Free Republic

SAN FRANCISCO (Reuters) - Security holes in Microsoft's Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills, computer experts cautioned on Friday. Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, which could prove an even more dangerous exploit, said Drew Copley, a research engineer at Aliso Viejo, California-based eEye Digital Security, who discovered the original security vulnerability. Such stealth programs can include keystroke loggers that record everything a person types or software...

<p>Three years ago, Patrick M. Kolla began noticing that some of the free software he had downloaded into his computer was sending him pop-up ads and keeping track of which Web sites he visited.</p> <p>Most people who discover such invaders sigh and click away the ads. But the young German computer programmer and self-described anarchist wrote what he calls a "quick and dirty" software tool to purge computers of such unwanted programs. He called it Spybot Search & Destroy.</p>

<p>A new mass-mailing virus is on the loose on the Internet, this one masquerading as a message from Microsoft Corp. about a cumulative security patch. Known as either Swen or Gibe, the virus is mainly found in Europe right now, but anti-virus experts say it has the potential to spread quickly and widely.</p>

Due to an increase in submissions, Symantec Security Response has upgraded W32.Swen.A@mm to Category 3, as of 6:30pm Thursday, September 18, 2003. W32.Swen.A@mm is a mass-mailing worm that attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer. The worm arrives as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail. W32.Swen.A@mm is similar to W32.Gibe.B@mm in function, and is written in C++. Also Known...

<p>Administrators and security specialists hoping for a breather now that Blaster has faded and SoBig.F has expired may be in for a long weekend.</p> <p>The nature of the new vulnerabilities revealed yesterday in the RPC DCOM implementation in Windows is so similar to the one that Blaster exploits that security experts believe it's only a matter of days, if not hours, before someone releases a worm to attack the new weaknesses. Even though it infected close to a million machines, experts say the Blaster worm was poorly coded and as a result did not do nearly the damage that a more efficient worm could have done. Blaster easily could be modified to work much better, and because the source code for the worm is readily available online, it's likely that someone is already at work on that task.</p>

SEATTLE POST-INTELLIGENCER http://seattlepi.nwsource.com/business/139286_msftliability12.html Should Microsoft be liable for bugs? Consumer advocates argue software makers should pay for damage from viruses Friday, September 12, 2003 By TODD BISHOP SEATTLE POST-INTELLIGENCER REPORTER A defect is found in one of the world's most popular products. Less than a month later, its consequences emerge -- idling workers around the globe, causing huge losses for businesses and generally inconveniencing hundreds of thousands of people. Under different circumstances, this scenario might be a class-action lawyer's dream. But the product in question is software, and the companies that make it claim special protections from liability through the...

On the night of Wednesday, August 27, two men dressed as computer technicians and carrying tool bags entered the cargo processing and intelligence centre at Sydney International Airport. The men, described as being of Pakistani-Indian-Arabic appearance, took a lift to the third floor of the Charles Ulm building in Link Road, next to the customs handling depot and the Qantas Jet Base. They presented themselves to the security desk as technicians sent by Electronic Data Systems, the outsourced customs computer services provider which regularly sends people to work on computers after normal office hours. After supplying false names and signatures,...

Computer Voting Is Open to Easy Fraud, Experts Say By JOHN SCHWARTZ The software that runs many high-tech voting machines contains serious flaws that would allow voters to cast extra votes and permit poll workers to alter ballots without being detected, computer security researchers said yesterday. "We found some stunning, stunning flaws," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins University, who led a team that examined the software from Diebold Election Systems, which has about 33,000 voting machines operating in the United States. The systems, in which voters are given computer-chip-bearing smart...

CYBER WAR! PBS Airdate: Thursday, April 24, at 9 P.M., 60 minutes   In the aftermath of September 11, as most intelligence gathering shifted to finding Al Qaeda cells throughout the world, one group at the White House decided to investigate a new threat—attacks from cyberspace. “In the past, you would count the number of bombers and the number of tanks your enemy had.  In the case of cyberwar, you really can’t tell whether the enemy has good weapons until the enemy uses them,” says Richard Clarke, former chairman of the White House Critical Infrastructure Protection Board. In “Cyber War!”...

Sheikh Abu Hamza, the extremist Muslim cleric, is facing imminent arrest on a US extradition warrant after a former close associate pleaded guilty to helping the Taliban. Hamza claimed yesterday that James Ujaama, an American convert to Islam, had been coerced into giving evidence against him that would lead to "a gross miscarriage of justice". Ujaama, 37, who ran Hamza's website and worshipped at his Finsbury Park mosque in north London, has struck a plea bargain agreement to give evidence against Hamza on terrorist allegations. He has already supplied the US authorities, who have designated Hamza as a key al-Qa'eda...

