed only by the laws of supply and demand," said Christopher Abad, a research scientist with Cloudmark, a San Francisco-based spam filtering service provider. Abad probed the inner workings of phishers by analyzing hundreds of thousands of messages collected from 13 key phishing-related chat rooms and several thousand compromised computers used to run bots as well as host the bogus Web sites that phishers use to trick users into divulging confidential data, such as bank and credit card account information. [Click here for Full Article] Professors Make Password
Protection Product (security pipeline)
07/26/05 John Mitchell and Dan Boneh will unveil Pwdhash, software that scrambles passwords typed into Web sites, then creates a unique sign-on for each site visited, at the Usenix Security Symposium in Baltimore next week. It's the latest attempt to thwart attempts by cyber-criminals who steal passwords by creating phony online banking or e-commerce sites. Cyber criminals dupe victims into believing the site is legitimate and lure them into typing their passwords. [Click here for Full Article] 3Com Initiative Sets the
Clock Back to Zero Day Security Attacks (eeTimes)
07/25/05 The so called ‘Zero Day Initiative’ is aimed at ensuring the 'responsible' disclosure of security flaws in order to make technology more secure for all users. The goal is to proactively protect businesses against newly discovered vulnerabilities. According to 3Com, many security researchers want to be recognized for their discovery, but they don't always achieve that in a responsible manner. Instead, and all too often, they post the potentially harmful information publicly, catching businesses and vendors off-guard and unprotected. [Click here for Full Article] Small Businesses Increasingly
Vulnerable to Security Threats (smallbiz pipeline)
07/22/05 Small businesses lack sufficient security controls over such basic systems as email (20 percent are not secured) and wireless networks (60 percent are not secured). Moreover, a full 75 percent of small businesses have no formal planning mechanism in place for ensuring information security. The dangers are not just theoretical. More than half of respondents (56 percent) said they've experienced at least one security incident in the past year. Most (60 percent) cited computer viruses, spyware, and other malware as the main cause of their security woes. Despite that, only 43 percent allocate a specific budget for security solutions, and an even smaller number (30 percent) have increased spending on information security solutions. [Click here for Full Article] Limiting Access to Home
Wireless Networks (smallbiz pipeline)
07/21/05 The IT Guy says: The first important step is to change the default name of your wireless network to something people would not easily guess, and then turn off the “broadcasting” feature which sends the network name out over the open wireless airwaves. In your router configuration menus, this will most likely be called the “SSID Broadcast.” You want to turn it off. Note that after you make a change in the web browser to the router settings, generally you will have to click SAVE CHANGES at the bottom of the screen. [Click here for Full Article] USC Hack Exposes 270,000
Names (security pipeline)
07/20/05 The data breach -- just the most recent in a long list during 2005 -- took place last month. According to the letter obtained by TechWeb, USC claims that a journalist tipped off the school to the problem. The database was immediately taken offline, and will reopen only when new security modifications have been completed. In addition, all user passwords to the database have been deleted. "We believe the likelihood that your personal information was obtained is small," wrote Katherine Harrington, the dean of admissions at USC, in the letter. "However, since your name and social security number were contained in this database, we are informing you of this as a precautionary measure," she continued. [Click here for Full Article] Firefox 1.0.6 Release Fixes
Flaws (security pipeline)
07/20/05 Versions 1.0.6 of both Firefox and Thunderbird, said Mozilla, have been patched to "restore API (Application Programming Interface) compatibility for extensions and Web applications "which were unintentionally broken in the editions released last week. One of the most popular extensions for Thunderbird, Enigmail PGP, which is used to encrypt e-mail, wouldn't work with the 1.0.5 version, for instance. This week's updates should quiet the complaints from the developers of foreign language editions, who were told last week by Mozilla to skip localized versions of 1.0.5, and await Tuesday's 1.0.6. [Click here for Full Article] Attackers Could Eavesdrop On
Cisco-Routed VoIP Calls (TechWeb)
