Free Republic

New Mydoom variant carries dangerous payload By Edward Hurley, News Writer 25 Feb 2004 | SearchSecurity.com Yet another Mydoom worm has hit but instead of targeting Linux-foe The SCO Group, the new variant targets Web sites of eternal whipping boy Microsoft and song-swapper foe Recording Industry Association of America. Functionally, Mydoom-F is very similar to Mydoom-A. So much so that experts think the creator of the variant used the source code of Mydoom-A to create it. Mydoom-B dropped the source code of Mydoom-A when it was spreading so the code is generally available. Mydoom-F does something different than its...

<p>Peiter Mudge Zatko is giving up. Zatko is the legendary computer cracker who cofounded Lopht Heavy Industries, a Boston hacker collective that proudly shattered computer security systems and then announced their achievements to the world.</p> <p>Long ago, Zatko went straight, using his skills to build digital moats and barricades around corporate and government computer systems. The work is interesting, and the pay is good. And yet Zatko's efforts have achieved little: No matter how good the defenses he erects, the bad guys find a way in.</p>

'India call centre staff bribed' Pete Warren, Evening Standard 10 February 2004 STAFF at call centres in India are being bribed by organised crime and industrial spies to them help hack into the computer systems of British firms. In at least two recent cases, local IT staff working on the sub-continent for UK institutions were involved in what industry sources say were 'security issues' in what is described as the tiniest fraction of a far larger problem. In one case, sensitive financial information and credit card details were apparently illegally taken from a leading British financial institution. A spokesman for...

Did Republican staffers commit a crime by clicking on the "My Network Places" icon to access Democratic memos, asks SecurityFocus columnist Mark Rasch. Politics is dirty business, and rarely so much as in the area of patronage: appointments to sought-after federal jobs in general, and to the federal bench in particular. So it should be little surprise that, with so much at stake, one political party would want to use the insecurity inherent in computerized databases to its political advantage. What is surprising, however, is that, caught with their hand in the cookie jar, Senate Republicans employed the tactic of...

Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. Millions of computers have been hit in recent years by ads and PC-monitoring software that comes bundled with popular free downloads, notably music-swapping programs. The problem has attracted dozens of companies seeking to profit by promising to root out the offending software. But some software makers are exploiting the situation, critics allege, turning demand for antispyware software into a launch pad for new spyware attacks. A small army of angry Web users has set up a...

Well, it finally happened. Right before Christmas, I had a little visit from the FBI. That's right: an agent from the Federal Bureau of Investigation came to see me. He had some things he wanted to talk about. He stayed a couple of hours, and then went on his way. Hopefully he got what he wanted. I know I did. Let me explain. I teach technology classes at Washington University in St. Louis, a fact that I mentioned in a column from 22 October 2003 titled, "Joe Average User Is In Trouble". In that column, I talked about the fact...

A fast-spreading mass-mailing virus has emerged as an unlikely weapon in the ongoing 'Linux War' between the SCO Group (Quote, Chart) and the open-source community. Anti-virus experts have increased the threat level on the W32.Novarg.A@mm (MyDoom) virus, which is spreading like wildfire through e-mail in-boxes worldwide and is programmed to launch a massive distributed denial-of-service (DDos) attack against the SCO home page. "This one is pretty bad. It's widespread and it only looks to be increasing," said Chris Belthoff, a senior security analyst at Sophos, Inc. "This takes the Linux Wars to a new intensity. It appears that the author...

Report Finds Risks in Internet Voting by Americans Overseas A $22 million system to allow soldiers and other Americans overseas to vote via the Internet is inherently insecure and should be abandoned, according to a report by computer security experts asked to review the new program. The system, the Secure Electronic Registration and Voting Experiment, or Serve, was developed with financing from the Defense Department and will first be used in the primaries this year. Advertisement The review, requested by the government, noted that experts had voiced increasingly strong warnings about the reliability of electronic voting systems. It said the...

Bagle computer virus unleashedComputer users are being warned about a new virus which has spread at "an alarming rate".Internet security firm MessageLabs says it has detected more than 70,000 copies of the W32/Bagle-mm virus in the past 24 hours.The computer virus, or worm, is contained in infected emails as an attachment.The aim of the worm is to spread further by looking for new email addresses in the infected computer, such as in the user's list of contacts.Experts at MessageLabs say it appears the worm is also programmed to send details about all infected computers to website addresses in Germany, though...

Flaws raise red flag on Linux security But many users remain confident about the security of the open-source environment Story by Jaikumar Vijayan JANUARY 09, 2004 ( COMPUTERWORLD ) - A report earlier this week about a critical flaw in the Linux kernel was the latest in a series of recently discovered security problems with the popular open-source operating system. But many users were unfazed by the report and said Linux remains a solid and secure environment for running enterprise applications. Poland-based iSec Security Research on Monday said it had found a critical flaw in a function used to manage...