A brace of Microsoft security vulns pose risks for both home users and corporates. The more serious problem, involving Microsoft's virtual machine (Microsoft VM), which enables Java programs to run on Microsoft Windows, provides a mechanism for attackers to run amok on Windows PCs. Microsoft has released a fix designed to address the problem, which affects users of Windows 98, NT 4, Windows 2000, XP and Windows Me. Attacks including "changing data, loading and running programs, and reformatting the hard disk", might be possible, according to the low-fat version of Microsoft's alert. Well if that doesn't get consumers patching, what...

Over the past 18 months, the U.S. government has bought access to data on hundreds of millions of residents of 10 Latin American countries -- apparently without their consent or knowledge -- allowing myriad federal agencies to track foreigners entering and living in the United States. A suburban Atlanta company, ChoicePoint Inc., collects the information abroad and sells it to U.S. government officials in three dozen agencies, including immigration investigators who've used it to arrest illegal immigrants. The practice broadens a trend that has an information-hungry U.S. government increasingly buying personal data on Americans and foreigners alike from commercial vendors...

Stanford Report, February 4, 2003 Computerized voting lacks paper trail, scholar warns Warning of programming error, equipment malfunction and malicious tampering, computer scientists from around the country, led by Stanford Professor David Dill, say computerized voting machines should provide a voter-verifiable audit trail. "The problem is not really with computerized voting systems per se," Dill says. "The problem is really that there is no way to double-check the results. It's really a problem of accountability." More than 110 computer scientists and technologists from universities and laboratories across the nation have signed Dill's "Resolution on Electronic Voting," which states that...

Oracle admins are in for a busy time with the publication of no less than six vulnerabilities over the last week. Four of the vulnerabilities are buffer overflow flaws affecting various components of Oracle9i Database Server. Then there's two flaws affecting Oracle9i Application Server, which pose denial of service risks... or worse. Some are potentially very nasty indeed. Oracle describes them as critical and that's not the half of it... The buffer overflows in Database server involve: the ORACLE.EXE binary, the TO_TIMESTAMP_TZ function, the TZ_OFFSET function and DIRECTORY parameter of Oracle9i Database Server. These are explained in greater depth in...

<p>The Recording Industry Association of America may not want people to share digital files, but the organization certainly seems to be in favor of open access to its website.</p> <p>On Monday, the RIAA site was hacked for the sixth time in six months.</p>

Thieves who broke into a government contractor's office snatched computer hard drives containing Social Security numbers, addresses and other records of about 500,000 members of the military and their families. The company, Phoenix-based TriWest Healthcare Alliance, provides managed health care to the military in 16 states, including Minnesota. It serves about 1.1 million active-duty personnel, their dependents and retirees. TriWest spokesman Jim Kassebaum said Thursday that no one whose records were stolen has reported a fraud related to the Dec. 14 theft. ``There's a potential for identity theft,'' Kassebaum said. ``If you know anything about identity theft, it's a little...

Thieves who broke into a government contractor's office snatched computer hard drives containing Social Secu rity numbers, addresses and other records of about 500,000 service members and their families. The company, Phoenix-based TriWest Healthcare Alliance, provides managed health care to the military in 16 s tates, including Utah. It serves about 1.1 million active-duty personnel, their dependents and retirees. TriWest spokesman Jim Kassebaum said computer equipment stolen from a TriWest office in Phoenix on Dec. 14 c ontained names, addresses, phone numbers, medical claim histories, and Social Security numbers for beneficiaries in its central region, which covers the central United...

The Japanese government is contemplating to replace Microsoft Windows, used in much of its computer networks, with another operating system to bolster security. According to the local newspaper Asahi Shimbun, the planned move came in the wake of recent event of leakage of secure data from Japan's military network. Instead the government is looking the possibility of adopting open source programs like Linux. Reuters TOKYO: The Japanese government will consider replacing Microsoft Corp's Windows, used in much of its computer networks, with another operating system to bolster security, a newspaper said on Saturday. The safety of computer networks is under...

If only computer security did not have to involve people THE stereotype of the malicious hacker is a pale-skinned young man, hunched over a keyboard in a darkened room, who prefers the company of computers to that of people. But the most successful attackers are garrulous types who can talk their way into, and out of, almost any situation. In the words of Mr Schneier, the security guru, “Amateurs hack systems, professionals hack people.”Kevin Mitnick, perhaps the most notorious hacker of recent years, relied heavily on human vulnerabilities to get into the computer systems of American government agencies and technology...

Microsoft: "Our products aren't engineered for security" Friday 6 September 2002 Brian Valentine, senior vice-president in charge of Microsoft's Windows development, has made a grim admission to the Microsoft Windows Server .net developer conference in Seattle, USA. "I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division. In August the company put out eight security bulletins. This month it has released two, so far, with the latest urging users to patch a...