Free Republic

Search engine operator Google has blocked ads that attempt to exploit security holes in the Internet Explorer. In the past few days, Google has been displaying context-sensitive ads on the right margin from its program partner AdWords that link to sites with dangerous JavaScript for various search terms such as "Preisvergleich" (price comparison) and "Gebraucht PC" (used PC). If you clicked on one of the links in the Internet Explorer, a JavaScript attempted to install spyware on your system. And the normal list of hits also included a lot of sites with Trojans. This Monday, Google reacted to the problem...

For a market segment Microsoft was said to have won decisively in the mid-1990s, the company spent a lot of time in 2004 putting out fires on the browser front. Like the ghost of the Netscape browser rising to haunt its slayer, Firefox emerged with a vengeance from the Mozilla open-source group, which was founded by Netscape in 1998 and last year spun off by parent company Time Warner. Firefox started off the year a prerelease, name-challenged project by a group that had lost much of its credibility after chronic delays and significant setbacks. But Firefox ended 2004 as a...

A new Trojan horse - named Phel - that punishes users of Microsoft Windows XP operating system is in the wild. Security software firm Symantec has issued a bulletin warning Windows XP users to be on the look out for the program, which is distributed as an .html file. The malicious code can attack systems running XP Service Pack 2. The vuln was first found in October, and Microsoft is busy trying to catch up to it. "Microsoft is taking this vulnerability very seriously, and an update to correct the vulnerability is currently in development," the company told ComputerWorld....

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking. The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched. All currently-supported versions of Windows -- Windows NT, 2000, XP, and Windows Server 2003 -- are affected by the three flaws,...

Spyware used to be defined as applets, cookies or any other method used to collect statistics on your browsing habits. Gone are the days of such a benign interpretation. Spyware has evolved into a problem that surpasses those posed by traditional worms, viruses and Trojans. Today, these once relatively innocuous apps have evolved from anonymous, and often invisible, traffic statistics gatherers into beasts capable of crippling your PC's performance by installing unwanted toolbars, pop-up ads, desktop icons and many other nuisances. If that's not bad enough, some Spyware will modify system files, change security zone settings, keylog your sessions, spawn...

Schneier on Security A weblog covering security and security technology. December 13, 2004 Safe Personal Computing I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, "Nothing--you're screwed." But that's not true, and the reality is more complicated. You're screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet. Two years ago, I published a list of PC security recommendations. The idea was to give home users concrete actions they could take to improve security. This is an...

Even SP2 versions of Microsoft's Internet Explorer are vulnerable to a spoofing exploit published yesterday. A vulnerability researcher posted details of a dangerous Internet Explorer (IE) flaw on Thursday that allows phishers to spoof Web sites more realistically than ever before. According to security company Secunia, Paul from Greyhats -- a research group -- has published details of a vulnerability that can be exploited to spoof the content of any Web site. Using the exploit, scammers are able to manipulate all versions of IE, including Windows XP SP2 -- the latest and most secure version of the browser -- and...

A security firm named the top 10 spyware threats this week, saying that the secretly-installed software poses an "insidious" threat to consumers and corporations alike. Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with Internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause. "We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness." Each of the ten spyware programs cited by Webroot was spotted...

New Trojan poses as Lycos spam page Correspondents in Paris December 10, 2004A VIRUS that spies on keystrokes and downloads passwords and bank account details is masquerading as a screensaver designed by internet portal Lycos to attack spammers, an internet security company has warned. Finnish anti-virus company F-Secure said the so-called Trojan horse started to be distributed among emails on Monday. The mail has the subject line "Be the first to fight spam with Lycos screen" and comes with an attachment entitled "Lycos screensaver to fight spam," F-Secure said on its website. Whoever downloads it unwittingly installs a spying programme...

