Free Republic

Microsoft rolls out AntiSpyware By SearchSecurity.com Staff06 Jan 2005 | SearchSecurity.com Windows users can now download the beta version of Microsoft's AntiSpyware, and a new malware-removal tool will be released Jan. 11, the software giant announced Thursday. "Customers have told us that they need solutions that make it easier to keep computers protected from emerging and ever-changing threats," Mike Nash, corporate vice president of Microsoft's Security Business and Technology Unit, said in a statement. "The solutions we're announcing today will offer customers additional resources to help to protect their PCs against spyware and viruses on an ongoing and predictable...

Microsoft has announced that it will release three patches for its Windows operating system next week. The fixes, which will carry a maximum threat rating of "critical," will be issued Tuesday, the company said. Under its two-month-old advance notification program, Microsoft typically gives the public early notice of the number of updates it plans to deliver and of the severity of the vulnerabilities the updates fix. The only other detail the software giant revealed Thursday was that people may have to restart their Windows systems for the patches to take effect. Microsoft did not say whether the patches will fix...

Disable Internet Explorer Active X support, turn off the "drag-and-drop" or "copy-and-paste files" option across a domain, or switch to another Web browser unless you want to face a Hack attack on your PC, warns the security firm Secunia. They have discovered three very critical flaws in the IE and have issued security notice on its website. The company has rated the flaw as of a very high risk nature and has said that this is their last warning for people to secure their data. “The flaw affects IE 6, and can enable hackers to run pornographic dialers to be...

A vulnerability in Firefox could expose users of the open-source browser to the risk of phishing scams, security experts have warned. The flaw in Mozilla Firefox 1.0, details of which were published by security company Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box that pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source of the download. Mikko Hypponen, director of antivirus research at software...

Solid reputation paints bull's-eye on Mozilla's Firefox Free Web browser is known to be virtually impregnable to viruses and pop-ups, but it isn't hack-proof Sarah Stables CanWest News Service Thursday, January 06, 2005 A reputation for being virtually impregnable to viruses, pop-ups and other nasties of the Web is driving millions of fed-up computer users to ditch Internet Explorer in favour of the supposedly hack-proof alternative, Firefox, Mozilla's free Web browser. There's only one problem: the upstart isn't hack-proof at all. The evidence is at K-Otic.com, a Web site where hackers and security experts post their latest "exploits" - coded...

JANUARY 05, 2005 (IDG NEWS SERVICE) - Spyware legislation that would allow fines of up to $3 million for makers of software that steals personal information from a user's computer or hijacks its browser will get a second look after the U.S. Congress failed to pass the legislation in 2004. Rep. Mary Bono (R-Calif.) reintroduced an antispyware bill yesterday that passed the House of Representatives last year but failed in the Senate. The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, defines most functions performed by so-called spyware as unfair business practices subject to U.S. Federal Trade Commission...

Tuesday, January 04, 2005 Microsoft Readies 'A1' Security Subscription Service By Mary Jo Foley Microsoft's anti-virus/anti-spyware strategy is taking shape. Sources say Redmond's prepping a fee-based bundle, which could go beta soon. Publicly, Microsoft continues to be cagey about packaging and pricing plans for its anti-spyware and anti-virus solutions. But privately, Microsoft has begun informing partners of its plans for a security subscription service code-named "A1," according to developers who requested anonymity. Microsoft bought anti-virus vendor GeCAD in the summer of 2003, and anti-spyware maker Giant Company Software last month. As to how it plans to deliver these technologies, Microsoft...

A newly discovered flaw in Firefox could allow cybercriminals to take advantage of Web surfers A vulnerability in Firefox could make users of the open source browser more likely to fall for phishing scams. The flaw in Mozilla Firefox 1.0, details of which were published by Secunia on Tuesday, allows malicious hackers to spoof the URL in the download dialog box which pops up when a Firefox user tries to download an item from a Web site. This flaw is caused by the dialog box incorrectly displaying long sub-domains and paths, which can be exploited to conceal the actual source...

IPV6/INTERNET2 ARTICLE IGNITES INTERNET FIRESTORM An FMNN story pointing out privacy concerns related to IPv6 received emphatic responses & thousands of page views across the Internet. (See sample FMNN feedback and responses, below, following article.) FMNN Technology and New Media CorrespondentPeople should be alarmed when a fire starts. IPv6 with Internet2 is a firestorm waiting to happen. That was the thesis of my reporting in mid-December 2004 about IPv6 and Internet2 (apparently my effort was one of the first to truly grapple with the potentially troublesome nature of this new technology). The commentary I have received on the article –...

