Document security fears grow

Problems with maintaining the confidentiality of electronic documents and preventing document tampering are on the rise, according to a security manager at Adobe Systems Inc. Although he would not divulge details of any specific incident of document tampering in the federal government, John Landwehr, group manager for security solutions and strategy at Adobe, said cases of document spoofing represent a growing problem for both government and corporate offices. http://www.fcw.com/fcw/articles/2004/0426/web-adobe-04-26-04.asp

Zone-H: dozens of high profile web sites defaced

A new group known as “dark-underground” defaced several high profile web sites, including Governments, Intergovernmental organizations and famous brands. Korea and China seem to be the most targeted countries among the list of victims. The defacer often created a page on the server and wrote “Hacked By Dark Underground” in order to prove that he compromised them, a “FREE ITALIAN FROM IRAQ” message was also appearing in older defacements. The attackers are probably taking advantage of misconfigurations in Frontpage servers, allowing them to be authentified and administrate the servers without any login and password. List of the most important defaced … Continue reading Zone-H: dozens of high profile web sites defaced

Banks targeted in Windows hack attack

Malicious attackers in Brazil, Germany and the Netherlands tried to use a vulnerability in Windows to break into some of Australia’s largest financial institutions, including at least three banks, over the Anzac weekend, according to the Atlanta-based security firm, Internet Security Systems. http://www.zone-h.org/en/news/read/id=4196/

Zone Labs Targets Spyware With Integrity Upgrade

End-point security vendor Zone Labs Monday unveiled a new version of its Integrity software designed to detect and disable spyware on desktop computers in an enterprise network. The upgrade, dubbed Integrity Clientless Security 2.0, is thought to be the first security product on the market aimed specifically at eliminating spyware–a category that includes keystroke loggers, Trojan horses, worms and hacker tools. The software is available now to channel partners. According to Frederick Felman, vice president of marketing at the San Francisco-based company, the features should help enterprises remove the threats of ID and password theft and data loss, while preserving … Continue reading Zone Labs Targets Spyware With Integrity Upgrade

Online viruses under attack

THE country’s top computer experts have been unleashing predatory viruses and hacking through firewalls in the name of crime prevention. Security specialists used live virus and hacking demonstrations to show computer network teams from across the north west the best ways of protecting their systems. The course, hosted by Manchester firm NCC, gave IT managers the chance to see exactly where their networks are vulnerable and what happens when they are attacked. http://www.manchesteronline.co.uk/business/technology/s/110/110173_online_viruses_under_attack.html

More attack code surfaces for recent MS security holes

More attack code surfaces for recent MS security holes http://www.infoworld.com/article/04/04/26/HNmoreattackcode_1.html Just days after Microsoft Corp. warned its customers about the release of code that can exploit a hole in its Secure Sockets Layer (SSL) library, new code that claims to exploit another recently disclosed hole surfaced on a French language Web site. The computer code can be used by a remote attacker to trigger a buffer overrun vulnerability in the Local Security Authority Subsystem Service (LSASS), according to a message posted to www.k-otik.com. Microsoft released a patch for the LSASS vulnerability, MS04-011, on April 13, along with fixes for the … Continue reading More attack code surfaces for recent MS security holes

Windows Explorer / Internet Exporer Long Share Name Buffer Overflow

Secunia Advisory: SA11482    Release Date: 2004-04-26  Critical: Highly critical Impact: System access Where: From local network OS:  Microsoft Windows 2000 Advanced ServerMicrosoft Windows 2000 Datacenter ServerMicrosoft Windows 2000 ProfessionalMicrosoft Windows 2000 ServerMicrosoft Windows 95Microsoft Windows 98Microsoft Windows 98 Second EditionMicrosoft Windows MilleniumMicrosoft Windows XP Home EditionMicrosoft Windows XP Professional Software:  Microsoft Internet Explorer 5.01Microsoft Internet Explorer 5.5Microsoft Internet Explorer 6 Description:Rodrigo Gutierrez has discovered a vulnerability in Windows and Internet Explorer, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error, which can be triggered via Internet Explorer and Windows Explorer when connecting to a file … Continue reading Windows Explorer / Internet Exporer Long Share Name Buffer Overflow

CIH day

Today is the 26th of April. For several years, this day used to mean worldwide damage caused by the CIH virus. This virus was very widespready during 1998-2000. It was programmed to activate destructively every year on this date, overwriting most of the data on the hard drive and attempting to overwrite the Flash BIOS chip of the computer, making it unbootable. The CIH virus family is no longer widespread. Last time we saw significant amount of damage (mostly in Asia) was in April 2001. We expect to see no damage now in April 2004. http://www.f-secure.com/weblog/#00000143  

Sophos and Sun combat multiple email threats

UK-based virus detection firm Sophos Anti-Virus and US-based software and server company Sun Microsystems Inc, have announced an integration of Sophos PureMessage and Java System Messaging Server, a key component of the Sun Java Enterprise System, a media release from Sophos says. The new integrated system will protect against spam, viruses and other security threats for telecommunication carriers, universities and large enterprises. http://www.smh.com.au/articles/2004/04/26/1082831481063.html

Spam Affects Kids Too

A study conducted by KidsGuard.com among a sample of over 66,000 children in the UK determined that kids receive an average of 1.46 pornographic e-mails each day and 10 per week http://www.emarketer.com/news/article.php?1002765