Free Republic

A newly discovered vulnerability in Microsoft's Internet Explorer browser could be a powerful new tool for scammers, allowing them to convincingly mask the real origin of Web pages used to trick targets into revealing sensitive information. Attackers could use a specially crafted URL to display a different domain name in the address bar than the Web page's actual location. This practice is known as "spoofing." Full article HERE

U.S. federal departments and agencies are showing some improvement in protecting their computer networks, but many--including the Department of Homeland Security--are failing, according to a government report released Tuesday. The report, prepared for the House of Representatives' Committee on Government Reform, found that almost all agencies improved their computer-security grade since last year. However, several key federal departments continued to fail to adequately protect their networks and earned an "F.""For too long now information security has taken a back seat in the collective conscience (sic) of our nation," said a statement from Rep. Tom Davis, R-Va., the committee chairman. "We...

Many Federal Agencies Flunk Security Dec. 9, 2003 A new scorecard gives government agencies a D when it comes to securing networks and IT systems. By Eric Chabrow Federal agencies have made only small improvements in securing government networks and IT systems from hackers and terrorists. A House panel on Tuesday issued a scorecard, giving the federal government an overall grade of D. Last year, the panel issued an overall grade of F. "It's nothing to be proud," said Rep. Adam Putnam, the Florida Republican who chairs a House subcommittee that oversees government IT, at a briefing announcing the scorecard....

It is understandably difficult for Americans to worry much about the future. We are the wealthiest, most powerful society in human history, and as many astoundingly silly expert predictions have proven, it is notoriously difficult to imagine the future as being anything but a linear projection of the status quo. But an ominous new technology is appearing like a small cloud on the horizon. It is being embraced by a consortium of the world's largest technology companies and it threatens to completely overturn the computing world as we know it. Twenty years ago, Microsoft was an integral part of the...

Anti-spam organisations are coming under attack from a virus written to bombard their websites with junk data.The Mimail-L Windows virus poses as an e-mail from a woman called Wendy who writes about a sexual encounter and offers readers nude photographs. Opening the message's attachment rewards users with a virus that forwards itself to everyone in their e-mail address book. It also turns infected machines into junk mail relays that can be used to forward thousands of messages to one of eight anti-spam websites. Porn offerLike most other viruses, Mimail-L is aimed at users of Microsoft Windows and its Outlook e-mail...

<p>Experts say home users with broadband services could be sending out 'spam' e-mails without knowing.</p> <p>LONDON (Reuters) - Security experts have identified what they suspect to be the biggest culprit behind that seemingly unceasing torrent of e-mail spam messages and computer virus outbreaks.</p>

TOKYO, Nov. 27 - As more consumers begin surfing the Web and sending e-mail messages on cellphone and hand-held devices, along comes a new worry: worms and viruses spread via Internet-enabled handsets. The problem is still small, with only a few cases reported globally. But as operating systems in cellphones become standardized, hackers will probably begin focusing on vulnerabilities in those systems as they have with personal computers. And as cellphones and personal digital assistants connect to the Internet at ever faster speeds, more users will be able to download files with attachments - some of which may be infected....

The Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines. The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of Windows, was vulnerable to the RPC DCOM security bug exploited by Nachi, and its more famous forebear, Blaster. At both affected institutions the ATMs began aggressively scanning for other vulnerable machines, generating anomalous waves of network traffic that tripped the banks' intrusion detection systems, resulting in the infected machines being automatically...

Mac OS X Security Advisory Vulnerability: Malicious DHCP response can grant root access Affected Software Mac OS X 10.3 (all versions through at least 26-Nov-2003) Mac OS X Server 10.3 (all versions through at least 26-Nov-2003) Mac OS X 10.2 (all versions through at least 26-Nov-2003) Mac OS X Server 10.2 (all versions through at least 26-Nov-2003) Probably earlier versions of Mac OS X and Mac OS X Server Possibly developer seeded copies of future versions of Mac OS X Abstract A series of seemingly innocuous default settings can cause an affected Mac OS X machine to trust a malicious...

Posted: 25/11/2003 at 18:01 GMT   A set of five unpatched scripting vulnerabilities in Internet Explorer creates a mechanism for hackers to compromise targeted PCs. The vulnerabilities,unearthed by Chinese security researcher Liu Die Yu, enable malicious Web sites and viruses to bypass the security zone settings in IE6. Used in combination, the flaws might be exploited to seize control of vulnerable PCs. Proof of Concept exploits have been released by Liu Die Yu to validate his warnings. Microsoft has yet to patch the flaws. But users can protect themselves against the flaws by disabling active scripting or by using an...

