Free Republic

Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows. The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers. GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not...

Hi All: PC World has a pair of articles about a potentially dangerous new development on the spyware/adware front: WMA (Windows Media) files being used to install adware and spyware. See: Risk Your PC’s Health for a Song? http://www.pcworld.com/news/article/0,aid,119016,00.asp Protect Yourself From Audio Adware http://www.pcworld.com/news/article/0,aid,119063,00.asp In short, the well-known copyright management/protection firm Overpeer has figured out how to install adware through Windows Media files. The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the...

October 26, 2004 - There is one thing John Kerry is consistent on: his propensity for manipulating the truth. From Vietnam to the floor of the senate to the halls of the United Nations, Kerry has stretched and exaggerated to create “the truth” and has done so without compunction. His latest “over the top” invention is his “two-hour meeting with the entire UN Security Council.” The crafting of this tale should tarnish his image in the eyes of his supporters, if not we should consider their intelligence highly suspect. Throughout his campaign he has embraced the mantra “Bush lied.” Starting...

The growing conventional wisdom (in military circles) is that Kerry GOT a discharge but it was other than honorable. He subsequently got Clinton to sign the fix in 2001.

Experts Convened by AAAS Call for Voter-System Research and Reform, Warning of Broad Vulnerability A panel of top experts on election technology and administration warned Tuesday that the American system of voting is broadly vulnerable to error and abuse, and called for a crash-course of study and reform to make results more reliable and to promote better access by voters, especially those who have historically encountered serious impediments to exercising their right to vote. In findings released after a weekend conference convened by AAAS, the 18-member panel concluded that research into new voting technology and the behavior of voters, election...

As if to prove the point that security is like the Dutch boy at the dike, Microsoft on Friday released a stop-gap fix for one of several vulnerabilities that have plagued its Internet Explorer just as a security firm warned that virtually every browser -- not just IE -- can be spoofed by hackers. The update, which Microsoft tagged as “Critical,” isn't a patch per se, but rather an change to Windows that disables the ADODB.Stream object within the operating system's Data Access Components (DAC). Last week, an innovative attack launched by a Russian hacker group from previously-infected Microsoft Internet...

Microsoft Corp. released a free software update yesterday to close vulnerabilities that left users of its Internet Explorer browser open to attacks by hackers. The security breach, discovered last week, made it possible for users of Microsoft's ubiquitous Web browser to have their passwords and private account information stolen when they logged on to banking sites.

WASHINGTON - Researchers found a serious security flaw that left core Internet technology vulnerable to hackers, prompting a secretive effort by international governments and industry experts in recent weeks to prevent global disruptions of Web surfing, e-mails and instant messages. Experts said the flaw, disclosed Tuesday by the British government, affects the underlying technology for nearly all Internet traffic. Left unaddressed, they said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.

Name: Security problems in Ethereal 0.9.16 Docid: enpa-sa-00012 Date: December 12, 2003 Severity: High Description: Serious issues have been discovered in the following protocol dissectors: Selecting "Match->Selected" or "Prepare->Selected" for a malformed SMB packet could cause a segmentation fault. It is possible for the Q.931 dissector to dereference a null pointer when reading a malformed packet. Impact: Both vulnerabilities will make the Ethereal application crash. The Q.931 vulnerability also affects Tethereal. It is not known if either vulnerability can be used to make Ethereal or Tethereal run arbitrary code. Resolution: Upgrade to 0.10.0. If you are running a version prior...

Reprinted from NewsMax.com 'Buy America' Defense ManufacturingPaul WeyrichMonday, Oct. 27, 2003 Great Britain once prided itself on being the "workshop of the world." During Operation Iraqi Freedom the British army found itself at the mercy of the Swiss government, which stopped a shipment of 25,000 grenades from a manufacturer, RUAG Munitions, based on their opposition to the invasion. British troops were forced to fight under-equipped. One British military analyst argued that the British government was foolish to depend on a manufacturer whose government was outspoken in its opposition to the Iraq war. Should the United States feel confident that, unlike...

