Articles about Security

New Firefox 3.0.9 patches mucked-up memory and other holes

Download Mozilla Firefox 3.0.9 for Windows from Fileforum now.

Bugs in versions of Firefox before 3.0.9 can lead to memory corruption -- a problem that might, in theory be used by bad people to run arbitrary code on your machine. The problem is also present in versions of Thunderbird before 2.0.0.22 -- if you've gone and enabled JavaScript in e-mail -- and of SeaMonkey before 1.1.16.

Continue reading

Smartphone malware: Still the next big thing?

Conficker may have dominated security headlines this quarter, but Finnish security company F-Secure says the lesser-known "Sexy View" worm represented a new threat: the SMS and phone-based worm and the mobile botnet.

Sexy View is a social engineering worm which uses a device's contact list to spread. It sends a text message to all contacts with a link to a Web site that installs a malicious application that shares the phone's information (like its serial number) with the virus' creators. It targets devices running Symbian S60 3rd edition and was first found on Nokia 3250 handsets.

Continue reading

Amazon, where being gay makes you invisible

What's being called a "glitch" on Amazon.com has exclusively affected books dealing with gay and lesbian themes.

On one side, Amazon's Kindle 2 is the central element in the civil rights conflict between authors and those with reading disabilities. On the other side, Amazon.com is now accused of de-ranking and re-classifying content as "adult literature" simply because it contains homosexual themes or characters. Specifically, the complaint is that listings for some books with homosexual content are not displaying comparative sales rankings.

Continue reading

Too easy: A common cross-site scripting technique tangles Twitter

A self-proclaimed 17-year-old whose identity hasn't been particularly confirmed -- so therefore, neither has his or her age -- has taken responsibility for deploying cross-site scripting code through Twitter. That code, embedded in its users' profiles and masked to look like ordinary hyperlinks, resulted in messages being 'tweeted' through those users without their knowledge. Those tweets, when their links were followed, resulted in the same code being injected into the followers' profiles.

It sounds sophisticated, especially when it's being explained by a novice TV news anchor. In fact, the concept itself is something that is easily Googled, and example code similar to that created by the fellow calling himself "mikeyy" is readily available.

Continue reading

An accidental alert triggers a Live Messenger uproar

If one of your friends or business contacts on Windows Live Messenger has a different handle now than he did a few days ago, the reason may be because he received a message from Microsoft telling her she needed to do so, on account of a "recent system enhancement."

A blog post on Microsoft's Windows Live Messenger site yesterday explained that an unknown number of Messenger users may have received this alert in the center of their desktops. But the blog post apologized, saying the message was sent in error. "You will be able to continue to use your current e-mail address," the post read, "and there is no reason to make any changes."

Continue reading

New Pirate Bay service takes aim at EU intellectual property law

We still haven't received a verdict in Sweden's Pirate Bay trial, but the proprietors of that search service aren't twiddling their thumbs while they wait. On Wednesday, they're expected to switch on their paid iPREDator anonymizing service.

Savvy observers of the European political scene will recognize the name's genesis right away -- they're aiming at iPRED, the EU's Intellectual Property Rights Enforcement Directive, a Swedish version of which went into effect on April 1. Pirate Party chair Rikard Falkvinge memorably described that legislation as "written by digital illiterates who behave like blindfolded, drunken elephants trumpeting about in an egg packaging facility."

Continue reading

Spybot Search & Destroy competitors are trying to force its removal

For years, Spybot Search & Destroy has been one of Fileforum's single most installed pieces of software, with nearly 67 million downloads since 2000 on our sister site alone. It's one of the Web's original anti-spyware packages, independently distributed by Safer Networking Ltd., based in Ireland and developed in Germany.

Despite a user base in the dozens of millions (if not more; Safer Networking doesn't track its users), Spybot S&D hasn't had an easy time establishing itself in the competitive anti-malware field. Because it is freeware (commercial users must purchase licenses), the application is seen as a thorn in the side of larger companies who sell security software with the same functionality.

Continue reading

Card skimmer found operating in the wild

It's like finding out there really are monsters under the bed: Over the weekend, a Seattle man visiting a WaMu ATM noticed there was something peculiar about the card-reader slot. There certainly was -- it was covered by a card skimmer with a battery, card scanner, and mini USB port.

The good news, as reported by Consumerist, is that this is pretty much the first time anyone involved has actually encountered a skimmer installed and operating (presumably; the investigation is ongoing) in the wild. The bad news is that the wee beastie was found not on some random gas-station cash machine, but on an actual bank-maintained ATM. Once upon a time we thought those might be safer from such tampering; so much for that security measure.

Continue reading

Zero-day vulnerability in PowerPoint spawns Microsoft alert

Ah, the life of a security reporter: You ask Microsoft's communcations managers if the new PowerPoint vulnerability announced Thursday evening is a zero-day vulnerability, currently being exploited in the wild with no patch to shield us, and a spokesperson responds that "At this time, Microsoft is only aware of limited and targeted attacks that attempt to use this vulnerability." In other words, yes.

