Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Congratulations West Coast Eagles – AFL Premiers 2006

September 30th 2006

If you want to see *real* men play football, you can see the game online, for free, here (Broadband required):http://westcoasteagles.com.au/No wimpy body armour or helmets for these guys [:)]Interesting tidbit: The West Coast Eagles *lost* to Sydney in the lead up to the Grand Final a few weeks ago in a Preliminary Final and the […]

Read On Comments Off

Running a Mac? You might want to get patched

September 30th 2006

http://docs.info.apple.com/article.html?artnum=304460CFNetwork – Impact: CFNetwork clients such as Safari may allow unauthenticated SSL sites to appear as authenticatedFlash Player – Impact: Playing Flash content may lead to arbitrary code executionImageIO – Impact: Viewing a maliciously-crafted JPEG2000 image may lead to an application crash or arbitrary code executionKernel – Impact: Local users may be able to run […]

Read On Comments Off

McAfee Site Advisor in damage control after the release of the 3sharp report

September 29th 2006

As noted in this blog post, McAfee's SiteAdvisor scored an extremely low 3 out of 200 (putting them in last place) in the 3sharp antiphishing tools test released just the other day.McAfee are now crying foul.  Shane Keats has posted to my blog, and to the IE blog, disputing the inclusion of McAfee's Site Advisor in the […]

Read On 6 Comments

Important clarification re the Web View Folder Icon Integer Overflow vulnerability

September 28th 2006

Despite all the headlines to the contrary, this is not an IE vulnerability, although IE is an exploit vector – it is a vulnerability in the Windows Shell – a subtle but important distinction (it just goes to show – always doublecheck what is being said, no matter who the source is – sorry Tony)  [:(] MS Security Advisory here – patch due by […]

Read On Comments Off

Secunia and FRSIRT announce IE vulnerability – Web View Folder Icon Integer Overflow

September 28th 2006

Note: despite all the headlines to the contrary, this is not an IE vulnerability, although IE is an exploit vector – it is a vulnerability in the Windows Shell.Edit: MS Security Advisory here – patch due by October 10http://www.microsoft.com/technet/security/advisory/926043.mspx Secunia and FRSIRT have released information about a new IE vulnerability:http://secunia.com/advisories/22159/http://www.frsirt.com/english/advisories/2006/2882My tests indicate that not only does the demonstration page crash Internet Explorer 7 […]

Read On 1 Comment

Gone Phishing: Evaluating Anti-Phishing tools for Windows

September 28th 2006

3sharp, a Redmond based technical services company, has been commissioned by Microsoft to undertake a competitive study of various anti-phishing technologies.  The results of that study were released just minutes ago.The IE team comment on the study:http://blogs.msdn.com/ie/archive/2006/09/28/774513.aspx Before we proceed, I will say, right at the outset, that the only safe antiphishing technology is one that […]

Read On 3 Comments

Spam as a business

September 26th 2006

Seen on the Microsoft Switzerland Security Blog:http://news.bbc.co.uk/1/hi/technology/5371078.stm"Analysis of the net addresses where the e-mail messages originated showed that more than 100,000 hijacked home computers [my emphasis] spread across 119 nations had been used to despatch the junk mail."Do you have a home computer? A broadband connection? Then the spammers want your machine, and if you give […]

Read On Comments Off

Patch released for high profile VML vulnerability

September 26th 2006

A patch for the high profile VML Vulnerability has been released by Micrososoft. It resolves not only the public vulnerability but also additional issues discovered through internal investigations.  It is available via Windows Update, Microsoft Update, Autoupdate and WSUS.It only applies to IE5 and IE6 machines.  IE7 is immune to this (and most other) vulnerabilities.Security […]

Read On 1 Comment

By request: What is the best antispyware application?

September 26th 2006

Hello Tagshare – tell Wayne he owes me a Chivas [D]"What is the best antispyware application?" is an oft asked question.  Unfortunately, gentle reader, the answer is one that you may not like.In short, there is no magical prophylactic out there that will protect your computer from all spyware, or from the inevitable results of "unsafe […]

Read On 5 Comments

Federal Bureau of Investigation Honors Microsoft for Rapid Response to Mytob/Zotob

September 26th 2006

On behalf of Robert S. Mueller III, director of the Federal Bureau of Investigation, FBI Cyber Division Assistant Director James E. Finch today presented certificates for “Exceptional Service in the Public Interest” to nine Microsoft employees, including Brad Smith, Microsoft Senior Vice President and General Counsel, for their assistance in the swift resolution of the […]

Read On Comments Off