07/14/05 According to alerts posted online by Internet Security Systems' (ISS) X-Force research team, Cisco's CallManager sports a pair of bugs that could be "reliably exploited" by hackers. The potential result: at best a denial-of-service style crash, at worst, a situation where the attacker could redirect calls at will or even eavesdrop on conversations. By sending specially-crafted packets to Cisco CallManager, an attacker could create a heap overflow and crash the system or gain access. ISS said that an exploit wouldn't need any help from a user, pushing the threat into a more dangerous category. "Like many of the applications that are driving today's businesses, VoIP travels over a variety of networks and the public Internet and is therefore susceptible to the same security perils as other staple network components like e-mail, databases, and servers," said Chris Rouland, ISS' chief technology officer, in a statement. [Click here for Full Article] Word Bug Shows Trend in File
Format Hacks (TechWeb)
07/13/05 "We're starting to see a trend in vulnerability discovery where people are going after file format vulnerabilities," said Michael Sutton, the director of iDefense Labs, the research arm of Reston, Va.-based security intelligence firm iDefense. "There have been numerous vulnerabilities found in image file formats and multimedia file formats," Sutton went on. "Actually, the vulnerabilities don't exist in the files themselves, but in the programs that read and interpret them." That's the case with the Word vulnerability that Microsoft disclosed Tuesday. According to Microsoft's security bulletin and iDefense's own analysis, a specially-crafted Word file (in .doc format) containing extra-long font data can cause Word 2000 and Word 2002 to fail, and give the attacker complete access to the machine. [Click here for Full Article] The Five Top Network Security
Secrets (smallbiz pipeline)
07/12/05 What is the secret to network security? In the wake of recent high-profile security breaches like at LexisNexis and MasterCard, it's worth asking what it takes to nail down network security --- and what are the secrets not everyone knows? "There's not really a secret," says Marcus Shields, enterprise product manager at Soltrus, Inc., a Canadian firm specializing in digital trust services. "There are a lot of things that organizations should be doing but aren't. A lot of it comes down to common sense." The problem with common sense, it has been observed, is that it is not very common. Consequently, some of the basic precautions that any organization can take to secure its network might as well be arcane secrets of the security trade -- at least until you take them and make them a part of day-to-day procedure. [Click here for Full Article] Hacker May Have Accessed
University Applicants' Records (security pipeline)
07/11/05 School security officials said they plan to contact about 270,000 people although they believe the hacker looked at only about 10 files. "Although we believe that the scope of this is pretty small, we're taking it very seriously and we are taking great care to notify every single person where there is even the potential that their records might have been viewed," said L. Katharine Harrington, USC's dean of admission and financial aid. The hacker took advantage of a security flaw he discovered while trying to use the USC Web site on June 20, said Robert M. Wood, USC's information security officer. [Click here for Full Article] Behind The Numbers: Linux
Gets High Marks For Security (smallbiz pipeline)
07/11/05 By Larry Greenemeier Courtesy of InformationWeek The IT world may be an insecure place, but don't blame Linux. In fact, very few IT pros participating in InformationWeek Research's Linux and open-source survey say Linux has introduced security problems into their IT environments. Only 6% of 225 user sites report security issues from Linux deployments on their servers, while 6% of 165 Linux PC users attribute a security problem to the open-source operating system. The results indicate a slight decrease in complaints about Linux security from a year ago, when 11% of IT pros encountered security issues with Linux servers and 7% had problems with Linux PCs. [Click here for Full Article] Linux Compression Format Flaw
Found (TechWeb)
07/08/05 The bug, which affects the current version of zlib, 1.2.2, can be exploited to create a denial-of-service (DoS) attack, which could crash any application using the library or let the attacker plant code of his own remotely, according to an alert by Danish security firm Secunia. The company rated the zlib vulnerability as "Highly critical," its second-most dire ranking. A researcher at Gentoo Linux was the first to uncover the vulnerability Wednesday, and posted a warning on his company's Web site. While no patch is available from the open-source zlib project, commercial Linux vendors have already updated their distributions with version-specific fixes. Debian, FreeBSD, Gentoo, OpenBSD, Red Hat, and SuSE and have all posted patches, for instance. [Click here for Full Article] Be Aware of Potential Threats
from Port Knocking (TechWeb)
06/30/05 Some of the newest and most complex Trojans utilize the "port knocking" method. This technique involves establishing a connection to a networked computer that has no open ports. A normal scan of the computer might show that it's not listening on any ports. But that doesn't mean that the system is clean of rogue daemons. [Click here for Full Article] Microsoft Tests Security Tool
For PC Classrooms (security pipeline)
