Macromedia Advisory on Breeze

MPSB 05-06 Breeze 5.0 Password Reset Encryption

Summary: Macromedia Breeze 5.1 includes a security update which addresses an issue related to user password encryption in the database when resetting passwords in Macromedia Breeze 5.0.

NOTE: This update only applies to licensed customers of Breeze running the software on their own servers. This problem does not occur on the Breeze hosted system.

Solution: Macromedia Breeze customers should upgrade their licensed software to Macromedia Breeze 5.1, which includes the product fix to this issue.

Severity Rating: Macromedia categorizes this issue as a moderate issue and recommends users patch their installations.

More details in Macromedia website

Symantec Awarded More Than $1 Million in Software Piracy Case

Symantec Corp. announced it has been awarded more than $1 million in restitution as a result of a criminal software piracy case in Houston, Texas. Li Chen pled guilty to one count of trademark infringement and agreed to the restitution as part of a plea bargain.

The case, prosecuted by the Harris County District Attorney’s office, was the result of a year-long investigation by the Houston Police Department and the Federal Bureau of Investigation. The case was initiated based on information uncovered in an investigation conducted by Symantec and other software companies into Chen’s activities.

After a search warrant was served by law enforcement authorities on November 17, 2004, more than 5,100 units of counterfeit Symantec software was seized from Chen’s business, Microsource International, located in Houston. In addition, documents were seized revealing that between April 2002 and October 2004, Chen sold counterfeit Symantec software with a retail value of more than $9.9 million.

Help thwart online scams with Microsoft Phishing Filter

Microsoft Phishing Filter helps identify fraudulent Web sites before you visit them and offers dynamic screening to help protect against online data theft

Microsoft Phishing Filter helps identify fraudulent Web sites before you visit them and offers dynamic screening to help protect against online data theft. Learn how it works and how to download and install it.

57 million people in the United States alone claim to have been exposed to at least one online phishing scam. These scams typically attempt to lure you into visiting phony Web sites where your personal information or credit card information can be collected for criminal use.

Microsoft Phishing Filter helps provide dynamic protection against phishing scams as you visit Web sites in two ways. It scans and helps identify suspicious Web sites, and provides up-to-the-hour updates and reporting on known phishing sites. Microsoft Phishing Filter is available as an add-in for the MSN Search Toolbar at no cost, and will be also available in the upcoming Windows Internet Explorer 7.

Microsoft Phishing Filter info:
– Two key features
– Microsoft Phishing Filter in action
– How to get Microsoft Phishing Filter
– Step 1: Download and install the MSN Search Toolbar
– Step 2: Download and install the Microsoft Phishing Filter Add-in for the MSN Search Toolbar (Beta)

Security At Home


Avoid wireless attacks through your Bluetooth cell phone

Avoid wireless attacks through your Bluetooth cell phone




Avoid wireless attacks through your Bluetooth cell phone

Bluetooth wireless technology is included with many cell phones and PDAs. It was initially designed to let you swap documents between other Bluetooth devices without the use of annoying connecting cables, but has since expanded to provide services such as Web connectivity and online game playing. However, any time you transmit information online, you can be vulnerable to online attack; and as the popularity of Bluetooth increases, so does its interest to cybercriminals.

Get tips to help improve the security of your Bluetooth-enabled cell phone or PDA:

– The Bluetooth process and vulnerability
– Tips to improve your Bluetooth security
– More Bluetooth tidbits

Read the tips in Microsoft Security At Home

Software set to remain insecure

According to Dr. Klaus Brunnstein, president of the International Federation for Information Processing, software will always be vulnerable as long as designs are complex, because no one can fully understand what happens deep in the system. The design of the Open Systems Interconnection architectural model, on which the current IT model is based, is also flawed, he said. Speaking at the SEARCC 05 conference, he also advocated involving consumers more in development and making Bill Gates pay for the damage the Windows OS has caused.


Novell server under attack

Novell apparently allowed employees to use test servers outside the firewall for gaming, leaving them vulnerable to attack. One hacked server was used to scan potentially millions of computers. The scans used Port 22, the default port for Secure Shell (SSH) services, which allows programs to log into other computers or to execute remote commands and move files securely. Port 22 scans often indicate hackers are looking for vulnerable SSH to break into and control. The gaming site,, was taken down after Novell was alerted about the breach.


Hackers Step Up Attacks on IM Networks

Instant messaging attacks are on the rise. Akonix Systems Inc., a messaging security developer, said in their Q3 Threat Report that 25 viruses have been reported on IM networks so far in September, or about one a day. In the past, malware was repurposed from email viruses, but now IM-targeted viruses are just as likely. Hackers are using IM to take over PCs and carry out zombie-style attacks via the major consumer IM networks AOL, Yahoo, and MSN. Corporations using IM need to get off the consumer networks to avoid this threat.


Warning over unattended PC peril

Research and advisory firm Gartner says that unattended PCs are “low-hanging fruit” for insider attacks and suggests that companies use time-outs to automatically log users out of application sessions or lock PCs. Threats from unattended computers include unauthorized access to personnel data, changing business information (to hide fraud, for instance), and sending email in someone’s else’s name. Users are resistant to time-outs, but Gartner believes objections can be overcome by holding users accountable for any misuse of their PCs.

The Register

Just another Microsoft MVPs site