Free Republic

One of the standard security tactics enterprises apply won't work when defending PCs against threats posed by the image processing flaw found last week in Windows and numerous applications, security experts said Tuesday. The JPEG bug in Windows XP and Windows Server 2003, as well as in a host of both Microsoft and non-Microsoft applications, can't be defended by blocking JPEG images at the gateway, said John Pescatore, vice president of Gartner's Internet security group. "You can't simply block against this threat by file extension," said Pescatore, "since hackers could simply rename the file type and Windows would still process...

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file. "Within days, you'll likely see...

It was only a matter of time before someone unleashed malware that exploits the JPEG GDI+ vulnerability. Over the last two weeks various people have released proof of concept code in stages. The first code base that consisted of a corrupted JPG image file that caused an application to crash. The second code based was a JPG image that spawned a local command shell with no remote access. Within hours of the second code base released another person claimed to have made the command shell bind to a port for remote access.  Now someone has taken matters to a greater extreme by unleashing...

Home | FAQ | Contact | Privacy Policy | Unsubscribe from Alerts Search US-CERT > Advanced Search National Cyber Alert System Cyber Security Alert SA04-286A Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, and Excel Original release date: October 12, 2004 Last revised: -- Source: US-CERT  Systems Affected Microsoft Windows Microsoft Internet Explorer Microsoft Excel, including Macintosh versions  Overview By taking advantage of one or more vulnerabilities in Microsoft products, an attacker may be able to take control of your computer.  Solution Apply updates Microsoft has released security updates for a number of products, including Windows, Internet Explorer, and Excel....

SEATTLE (AP) - Microsoft Corp. released 10 security fixes for various products Tuesday, including seven that fix flaws the company said pose the highest threat to users. The new patches apply to a variety of products, including some versions of Microsoft's Windows operating system and server software, its Internet Explorer Web browser and Excel spreadsheet program. The seven critical flaws could allow an attacker to take control of a user's computer, while three other fixes deemed "important" - the second-highest rating - pose less of a threat. ' The Redmond software giant also rereleased a patch it put out last...

  Search US-CERT > Advanced Search National Cyber Alert System Technical Cyber Security Alert TA04-293A Multiple Vulnerabilities in Microsoft Internet Explorer Original release date: October 19, 2004 Last revised: -- Source: US-CERT  Systems Affected Microsoft Windows systems running Internet Explorer versions 5.01 and later; previous, unsupported versions of Internet Explorer may also be affected Programs that use the WebBrowser ActiveX control (WebOC) or MSHTML rendering engine  Overview Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE.  I. Description Microsoft...

Report Considering the publicity that has surrounded - and, despite super new security-focused Service Packs, continues to surround - Windows security issues, Microsoft's determination to demonstrate that Linux is less secure than Windows shows a certain chutzpah. The company has however had some support here; Forrester, for example, provides some numbers that can be used to support the contention that Microsoft flaws are less severe, less numerous and fixed faster. And although there's a general readiness among users to believe that Windows is a security disaster area, there's also a reasonable amount of support for the view that Linux would...

Internet users at home are not nearly as safe online as they believe, according to a nationwide inspection by researchers. They found most consumers have no firewall protection, outdated antivirus software and dozens of spyware programs secretly running on their computers. One beleaguered home user in the government-backed study had more than 1,000 spyware programs running on his sluggish computer when researchers examined it. Bill Mines, a personal trainer in South Riding, Va., did not fare much better. His family's 3-year-old Dell computer was found infected with viruses and more than 600 pieces of spyware surreptitiously monitoring his online activities....

IT security experts have warned that a newly intercepted mutant of the infamous mass-mailing Bagle worm, dubbed Bagle.bb, has begun to spread rapidly across the internet.Over one million email infections were reported within a few hours of the virus being discovered in the wild on Friday morning. The peak infection rate was between 8am and 9am, when virus infection rates trebled from the hour previously, according to email security company BlackSpider Technologies.This latest Bagle variant, a mass-mailing worm containing its own SMTP engine, comes packed with PeX with the attachment in the executable of a name, McAfee's Avert antivirus team...

A new spoofing flaw in Microsoft's Internet Explorer browser allows an improperly coded web link to send users to a diffferent URL than the one displayed in the status bar. The flaw, which was posted to the Bugtraq mailing list by Benjamin Franz, is exploited by placing two URLs and a table within a single HTML href tag, producing a link that looks like this: http://www.microsoft.com displaying http://www.microsoft.com in the browser, but sending the user to Google. Franz says the exploit works in fully-patched versions of Internet Explorer and Outlook Express, meaning the HTML code can be used to...