06/28/05 Microsoft on Tuesday began publicly testing software due in time for the back-to-school season that it says would make it easier for teachers, librarians, and other people with minimal IT training to manage groups of PCs in schools and public libraries. The Shared Computer Toolkit would let administrators erase stored passwords and lists of recently used files, restore deleted files, wipe away downloaded software, and turn on accessibility features using simpler controls. The software, designed to manage PCs running Windows XP with Service Pack 2, aims to expose Windows' management features to teachers and other people without IT training, Microsoft said at the National Educational Computing Conference in Philadelphia. [Click here for Full Article] How To Help Protect Against a
WINS Security Issue (TechWeb)
Added
06/27/05 RealNetworks Patches Player,
Rhapsody Vulnerabilities (security pipeline)
06/24/05 The bugs affect Windows, Mac, and Linux editions of the company's popular RealPlayer media player, and the Seattle-based developer's Rhapsody music subscription service. Also at risk: RealOne Player and Helix Player. Among the problems patched were ones that allowed attackers armed with a malicious MP3 file to overwrite local files or execute an ActiveX control. Others included flaws in the RealMedia file format that would let a hacker craft an attack using RealText and a buffer overflow error in the vidplin.dll file. RealNetworks' advisory recommended that users immediately update RealPlayer and RealOne Player within Windows and Mac OS X directly from [Click here for Full Article] Experts Undecided About Port
445 Sniffing Impact (TechWeb)
06/23/05 Last Friday, Symantec reported a climb in scanning activity on TCP port 445, one of the two ports associated with the Server Message Block (SMB) protocol in Windows. Earlier last week, Microsoft announced that the protocol suffered from what it called a "critical" vulnerability, and released not only details of the bug, but also a patch. The scanning was short-lived, said Alfred Huger, vice president of engineering for Symantec's security response team, but reiterated Symantec's position that the post sniffing may be a precursor to an attack. But he thought the odds long. "This vulnerability isn't a very powerful candidate for a worm," said Huger. "I don't think we'll see a mass exploitation." [Click here for Full Article] Banks Scramble To Contain
Damage From CardSystems Hacking Incident (security pipeline)
06/22/05 Some 22 million Visa-branded cards and 14 million MasterCard-branded cards were exposed to the security breach at CardSystems Solutions Inc. that was disclosed by MasterCard last week. The breach was reported by CardSystems to Visa and MasterCard in late May. Washington Mutual has canceled 1,400 cards whose numbers were stolen and is issuing replacements. J.P. Morgan Chase & Co., which with 94 million cards outstanding is the nation's largest card issuer, hasn't canceled or reissued any cards as a result of the incident but is monitoring the situation closely, a spokesman says. Visa and MasterCard are relaying information picked up by their fraud-detection systems to issuing banks, which then decide whether to cancel or reissue cards. [Click here for Full Story] IE, Firefox Spoofable, Again (TechWeb)
06/21/05 According to Danish vulnerability tracker Secunia, Microsoft's Internet Explorer, Mozilla's Firefox, and virtually every other popular browser could be used by malicious Web site to display bogus Java dialog boxes atop legitimate sites. "The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open -- a prompt dialog box -- which appears to be from a trusted site," read the alert that Secunia posted. An exploit requires that the user first visit a malicious site -- perhaps enticed there via e-mail or instant message -- that includes a link to a legit, trusted site, say an online banking portal. By leveraging the JavaScript bug, the attacker could display a fake password dialog, and trick the user into entering her account information. [Click here for Full Story] Hackers Finding Flaws In
Security Software (TechWeb)
06/20/05 "Am I just crazy, or have there been a lot of security vulnerabilities for security companies announced?" Andrew Jaquith, a senior analyst at the Yankee Group said in describing what led him to analyze data from a public vulnerability database, ICAT. From the beginning of 2004 to May 2005, 77 vulnerabilities affecting security products were posted to ICAT. That was a rate of increase greater than even Microsoft's Windows, which actually has showed improvement since the release last fall of Windows XP SP2. [Click here for Full Story] AOL Patches Netscape Flaw
That Broke IE (desktop pipeline) 06/17/05 America Online Friday rolled out a patched Netscape 8.0 browser that finally fixed a bug which broke rival Internet Explorer's ability to render some XML pages In late May, a developer on Microsoft IE's team blasted Netscape and AOL for the bug, and told users who had installed Netscape 8.0 to uninstall the browser so they could use Internet Explorer. In turn, AOL said that such an extreme move was "just silly." At that time, a spokesman for AOL promised a fix for Netscape would be available within days. The newly-patched Netscape 8.02, which can be downloaded free of charge, resolves the IE XML issue, Netscape said in the release notes accompanying the update. [Click here for Full Story] Why Security Concerns are
