Peaches

Symantec Products KeyView Module Buffer Overflow Highly critical A vulnerability has been reported in various Symantec products, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error within the Autonomy KeyView module, which can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. Secunia advisories for details - http://secunia.com/advisories/34307/

More information on Microsoft's DNS and WINS patches Microsoft has responded to criticism that the fixes for DNS and WINS released last Patch Tuesday as MS09-008, were ineffective. One security researcher complained that already inserted WPAD (Web Proxy Auto Discovery) entries were not removed or blocked. In a blog entry, MSRC Program Manager Maarten Van Horenbeck, said that this was intentional, as Microsoft only creates security updates to protect a system against future attacks and does not aim to undo any attack "that has taken place in the past". He then goes on to show how WPA

17 March 2009, 17:10 Confusion over Comcast customers passwords exposure The New York Times has reported that data from over 8,000 Comcast customers was unprotected and made available on the Internet. The data included both the usernames and passwords for customers of Comcast, one of the largest Internet service providers in the United States. According to the report, on Monday 16th of March Mr. Kevin Andreyo stumbled across a list on Scribd, a document sharing Web site often used by authors, when he was searching for his own e-mail address on the search engine Pipl. The file he fou

March 16, 2009 3:53 PM PDT LiveJournal accounts getting hijacked LiveJournal warned its users on Monday that lapsed Hotmail accounts are to blame for bloggers having their LiveJournal accounts hijacked. "Recently some journals and communities have been broken into, their contents deleted, and their owners locked out," LiveJournal said in an e-mail to its users. "The problem appears to stem from Hotmail's policy of recycling inactive e-mail addresses." Anyone can claim a Hotmail address if it has not been used in more than a year, the e-mail says. Hijackers are grabbing lapsed e-

March 16, 2009 5:02 PM PDT Comcast passwords leaked onto the Web by Elinor Mills A list of thousands of user names and passwords for Comcast customers was removed from document sharing Web site Scribd on Monday, two months after it was posted there. Scribd removed the list of more than 8,000 passwords and user names after being contacted by Brad Stone at The New York Times. Stone wrote that he was contacted by a Comcast customer who happened across the list after doing a search on his own e-mail address on search engine Pipl. Comcast spokeswoman Jennifer Khoury told The New Y

March 16, 2009 12:02 PM PDT Scammers customize news to deliver you malware by Elinor Mills Security experts warned on Monday of a new insidious e-mail scam that features false information about a bomb explosion in the recipient's hometown and leads to a malicious Web site. The subject lines include "Take Care!" and "Are you and your friends in good health?" The e-mail includes a link to what looks like a news article on a Reuters page about the bombing. But the Web page and the news are fake, according to e-mail security provider Marshal and antivirus firm Sophos. The scammers

Google inspires behavioral ad-zapping Firefox add-on Cookie-filled TACO By Cade Metz in San Francisco 16th March 2009 20:47 GMT Last week, when Google rolled out its new interest-based advertising behavioral ad targeting operation, it enveloped the world's web surfers in the sort of cookie conundrum we've come to expect from these privacy-hedging ad schemes. Across YouTube and countless third party sites in its AdSense advertising network, Google is now targeting ads according to your personal browsing history. Yes, you can opt-out. But it's a cookie-based opt-out. You'll have to

SUSE update for MozillaFirefox Highly critical SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user's system. Secunia advisories - http://secunia.com/advisories/34272/

New DNS trojan taints entire LAN from single box One 'sploit pwns all By Dan Goodin in San Francisco 16th March 2009 22:43 GMT Internet security experts are warning of a new rash of malware attacks that can hijack the security settings of a wide variety of devices on a local area network, even when they are hardened or don't run on Windows operating systems. Once activated, the trojan sets up a rogue DHCP, or dynamic host configuration protocol, server on the host machine. From there, other devices using the same LAN are tricked into using a malicious domain name system server, in

The following is a joke - but rings true. I am totally screwed up now and have little chance of recovery from all the emails I received with the following warnings, SO THEREFORE …. I no longer open a public bathroom door without using a paper towel or have them put lemon slices in my ice water without worrying about the bacteria on the lemon peel. I can't sit down on the hotel bedspread because I can only imagine what has happened on it since it was last washed. I have trouble shaking hands with someone who has been driving because the number one pastime while driving alone is picking

15 March 2009, 13:11 iTunes 8.1 update eliminates vulnerabilities Apple's iTunes update 8.1 contains two bug fixes relevant to security. Attackers can remotely exploit vulnerabilities in previous versions to partially paralyse the music program or make it expose user data. The first problem only affects the Windows version. While processing manipulated messages using the proprietary iTunes protocol DAAP (Digital Audio Access Protocol) to share media across a local network, the program may go into an endless loop resulting in a denial of service. The second bug, in both the Windows and the Mac

Saturday, March 14, 2009 12:33 PM PDT The third Conficker malware variant in infected machines is set to activate April 1, says the director of threat research at CA where the malware sample first discovered last week by Symantec is being examined. "It's set to go off April 1, 2009 and Conficker will generate 50,000 URLS daily," says Don DeBolt, CA's director of threat research. Generating that many URLs is a way to hide where it may be calling to download instructions from those who designed it to infected machines. It's not known exactly what those instructions might be but it coul

New 'Spam King' Linked to SMS Campaign Juha Saarinen, Computerworld New Zealand Online<br /><br /> Spammer Brendan Battles is being linked to an unsolicited bulk SMS marketing campaign in New Zealand that could breach New Zealand anti-spam laws. Reports of the messages are appearing on online forums like Geekzone and Vodafone's customer forum. The message says: "Tired of dropped calls, poor signal or static? Goto www.AntennaBooster.co.nz for a special Vodafone users offer! To opt-out, reply with the word 'UNSUBSCRIBE'" The text messages arrive from an Australian mobile number, +61

