Concerted action will help consumers gain more control over the programs running on their PCs
Thanks to Congress, law-enforcement agencies may soon have stronger tools to help curb spyware.
Spyware is deceptive software that sneaks into computers, usually via the Internet. It can disrupt the operation of PCs and furtively collect personal information about their users. It has become pervasive and increasingly troublesome as the world has become more connected.
The U.S. House of Representatives has overwhelmingly approved two different anti-spyware bills. As the Senate takes up the issue, Microsoft and many other technology companies have joined in supporting targeted legislation that would establish a strong, national standard for anti-spyware enforcement.
Microsoft favors legislation because we believe that consumers should be able to make informed decisions about the software they install on their PCs. To help ensure this, we hope Congress will include in its final bill a provision that would prevent spyware traffickers from using frivolous lawsuits to attack companies that are supplying consumers with anti-spyware tools.
Such a provision is vital because solving the spyware problem will require not only strong laws, but also energetic efforts by the private sector.”
More in http://www.microsoft.com/issues/essays/2005/06-29spyware.asp
A vulnerability was reported in Microsoft Internet Explorer in ‘javaprxy.dll’. A remote user can cause the target user’s browser to crash or potentially execute arbitrary code. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow in ‘javaprxy.dll’ and cause the target user’s browser to crash. Specially crafted object tags can cause certain COM componenets to crash. It may be possible to overwrite a function pointer to execute arbitrary code. However, the vendor could not reproduce a function pointer overwrite.
The latest problem, reported to us by Neowin user flanderssoft, centres around the ability to refresh a page other than the one currently open – if that page has loaded a popup in the first place. It would allow visitors clicking on a malicious link to Hotmail to initially be served with the correct page, before being transferred seconds later to one which looks identical on another server. If the URLs were similar, it’s likely many users wouldn’t notice the change.
The exploit sample below only works on IE: however, tests seem to suggest it may work on other browsers. The only reason it doesn’t in this case is the use of an unusual extension (.srf) throwing them off.
Demo in http://www.markvanberkel.com/bug.htm
Impact: A remote user can cause the target user’s browser to crash.
Safer-networking acknowledged a bug with Spybot S&D’s TeaTimer and promised to update it as soon they have fully tested some workarounds.
Shared computers are commonly found in schools, libraries, Internet and gaming cafés, community centers, and other locations. Often, non-technical personnel are asked to manage shared computers in addition to their primary responsibilities.Managing shared computers can be difficult, time-consuming, and expensive. Without restrictions, users can change the desktop appearance, reconfigure system settings, and introduce spyware, viruses, and other harmful programs. Repairing damaged shared computers costs significant time and effort.
User privacy is also an issue. Shared computers often use shared accounts that make Internet history, saved documents, and cached Web pages available to subsequent users.
The Microsoft Shared Computer Toolkit for Windows XP provides a simple and effective way to defend shared computers from untrusted users and malicious software, safeguard system resources, and enhance and simplify the user experience. The Toolkit runs on genuine copies of Windows XP Professional, Windows XP Home Edition, and Windows XP Tablet PC Edition.
Newhall Enterprises, Inc. offers The Security Guide for Home Computing. It is an animated e-book that explains computer security in plain English that everyone can understand. The guide has animated readers and over 55 FREE security software links (Free personal firewalls and antivirus software).
The said animated e-book comes in 2 flavors:
$ – The Security Guide for Home Computing
Free – The Security Guide for Home Computing Lite
The Security Guide also includes a 200-word security dictionary. A free Lite version covers security basics for your home computer and can be downloaded from the web site.
Don’t miss visiting:
A vulnerability was reported in TCP-IP Datalook. A local user can cause denial of service conditions. A local user can send a specially crafted request to the listening port to cause the target service to crash.
Impact: A local user can cause the target service to crash.
Solution: No solution was available at the time of this entry.
Cause: Exception handling error
Underlying OS: Windows (Any)
CA acquired Tiny Software, Inc., a privately-held developer of endpoint security technology for Windows desktops and servers, including the Tiny Personal Firewall.
E-week reports Computer Associates International Inc. was considering using “CA” as its formal name and may also alter its logo.
This past week, an innovative system, designed by a psychologist in conjunction with an information-security expert, was introduced to help enterprises prevent their users from falling prey to phishing, pharming, and online fraud. Through the use of simple visual cues, Identity Cues by Green Armor Solutions makes obvious to even non-technical and untrained users whether they are communicating with an organization’s legitimate web-site or with a phony site set up by a criminal — and it provides this benefit without requiring users to install any software, carry any security devices, register for any services, or memorize any extra secrets. Even if users do not make a conscious effort to use the anti-phishing system it can still be quite effective.
For more information — http://www.greenarmor.com