Driving Migration from IE to Firefox (Microsoft)
Added 06/17/05 Many of the issues surrounding IE involve hackers luring users to malicious Web sites, which then use nefarious tactics to exploit IE flaws and compromise the user's system. Of course, luring the average user with misleading e-mails and hyperlinks is not very difficult to do, and as a result, some IT departments are now deciding that the constant patching and security concerns of supporting IE are not worth it, and many of them are turning to the upstart Web browser Firefox as an alternative. [Click here for Full Story] Security Management - June
2005 (Microsoft)
Added 06/17/05 This month, I look at common management tasks for security within an IT operation. Security event management is sometimes referred to as “security management,” but I’m referring to the day-to-day operational security aspects that IT deals with. [Click here for Full Story] Opera Fixes Browser's
Security Flaws (desktop pipeline)
06/16/05 Opera Software updated its browser, Opera 8, on Thursday, primarily to patch security holes, but also to tweak existing features and add some new tools. Opera 8.01 fixes at least five vulnerabilities that have been reported in the browser, including cross-scripting and injection flaws that could be used by phishers and other attackers to spoof sites. Such spoofed sites are often crafted to steal information or install code on PCs whose users simply surf to their URLs. The update also introduces something Opera calls "Browser JavaScript," a JavaScript file that fixes the rendering of pages and page elements that don't display properly in Opera. Opera, however, warned that turning on the feature -- it's disabled by default -- "may impact performance." [Click here for Full Story] Microsoft Centralizes Patch
Management (systems management pipeline)
06/13/05 Windows operating systems and applications are a favorite target of hackers and virus writers, forcing the company to issue a steady stream of patches, security fixes, and other updates. But customers often have to visit several Web sites to get patches for different Microsoft products. That process is now simplified. Windows Server Update Service is a management component of Windows Server 2003 that lets administrators access, control, and automatically deploy Microsoft server software updates, including security patches. Microsoft Update is the next-generation version of Windows Update with added support for Office and other Microsoft apps. The ultimate goal is for the services to use a single Windows Update Agent to access a catalog that contains information about security patches and software updates for all Microsoft products. [Click here for Full Story] Antiforensic Tools (CSO)
06/08/05 Regular readers of this column know of my obsession with recovering deleted information from used hard drives, USB tokens and other kinds of storage media. And I'm hardly the only person with this interest. Increasingly, disk forensic tools such as Guidance Software's EnCase and AccessData's Forensic Toolkit are not used just for solving crimes: Forensic tools are fast becoming a staple of civil lawsuits between corporations and in disciplinary proceedings against employees. These days, it seems, whenever there's a chance that somebody has deleted a file to hide evidence of wrongdoing, some forensics expert is standing by to recover that file for a fee. [Click here for Full Story] Citigroup's Lost Tapes Cast
Spotlight on Data Security (security pipeline)
06/07/05 The tapes contained Social Security numbers, names, account numbers, and payment histories on customers of CitiFinancial, which provides personal, auto, and home-equity loans. The tapes also contained information on customers with closed accounts from CitiFinancial Retail Services, which provides private-label credit cards for retailers. The tapes were picked up from a Citigroup data center by UPS Inc. on May 2, bound for a data center in Texas operated by Experian, a credit bureau. Citigroup was notified by Experian on May 20 that the box hadn't arrived; three days later it confirmed that the box was missing, whereupon it notified the Secret Service. UPS hasn't recovered the box, but says there's no indication it was stolen. The tapes were unencrypted; starting next month, the bank will begin sending the data electronically in encrypted form. The decision to do so was made prior to this week's disclosure, a spokesman says. [Click here for Full Story] Dirt Cheap Network Security (security
pipeline)
06/06/05 Do you feel safe now? Most likely not. Network security isn't just something that you can fix by throwing a lot of money around. On the other hands, completely no-cost security may not be exactly an attainable goal, says In-Stat analyst Victoria Fodale. "But," she adds, "you also don't want to pay more than you need to." To be sure, any organization that doesn't spend money on firewalls and secure servers will probably find itself up a very long and treacherous creek without a paddle in very short order. But all that expensive equipment means nothing unless you make an investment in security intangibles that cost little or nothing at all. [Click here for Full Story] Langa Letter: How to Ensure
