Big Issues Face FCC in 2006

The US Congress faces “several decisions in 2006 that will affect networking for years to come”, such as preventing “rapidly evolving Internet services from clashing with the decades-old policy framework for security, privacy protection, law enforcement needs and communications subsidies”.  Data breach notification and spyware regulation are the two biggest IT issues.  Voice over IP services will need to be regulated, “while appearing not to regulate the Internet”.


eWeek

Botnet Uses BitTorrent to Push Movie Files

BitTorrent peer-to-peer software is being used by hackers to “push copies of movies and Disney cartoons onto infected machines”.  In the “first known instance of the popular P2P software being used by hackers for malicious purposes”, up to 18,000 computers controlled by an IRC server are using “BitTorrent as a vehicle for distributing very large files to infected machines on (the) botnet without attracting the attention of the computer’s owner”.  The FBI is investigating.


eWeek

Texas files new spyware claim against Sony BMG

Texas files new spyware claim against Sony BMG


Texas Attorney General Greg Abbott said on Wednesday that he added a claim regarding hidden “spyware” to the lawsuit he filed in November 2005 against Sony BMG Music Entertainment.  The original charges claimed Sony BMG secretly installed copy-protection software when the CDs are played on computers; the new charges are aimed at software by MediaMax included on the Sony BMG CD, which Abbot says violates state laws on deceptive trade practices.  The software, which tracks customers’ listening habits, downloads even if users rejected a license agreement.  Sony BMG denied the MediaMax software was hidden and said it does not collect the personal information that spyware typically does.


Reuters

Mac OS X KHTMLParser Denial of Service Weakness

Tom Ferris has discovered a weakness in Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service).  The weakness is caused due to an error in the KHTMLParser when parsing certain malformed HTML documents. This can be exploited to crash an application that uses the parser via a specially crafted HTML file. In certain cases, this may cause the system to become unresponsive.  The weakness has been confirmed to affect TextEdit and Safari in Mac OS X with Security Update 2005-009. Other applications that use the parser may also be affected.


Solution:  Do not open or follow links to HTML files from non-trusted sources


http://secunia.com/advisories/18220/

Microsoft and Computer Security in 2005

Real progress has been made, but challenges remain in the ongoing battle against increasingly sophisticated world-of-software threats.


In the ongoing challenge to deliver a safer, more secure computing experience for PC users, Microsoft and its industry partners in 2005 made considerable progress on the security front with achievements such as greater customer awareness of the existence of spam, viruses, spyware and other security threats, as well as the availability of more effective and powerful software protections against software attacks and security breaches, which has resulted in improved security for Microsoft customers.


“At Microsoft, we’re focused on protecting customers from current and emerging cyber security threats,” says Mike Nash, corporate vice president of Microsoft’s Security Technology Unit. “Our strategy is to make the right technology investments, to provide clear guidance to our customers about how to stay better protected, and address industry-wide challenges through partnerships in the public and private sectors.”


More in Microsoft

Yahoo to plug security hole in dating site

Fix comes after security expert finds clues in online profiles that could let intruders reset passwords.


Yahoo plans to tighten security on its dating site after a security expert uncovered a method for breaking into members’ accounts.


The main problem is that Yahoo Personals ads contain clues about key personal information–namely birth date and ZIP code–that members also use to reset their passwords. If an intruder obtains that data, the only thing that would block him from changing passwords and accessing accounts are members’ secret questions, such as “What’s your pet’s name?” “What is your favorite pastime?” and “What is your all-time favorite sports team?”


CNet

QuickTime / iTunes Memory Corruption Vulnerability

Tom Ferris has discovered a vulnerability in Apple QuickTime / iTunes, which can be exploited by malicious people to cause a DoS (Denial of Service), and with an unknown impact.  The vulnerability is caused due to an error in handling malformed “.mov” files. This can be exploited to cause memory corruption, which causes the program to crash. It has been reported that arbitrary code execution may be possible. However, this has not been confirmed.


The vulnerability has been confirmed in Apple QuickTime Player 7.0.3 and iTunes 6.0.1.3. Other versions may also be affected.


Solution:  Do not open “.mov” files from untrusted sources.


http://secunia.com/advisories/18149/