Security companies are warning Internet users about a new Trojan horse program spreading via spam e-mail and masquerading as a Windows XP software update from Microsoft.      Advertisement                The program, known as "Xombe" or "Dloader-L," arrives as an executable attachment in spam e-mail messages purporting to come from windowsupdate@microsoft.com and installs itself on victim's computers when users open the attachment. Once installed, Xombe connects to a Web site, then downloads and installs another program, called Mssvc-A, which is a Trojan horse program that conscripts victim computers in distributed denial of service attacks against Web pages,...

Name: Security problems in Ethereal 0.9.16 Docid: enpa-sa-00012 Date: December 12, 2003 Severity: High Description: Serious issues have been discovered in the following protocol dissectors: Selecting "Match->Selected" or "Prepare->Selected" for a malformed SMB packet could cause a segmentation fault. It is possible for the Q.931 dissector to dereference a null pointer when reading a malformed packet. Impact: Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code. Resolution: Upgrade to 0.10.0. If you are running a version prior...

A simple hack to Word's password-protection feature means documents may not be as secure as users believe. No fix is on the way, says Microsoft Microsoft Word documents that use the software's built-in password protection to avoid unauthorised editing can easily be modified using a relatively simple hack that was published on a security Web site last Friday. The password-protection feature in Microsoft Word -- activated by clicking on Tools/Protect Document -- can be bypassed, disabled or deleted at will, with the help of a simple programming tool called a hex editor. The hack does not leave a trace, meaning...

A Cincinnati man who plead guilty Thursday to cracking and cloning giant consumer databases was only caught because he helped out a friend in the hacker community. Daniel Baas, 25, plead guilty Thursday to a single federal felony count of "exceeding authorized access" to a protected computer for using a cracked password to penetrate the systems of Arkansas-based Acxiom Corporation -- a company known among privacy advocates for its massive collection and sale of consumer data. The company also analyzes in-house consumer databases for a variety of companies. From October, 2000 until last June, Baas worked as the system administrator...

An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information.Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back. The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other...

Symbiot Security Releases S.A.R.A. Thursday December 18, 12:23 pm ET AUSTIN, Texas--(BUSINESS WIRE)--Dec. 18, 2003--Symbiot Inc. today announced the general availability of S.A.R.A. (Symbiot Artificial intelligence for the Remediation of Attack planning), a patent pending, military-class artificial intelligence for network security. With the equivalent of over 10 lifetimes of experience in network security, S.A.R.A. discovers potential compromises that would otherwise go undetected because they involve attack plans with a large number of steps. Such attacks often exploit several "minor" vulnerabilities spanning multiple machines and networks. "The most critical vulnerabilities are not always the ones which in isolation appear to be...

Macs Are Not Invulnerable Windows Isn’t the Only System With Serious Flaws Commentary By Lance Ulanoff PC Magazine Dec. 11— I know this is wrong, but in one respect I was happy to learn earlier this month about the discovery of a significant security hole in the Jaguar and Panther versions (10.2 and 10.3, respectively) of the Apple operating system (OS). I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts. I generally counter with what is apparently a secret carefully hidden from Mac zealots: "That's because only a...

InformationWeek Danish information security consulting firm Secunia is warning Microsoft Internet Explorer users of a vulnerability that could enable Internet fraudsters to create more-realistic and authentic-looking fake Web sites. Secunia says it has found an "input validation" error in Internet Explorer. By exploiting this vulnerability, known as a URL-spoofing vulnerability, attackers can display any URL name they wish in the address and status bars of IE. This flaw would make it appear to Internet users that they're visiting a banking Web site, for example, when that site is actually a front for fraudsters attempting to collect sensitive financial information. Secunia...

December 12, 2003Linux in the Security Crosshairs By Jim Wagner Compared to Windows, Linux has enjoyed a reputation as a stable and secure operating systems (define), thanks in large part to an enthusiastic open source community that plugs holes before they create problems. But Linux's growing popularity is attracting unwanted attention from virus writers, script kiddies (define) and other criminal elements. In response, Linux advocates are putting a new emphasis on security measures and working to reassure companies that the OS is ready for important business networks. "There has been a lot of change in the attractiveness of Linux as...

Internet Explorer URL Spoofing Vulnerability Secunia Advisory: SA10395 Release Date: 2003-12-09 Last Update: 2003-12-11 Critical: Moderately critical Impact: ID Spoofing Where: From remote Software: Microsoft Internet Explorer 6 Description: A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. Successful exploitation allows a malicious person to display an arbitrary...