SaferPC.info

Security News and Issues

Each day owning a computer and maintaining it online becomes more of a challenge. Security is a major concern to computer users. SaferPC brings you Security News and Issues of interest to security conscious PC users.

     
 Title   Date   Author   Host 

Firefox marketing site hacked
CNET
by Joris Evers
July 15, 2005

SpreadFirefox.com, the community marketing Web site for the open-source Firefox Web browser, was hacked earlier this week, potentially exposing user data.

Attackers broke into the Web site by exploiting an unpatched security vulnerability in the software that runs SpreadFirefox.com, the Mozilla Foundation said in an e-mail alert to registered users of the site late Thursday. Mozilla coordinates Firefox development and marketing. The authenticity of the e-mail was confirmed Friday by a Mozilla representative. The attack actually occurred on Sunday but was not discovered until Tuesday, according to the e-mail alert. The SpreadFirefox.com was subsequently taken down for a few days to investigate the attack, according to a notice posted on the site .

Justices Rule Police Do Not Have a Constitutional Duty to Protect Someone
nytimes.com
by Linda Greenhouse
June 28, 2005

The ruling applies even for a woman who had obtained a court-issued protective order against a violent husband making an arrest mandatory for a violation.

The decision, with an opinion by Justice Antonin Scalia and dissents from Justices John Paul Stevens and Ruth Bader Ginsburg, overturned a ruling by a federal appeals court in Colorado. The appeals court had permitted a lawsuit to proceed against a Colorado town, Castle Rock, for the failure of the police to respond to a woman's pleas for help after her estranged husband violated a protective order by kidnapping their three young daughters, whom he eventually killed.

Adobe falls through XML flaw
vnunet
by Iain Thomson
June 23, 2005

Adobe has issued a security advisory warning users to patch a flaw in its popular Acrobat and Reader software.

The bug lies within the Adobe Reader control and potentially allows a hacker to find files held locally on a PC. An XML script would need to be designed and inserted into a Javascript file which could then be used to open access to local files.

Botnet Hunters Search for 'Command and Control' Servers
EWeek
by Ryan Naraine
June 17, 2005

Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style.

The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers. "The idea is to share information and figure out where the botnets are getting their instructions from. Once we can identify the command-and-control server, we can act quickly to get it disabled. Once the head goes, that botnet is largely useless," said Roger Thompson, director of malicious content research at Computer Associates International Inc.

Microsoft's Security Response Center: How Little Patches Are Made
EWeek
by Ryan Naraine
June 10, 2005

Tech Ed conference attendees get a behind-the-scenes look at how Redmond handles the creation of software patches—and an explanation for long delays in fixing known vulnerabilities.

Anxious to shed the company's image as having a lax attitude about software security, officials at the Microsoft Security Response Center are using the Tech Ed conference here to provide a rare glimpse at the step-by-step process used to create, test and roll out security patches. The software maker trained the spotlight on the operations of the MSRC during breakout sessions and one-on-one discussions with customers, stressing that all publicly and privately reported vulnerabilities are thoroughly investigated to determine whether customers are at risk. "We're on all the [security mailing] lists, just like you are, and we investigate everything, even if it's a post about a simple weird behavior in a product," said MSRC program manager Stephen Toulouse. By monitoring the public lists and underground hacker sites, Toulouse said the company is able to keep track of discussions about vulnerabilities that may not have been reported to Microsoft.

MSN flaw put Hotmail accounts at risk
C|Net
by Joris Evers
June 7, 2005

Microsoft takes part of its MSN site offline after learning of a flaw that could be used to gain access to the free e-mail service.

Microsoft took part of its MSN Web site offline over the weekend, after it learned of a flaw that could let an attacker gain access to Hotmail accounts, the company said. The MSN Web site contained a so-called cross-site scripting flaw. In its initial review of the issue, the company found that an attacker could use the vulnerability to obtain "cookies" from Hotmail users by getting them to click on a malicious URL. That could then grant access to those e-mail accounts, the representative said.

Hotmail threatened by MSN flaw
ZD Net (UK)
by Joris Evers
June 7, 2005

A cross-scripting security hole could potentially have been used by malicious hackers to steal cookies from Hotmail users and get access to their accounts

Microsoft took part of its MSN Web site offline over the weekend, after it learned of a flaw that could let an attacker gain access to Hotmail accounts. The MSN Web site, http://ilovemessenger.msn.com/, contained a so-called cross-site scripting flaw.. In its initial review of the issue, the company found that an attacker could use the vulnerability to obtain "cookies" from Hotmail users by getting them to click on a malicious URL. That could then grant access to those email accounts.

Triple-Barreled Trojan Attack Builds Botnets
EWeek
by Ryan Naraine
June 4, 2005

Anti-virus experts have detected signs of a massive, well-coordinated Trojan attack capable of creating botnets-for-hire. Is it the work of organized crime?

Anti-virus researchers are sounding the alert for a massive, well-coordinated hacker attack using three different Trojans to hijack PCs and create botnets-for-hire. According to Thompson, the wave of attacks start with Win32.Glieder.AK, dubbed Glieder, a Trojan that downloads and executes arbitrary files from a long, hardcoded list of URLs. Glieder's job is to sneak past anti-virus protection before definition signatures could be created and "seed" the infected machine for future use. At least eight variants of Glieder were unleashed on one day, wreaking havoc across the Internet.

Call Don't Click: Consumer tips
World Privacy Forum
May 26, 2005

Consumer tips for retrieving your federally mandated free credit report. Before you call, click, or mail for your federally mandated free credit report, read these tips to help you avoid potential problems and pitfalls.

Online tip: Do not use a library or public computer to access your free credit report. Shared computers may inadvertently help share your credit report information with others. Only access your report online via your own computer, or a trusted computer.

Online tip: Giving An Email Address is Voluntary - Know that you are not required to give out your email address in order to obtain a federally mandated free credit report.

Bypass found for Windows piracy check
CNET News
by Joris Evers
May 23, 2005

A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional software from the company, according to a security researcher.

Researcher Debasis Mohanty outlined what he said was a technique to trick Microsoft's Windows Genuine Advantage validation check in a posting to the Full Disclosure security mailing list on Monday. WGA is a software tool that verifies whether a particular copy of the operating system is properly licensed. Using a secondary Microsoft validation tool called "GenuineCheck.exe," it may be possible for people to trick the checking mechanism, Mohanty said in the posting. They could then download and run supposedly restricted software from Microsoft's Download Center on a PC running a pirated version of Windows, Mohanty wrote.

     

Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Shawn K. Hall © 2003-2021 Powered by 12 Point Design
Professional Web Hosting and Design Services: 12 Point DesignAt Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling painReliable Answers - developer information, current news, human interest and legislative newsLocal Homeschool provides the most up-to-date support group listings in a geographical and searchable indexTwain Harte, CA - The closest you can get to Heaven on EarthSaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security
Google

AddThis Social Bookmark Button