A European security vendor warned Wednesday that most browsers sport a bug that hackers can exploit to spoof a Web site and trick users into trusting bogus pop-up windows. The vulnerability, which Danish security firm Secunia rated as "moderately critical" is similar to previous bugs in browsers that was disclosed in July and September of 2004. Attackers could use it to add content into a trusted Web site's window by, for instance, inserting a fake form in a pop-up window seemingly opened by that site. Affected browsers, said Secunia, include the popular Internet Explorer and the up-and-coming Firefox, as well...

Unprotected PCs Fall To Hacker Bots In Just Four Minutes By Gregg Keizer, TechWeb.com The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker. In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet. The six machines were equipped...

A new spoofing flaw in Microsoft's Internet Explorer browser allows an improperly coded web link to send users to a diffferent URL than the one displayed in the status bar. The flaw, which was posted to the Bugtraq mailing list by Benjamin Franz, is exploited by placing two URLs and a table within a single HTML href tag, producing a link that looks like this: http://www.microsoft.com displaying http://www.microsoft.com in the browser, but sending the user to Google. Franz says the exploit works in fully-patched versions of Internet Explorer and Outlook Express, meaning the HTML code can be used to...

http://www.peta.org/feat/ReaganBB/index.asp PETA decides to use Reagan's image to convince people that eating meat causes Alzheimers.

See Link for full details. A bug has been reported that lets a simple C program crash the kernel, effectively locking the whole system. Affects both 2.4.2x and 2.6.x kernels on the x86 architecture. It does not require root access to work. There are patches available, but it will require recompiling your kernel at the moment. NOTE: this is not a remote exploit. A user must have shell access to make use of the bug. It will not elevate user privs. It would, however, provide a very efficient DOS attack. I tested it on one of my test boxes, and...

O-088: Sun passwd(1) Command Vulnerability [Sun Alert ID: 57454] March 2, 2004 22:00 GMT PROBLEM: The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. A vulnerability exists in this command. PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms) DAMAGE: A local unprivileged user may be able to gain unauthorized root privileges due to a security issue involving the passwd(1) command. SOLUTION: Install the security patch. VULNERABILITY ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to gain unauthorized root privileges. LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml ORIGINAL...

Microsoft has come a long way in its understanding of security over the last five years, but comments made last week by its chief executive Steve Ballmer go to show it needs to change not only its approach, but must recognize that it doesn't operate in a vacuum. In particular, his comment that he wishes security researchers would just shut their mouths is a sure sign that Ballmer just doesn't get it. His ambit scenario would see researchers only telling Microsoft about bugs they find. He actually cited the good of the world for his reasoning. At least he didn't...

YOU PROBABLY were expecting this. Our attention has been drawn to another exploit which maybe is just waiting to explode into your attention. A Russian site, which you can find here, suggests that Pink Floyd – a "universal exploit" for MS03-039 is out there and running. According to the report, Windows XP SP1 with everything fixed is still likely to be exploited. More later, if there's more later. µ

A new e-mail worm has started to spread quickly, taking advantage of an Internet Explorer vulnerability that was first disclosed two years ago. The bug, which has been alternately dubbed Swen and Gibe.F, appears to exploit a flaw that Microsoft first disclosed in a March 2001 security bulletin. Ken Dunham, manager of malicious code intelligence for Reston, Va.-based iDefense, said that Swen preys upon people's best intentions, appearing as an e-mail that purports to be a security update from Microsoft. The worm is programmed to send an official-looking e-mail that says it contains a "cumulative patch" for several Internet Explorer,...

A security hole in the XDR Library provided to a number of vendors by Sun Microsystems Inc. could allow an attacker to execute arbitrary code on an affected system or cause a denial of service, according to an advisory from the CERT Coordination Center (CERT/CC). The flaw also affects the widely used Kerberos authentication software that allows users to securely log on to remote systems. The vulnerability exists in XDR (External Data Representation) libraries derived from SunRPC (remote procedure call) used in products from Sun, as well as from Apple Computer Inc., IBM and a number of Linux and Unix...

Information here