Free Republic

Linux/Unix e-mail flaw leaves system wide open By Matthew Broersma, Techworld Two serious security flaws have turned up in software widely distributed with Linux and Unix. The bugs affect Elm (Electronic Mail for Unix), a venerable e-mail client still used by many Linux and Unix sysadmins, and Mplayer, a cross-platform movie player that is one of the most popular of its kind on Linux. The Elm flaw involves a boundary error when the client reads an e-mail's "Expires" header. A specially crafted e-mail could exploit the bug to cause a buffer overflow and execute malicious code on a system, according...

A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict....

SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated. Investigators in the United States and Europe say they have spent almost a year pursuing the case involving...

Apple has announced the release of a security update for OSX.3.9 and lower. This apparently does not impact the users of OSX.4 Tiger. I suggest all Mac OSX users who have not updated to Tiger to use the Software Update option under the Apple menu to immediately update their computer's OS. Below is Apple's descriptions of the patches in this security update: -------------------------------- About Security Update 2005-005 This document describes Security Update 2005-005, which can be downloaded and installed using Software Update, or from Apple Downloads.For the protection of our customers, Apple does not disclose, discuss, or confirm security issues...

SYDNEY - Australian scientists believe they have developed an unbreakable information code to stop hackers, using a diamond, a kitchen microwave oven and an optical fibre. Researchers at Melbourne University used the microwave to "fuse" a tiny diamond, just 1/1000th of a millimetre, onto an optical fibre, which could be used to create a single photon beam of light which they say cannot be hacked. Photons are the smallest known particles of light. Until now, scientists could not produce a single-photon beam, thereby narrowing down the stream of light used to transmit information. "When it comes to cryptology, it's not...

UNITED PRESS INTERNATIONAL The nation's largest information security institute released its quarterly review of Internet threats today, highlighting the Web's growing vulnerability to a new form of online fraud called "pharming." The review also reveals that, for the first time, some security and anti-virus software is vulnerable to hackers, creating a dangerous high-level back door into users' systems. Analysts say pharming -- the redirecting of Internet users to Web pages without their knowledge -- could be used to obtain banking or other financial-services information.

iPods can be tools of espionage Graeme Kemlo APRIL 26, 2005 STOLEN laptops and lost PDAs embarrass governments and businesses. Paris Hilton's smartphone outed her contacts. But the new corporate security risk might be a seemingly innocent iPod. With gigabyte data capacities, they are the potential weak links in small-to-medium enterprises (SME) and corporate networks that are otherwise secured at significant effort and expense. Oscar Moren, Australian managing director of Pointsec Mobile Technologies, which specialises in encryption for all the main PC and mobile platforms and storage media, says Australian companies are only starting to understand how dangerous removable media...

COMPUTER criminals are coming up with ever stealthier ways to make money. Rather than attack PCs or email inboxes, their latest trick is to subvert the very infrastructure of the internet, the domain name system (DNS) that routes all net traffic. In doing so, they redirect internet users to bogus websites, where visitors could have their passwords and credit details stolen, be forced to download malicious software, or be directed to links to pay-per-click adverts. This kind of attack is called DNS cache poisoning or polluting. It was first done by pranksters in the early years of the internet, but...

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser. Details of the nine flaws were published on Mozilla's security Web site over the weekend. Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript. "There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious...

<p>Win4Lin Pro™ is the flagship product of the Win4Lin product family. Using Win4Lin’s high performance virtual computing environment (VCE), Win4Lin Pro runs virtually any Windows 2000 or Windows XP application as intended, without the need to patch the host operating system (e.g. no need to patch the Linux kernel). This next generation product is the perfect solution for the technical workstation, home, or enterprise Linux user. Organizations wishing to migrate to Linux need wait no longer because they can now run those Windows legacy business applications that until now have prevented them from moving forward.</p>

NEW YORK - The company behind those floating ads that dance across Web pages has developed a way to restore the data profiles that many privacy-conscious users try to delete from their computers. Most users don't know what they are doing when they run antispyware programs that delete the profiles, known as cookies, said Mookie Tenembaum, founder of United Virtualities Inc. By deleting cookies, he said, users thwart efforts by Web sites to prevent the same ads from appearing over and over. Tenembaum said visitors are also forced to repeatedly enter usernames and passwords, which are sometimes stored in the...

