Windows Secrets Newsletter presented a simple chart showing which anti-adware application did the best job at removing the unwanted components. The chart was based on Eric Howes’ Anti-Spyware Programs Feature Comparison
Check the chart and read the article entitled “Anti-adware misses most malware” in Windows Secrets Newsletters’ (January 27, 2005 issue).
Government wants to make sure the upcoming OS complies with antitrust ruling.
Microsoft will meet with representatives from the U.S. Department of Justice (DOJ) next month for the first of several briefings intended to ensure that its upcoming Longhorn operating system complies with the terms of the final judgment in the government’s antitrust case against the software maker.
David Aitel, founder of vulnerability assessment company Immunity, has received criticism from software makers and security researchers for irresponsible disclosure of software flaws. Immunity discovered four flaws in Apple’s Mac OS X, but only provided the information to customers, keeping it secret from the public and Apple for seven months. While an increasing number of researchers delay announcing a flaw until software makers can release a fix–a process known as “responsible disclosure”–some believe that arrangement has made companies lax about releasing patches in a timely manner. However, many also consider it dangerous to release details of a flaw to the public before a patch is ready, since it can alert malicious hackers to the flaw. Opinions also differ depending on the company; one researcher says Apple essentially refuses to work with independent researchers who find flaws in Apple products.
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces. A system that supports MPLS is vulnerable even if that system is not configured for MPLS.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable. Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects.
Only the following products running a vulnerable version of IOS that support MPLS are affected.
* 2600 and 2800 series routers
* 3600, 3700 and 3800 series routers
* 4500 and 4700 series routers
* 5300, 5350 and 5400 series Access Servers
Products that are not listed above are not affected.
Software Versions and Fixes and Workarounds in http://www.securiteam.com/securitynews/5OP0P1PEKQ.html
With horror stories of clogged computers ringing in their ears, lawmakers get ready to drop the hammer on malware makers. Penalties as high as $3 million could await homepage hijackers and other troublemakers. Michael Grebb reports from Washington.
More info and test page at http://www.airscanner.com/tests/ie_flaw/ie_attack.htm
The bugzilla bug reporting and tracking system on the Mozilla development site mozdev.org was vandalized yesterday. Mozdev is a community site for Mozilla developers to create and host applications and various add-ons to the Mozilla source code.
Mozilla contributor Henrik Gemal reported the activity on his blog.
“A couple of hours ago bugzilla mails started to pour in from bugzilla.mozdev.org,” Gemal wrote. “They all contained the same comment and the same action.
Sexymeluckyyou73@yahoo.com changed status on all open bugs into Resolved Fixed. All bugs were submitted with the following comment: these bugs are not from me they where on there when I bought the computer.”
By early yesterday afternoon, Gemal updated his blog with a comment noting that all comments and damage done by the malicious user had been corrected.
Start Time: Tuesday, February 15, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Tuesday, February 15, 2005 12:30 PM (GMT-08:00) Pacific Time (US & Canada)
Security should be your primary concern throughout the development process. This session discusses how security can be implemented at each stage of the software development life cycle. Microsoft has created the Security Development Life Cycle to describe how to implement security best practices by adding pointed and well-defined checkpoints to the existing development life cycle. This session outlines recommended changes to the design, development, testing, verification and release phases that can reduce the number and severity of security vulnerabilities shipped to customers.
Presenter: William J. Steele, Developer Community Champion, Microsoft Corporation
Start Time: Tuesday, February 15, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)
End Time: Tuesday, February 15, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada)
This month’s Security360 is a special edition of the show as we present the RSA Conference 2005 Keynote address by Microsoft Chairman and Chief Software Architect, Bill Gates. This will be an exciting opportunity to watch this live keynote where Bill will discuss his perspective on the state of security today, the importance of continued innovation, and advances in the Microsoft platform, products, and technologies designed to better protect customers. Security360, including the live question and answer segment, will return to its regular format in March.
Presenter: Mike Nash, Corporate Vice President Security Business & Technology Unit, Microsoft Corporation