Remote Control Security with XP (security pipeline)
06/06/05 That first article runs through the similarities and differences among the tool's three major faces ("Remote Desktop," "Remote Desktop Web Connection," and "Remote Assistance"). It then shows you the pros and cons of each, shows you where to get the free client software, and most important, shows you how to use these remote-control options safely. If you're not familiar with these Remote Control services, that article would be a great place to start. [Click here for Full Story] Ballmer Introduces Microsoft
Update for Windows at Tech Ed Conference (desktop pipeline)
06/06/05 Microsoft launched its unified update and patch service, dubbed Microsoft Update, on Monday, with chief executive Steve Ballmer leading the charge by claiming that Windows is 13 to 14 percent cheaper to patch than rival Linux operating systems. According to research commissioned by Microsoft, Windows Server software is less expensive to patch and update, Ballmer announced during his wide-ranging presentation to kick off TechEd 2005 in Orlando. "We've really made security job number 1," Ballmer said, "and we still have security absolutely as job 1. [Click here for Full Story] Firefox Vulnerable to
7-Year-Old Bug (desktop pipeline)
06/06/05 Mozilla's current browsers, including the popular stand-alone Firefox, are susceptible, again, to a seven-year-old vulnerability that could let attackers spoof Web sites, a security company said Monday. According to Danish security firm Secunia, Mozilla 1.7.x and Firefox 1.x are vulnerable to a frame injection flaw that first surfaced in 1998. Hackers could exploit the bug to insert their own content into the view of a legitimate site, to, for instance, pose as the log-in frame, then collect usernames and passwords to online bank accounts. "The flaw means that if you are viewing a trusted site in one window (PayPal or your bank) and open a site belonging to a spoofer in another window, the spoofer can insert code in the window showing the trusted site," wrote a moderator on Mozilla's online forum Monday. [Click here for Full Story] Phishers Targeting Smaller
Fry (security pipeline)
06/03/05 According to the Anti-Phishing Working Group (APWG), a collection of over 1,400 companies, banks, ISPs, and government agencies, April saw a large increase in the number of credit unions targets by phishers. Both relatively large regional credit unions to niche institutions that serve narrow groups of workers were targeted, said the APWG. "Hackers are modifying their attack methods by shifting away from attacking popular or large institutions," said the APWG in its report. Other trends in April, said the APWG, included a slight decline in the number of phishing e-mails -- it dropped about 4 percent from March's tally -- and a 1.6 fall in the number of phishing Web sites. [Click here for Full Story] FBI Probes Theft of Justice
Department Data (Washington Post)
06/01/05 Authorities think the computer was stolen between May 7 and May 9 from Omega World Travel of Fairfax, which is one of the largest travel companies in the Washington area and does extensive business with government agencies. [Click here for Full Story] FBI Investigates Stanford
Computer Breach (security pipeline)
05/26/05 The breach happened May 11, when someone from outside the university gained access to the school's network, Stanford general counsel Debra Zumwalt said Wednesday. The university would not say whether the breach happened as a result of a remote hacker, the physical theft of a laptop or other typical means of network penetration. Stanford began mailing notifications Monday to about 300 recruiters and 9,600 others - mostly students - who visited the school's Career Development Center since 1996. The electronic dossiers generally did not include financial information such as credit card numbers or driver's license numbers. The mailings complied with a state law that took effect in 2003 and requires organizations to notify California residents whenever personal data has been compromised. So far, school officials say, there's been no evidence of identity theft resulting from the breach. [Click here for Full Story] Anti-Phising Toolbar Now
Available for Firefox (security pipeline)
05/25/05 The toolbar, which installs as a Firefox extension, or plug-in, automatically blocks suspected phishing sites identified by other users and verified by Netcraft. The company's database of Web site information is also used to display several attributes of any visited site, including its country location, longevity, and popularity. That information can be used to gauge possible risky sites, since most phishing sites are short-lived, and often hosted in countries like China and Russia. Netcraft claims that the toolbar has blocked more than 7,000 phishing sites since it debuted. [Click here for Full Story] |
 |
|
||||
  |
||||||||
| Copyright © 2004 I.S. Sentry, Inc. All rights reserved |
New Microsoft Critical
Patches. Go