“Doctor Web, Ltd., a Russian anti-virus software developer, announces the release of public beta-version of new Dr.Web product – Dr.Web LiveCD – a disk for a computer emergency protection.
Dr.Web LiveCD is an image of the boot compact disk which contains all necessary tools to check your computer for viruses without installation of any programs on the hard drive. The check is made by the scanner with the newest anti-virus bases included into the CD. Dr.Web LiveCD allows to check files in all file systems of Windows (FAT, FAT32 and NTFS). “
More info at More info at http://info.drweb.com/show/2780/en
The Firewall Leak Tester Rewards was updated last March 11, 2006.
Result of the test at http://www.firewallleaktester.com/tests.php
Stats is available at http://www.firewallleaktester.com/reward_stats.htm
Kaspersky Internet Security 6.0 and Ghost Security Suite received the Best choice reward while Jetico firewall 18.104.22.168 got the Gold reward and then Outpost Pro 3.5 and Look’n’Stop 2.05 received the Silver reward.
Microsoft Security Advisory 917077 (Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution) updated:
Microsoft Security Advisory 912945 (Non-Security Update for Internet Explorer):
- March 29, 2006: Advisory updated to indicate that this non-security update will be included with the IE security update, and that this next security update will address the issues detailed in Microsoft Security Advisory 917077. Also, the advisory has been updated to information customers that a Compatibility Patch will be created that will allow customers to temporarily return IE to the previous functionality for handling ActiveX controls.
“Security software vendor McAfee Inc. is looking to acquire security companies that have technology that can be quickly integrated with the company’s products, an executive of the Santa Clara, Calif., company said Wednesday.
McAfee is scouting worldwide for companies that can offer interesting technologies in areas such as wireless security and safer Internet surfing for users, George Samenuk, McAfee’s chief executive officer and chairman, told reporters in Bangalore, India.”
“Recently, a reader reported being forced to disable intrusion-prevention monitoring within shared, multi-tenant locations because the wireless scanning system was generating a confusing abundance of red herrings, or “false positives,” from neighboring access points.
The thought of anyone forced to turn off security caused my anxiety level to spike.”
“PhishRegistry.org is a free service provided by CipherTrust, Inc. to help businesses know when they are at risk of being phished. PhishRegistry.org monitors the content of your website and alerts you when attempts to duplicate it have been detected. Weekly reports are sent to your email address with information about suspect websites. Registering helps you by providing you with reports of suspicious phishing activity, and gets your company’s website more visible by us and our anti-fraud partners. Registering helps us by letting us know about important websites we should be monitoring.”
MIT’s 2006 Spam Conference seemed to show that the “fight against spam, phishing and e-mail fraud should focus on economic incentives and aiding law enforcement”. Noting the “recent proposals of white lists and AOL’s Goodmail, a pay per e-mail service offering preferential treatment in e-mail delivery for marketers”, as well as the one year anniversary of the Can-Spam federal law, speakers addressed the issue with solutions having direct financial consequences. Some other proposals aimed to avoid “creating a hierarchy of e-mail senders, an idea that goes against the Internet’s equalizing spirit”. Rather than some type of e-mail postage for bulk e-mailers, these businesses could put up a bond.
Yes, I blogged the above before (I also entered it in Calendar of Updates as reminder to users) but it’s worth to mention again
MBSA 1.2 is discontinued on March 31, 2006
Microsoft encourage you to migrate to MBSA 2.0 before March 31, 2006 to guarantee continued security bulletin detection. FAQ here.
A what’s going on Internet Explorer ActiveX update, 0-day vulnerability in IE and the schedule on the release is blogged by Mike Nash of Microsoft at http://blogs.technet.com/msrc/archive/2006/03/29/423560.aspx
On March 24, 2006, the Anti-Phishing Working Group (APWG) released the January Phishing Activity Trends Report (available here. Note: requires PDF viewer)
Number of unique phishing reports received in January: 17,877, the most reports ever recorded
Number of unique phishing sites received in January: 9715, a huge increase in unique phishing sites from the previous two months
Number of brands hijacked by phishing campaigns in January: 101
Number of brands comprising the top 80% of phishing campaigns in January: 6
Country hosting the most phishing websites in January: United States
Contain some form of target name in URL: 45 %
No hostname just IP address: 30 %
Percentage of sites not using port 80: 8 %
Average time online for site: 5.0 days
Longest time online for site: 31 days