Free Republic

SINGAPORE (Reuters) - Microsoft Corp. Chief Operating Officer Steve Ballmer on Thursday warned Asian governments that they could face intellectual rights-infringement lawsuits for using rival open-source operating platforms such as Linux. Linux is open-code software that is freely available on the Internet and easily modified by users. Its growing popularity with companies and governments around the world, and particularly in Asia, is a threat to the global dominance of Microsoft's proprietary Windows platform. Ballmer, speaking in Singapore at Microsoft's Asian Government Leaders Forum, said that Linux violated more than 228 patents. He did not provide any detail on the alleged...

Last Updated: Thursday, 13 January, 2005, 11:29 GMT Windows worm travels with Tetris The version of Tetris is recognisable and just as playable. Users are being warned about a Windows virus that poses as the hugely popular Tetris game. The Cellery worm installs a playable version of the classic falling blocks game on PCs that it has infected. While users play the game, the worm spends its time using the machine to search for new victims to infect on nearby networks. The risk of infection by Cellery is thought to be very low as few copies of the worm have...

Tetris game hides Cellery worm Worm uses cult game to spread via email Robert Jaques, vnunet.com 13 Jan 2005 A worm, dubbed Cellery-A (W32/Cellery-A), which poses as a playable version of the classic Russian computer game Tetris has been detected in the wild, security experts have warned.The Cellery worm, which gets its name from a message it displays saying 'Chancellery', makes changes to Windows settings to ensure that it automatically runs when the operating system starts up.While the Tetris-like arcade game is running, the worm plays a MIDI music tune, and searches for other network drives and attached computers to...

Flaws in SP2 security features Author: Jürgen Schmidt, heise Security Date: August 13,2004 German Advisory: http://www.heise.de/security/artikel/50046 English Version: http://www.heise.de/security/artikel/50051 Overview With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet. There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2. Windows Explorer does not...

Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday. According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003. The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there. "If you are assuming that most of these reports are...

Dear SBC Yahoo! Member: If you are using the Windows XP Operating System on any of your computers connected to SBC Yahoo! Dial or SBC Yahoo! DSL, this courtesy message is for you. Users of other operating systems are not affected. In August, Microsoft Corporation will be offering Windows XP users an update called "Service Pack 2". You may hear about the Service Pack 2 update in the news, on the Internet, or by seeing prompts on your computer screen telling you to load a "Critical Upgrade" to Windows. Service Pack 2 provides a series of security enhancements for the...

Microsoft is only partway into delivering the long-awaited Service Pack 2 for Windows XP to users, yet it has already begun releasing fixes for problems that the mammoth update can cause, however inadvertently. The company has issued what is likely the first of several "hotfix" patches, which developers and analysts say are just a fact of PC life. *** This first hotfix for Windows XP SP2 patches a problem that SP2 creates for some users of virtual private networks, telecommunications software that is generally used to let workers connect securely--usually to a corporate computer--from a remote location such as home...

Researchers spot XP SP2 security weakness IE drag and drop feature could be exploited by hackers Iain Thomson, vnunet.com 20 Aug 2004 Security researchers believe they have discovered a weakness in the new security given to Windows XP by the recently unveiled Service Pack 2 (SP2). Since XP SP2 was released, activists have been searching for weaknesses in the security-focused service pack. Microsoft yesterday dismissed claims by German researchers to already have discovered a flaw. Now a group has claimed that exploit code could bypass the new security procedures in XP by using the 'drag and drop' features of Internet...

The "highly criticial" vulnerability affects Internet Explorer 5.01, 5.5, and 6 on fully patched PCs running either Windows XP SP1 or the newer SP2.By Gregg Keizer, TechWeb News   Another flaw in Internet Explorer has been uncovered by Danish security firm Secunia, which said that the gaffe left all PC users open to attack, even those who had updated Windows XP with the massive Service Pack 2 upgrade. According to the alert that Secunia posted Thursday on its Web site, the vulnerability affects Internet Explorer 5.01, 5.5, and 6 on fully patched PCs running either Windows XP SP1 or...

A security flaw in the way many Microsoft applications process JPEG images could allow an attacker to gain control over a computer running the software, Microsoft warned this week. Any program that processes JPEG images could be vulnerable, Microsoft says in Security Bulletin MS04-028. To take advantage of the flaw, an attacker would have to persuade a user to open a specially crafted image file. The image could be hosted on a Web site, included in an e-mail or Office document, or hosted on a local network, Microsoft says. A wide range of Microsoft software, including various versions of its...

