[Happy Birthday, Sped]

Happy Birthday Sped Have a great day..

[New Aim Worm]

Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading.

The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.

The user will receive the following AIM message:

"This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?source=c..._card.COM"

Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.

This file is a SDBot variant and at the moment the most popular AV programs detect it generically.

MoreInfo

[Sunbelt To Acquire Kerio Personal Firewall]

I wonder what Sunbelt is going too do too with Kerio then its name change...

[Holographic Memory Drives]

I have already heard about this, and it looks cool.

[Irs Warns Of Phishing Scam]

The U.S. Internal Revenue Service warned Americans this week about the latest online scam, which attempts to convince Internet users to give up personal information by posing as a notification of a tax rebate.

The fake e-mail appears to be sent from [email protected] and informs the recipient that they are eligible to receive a tax refund, according to the warning. The scam links to an online form that asks for personal information.

The fake e-mail is made more convincing, according to a report in ComputerWorld, because it uses a cross-site scripting flaw in the federal government's benefits Web site, govbenefits.gov.

Phishing attacks are becoming increasingly sophisticated in their attempts to convince users to part with personal information or to run untrusted programs. Losses from phishing are estimated to be more than $100 million and less than $500 million, depending on the source of the estimates.

More Info

[Word Association Thread Part Iii]

money

[Word Association Thread Part Iii]

transactions

[Zone Labs Sued Over Spyware Classification]

Marketing company 180solutions filed a lawsuit against desktop-security firm Zone Labs taking issue with a warning generated by the security firm's personal firewall software, which labels 180solutions advertising client as spyware.

The lawsuit--filed last month but only recently came to light--cites warnings generated by Zone Labs' ZoneAlarm personal firewall product that warns of "dangerous behavior," recommending that users remove 180solutions software from the computer system. The marketing firm is a controversial company that was sued in September for installing what many have called "spyware" on consumers' computers. Over the past year, 180solutions has attempted to clean up its image and now enforces rigorous rules on its affiliates and has added safeguards into its software.

Despite the steps, Zone Labs classifies its software--known as Zango and 180search Assistant--as spyware, the company claimed in its complaint.

"ZoneAlarm assigns a high risk status and states as follows about Zango and 180sA: 'It is recommended that you delete this application immediately because it constitutes a privacy risk, and has no know usefulness," 180solutions said in the complaint.

Last month, 180solutions announced it had helped the FBI track down a person who had abused its affiliate system by infecting computers with bot software and installing the marketing firm's adware program.

A blog run by security-software maker Sunbelt Software first mentioned the complaint against Zone Labs and has a copy of the court filing online.

More Info

[Sygate Firewall Will Be Discontinued]

Kerio Technologies Acquired by Sunbelt Software

[Kerio Technologies Acquired By Sunbelt Software]

Sunbelt Software and Kerio Technologies, Inc. today announced that the parties have signed an agreement for Sunbelt to acquire the Kerio Personal Firewall. The acquisition is expected to be finalized by the end of the month. Terms of the deal are undisclosed.

The Kerio Personal Firewall will be re-branded on an interim basis as the "Sunbelt Kerio Personal Firewall". All existing customers of the Kerio Personal Firewall will be able to receive support through Sunbelt once the acquisition is completed.

More Info

[Sygate Firewall Will Be Discontinued]

Important Notice: Effective November 30th, 2005 all Sygate personal firewall products and forum support will be discontinued. This does not affect Sygate's Enterprise firewall and endpoint compliance products, which will still be updated and supported.

Former Sygate customers can be assured that Symantec will continue to provide forum support on all Sygate consumer products at this time. When appropriate, the Symantec Support organization will follow standard EOL and EOS processes. For additional information regarding those policies, please see the link below. For technical assistance, please email:

[email protected]

For EOL / EOS information click here

http://www.symantecstore.com/dr/v2/ec_main...ODE=&CACHE_ID=0

[Major Financial Leak Threatens Stock Traders]

Online trading company Scottrade has warned its customers that data thieves compromised the systems of its electronic checking provider last month, resulting in a major leak of personal information.

The financial services company said in a statement dated November 11 that its eCheck Secure service provider TROY Group had acknowledged being compromised. However, at least some Scottrade clients did not get a notice about the breach until last week, according to posts on FatWallet.

"On October 25, 2005, Troy Group ... reported to us that a computer hacker had compromised its eCheck Secure servers," Scottrade stated in its letter. "As a result, some of your personal information, including your name, driver's license or state ID number, date of birth, phone number, bank name, bank code, bank number, bank routing number, bank account number and Scottrade account number may have been compromised."

The incident is the latest data leak to impact companies holding customers personal data. In June, Mastercard International announced that one of its accredited processors had put at risk 40 million credit-card accounts because the firm's servers had not been secured properly. In July, the University of California at Santa Clara announced it had a flaw in its systems that could have put as many as 280,000 applicant's personal information, including social security numbers, at risk.

The Troy Group announced the breach on October 25 in a press release, which did not get picked up by the mainstream media. Neither company has stated how many people have had their information compromised by the breach. The Washington Post posted a blog entry on the incident on Monday.

[Happy Birthday To Both Tictoc5150 And D Leet]

Happy Birthday too you both

[The Sans Top 20 Internet Security Vulnerabilities]

This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape. Unlike the previous Top-20 lists, this list is not "cumulative" in nature. We have only listed critical vulnerabilities from the past year and a half or so. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way.

http://www.sans.org/top20/#threatindex

[Google Appliances Vulnerable]

Metasploit found a potential XSS vulnerability in Google's search appliance and worked with Google to get a patch issued. Details are at http://metasploit.com/research/vulns/google_proxystylesheet/

[Zero-day Ie Exploit]

Security researchers have published a zero-day exploit for Internet Explorer this week that allows remote code execution on most variants of Windows.

The vulnerability targeted by the exploit was originally announced in May as a stability issue resulting in the browser closing. With the release of the exploit code, however, security researchers have demonstrated that malicious code can be remotely executed after convincing a user to click on a link.

The public proof-of-concept exploit launches the Calculator included with Windows; however this could be easily modified to more malicious executables.

Microsoft has expressed concern that this new vulnerability was not disclosed to them first, potentially putting users at risk. Although there is currently no patch for this vulnerability, disabling Active Scripting or switching to an alternate browser such as Mozilla Firefox would effectively mitigate the risk.

[Google Appliances Vulnerable]

Everyone's favorite technology company was given 60 business days to patch their search appliances. Unfortunately, even with the long grace period many appliances remain unpatched.

Back in June security researcher H.D. Moore discovered weaknesses in the Google Search Appliance that can allow for cross-site scripting, file discovery, service enumeration, and arbitrary command execution in certain versions of the appliance. Google promptly released a patch in mid-August, however more than three months later many appliances still remain vulnerable.

A small sample of 43 appliances taken this week showed that 23 remained vulnerable, 8 were patched, and the status of 12 could not be determined. If this sample is representative of all deployed Google Search Appliances, more than half may still be vulnerable. Following responsible disclosure guidelines, Moore published his findings this week.