Free Republic

Even SP2 versions of Microsoft's Internet Explorer are vulnerable to a spoofing exploit published yesterday. A vulnerability researcher posted details of a dangerous Internet Explorer (IE) flaw on Thursday that allows phishers to spoof Web sites more realistically than ever before. According to security company Secunia, Paul from Greyhats -- a research group -- has published details of a vulnerability that can be exploited to spoof the content of any Web site. Using the exploit, scammers are able to manipulate all versions of IE, including Windows XP SP2 -- the latest and most secure version of the browser -- and...

Schneier on Security A weblog covering security and security technology. December 13, 2004 Safe Personal Computing I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, "Nothing--you're screwed." But that's not true, and the reality is more complicated. You're screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet. Two years ago, I published a list of PC security recommendations. The idea was to give home users concrete actions they could take to improve security. This is an...

A security firm named the top 10 spyware threats this week, saying that the secretly-installed software poses an "insidious" threat to consumers and corporations alike. Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with Internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause. "We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness." Each of the ten spyware programs cited by Webroot was spotted...

Microsoft's regular monthly patch delivery slipped into port yesterday carrying five new patches, each described by Redmond as "important".First up there's a flaw (MS04-041) in WordPad that potentially allows malicious code to be executed. All flavours of Windows (XP, 2000, 2003 and NT) need patching. A vulnerability (MS04-043) in the HyperTerminal component of Windows similarly affects all versions of Windows.But a security bug in DHCP (Dynamic Host Configuration Protocol) that might allow remote code execution and denial of service affects only Windows NT (MS04-042).Next up we have Vulnerabilities in Windows Kernel and Local Security Authority Subsystem (LSASS) which create a...

New Trojan poses as Lycos spam page Correspondents in Paris December 10, 2004A VIRUS that spies on keystrokes and downloads passwords and bank account details is masquerading as a screensaver designed by internet portal Lycos to attack spammers, an internet security company has warned. Finnish anti-virus company F-Secure said the so-called Trojan horse started to be distributed among emails on Monday. The mail has the subject line "Be the first to fight spam with Lycos screen" and comes with an attachment entitled "Lycos screensaver to fight spam," F-Secure said on its website. Whoever downloads it unwittingly installs a spying programme...

A European security vendor warned Wednesday that most browsers sport a bug that hackers can exploit to spoof a Web site and trick users into trusting bogus pop-up windows. The vulnerability, which Danish security firm Secunia rated as "moderately critical" is similar to previous bugs in browsers that was disclosed in July and September of 2004. Attackers could use it to add content into a trusted Web site's window by, for instance, inserting a fake form in a pop-up window seemingly opened by that site. Affected browsers, said Secunia, include the popular Internet Explorer and the up-and-coming Firefox, as well...

Microsoft published a patch for Internet Explorer on Wednesday, aiming to close a month-old hole that has been used by viruses to spread and by an ad banner attack to compromise PCs.The vulnerability, dubbed the Internet Explorer Elements flaw by Microsoft, had previously been called the iFrame vulnerability. The issue--which does not affect Microsoft's major Windows XP security update, Service Pack 2--could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Most home users tend to log onto Windows as administrators. A Microsoft representative said the software giant had released...

Unprotected PCs Fall To Hacker Bots In Just Four Minutes By Gregg Keizer, TechWeb.com The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker. In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet. The six machines were equipped...

Phishers tapping botnets to automate attacks By John Leyden Published Friday 26th November 2004 13:55 GMT Computer criminals are making phishing more potent by automating attacks. Anti-Phishing Working Group (APWG) analysts reckon fraudsters are using automated tools and botnets to ramp up attacks. It estimates attacks grew by an average of 36 per cent a month between July and October.Scam emails that form the basis of phishing attacks often pose as 'security check' requests from well-known businesses. These messages attempt to trick users into handing over their account details and passwords to bogus sites. The details collected this way are...

Entropy Squared & conniewFree Dominion November 21, 2004 Under attack President Bush is coming to Canada for a visit on November 30 and December 1. The MSM in Canada is going to paint it as a disaster of some type and many assorted Canadian leftists are planning on protesting his visit. Free Dominion is setting up welcoming demonstrations for President Bush to show him - and all Americans - that all Canadians are not Liberal weenies. Free Dominion has contacts in the U.S. Embassy, who know and trust us, and they are going to feed us information as to where...

Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products. The advisories, and patches published with the bulletins, range from an "important" flaw affecting only Microsoft Windows NT Server to a collection of eight security holes, including three rated "critical," that leave Internet Explorer open to attack. Microsoft's highest severity rating for software flaws is its "critical" ranking, while "important" is considered slightly less severe. One flaw, in Microsoft Excel, even affects Apple Computer's Mac OS X. The abundance of flaws could leave corporate PCs vulnerable to...

Microsoft executives said that a comprehensive patch for Internet Explorer will be released next week, finally plugging the hole that hackers exploited in a sneak attack during June. That month, several exploits that took advantage of the browser's vulnerabilities hit users, most notably one dubbed Scob, or Download.ject. In that attack, a gang of Russian hackerscompromised servers running Microsoft's Internet Information Services (IIS) software, then dropped a Trojan horse onto machines running IE that had simply viewed pages from those servers. The Trojan, in turn, installed a key logger and other malicious code to pilfer financial information. Earlier this month...

(note from Stoat: This article goes on for eleven pages and so I'm only going to post an excerpt. Please be sure to go to the original article and read more than what I've posted here because there's a tremendous amount of real-world information that I would consider essential reading if you're considering the XP-2 patch either for your PC or for your enterprise) Forget the ivory-tower pundits--here are first-hand reports from the trenches, relayed by your peers who've already installed the new Service Pack. By Fred Langa, InformationWeek Sept. 6, 2004 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=46200911 You've heard a lot about Windows...

Microsoft is only partway into delivering the long-awaited Service Pack 2 for Windows XP to users, yet it has already begun releasing fixes for problems that the mammoth update can cause, however inadvertently. The company has issued what is likely the first of several "hotfix" patches, which developers and analysts say are just a fact of PC life. *** This first hotfix for Windows XP SP2 patches a problem that SP2 creates for some users of virtual private networks, telecommunications software that is generally used to let workers connect securely--usually to a corporate computer--from a remote location such as home...

A new variant of the "MyDoom" virus just went out - I received one and it was NOT DETECTED since it is in zip/compressed file format! CAREFUL!! If you get an email like below, simply delete and do not open the attachment! If you are a COX-INTERNET customer, you have a higher chance of being infected since it is originating from their services. of course - they deny responsibility. here is a copy of the message text: -----Original Message----- From: abonds@cox-internet.com [mailto:abonds@cox-internet.com] Sent: Friday, July 30, 2004 1:08 PM To: xxxx@spadata.com Subject: Returned mail: see transcript for details Dear user...

There is a new plague of viruses, trojans, and exploits hammering web users... and no one easy solution.Be advised, I will add the most useful information I have found so far in the first reply, which I am doing for the sake of simple formatting ease.First off, here's the most current info and links- follow and read all of it:      Web Sites Still Infected   There are new, nastier browser hijackers flooding the web- the best help is here, but be warned, you have to do most yourself and learn to use some new tools. The old anti-virus...

Microsoft Corp. released a tool on Tuesday for removing a particularly pesky computer virus - but was not yet able to offer a software patch to prevent the infection from spreading. Stephen Toulouse, a security program manager with Microsoft, could not say when the patch to thwart the virus, called "download.ject," might be completed. The virus was discovered in late June and exploits a vulnerability in Microsoft's Internet Explorer browser. Microsoft previously released a security update that changed settings in its Windows operating system to thwart infection from the malicious code, which is designed to steal passwords and other valuable...

<p>An Internet computer server operated by an Arkansas government agency was transformed last weekend into the online home of dozens of videos featuring Osama bin Laden, Islamic jihadist anthems and terrorist speeches.</p> <p>State government officials removed the files from a computer operated by the Arkansas Highway and Transportation Department shortly after they were discovered, a government spokesman said. The case highlights an increasing trend of hackers hijacking vulnerable Web servers for the purpose of advocating radical political and terrorist ideologies.</p>

So I'm reduced to summarizing the article, because the tools at eWeek apparently don't want their material posted here. Long story short: Mozilla and Firefox users on Windows XP (and possibly Windows 2000) have a hole that potentially allows remote code execution, due to the way Mozilla/Firefox passes certain protocols to the operating system. This apparently only affects Windows versions - users can get the full story here, and then download the ShellBlock extension here, which closes the hole.

As if to prove the point that security is like the Dutch boy at the dike, Microsoft on Friday released a stop-gap fix for one of several vulnerabilities that have plagued its Internet Explorer just as a security firm warned that virtually every browser -- not just IE -- can be spoofed by hackers. The update, which Microsoft tagged as “Critical,” isn't a patch per se, but rather an change to Windows that disables the ADODB.Stream object within the operating system's Data Access Components (DAC). Last week, an innovative attack launched by a Russian hacker group from previously-infected Microsoft Internet...