My computer is set to advise me if a site I am going to is trying to download something onto my computer and gives me the option to download or cancel. I just went to Drudge's site and got a warning about an attempted download. Drudge has been dumping at 3 to 7 spyware programs on my computer each time I visit - I've checked by clearing all spyware and then going to his site and checking again. That's bad enough. But, now to have direct downloads from from Drudge, that is not alright. Likely it is from the same...

British Web monitoring and metrics firm Netcraft has released a toolbar for Internet Explorer that can help people sidestep phishing scams. British Web monitoring and metrics firm Netcraft has released a toolbar for Internet Explorer that can help people sidestep phishing scams. Dubbed Netcraft Toolbar, the free-of-charge plug-in to Microsoft's popular IE browser uses Netcraft's database of web site information to show several attributes of any visited site, including its country location, longevity, and popularity. Those reactive features -- most phishing sites are short-lived, for instance, and typically hosted in countries like China and Russia -- are combined with a...

A new Trojan horse - named Phel - that punishes users of Microsoft Windows XP operating system is in the wild. Security software firm Symantec has issued a bulletin warning Windows XP users to be on the look out for the program, which is distributed as an .html file. The malicious code can attack systems running XP Service Pack 2. The vuln was first found in October, and Microsoft is busy trying to catch up to it. "Microsoft is taking this vulnerability very seriously, and an update to correct the vulnerability is currently in development," the company told ComputerWorld....

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking. The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched. All currently-supported versions of Windows -- Windows NT, 2000, XP, and Windows Server 2003 -- are affected by the three flaws,...

Symantec Corp.'s Security Response service on Friday confirmed that unpatched Windows vulnerabilities could pose a serious risk for exploits via malicious Web pages and e-mail messages. One of the three security vulnerabilities involves image handling—a source of recent exploits on Windows and Unix (news - web sites) operating systems. The other two risks are found in the Help system and in Window's ANI (Automatic Number Identification) authentication. Symantec said the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability could be exploited via browsers or e-mail client software. Users who open an HTML message or Web page bearing the image could...

Microsoft bought anti-spyware technology this week to protect its Internet Explorer browser from surging rivals like Mozilla's Firefox, a group of Gartner analysts said Friday. Thursday, Microsoft announced that it was purchasing the New York-based Giant Company Software, and would release a beta edition of a spyware-fighting program for Windows 2000 and XP within 30 days. Spyware is the broad term that defines software installed without users' knowledge or permission, and covers everything from relatively benign adware that tracks Web sites visited to malicious key loggers that record every keystroke in the hope of stealing passwords and financial account info....

December 17, 2004 Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online. The flaws, which range from minor slip-ups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate-level course at the University of Illinois at Chicago. The advisories regarding the flaws were dated Wednesday and can be found on the website of student James Longstreet. Bernstein, a professor of computer science at the university, did not...

Schneier on Security A weblog covering security and security technology. December 13, 2004 Safe Personal Computing I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, "Nothing--you're screwed." But that's not true, and the reality is more complicated. You're screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet. Two years ago, I published a list of PC security recommendations. The idea was to give home users concrete actions they could take to improve security. This is an...

The Linux operating system has many times fewer bugs than typical commercial software, according to an upcoming report. The conclusion is the result of a four-year research project conducted by code-analysis company Coverity, which plans to release its report on Tuesday. The project found 985 bugs in the 5.7 million lines of code that make up the latest version of the Linux core operating system, or kernel. A typical commercial program of similar size usually has more than 5,000 flaws or defects, according to data from Carnegie Mellon University. "Linux is a very good system in terms of bug density,"...

Before she begins work each morning, Kate Prior must enter eight computer passwords. Each must contain at least eight characters, and most require letters and numbers. Every three months, she must change them all. How does the 28-year-old monitor of drug trials remember her passwords? Easy: They're written on a blue Post-It note affixed to her computer. Ms. Prior knows that her display threatens to undermine the very security that passwords are supposed to promote. "The IT people yell at me," she says, referring to her company's information-technology staff. But she prefers the occasional scolding to the alternative: forgetting a...

Many popular browsers are affected by a vulnerability that makes it easy to spoof the content of websites, security firm Secunia warns. Features built into browsers makes it possible for malicious websites to change the content of pop-up windows created by trusted websites such as online banks. Users would have no inkling that potentially hostile content has been injected into a pop-up window. Exploits rely on misusing browser functionality rather than taking advantage of a software bug. Thomas Kristensen, Secunia’s chief technology officer, described the problem as “perhaps the simplest phishing trick yet.” Secunia has confirmed the vulnerability on fully...