Over the last four years, I've been saying that instant messaging (IM) is a security threat waiting to happen. While a few random computer viruses over the years have exploited IMs, there's been a definite uptick in IM-borne virus activity within the last few weeks. Most of these IM-borne viruses have targeted MSN Messenger, although the ever popular AOL IM is not without its own problems. Microsoft's recent announcement regarding greater IM capabilities within Microsoft Office, however, could set the stage for faster and more efficient computer virus attacks in the very near future.

As you're clicking away at your keyboard, you may be turning your telephone modem over to Internet thieves who make international calls and a profit at your expense. That's modem hijacking. New York lawmakers on Monday announced what apparently is a first of its kind measure in the nation to target the practice, which is estimated to run up millions of dollars in illicit phone calls for Americans whose service is stolen through dial-up connections from personal computers. "They are very creative in doing what they do," said Sen. James Wright, of northern New York's Jefferson County. He said the...

Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005. The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the...

DVForge Virus Prize offered, rescinded Mac and iPod peripheral maker DVForge Inc. recently sponsored a US$25,000 prize to be awarded to the first hacker who could infect two Macintosh (news - web sites) computers owned by the company. Less than a day later the company announced the cancellation of the contest, citing legal concerns. The impetus for creating the contest was a recent report from antivirus software maker Symantec Corp. "It is now clear that the Mac OS is increasingly becoming a target for the malicious activity that is more commonly associated with Microsoft and various Unix (news - web...

SAN FRANCISCO -- Hacker attacks on Apple Computer Inc.'s Macintosh OS X operating system, thought by many who use the Mac to be virtually immune to attack, are on the rise, according to a report from anti-virus software vendor Symantec Corp.

A computer program designed to help parents protect youngsters from predators has received wide acceptance in Southfield, according to police Chief Joseph E. Thomas Jr. It also has an unintended - and surprising - consequence, Thomas advised the council at its March 7 meeting, when he outlined some of his department's successes. Some wives are surprised to learn their husbands may have been viewing pornography on the Internet, Thomas said. The program, called "Computer Cop," was introduced last fall as police officials became increasingly concerned about youngsters talking to strangers in Internet chat rooms. "Many of these youngsters who disappear...

Internet security takes a hit Report says computer-code experts concerned after flaw discovered in popular encryption technique. NEW YORK (CNN/Money) - The discovery of a crack in a commonly used Internet encryption technique raised concerns among government agencies and computer-code experts, according to a report by The Wall Street Journal. "Our heads have been spun around," Jon Callas, chief technology officer at encryption supplier PGP Corp., told the newspaper. The technique, called a "hash function," has been commonly used by Web site operators to scramble online transmissions containing credit-card information, Social Security numbers and other personal information. Hash functions were...

Never before in the history of telecommunications has a more important warning been needed for current and potential VoIP (computer phone) users who have joined, or will be joining, in the inevitable paradigm shift from telephone to VoIP. Warning! Warning! Warning! Beware of VoIP internet service providers that operate on industry standard codec and industry standard protocols because they are PUBLICLY OPEN and INTERPRETABLE! This also includes, but is not limited to, peer-to-peer (P2P) networks. In plain terms, this means, if you subscribe to, or considering subscribing to a VoIP internet solution provider who operates on these industry standards –...

WASHINGTON (Reuters) - A software vendor that tried to drum up sales by offering to clean up nonexistent computer "spyware" has been temporarily shut down, U.S. regulators said on Friday. The makers of Spyware Assassin tried to scare consumers into buying software through pop-up ads and e-mail that warned their computers had been infected with malicious monitoring software, the Federal Trade Commission said. Free spyware scans offered by Spokane, Washington-based MaxTheater Inc. turned up evidence of spyware even on machines that were entirely clean, and its $29.95 Spyware Assassin program did not actually remove spyware, the FTC said. A U.S....