Free Republic

A flaw in Sun Microsystems' Java software has highlighted the difficulty the company faces as flocks of tech novices start to turn to it for support. Sun disclosed a serious security flaw in its Java virtual machine (JVM) software last month. The rare problem, which affects Sun's plug-in for running Java on a variety of Web browsers and operating systems, could allow a virus to spread through PCs running both Microsoft Windows and Linux. A flaw-free version of the JVM software is available on Sun's Web site, and the company is encouraging people to swap it out. But some users...

A program that spies on keystrokes and mouse clicks to capture passwords and other personal information from computer users has begun circulating disguised as a screensaver purporting to attack spam-related websites. This “Trojan horse” program is the latest twist in a controversial saga that began with the release of an anti-spam screensaver by Lycos Europe on 30 November. The www.makelovenotspam.com screensaver aimed to clog up the bandwidth of spam sites by barraging them with fake data. Experts believe the new trojan program may have been developed in retaliation to the Lycos screensaver, perhaps to deter users from downloading the it...

A European security vendor warned Wednesday that most browsers sport a bug that hackers can exploit to spoof a Web site and trick users into trusting bogus pop-up windows. The vulnerability, which Danish security firm Secunia rated as "moderately critical" is similar to previous bugs in browsers that was disclosed in July and September of 2004. Attackers could use it to add content into a trusted Web site's window by, for instance, inserting a fake form in a pop-up window seemingly opened by that site. Affected browsers, said Secunia, include the popular Internet Explorer and the up-and-coming Firefox, as well...

Microsoft published a patch for Internet Explorer on Wednesday, aiming to close a month-old hole that has been used by viruses to spread and by an ad banner attack to compromise PCs.The vulnerability, dubbed the Internet Explorer Elements flaw by Microsoft, had previously been called the iFrame vulnerability. The issue--which does not affect Microsoft's major Windows XP security update, Service Pack 2--could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Most home users tend to log onto Windows as administrators. A Microsoft representative said the software giant had released...

Unprotected PCs Fall To Hacker Bots In Just Four Minutes By Gregg Keizer, TechWeb.com The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker. In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet. The six machines were equipped...

The site has multiple forums for various computing problems, but the overwhelming number of inquiries in the last year has dealt with spyware, which on the site has a variety of less neutral names, "scumware" being one of the more polite. Scumware had been an epidemic; in the last year it grew into a pandemic, said Steve Wechsler, one of those drawn to Eshelman's site. Wechsler was tending bar at a public golf course in South San Francisco when he bought his first computer less than a decade ago. "I brought it home and turned it on, clicked on Netscape...

WASHINGTON--Next time you make a printout from your color laser printer, shine an LED flashlight beam on it and examine it closely with a magnifying glass. You might be able to see the small, scattered yellow dots printer there that could be used to trace the document back to you. According to experts, several printer companies quietly encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. Governments, including the United States, already use the hidden markings to track counterfeiters. Peter Crean, a senior research fellow at Xerox,...

Deep study: The world's safest computing environment news alert London, UK - 2 November 2004, 02:30 GMT - The most comprehensive study ever undertaken by the mi2g Intelligence Unit over 12 months reveals that the world's safest and most secure 24/7 online computing environment - operating system plus applications - is proving to be the Open Source platform of BSD (Berkley Software Distribution) and the Mac OS X based on Darwin. This is good news for Apple Computers(AAPL) whose shares have outperformed the benchmark NASDAQ, S&P and Dow indices as well as Microsoft (MSFT) by over 100% in the last...

In less than two years, CoolWebSearch has become the bane of the computing industry. Its programmers have managed to reset Web browsers so that searches get rerouted to the CoolWeb search engine. And any time anti-spyware engineers find a way to stop the hijacking, a new variant pops up, sneakier than its predecessor. There are now dozens. "It's a cat-and-mouse game almost," said Tim Bryan, an InterMute Inc. software developer in charge of fighting CoolWebSearch. There are less pernicious forms of spyware, of course. And there is what's more properly termed adware because many such programs don't actually harvest data...

SEATTLE (AP) - The people who call Dell Inc.'s customer service line often have no idea why their computers are running so slow. The ones who call America Online Inc. can't necessarily explain why Internet connections keep dropping. And those who file error reports with Microsoft Corp. don't always know why their computers inexplicably crash. Sometimes, the company that gets the complaint is rightly to blame. But with alarming frequency, officials at these and other technology companies say they are tracing customer problems back to one culprit: spyware. In the past year, spyware problems have become especially pernicious, leaving companies...

