Free Republic

Apple today released Mac OS X 10.4.2, which the company says delivers overall improved reliability and compatibility for Mac OS X v10.4 and is recommended for all users. It includes fixes for file sharing, authentication, autologin, AirPort/wireless access, several graphics updates, .Mac fixes, Apple's core applications, and more. The company also included security fixes for a TCP/IP denial of service attack and Dashboard, which may install widgets that override Apple-supplied widgets. It is available via the Software Update for Mac OS X Tiger users. Both a Delta update for Mac OS X 10.4.1 users and a Combo Update for Mac...

As part of its monthly patching cycle, Microsoft on Tuesday plans to release three security alerts for flaws in Windows and Office. Two of the security bulletins apply to Windows, and at least one of them is deemed "critical," Microsoft's highest risk rating, the company said in a notice posted on its Web site Thursday. Its Office productivity suite will get one bulletin, also rated critical. The notice did not specify whether one of the patches will be for Internet Explorer. Microsoft earlier this week offered a workaround for a known flaw in the Web browser that opens the door...

Microsoft warns of unpatched IE flaw By Dawn Kawamoto, CNET News.com Published on ZDNet News: July 1, 2005, 8:55 AM PT Microsoft has issued a security advisory for Internet Explorer, after a research firm published a working exploit to demonstrate how attackers could take advantage of the flaw. The vulnerability, discovered by SEC Consult, mean that attackers could cause the browser to unexpectedly exit and execute arbitrary code. Versions of IE affected by the flaw include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2. "Microsoft is investigating...

A security breach of customer information at a credit card-processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday. The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants. MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem. CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon Gamsin. The FBI...

NEW YORK - A security breach of customer information at a credit card-processing company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday. The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc. of Tucson, Ariz., which processes transactions for banks and merchants. MasterCard said in a news release late Friday afternoon that it was notifying its card-issuing banks of the problem. CardSystems was hit by a computer virus that captured customer data for the purpose of fraud, said company spokeswoman Sharon...

Microsoft is readying a new consumer security product that offers virus and spyware protection, a new firewall and several tune-up tools for Windows PCs, a move that pits the software giant squarely against traditional security software vendors. The product, dubbed Windows OneCare, will be tested internally at Microsoft starting this week. A public test, or beta, version is scheduled to be available by year's end, Microsoft said in a statement this week. The final product will be offered as a subscription service, the Redmond, Washington, software maker says. OneCare marks Microsoft's long-anticipated entry into the antivirus space, until now the...

A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two "extremely critical" vulnerabilities. Mozilla Firefox 1.0.4, released Wednesday, addresses vulnerabilities that surfaced earlier this week. The update includes several security fixes, as well as a fix to DHTML errors that were encountered at some Web sites, according to a posting on Mozilla's Web site. The update is designed to address the two flaws, which when combined could allow malicious attackers to engage in cross-site scripting and remote system access. Although the two vulnerabilities...

Virus Name Risk Assessment W32/Sober.p@MM Corporate User : Low-Profiled Home User : Medium Virus Information Discovery Date: 05/02/2005 Origin: Unknown Length: 53,727 bytes (zip) 53,554 bytes (executable) Type: Virus SubType: E-mail Minimum DAT: 4443 (03/09/2005) Updated DAT: 4482 (05/02/2005) Minimum Engine: 4.3.20 Description Added: 05/02/2005 Description Modified: 05/02/2005 3:59 PM (PT) Description Menu Virus Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend Virus Characteristics: -- Update 2nd May 13:00 PST -- Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM for Home Users....

RealNetworks has released a security patch to fix a flaw in its RealPlayer software that could allow compromised code to be run on users computers. The flaw, which was rated "highly critical" by Secunia, is in the most recent versions of the software for both Windows and OS X. Also, Secunia said that some of the older Linux versions were at risk for the flaw. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said on its website. "RealNetworks takes all security vulnerabilities very seriously."

Virus writers have resurrected the Sober worm with a new variant that is spreading quickly over the Internet. Security experts said Tuesday that the worm, dubbed Sober.M, reports e-mail addresses of victims back to its anonymous author--a technique known as harvesting. Spammers typically buy these fresh addresses to add to their lists of e-mail recipients. The e-mail containing the worm is written in bad English with the subject line: "I've got your e-mail on my account." "It looks like the virus writer is deliberately using broken English to (convince) people the e-mail is not a virus," Graham Cluley, senior technology...