  Oi! *Nix admin, get patching By John Leyden, The RegisterSep 18 2003 5:58AM It's become a busy week for *Nix sysadmins with the release of patches over the last few days to resolve vulnerabilities with popular applications including Sendmail, openSSH and DB2. Those *Nix techies enjoying a sense of schadenfreude as their Windows sysadmin colleagues toiled to defend Windows systems against Blaster, Sobig, Nachi et all over the last month now have some work on their hands. -------------------------------------------------------------------------------- First, users of the popular OpenSSH security package need to upgrade to version 3.7.1 because of a buffer overflow flaw....

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-039.asp is where you can get the latest patch if your windows update just goes to lala land like mine did this morning.

------------------------------------------------------------------------ How Russia Maintains a Reliable Power Grid By Dr. Vladimir Semenov, Central Dispatching Office of the United Power System, Russia Transmission & Distribution World, Apr 1, 1997 The reliability of the Russian interconnected transmission system benefits from central control and standardized protection. Currently, the United Power System (UPS) comprises 73 regional power systems (RPS), 66 of which are incorporated into the UPS of Russia. The Amurskaja, Khabarovskaja and Dalne-vostochnaja RPS systems operate in parallel, forming the interconnected system of East Russia. Further east, four regional power systems still continue to operate in isolation. Approximately, 94% of the country's generating plant...

All, Here a scoop to Freepers which is just now hitting us security pro's. There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago. It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11 A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only....

Another critical Windows flaw found Microsoft warns malformed MIDI music file could exploit flaw By David Becker Microsoft issued another passel of warnings about security holes Wednesday, including a “critical” flaw affecting most Windows PCs. The most serious of the flaws involves DirectX, a library of graphics and multimedia programming instructions used by most PC games, and could allow malicious users to run code of their choice on a vulnerable PC.        THE FLAW IS unusually widespread, affecting all versions of DirectX from version 5.2 to the current 9.0a running on all versions of Windows from Windows 98...

The High Court in London has imposed an injunction on Cambridge University security experts who claim to have uncovered serious failings in the system banks use to secure ATM PIN codes. The gagging order, preventing public disclosure of cryptographic vulnerabilities, was made at the request of CitiBank and Diners' Club against experts due to testify in a 'phantom withdrawal' case to be heard in the South African High Court next month. South African couple Anil and Vanita Singh say that £50,000 withdrawn through the Diners' Club account through British ATMs in March 2000 was never made by them. Diners...

NASA Warned of Shuttle's Vulnerablitiy By MARCIA DUNN, AP Aerospace Writer SPACE CENTER, Houston - NASA (news - web sites) was warned nine years ago that the space shuttle could fail catastrophically if debris hit the vulnerable underside of its wings during liftoff — the very scenario that may have brought down Columbia. After receiving the warning, NASA made changes in materials and flight rules to lessen the risk of debris breaking loose, Paul Fischbeck, an engineering professor at Carnegie Mellon University who conducted the 1994 analysis, said Tuesday. "There are very important tiles under there. If you lose the...

The federal government's sluggish effort to improve domestic security since Sept. 11 is leaving the U.S. vulnerable to terror attacks, Sen. Chuck Schumer said yesterday. In a new "Security Report Card" released yesterday, Schumer (D-N.Y.) gave the government an overall C-minus for its anti-terror effort to protect the nation's rail systems, airports, water supply, and ports and borders. "When it comes to domestic security, the federal government is playing Russian roulette with New York and the nation," Schumer said at a news conference in front of a Sept. 11 memorial inside Penn Station. The report also graded 10 categories within...

Security researchers say they have found a serious flaw in Microsoft's Internet Explorer browser that could expose credit card and other sensitive information of Internet surfers. The IE problem has been around for at least five years and could allow an attacker to intercept personal data when a person is making a purchase or providing information for e-commerce purposes, said Mike Benham, an independent security researcher based in San Francisco. "If you ever typed in credit card information to an SSL site, there's a chance that somebody intercepted it,'' he said, referring to the Secure Socket Layer protocol for...

Several vulnerabilities were reported in Outlook Express (OE). A remote user can send malicious e-mail with an attachment that will bypass OE's malicious file type filter and misrepresent the name and size of the file. http://securitytracker.com/alerts/2002/Jul/1004805.html