Pantless driver charged over kiddie porn By KIM BRADLEY, SUN MEDIA TORONTO -- A man caught driving naked from the waist down while watching kiddie porn on his laptop has become the first man in Toronto charged for allegedly stealing an Internet connection. For the first time, Toronto police laid a theft of communications charge after busting a man driving the wrong way down a one-way street while downloading child porn using stolen wireless Internet signals. The slow-moving car was pulled over around 5 a.m. by a police officer who allegedly found the driver - with no pants on - watching...

A man caught driving naked from the waist down while watching kiddie porn on his laptop has become the first man in Toronto charged for allegedly stealing an internet connection. Toronto police laid a theft of communications charge after busting a man driving in the residential High Park area, the wrong way down a one-way street, downloading child porn using stolen wireless internet signals. The slow-moving car was pulled over around 5 a.m. on Wednesday by an 11 Division police officer who allegedly found the driver -- with no pants on -- watching a movie on his laptop of a...

US cybercrime push 'imperils personal security' of Americans By John Leyden Posted: 20/11/2003 at 12:27 GMT White House plans to ratify a Council of Europe Cybercrime treaty will be a disaster for the privacy and security of Americans, Privacy International (PI), the human rights watchdog, claims. President Bush this week urged Senators to back the adoption of the mutual assistance Treaty into US law. The Treaty, designed to streamline cooperation between signatory countries, will significant expand the power of investigators to access data and prosecute offences ranging from copyright infringement to "hate speech". PI warns that if the Senate ratifies...

Bush pushes for cybercrime treaty By Declan McCullagh Staff Writer, CNET News.com President Bush has asked the U.S. Senate to ratify the first international cybercrime treaty. In a letter to the Senate on Monday, Bush called the Council of Europe's controversial treaty "an effective tool in the global effort to combat computer-related crime" and "the only multilateral treaty to address the problems of computer-related crime and electronic evidence gathering." Even though the United States is a nonvoting member of the Council of Europe, it has pressed hard for the cybercrime treaty as a way to establish international criminal standards related...

<p>Rather than drafting narrowly targeted legislation to outlaw specific snooping tactics, Congress should establish broad online privacy rights to protect against secret online surveillance, the Center for Democracy and Technology said.</p> <p>Concern about spyware has grown over the past several years as online advertisers and song-swapping networks like Kazaa have placed programs on users' computers to monitor their activity or use their computers' processors for other activities.</p>

Administrators of e-mail systems based on Microsoft's Exchange might have spammers using their servers to send unsolicited bulk e-mail under their noses, a consultant warned this week. Aaron Greenspan, a Harvard University junior and president of consulting company Think Computer, published a white paper Thursday detailing the problem, discovered when a client's server was found to be sending spam. Greenspan's research concluded that Exchange 5.5 and 2000 can be used by spammers to send anonymous e-mail. He says even though software Microsoft provides on its site certifies that the server is secure, it's not. "If the guest account is enabled...

Encryption Promises Unbreakable Codes BRIAN BERGSTEIN Associated Press NEW YORK - Code-makers could be on the verge of winning their ancient arms race with code-breakers. After 20 years of research, an encryption process is emerging that is considered unbreakable because it employs the mind-blowing laws of quantum physics. This month, a small startup called MagiQ Technologies Inc. began selling what appears to be the first commercially available system that uses individual photons to transfer the numeric keys that are widely used to encode and read secret documents. Photons, discrete particles of energy, are so sensitive that if anyone tries to...

Nov. 13 — Here’s a sobering thought: While you’re looking at your computer, it may be looking back at you. There is easy-to-get, even free, software that lets anybody spy on you, anytime you are on your computer. LAST WEEK, KNTV and MSNBC.com examined online infidelity and found Internet temptation is quietly on the rise. It turns out, so is the prevalence of spy software designed to catch a cheating lover.

SAN FRANCISCO (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) on Tuesday released its latest batch of security updates to fix four new holes in its software, including three that are rated "critical." All of the holes could allow an attacker to run malicious code on a user's computer, the Redmond, Washington company said. The critical holes affect the Internet Explorer Web browser and Windows 2000 (news - web sites) and Windows XP (news - web sites). The two Windows holes do not affect Windows Server 2003. The IE hole is rated "moderate" for Windows Server 2003. An "important" rating was...

Flaws threaten Microsoft SEATTLE — Microsoft Corp.'s offer this week of cash bounties for informants who help it collar virus-writers reflects more than just an escalation of the war on those who would exploit the dominant power in software. The campaign reveals just how much of a threat to Microsoft's bottom line security flaws now represent. When the Blaster worm hobbled hundreds of thousands of computers around the world in August — only the latest plague to exploit a flaw in Windows operating systems — it also hurt Microsoft's ability to book new contracts with corporate customers. For the first...