More than 30,000 PCs per day are being recruited into secret networks that spread spam and viruses, a study shows. Six months ago only 2,000 Windows machines per day were being recruited into these so-called bot nets. Experts say the numbers are growing quickly because the remotely controlled networks are so useful to people who profit from hacking and virus writing. The figures came to light in Symantec's biannual Internet Threat Report which traces trends in net security. Hidden harm Nigel Beighton, a member of Symantec's Threat Team, said the number of PCs being enrolled in these networks was...

If you use a Windows personal computer to access the Internet, your personal files, your privacy and your security are all in jeopardy. An international criminal class of virus writers, hackers, digital vandals and sleazy businesspeople wakes up every day planning to attack your PC. And the company that controls the Windows platform, Microsoft, has made this too easy to do by carelessly opening numerous security holes in the operating system and its Web browser. Even if you install the recent Service Pack 2 update to Windows XP, you will still be vulnerable. As I have said before, I believe...

One of the standard security tactics enterprises apply won't work when defending PCs against threats posed by the image processing flaw found last week in Windows and numerous applications, security experts said Tuesday. The JPEG bug in Windows XP and Windows Server 2003, as well as in a host of both Microsoft and non-Microsoft applications, can't be defended by blocking JPEG images at the gateway, said John Pescatore, vice president of Gartner's Internet security group. "You can't simply block against this threat by file extension," said Pescatore, "since hackers could simply rename the file type and Windows would still process...

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file. "Within days, you'll likely see...

It was only a matter of time before someone unleashed malware that exploits the JPEG GDI+ vulnerability. Over the last two weeks various people have released proof of concept code in stages. The first code base that consisted of a corrupted JPG image file that caused an application to crash. The second code based was a JPG image that spawned a local command shell with no remote access. Within hours of the second code base released another person claimed to have made the command shell bind to a port for remote access.  Now someone has taken matters to a greater extreme by unleashing...

Home | FAQ | Contact | Privacy Policy | Unsubscribe from Alerts Search US-CERT > Advanced Search National Cyber Alert System Cyber Security Alert SA04-286A Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel Original release date: October 12, 2004 Last revised: -- Source: US-CERT  Systems Affected Microsoft Windows Microsoft Internet Explorer Microsoft Excel, including Macintosh versions  Overview By taking advantage of one or more vulnerabilities in Microsoft products, an attacker may be able to take control of your computer.  Solution Apply updates Microsoft has released security updates for a number of products, including Windows, Internet Explorer, and Excel....

SEATTLE (AP) - Microsoft Corp. released 10 security fixes for various products Tuesday, including seven that fix flaws the company said pose the highest threat to users. The new patches apply to a variety of products, including some versions of Microsoft's Windows operating system and server software, its Internet Explorer Web browser and Excel spreadsheet program. The seven critical flaws could allow an attacker to take control of a user's computer, while three other fixes deemed "important" - the second-highest rating - pose less of a threat. ' The Redmond software giant also rereleased a patch it put out last...

  Search US-CERT > Advanced Search National Cyber Alert System Technical Cyber Security Alert TA04-293A Multiple Vulnerabilities in Microsoft Internet Explorer Original release date: October 19, 2004 Last revised: -- Source: US-CERT  Systems Affected Microsoft Windows systems running Internet Explorer versions 5.01 and later; previous, unsupported versions of Internet Explorer may also be affected Programs that use the WebBrowser ActiveX control (WebOC) or MSHTML rendering engine  Overview Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE.  I. Description Microsoft...

Report Considering the publicity that has surrounded - and, despite super new security-focused Service Packs, continues to surround - Windows security issues, Microsoft's determination to demonstrate that Linux is less secure than Windows shows a certain chutzpah. The company has however had some support here; Forrester, for example, provides some numbers that can be used to support the contention that Microsoft flaws are less severe, less numerous and fixed faster. And although there's a general readiness among users to believe that Windows is a security disaster area, there's also a reasonable amount of support for the view that Linux would...

Internet users at home are not nearly as safe online as they believe, according to a nationwide inspection by researchers. They found most consumers have no firewall protection, outdated antivirus software and dozens of spyware programs secretly running on their computers. One beleaguered home user in the government-backed study had more than 1,000 spyware programs running on his sluggish computer when researchers examined it. Bill Mines, a personal trainer in South Riding, Va., did not fare much better. His family's 3-year-old Dell computer was found infected with viruses and more than 600 pieces of spyware surreptitiously monitoring his online activities....