Salinas, Calif. — Though less than a year old, the PC took more than åfive minutes to start up and never shut down without stalling on error messages. Attempts to Web surf generated at least a half-dozen pop-up ads and — frequently — system freezes. Internet Explorer's home page was hijacked. Attempts to reach some sites, including eBay — were redirected to random search engines that only called up more ads. Google search results were altered. And the modem, without permission, tried to dial distant lands in search of porn. Welcome to the nasty world of a PC infected with...

Gmail accounts 'wide open to exploit' - report By John Leyden Published Friday 29th October 2004 16:50 GMT Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports.The security flaw allows full access to users' accounts, with no need of a password, Israeli news site Nana says . Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of...

New Trojan Kills Adware Program isn't entirely benevolent: it also downloads files to infected PCs. Paul Roberts, IDG News Service Thursday, October 07, 2004 A new Trojan horse program that attacks and removes troublesome advertising software, known as "adware," is circulating on the Internet, according to antivirus company Symantec. The program, called Downloader.Lunii, was discovered earlier this week. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii is not entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and...

WASHINGTON - Companies and others that secretly install "spyware" programs on people's computers to quietly monitor their Internet activities would face hefty federal fines under a bill the House passed Tuesday. The most egregious behaviors ascribed to the category of such software — secretly recording a person's computer keystrokes or mouse clicks — are already illegal under U.S. wiretap and consumer protection laws. The House proposal, known as the "Spy Act," adds civil penalties over what has emerged as an extraordinary frustration for Internet users, whose infected computers often turn sluggish and perform unexpectedly. The bill, sponsored by Rep. Mary...

According to communications firm Energis, online crime appears to be occurring in cyclical patterns related to the creation of botnets--zombie armies of PCs that have been taken control of without the owners' knowledge. "When you see the creation of zombie networks, you can almost see the life cycle of a spam and virus attack," said Malcom Seagrave, head of security strategy for Energis. "It's the same with DDoS [denial-of-service] attacks and those who steal data." "It's almost predictable. We can't prove it, but we think they are related. They are well-organized and they are beating the security industry." Seagrave said...

Security experts have been expecting such images to turn up after Microsoft revealed a weakness in the way Windows handles the popular Jpeg format. Soon after this discovery, a program started circulating online that was written to exploit this bug. The poisoned images were posted to a porn newsgroup at the weekend and were found by Usenet provider Easynews. Early warning Poisoned pictures containing the bug have been widely predicted following the discovery of the Jpeg bug that afflicts more than a dozen Microsoft programs. To fall victim to the poisoned pictures, users must view it using Windows Explorer. VULNERABLE...

DEFCON is the self-described "largest underground hacking event in the world". Official events include numerous speakers, panels, hacking and trivia contests, and the DC Shoot (geeks with guns in the desert sun). Unofficial events include parties, all-you-can-eat sushi, and a visit to the Gun & Knife show at Cashman Center. Some people think it's worth the $80 price of admission just to see the circus, to observe the hacker hangers-on baking in their de-facto uniform of black T-shirts and jeans.

Microsoft notifies certain customers of upcoming security patches as much as five days in advance. Microsoft will release a new "critical" security patch for the Microsoft Windows operating system on Monday, JUly 26th, 2004. Microsoft provides advance notice to certain customers of upcoming patch releases. For example, late last week Microsoft sent the following email to Fortune-500 customers: On MONDAY 26 JULY 2004 the Microsoft Security Response Center is planning to release: - One Microsoft Security Bulletin affecting Microsoft Windows. The greatest maximum severity rating for this security update is Critical. This security update will require a restart. Although we...

First Windows CE virus emerges Virus known as 'Dust' demonstrates holes in Win CE running on ARM processors By David Legard, IDG News Service A virus designed to demonstrate security holes in Microsoft Corp.'s Windows CE operating system but not to cause damage was identified by security companies over the weekend. The WinCE4.Duts.A virus (sometimes known as Dust) only affects devices running ARM Ltd. processors and infects Pocket PC PE files in the root directory, according to Bucharest-based Softwin S.R.L., which first reported the virus on Saturday. It raises a dialog box which asks "Dear User, am I allowed to...

Windows is more secure than you think, and Mac OS X is worse than you ever imagined. That is according to statistics published for the first time this week by Danish security firm Secunia. The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm. Each product is broken down into pie charts demonstrating how many, what type and how significant security holes have been in each. One thing the hard figures have shown is that OS...