Salinas, Calif. — Though less than a year old, the PC took more than åfive minutes to start up and never shut down without stalling on error messages. Attempts to Web surf generated at least a half-dozen pop-up ads and — frequently — system freezes. Internet Explorer's home page was hijacked. Attempts to reach some sites, including eBay — were redirected to random search engines that only called up more ads. Google search results were altered. And the modem, without permission, tried to dial distant lands in search of porn. Welcome to the nasty world of a PC infected with...

David Eckstein turned on his computer one day and launched his Web browser, just as he had every day. This time, however, CNN.com did not automatically open. Instead, the page was a search engine he'd never heard of. Eckstein tried changing the browser settings back to CNN but the search engine would return whenever he rebooted. Finally, he just gave up. The San Francisco marketing consultant is yet another victim of spyware, an amorphous class of software that mostly gets onto people's computers without their knowledge. So resource-hungry, it often renders the machines unusable. "It makes you want to throw...

The site has multiple forums for various computing problems, but the overwhelming number of inquiries in the last year has dealt with spyware, which on the site has a variety of less neutral names, "scumware" being one of the more polite. Scumware had been an epidemic; in the last year it grew into a pandemic, said Steve Wechsler, one of those drawn to Eshelman's site. Wechsler was tending bar at a public golf course in South San Francisco when he bought his first computer less than a decade ago. "I brought it home and turned it on, clicked on Netscape...

Corporate PCs 'riddled with spyware' By John Leyden Published Thursday 2nd December 2004 17:23 GMT Corporate systems are riddled with spyware, according to a study by an anti-spyware firm. Companies voluntarily using Webroot's Corporate SpyAudit tool had an average of 20 nasties per PC, Webroot reports.Most of the items found were harmless cookies. But average five per cent of the PCs scanned had system monitors and 5.5 per cent had Trojan horse programs, the two most nefarious and potentially malicious forms of spyware. The audit - based on scans of more than 10,000 systems, used by more than 4,100 companies...

Citing security risks, a state university is urging students to drop Internet Explorer in favor of alternative Web browsers such as Firefox and Safari. In a notice sent to students on Wednesday, Pennsylvania State University's Information Technology Services department recommended that students download other browsers to reduce attacks through vulnerabilities in the Microsoft software. The university said "media reports" and a string of warnings by Carnegie Mellon University's Computer Emergency and Response Team led to its recommendation. "We're not telling people to wipe off IE, because you need IE to do operating-system updates," Robin Anderson, a spokeswoman for Penn State's...

Microsoft may charge extra for security softwareThursday, December 16, 2004 Posted: 7:57 PM EST (0057 GMT) WASHINGTON (AP) -- Microsoft Corp. disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months.In a shift from past practice, the world's largest software manufacturer said it may charge consumers for future versions of the new protective technology, which Microsoft acquired by buying a small New York software firm. Terms of the sale of Giant Company Software Inc. weren't disclosed.

Symantec Corp.'s Security Response service on Friday confirmed that unpatched Windows vulnerabilities could pose a serious risk for exploits via malicious Web pages and e-mail messages. One of the three security vulnerabilities involves image handling—a source of recent exploits on Windows and Unix (news - web sites) operating systems. The other two risks are found in the Help system and in Window's ANI (Automatic Number Identification) authentication. Symantec said the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability could be exploited via browsers or e-mail client software. Users who open an HTML message or Web page bearing the image could...

Hi All: PC World has a pair of articles about a potentially dangerous new development on the spyware/adware front: WMA (Windows Media) files being used to install adware and spyware. See: Risk Your PC’s Health for a Song? http://www.pcworld.com/news/article/0,aid,119016,00.asp Protect Yourself From Audio Adware http://www.pcworld.com/news/article/0,aid,119063,00.asp In short, the well-known copyright management/protection firm Overpeer has figured out how to install adware through Windows Media files. The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the...

Users have a lot to worry about when downloading and playing media files. Are the files legal? Can their computers play the required file formats? Now there's yet another problem to add to the list: Will a media file try to install spyware? When Windows Media Player encounters a file with certain "rights management" features enabled, it opens the web page specified by the file's creator. This page is intended to help a content providers promote its products -- perhaps other music by the same artist or label. But the specified web page can show deceptive messages, including pop-ups that...

Search engine operator Google has blocked ads that attempt to exploit security holes in the Internet Explorer. In the past few days, Google has been displaying context-sensitive ads on the right margin from its program partner AdWords that link to sites with dangerous JavaScript for various search terms such as "Preisvergleich" (price comparison) and "Gebraucht PC" (used PC). If you clicked on one of the links in the Internet Explorer, a JavaScript attempted to install spyware on your system. And the normal list of hits also included a lot of sites with Trojans. This Monday, Google reacted to the problem...