Security Advisory 969136 describes the new problem as one that can allow remote code execution if the file recipient opens an infected file. The Microsoft Security Research & Defense blog is rather more useful (not to mention straightforward -- yes, they're seeing it out in the wild, used in targeted attacks), recommending several defensive maneuvers while we await a patch. Those include using PowerPoint's newer version of XML, temporarily disabling the binary file format if your organization's using PPTX, and forcing legacy PowerPoint files to open in MOICE. Bloggers Bruce Dang and Jonathan Ness note that this is the first time Office 2003 SP3 (fully patched) has been successfully attacked in the wild since its release in September 2007.

Continue reading

Obama names Baker to VA CIO post

Roger Baker, a veteran of the DC merry-go-round, climbs aboard again at the request of President Obama. Baker, who served as CIO at the Department of Commerce from 1998 to 2001, now joins the Department of Veterans Affairs in the same position pending confirmation by the Senate. Baker has also held executive-level positions at Dataline, General Dynamics Information Technology, CACI International and Visa, and served on the administration's transition team. he holds BS and MBA degrees from the University of Michigan.

Continue reading

Senate will debate one more Obama 'czar,' this time for cybersecurity

Yesterday, the US Dept. of Homeland Security issued a statement that was intended to soothe the public's fears regarding the impending payload activation of the dreaded Conficker worm -- a piece of malware whose impact on this week's news cycle easily outweighed its impact on networks. That statement made news in itself, though, by referring to a sophisticated free tool for securing networks based on the latest research, but noting that tool was being released only for government agencies and their direct partners.

It revealed the priorities of DHS in a world that's legitimately threatened by malicious developments with far more potentially serious repercussions than Conficker. Now, a bill introduced today in Congress by Sens. Olympia Snowe (R - Maine) and Jay Rockefeller (D - W.V.) -- one which was being drafted two weeks ago -- would relieve DHS from the responsibility of reacting to Internet threats, and most likely relocate the US-CERT response team to another node of the executive branch.

Continue reading

So far, no surprises as Conficker switches to new system

In a way, you might say that this is where the real trouble with Conficker starts: As of 4am EDT -- or 10:30pm in the Marquesas Islands, where the day begins -- the malware appears to be doing exactly as predicted, switching to its powerful newer algorithm. As experts also predicted, no serious amount of amok has been run and the Net has not experienced a massive meltdown.

Today, anyway. As we wade through the much-anticipated April 1 update, it's almost certain that the real damage comes later. Smooth sailing today beats mayhem, of course, but whatever Conficker's botnet is designed to do, it's apt to do it in the days and weeks to come -- well after flightier members of the public (and their media outlets) will have concluded that Conficker's danger passed on April 1. They'll assume that they're safe... and they're apt to regard malware and its ilk as a less serious, pervasive, and insidious problem than computer professionals understand it to be.

Continue reading

Latest Postini spam stats show the post-McColo calm is over

Google's Postini service regrets to inform us that after just over four months, the spam drop we saw in the wake of November's McColo takedown has been erased by a new, smarter breed of spam technology. The company released an overview of the relevant numbers in a blog post Tuesday morning.

Postini, which handles spam-blocking services for over 15 million business users across 50,000 companies, has been watching traffic climb back from the McColo drop since it happened, at one point estimating that spam traffic would return to normal in February. And the first one-day traffic spikes did indeed start to equal previous numbers right around then. But last week was the first time the service has seen those levels sustained over seven full days. In addition, the rate of increase is remarkable, with spam traffic growing by 1.2% each day during the first quarter of the year.

Continue reading

High resolution satellite images offer up-close view of North Korean missile site

As tensions rise in the Far East, satellite-image purveyor GeoEye has snapped a pair of finely detailed images of activity at North Korea's Musudan-Ri missile facility, the most recent gathered at 11:49am local time on Sunday, March 29. The image, taken from 423 miles up and at a slightly oblique angle, shows the launch pad, the vehicle assembly building, and (according to analysts at GlobalSecurity.org, who have reviewed the image) a great many vehicles near the facility's launch control complex.

GeoEye, with the help of an analyst at IHS Jane's, has annotated the March 11 image for your viewing pleasure. The annotations spotlight the missile launchpad with its umbilical cord, the large Launch Control Complex to its north, the Missile Assembly and Checkout Facility just to its west, and an Engine Test Stand in a defile to the southeast.

Continue reading

DHS releases its Conficker tool...for the public sector

In the wake of yesterday's discovery that the Conficker worm can give hints to its presence on a system in a Windows-based network by changing the network signature of that system, the US Dept. of Homeland Security released what the chief of its US-CERT division says is "the most comprehensive [tool] available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm."

But its use, says a DHS statement published yesterday, is limited to computers -- including network infrastructure systems -- operated by the federal government and its private sector partners. For that reason, DHS says, it's distributing this detection tool only through its secured channels. Specifically, government sources may acquire the tool through the Government Forum of Incident Response and Security Teams (GFIRST) portal; and private sector partners may contact their designated Information Sharing and Analysis Center (ISAC).

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.