The 'relatively serious' flaw could allow remote execution of malicious code on computers running OpenOffice. A patch is said to be imminent OpenOffice.org has confirmed a buffer overflow issue that could allow remote attacks. The problem in its freely distributed productivity applications has been fixed, the organisation said late on Tuesday. Representatives said the group hoped to release a patch within the following 48 hours. The flaw, first discovered in late March, according to postings on the group's Web site, is present in OpenOffice Version 1.1.4 and the OpenOffice Version 2.0 beta release of the applications, as well as in...

Important information about current security risks. Worm.Win32.Sober.L Alert! A new variant of the Sober worm is spreading fast. As it's predecessors, Sober.L spreads as an email attachment in emails which are sent to all email addresses found on the victim's harddisk. Even if the executable file is packed in a .ZIP file, many users open the file and activate the worm this way. For novice users it's hard to see that it is a worm generated email because the email subject is "your password + accountnumber !". The email body text is the following: hi, i've got an admin mail...

Microsoft's top security honcho insisted Thursday that Microsoft "is making progress on security using any reasonable metric." Mike Nash, the company's chief security executive, made the comment during an online chat session just days after Microsoft rolled out its biggest bunch of Windows patches since April 2004. Nash staunchly defended the Redmond, Wash.-based developer's progress, and compared Windows' flaws with those in open-source Linux operating systems from Red Hat and Novell's SuSE. "Even with the relatively large number of bulletins we released this week, we compare favorably," he said. "Year-to-date for 2005, Microsoft has fixed 15 vulnerabilities affecting Windows Server...

Microsoft Tuesday released its largest group security patches in nearly a year as it posted 12 security bulletins encompassing 19 vulnerabilities, 14 of which it marked "Critical," its highest patch-now warning. Among them is a vulnerability that will likely lead to the biggest, baddest worm in since mid-2003, said Mike Murray, the director of research at vulnerability management vendor nCircle. "There's a clear 'winner' here," said Murray. " MS05-011 fixes a vulnerability in SMB [Server Message Block], which is running on every version of Microsoft's operating systems that a corporation might be using. And it's exploitable remotely, so it doesn't...

Microsoft to release bumper Windows patch February 04 2005 by Karen Said February's release to fix 'critical' flaws... "A bumper crop of Microsoft patches will be released next week, including nine fixes for Windows flaws. At least one of the updates for the Windows operating system is rated "critical", its highest rating, Microsoft said on Thursday in a posting to its TechNet site. The forewarning is part of the company's programme to give regular computer users notice of monthly security bulletins before the patches themselves are released. There will be 13 updates in total, Microsoft said. That includes a critical...

Microsoft on Thursday gave early warning that next week's monthly dose of security bulletins and patches will be among its biggest ever. According to the Advance Notification service, which pre-announces upcoming patches but limits the information disclosed, next Tuesday's roundup will include 13 security bulletins, at least three of which will be marked "Critical," the Redmond, Wash.-based developer's most dire warning. Nine of the bulletins affect Microsoft Windows. That's a much-higher-than-normal number, and three times what the company published in January. Other patches will be published to fix bugs in SharePoint Services, Microsoft Office, the .Net Framework, Visual Studio, Windows...

Aiming to crack down on counterfeit software, Microsoft plans later this year to require customers to verify that their copy of Windows is genuine before downloading security patches and other add-ons to the operating system. Since last fall the company has been testing a tool that can check whether a particular version of Windows is legitimate, but until now the checks have been voluntary. Starting Feb. 7, the verification will be mandatory for many downloads for people in three countries: China, Norway and the Czech Republic. In those countries, people whose copies are found not to be legitimate can get...

Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows. The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers. GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not...

Full text of a letter from Microsoft, in response to coverage of companies moving from IE to Firefox and other alternative browsers. InformationWeek Editor's note: the following is the full text of Microsoft's response to an InformationWeek.com poll and related story regarding Internet Explorer, and whether companies are switching to the Mozilla browser. It came from Waggener Edstrom, Microsoft's public-relations agency. You mentioned that many or the respondents in the self-selecting survey recommended against IE and that many people have said Microsoft needs to address security issues more fully. Regarding the recommendation, we're aware that some people have recommended against...

Last Updated: Thursday, 13 January, 2005, 11:29 GMT Windows worm travels with Tetris The version of Tetris is recognisable and just as playable. Users are being warned about a Windows virus that poses as the hugely popular Tetris game. The Cellery worm installs a playable version of the classic falling blocks game on PCs that it has infected. While users play the game, the worm spends its time using the machine to search for new victims to infect on nearby networks. The risk of infection by Cellery is thought to be very low as few copies of the worm have...