Oil Change instructions for Women: 1) Pull up to Jiffy Lube when the mileage reaches 3000 miles since the last oil change. 2) Drink a cup of coffee 3) 15 minutes later, write a cheque and leave with a properly maintained vehicle. Money spent: Oil Change: $20.00 Coffee: $1.00 Total: $21.00 Oil Change instructions for Men : 1) Wait until Saturday, drive to auto parts store and buy a case of oil, filter, kitty litter, hand cleaner and a scented tree, write a cheque for $50.00. 2) Stop by 7/11 and buy a case of beer, write a cheque for $20, drive home. 3) Open a beer and drink it. 4) J

13 March 2009, 12:18 Vyatta CE5: Free software router/firewall with web-based GUI Vyatta, the open source networking software and hardware provider, has released version 5 of its free open source, Linux based, router and firewall software - Vyatta Community Edition. The software transforms an x86 PC into a router that can handle network infrastructures ranging from DSL to 10-Gigabit Ethernet. A new feature in Vyatta Community Edition 5 (VC5) is the ability to configure the software via a web-based graphical user interface (GUI) in either Firefox 3 or Internet Explorer 7. Support for

March 13 Bogus Facebook, Malware, and a Dancing Girl by Bernadette Irinco (Technical Communications) Without a doubt, Facebook is the most popular social networking site today among users and cyber criminals alike. Every now and then, Trend Micro discovers threats that ride on the said social networking site. For instance, just last week, Rik Ferguson, security analyst, reported a new variant of Koobface propagating via Facebook. Earlier today, Trend Micro is alerted of another Facebook attack involving a dancing girl’s video and a bogus Facebook website. Spammed mess

13 March 2009, 16:14 Tools to remove Conficker A number of antivirus software vendors, including Symantec, F-Secure and BitDefender, are now offering a dedicated tool to remove the Conficker worm. The programs do not require installation of any anti-virus solution. Since the programs are small they can also be run from a USB drive on an infected system. McAfee does not offer a dedicated tool, however, their Avert Stinger stand-alone utility can detect some versions of the Conficker worm. Unfortunately not all of the anti-virus manufacturers confirm and detail which versions of the

Google plugs your surf history into ad money machine Wades into interest-based ads behavioral targeting By Cade Metz in San Francisco 11th March 2009 18:47 GMT Google has unleashed a new behavioral ad targeting scheme onto YouTube and partner sites in its AdSense advertising network - though it has carefully avoided the term behavioral ad targeting. Google prefers "interest-based advertising." Whatever you call it, YouTube and AdSense sites are now showing ads to websurfers based on the (many) pages they've perused in the past. "We think we can make online advertising even more r

The right way to handle encryption with Firefox 3 by Jürgen Schmidt Secure data transmission on the internet relies on encryption and security certificates. Mozilla has revised the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out – and give you more security. All sorts of information – even critical stuff like passwords and account information – is commonly sent over a connection in the clear, but if you want to keep eavesdroppers at bay, you have to use encryption. Encrypted web sites can be recognised by the "https" ("s" fo

Economic Woes Ramp up Online Threats by Ailene Dela Rosa (Technical Communications) Watch out! Cybercriminals, as expected, are jumping in the economic recession bandwagon. Trust these fraudsters to take advantage of and cash in on the global recession. The Federal Trade Commission is warning against the boom of new online scams that promise government grants to aid cash-strapped consumers. These include spammed email messages containing links to websites purported to provide information on how to qualify for the economic stimulus package. These sites download spyware into the affe

Mar9. 2009 Fake Windows Support Spam Brings Forth an Info-Stealer by Maydalene Salvador (Anti-spam Research Engineer) img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } This is probably the type of support one wouldn’t want to have. Spammed email messages were found pretending to come from Microsoft Windows Support and claiming that Microsoft Service Pack 1 and Service Pack 2 have been discovered to have an error that can damage the computer’s software or even the hardware. These messages encourage users to download and install a

Windows Defender: False alarm triggered by hosts file Since Monday evening, Microsoft's Windows Defender spyware detection software has mistakenly raised the Win32/PossibleHostsFileHijack alarm on some clean PCs. According to Microsoft, the error is caused by a flawed signature deployed via automatic update on Monday. Another signature update has now been issued to solve the problem. In our German partners' editorial offices, the erroneous behaviour has so far only affected a few Windows Vista systems. The exact conditions that trigger the false alarm are still unclear. According to

9 March 2009, 12:57 Conficker modified for more mayhem According to Symantec the Conficker worm has been modified to cause more damage. Previously the worm had only contacted about 250 domains a day, to look for commands and download new code. Symantec report that there is a new variant of Conficker using an algorithm which will contact up to 50,000 domains a day. The new domain generation algorithm also uses one of a 116 possible domain suffixes. This is expected to make life harder for anti-virus specialists, ICANN and OpenDNS to block the domains that Conficker will use and makes it mu

9 March 2009, 17:33 Security updates for Foxit Reader A newly released version of the Foxit PDF reader fixes three security vulnerabilities. One of the vulnerabilities is based on a buffer overflow exploit that allows an attacker to inject and remotely execute code when a user opens a specially crafted PDF document. The bug can be found in version 3 of the software and is based on the processing of overly long file names. A manipulated JBIG2 compression table could be used to create an uninitialised array. Values from this uninitialised memory could be accessed and used as pointers allowi