Free Republic

Microsoft on Wednesday launched the first major update to Internet Explorer in five years, and posted the new browser for Windows XP to a download site. IE 7, which has was announced in February 2005 by chairman Bill Gates, has been touted by the company as a significant update in the areas of security and usability. The interface has been streamlined and tabs have been added to compete with rivals such as Mozilla's Firefox and Opera's flagship browser. On the security front, IE 7 adds anti-phishing defenses as well as additional features to control ActiveX controls, which historically have been...

Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options. Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line. -- Click Start, choose Run, and then type -- regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll -- Click OK, then click OK again in the confirmation dialog that appears. To undo the command,...

Excerpt - LAKE BUENA VISTA, Fla. — In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation. "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at...

A dangerous new exploit in Internet Explorer could put PCs and data at risk, Microsoft has admitted. The flaw, for which code has already been published on the internet, could be exploited to set an email-borne virus free on the unsuspecting public. Potential viruses could come as an attachment that conceals the code, or could possibly redirect users to a site that will unleash the code on the user's machine, leaving the computer open to remote attack. Once the PC is being controlled by a malicious user, it can then be used to launch attacks on other PCs. Even supposedly...

BARCELONA, Spain — Microsoft Corp. has won backing from major cellular networks for a new generation of phones designed to transform mobile e-mail from executive accessory to standard issue for the corporate rank-and-file. The partnerships, with operators including Vodafone and Cingular, to be announced today at a mobile industry gathering in Spain, could spell more trouble for the embattled BlackBerry and other niche e-mail technologies........ Unlike the BlackBerry and its peers, phones running Microsoft's latest Windows Mobile operating system can receive e-mail "pushed" directly from servers that handle a company's messaging — without the need for a separate mobile server...

This is a transcript from a show Steve Gibson did with Leo LaPorte. The link to the audio is at the above link. Also, I will excerpt a little of the relevant information here.Steve: And so, you know, because I'm a developer when I'm not being a hacker, I wanted to understand - oh, and the other thing is, I want to write a robust testing application, you know, that always works all the time. So I wanted to know, like, okay, what bytes have to be set which way, what matters, what doesn't. Because, you know, that's the way...

Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us." I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

The BlackBerry service, based on the handheld e-mail device that has become a must-have tool for the business elite, could be shutdown in the United States after a bitter legal battle over a key patent. This week, NTP, a small firm that holds a crucial patent that allows e-mails to be sent to mobile devices, announced a licence agreement with Visto Corp - an arch-rival of Research In Motion. (RIM), the company that created the BlackBerry. The announcement could put further pressure on RIM to settle a patent claim from NTP which could be worth up to $1 billion (£565...

Before all you anti-MS fanboys attack my setup let me first say I am an ASP/VB web developer for an online company and require IE and MS so save the firefox/mac posts for another day. On to the problem at hand... I got the automatic update last night on my XP pro system and now my IE acts very odd. It seems to open fine but it always opens a new window no matter how I try (ie. type in an addres, using favorites). The original window stays open but it doesnt allow any interaction with it. If I try...

Microsoft promises world domination at PDC IntroductionLos Angeles (CA) - The way we build and use personal computers will change dramatically over the next 24 months, and if Microsoft has anything to do it, they will be a principal catalyst for these changes. Linux developers will regret admitting this, but the changes being made to Windows, announced at last week's Professional Developers' Conference, will dramatically impact the architecture and feature set of all personal computers, handhelds, and to some degree, even other consumer appliances.This change at the software level is important, because it impacts not only how we work, but...

Bank customers know to shield their ATM passwords from prying eyes. But with the rise of online banking, computer users may not realize electronic snoops might be peeking over their shoulder every time they type. In a twist on online fraud, hackers and identity thieves are infecting computers with increasingly sophisticated programs that record bank passwords and other key financial data and send them to crooks over the Internet. That's what happened to Tim Brown, who had account information swiped out of the PC at his Simi Valley store. "It's scary they could see my keystrokes," said Brown, owner of...

Troj/Yusufali-A is a Trojan for the Windows platform. Troj/Yusufali-A analyzes the title of the window in focus looking for various words. Some of the words Troj/Yusufali-A searches for are: sex teen xx Phallus jegger Priapus Phallic Penis Exhibitionism If Troj/Yusufali-A finds one of these words in the title bar it will minimise the current window and display the following message in English along with other messages in other languages: YUSUFALI: Know, therefore, that there is no god but Allah, and ask forgiveness for thy fault, and for the men and women who believe: for Allah knows how ye move about...

Computer users are being urged to be on guard for a bogus e-mail that pretends to offer news updates about Hurricane Katrina as a means to infect their PCs. The malicious e-mail gives a brief news bulletin on the disaster before urging people to click "read more" and be taken to the full story on a website. Yet once directed to the website, a virus is sent to the user's computer. People are also being told to watch out for fraudulent e-mail scams pretending to raise cash for Katrina victims. It's sickening to think that hackers are prepared to exploit...

The advent of Firefox and other Web browser alternatives to Internet Explorer means cybercops have to learn new tricks for their investigations. Internet Explorer hides nothing from cops and other investigators who examine PCs to discover which sites the user has visited. They know the location of the IE browser cache, cookie files and history and know how to read those files. Also, popular forensics tools can help out. But that story changes when it comes to alternative browsers such as Firefox and Opera. These programs use different structures, files and naming conventions for the data investigators are after and...

Microsoft Corp. warned users of its Windows operating system on Tuesday of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer. Computer security experts urged users to download and install the patches, which are available at www.microsoft.com/security. "Users (should) apply the updates as quickly as possible," said Oliver Friedrichs, senior manager of Symantec Security Response, part of security software company Symantec Corp. SYMC.O. Microsoft said that vulnerabilities exist in its Internet Explorer Web browser, the most severe of which could allow an attacker to take complete control...

Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer. Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user. One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack,...