Free Republic

ST. LOUIS -- Women who use the Ortho Evra birth-control patch face twice the risk of developing blood clots than those who take the pill, the patch's manufacturer said late Thursday, citing recent company-funded research. The finding comes from one of two studies comparing the patch and pill, said Ortho Women's Health & Urology, maker of the once-a-week patch. The Raritan, N.J.-based company is owned by Johnson & Johnson. The first study found no increased risk of clots while its findings on the risk of stroke or heart attack are still being evaluated. Meanwhile, interim results from the second study...

Computer code that could be used in cyberattacks on Firefox users has been released, increasing the urgency for people to upgrade to the latest version of the Web browser. The two pieces of exploit code, posted online earlier this week, take advantage of a security vulnerability in Firefox that Mozilla patched in an update Thursday. In response to the exploit release, the browser maker on Tuesday upgraded the severity rating of the flaw from "moderate" to "critical," its most serious rating. "This exploit was published after we released the 1.5.0.1 update," said Mike Schroepfer, vice president of engineering at Mozilla....

Red Hat and Suse have released patches for a critical security hole in their Linux distributions that stem from a vulnerability in the KDE desktop environment.KDE is a user interface package used with several versions of Unix and Linux. The KDE hole was discovered Thursday and rated critical by both Red Hat and the French Security Incident Response Team (FrSIRT).It affects the JavaScript engine used in various parts of KDE, including its Konqueror Web browser. The flaw could allow a remote attacker to launch an overflow attack and run arbitrary code on the user's machine, FrSIRT said.Users could disable JavaScript...

A serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won't deliver a fix until next week. That could be too late, security experts said. The vulnerability, which lies in the way the operating system renders Windows Meta File images, could infect a PC if the victim simply visits a Web site that contains a malicious image file. Consumers and businesses face a serious risk until it's fixed, experts said. "This vulnerability is rising in popularity among hackers, and it is simple to exploit," said Sam Curry, a vice president at security vendor Computer...

Excerpt - NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain. "Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence." "It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team. SANS Institute, via its Internet Storm Center, has taken the unusual...

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using...

Quick Background: The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December. Word of this spread rapidly through the hacker community — many of whom where presumably on Holiday vacation from school, bored, and looking for something to do. So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found. Note that this is not a "new vulnerability" — it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in WIndows'...

This alert is a follow-up to a post made yesterday on our blog: http://www.websensesecuritylabs.com/blog/ Websense® Security Labs™ has discovered numerous websites exploiting an unpatched Windows vulnerability in the handling of .WMF image files. The websites which have been uncovered at this point are using the exploit to distribute Spyware applications and other Potentially Unwanted Soware. The user's desktop background is replaced with a message warning of a spyware infection and a "spyware cleaning" application is launched. This application prompts the user to enter credit card information in order to remove the detected spyware. The background image used and the "spyware...

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

Before all you anti-MS fanboys attack my setup let me first say I am an ASP/VB web developer for an online company and require IE and MS so save the firefox/mac posts for another day. On to the problem at hand... I got the automatic update last night on my XP pro system and now my IE acts very odd. It seems to open fine but it always opens a new window no matter how I try (ie. type in an addres, using favorites). The original window stays open but it doesnt allow any interaction with it. If I try...

Computer code posted over the weekend can crash vulnerable computers by exploiting a Windows flaw disclosed in October. The exploit code takes advantage of a flaw Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051. "Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack...and not remote code execution," a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution...

Security researchers have discovered a vulnerability in Macromedia's Flash Player that creates a mechanism for hackers to attack the PCs of users running the popular application. The security bug - described as critical - affect Macromedia Flash Player 6.x and 7.x. Macromedia has issued security updates. The flaw stems from a failure to reject malformed SWF files as invalid. This bug might be exploited by using specially crafted (malformed) SWF file to execute arbitrary code on the machines of users induced into visiting sites under the control of hackers. Flash Player version 7.0.19.0 and prior on the Windows platform, and...

Security-conscious Windows users who tweaked the operating system to protect their PCs better are getting hit hardest by a flawed Microsoft patch, experts said Monday. Microsoft has acknowledged that a patch released last week can cause trouble for some users. It could lock them out of their PC, prevent the Windows Firewall from starting, block certain applicationsfrom running or installing, and empty the network connections folder,among other things, the software maker said in an advisory on Friday. The trouble occurs when default permission settings on a Windows folder have been changed, according to Microsoft. Those changes aren't common, but have...

Mozilla Thunderbird 1.0.7 Released Thursday September 29th, 2005 Mozilla Thunderbird 1.0.7 is now available for download. Amongst other changes, this minor release includes fixes for a return receipt regression introduced in version 1.0.2 (bug 289091) and the Linux command line URL parsing security flaw.Thunderbird 1.0.7 can be downloaded from the Thunderbird product page or the Thunderbird 1.0.7 directory on ftp.mozilla.org. Refer to the Thunderbird 1.0.7 Release Notes for more information. We expect details of the security fixes in this release to be added to the Mozilla Foundation's list of known security vulnerabilities soon.

http://www.kansascity.com/mld/kansascity/news/nation/12543504.htm Fri, Sep. 02, 2005 Suit: Birth control to blame for brain clot BY CARY LEIDER VOGRIN The Gazette COLORADO SPRINGS, Colo. - (KRT) - Not long after Amanda Bianchi began using a birth-control patch, she started getting incapacitating headaches, numbness in her hands and ringing in her ears. An MRI revealed a 6- to 8-inch blood clot in her brain. In July, the Colorado Springs woman and nine others from across the nation filed suit against the maker of Ortho Evra, claiming they suffered "substantial physical injuries" from using the contraceptive patch. The suit claims the patch is "unreasonably...

What Firefox and Mozilla users should know about the IDN buffer overflow security issue On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed. On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user....

As a 20-year Macintosh user going back to when the machines didn't even have hard drives, I confess to being a big fan of Apple and the Mac OS. I also confess to being a nearly-insufferable Mac evangelist (some would say "delete 'nearly'") until about seven years ago, when, as a result of Windows 98, the differences between Windows and the Mac as a platform for the average user became so small that they didn't matter. Those differences remain small, despite the exceptionally cool advances in the Mac OS through Jaguar, Panther, and Tiger. (snip) Also cooling my ardor for...

Microsoft Corp. warned users of its Windows operating system on Tuesday of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer. Computer security experts urged users to download and install the patches, which are available at www.microsoft.com/security. "Users (should) apply the updates as quickly as possible," said Oliver Friedrichs, senior manager of Symantec Security Response, part of security software company Symantec Corp. SYMC.O. Microsoft said that vulnerabilities exist in its Internet Explorer Web browser, the most severe of which could allow an attacker to take complete control...

Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer. Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user. One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack,...

About the Mac OS X 10.4.2 Update (Delta) This software updates Mac OS X 10.4.1 to version 10.4.2. Important: Please read before installing You may experience unexpected results if you have third-party system software modifications installed, or if you have modified the operating system through other means. (This does not apply to normal application software installation.)The installation process should not be interrupted. If a power outage or other interruption occurs during installation, use the standalone installer (see below) from Apple Downloads to update.If issues occur during installation--for example, Software Update quits unexpectedly--please see this document. Installation You have two...