CERT Recommends Mozilla, Firefox

“According to this article, “CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera.” Quite a statement from CERT – this is related to a fairly recent IIS or IE exploit that has already affected some high traffic web sites, such as the Kelley Blue Book website.” http://slashdot.org/article.pl?sid=04/06/27/1436213

VeriSign announces security, anti-phishing services

VeriSign this week plans to announce two sets of services to combat spam as well as fraud caused when criminals set up phony Web sites that mimick legitimate ones to gain victims’ personal data. The company on July 12 expects to begin offering an anti-spam and anti-virus filtering service, like those offered by competitors such as Postini, says Chad Kinzelberg, vice president of Secure Sockets Layer and VeriSign Security Services. Customers of the VeriSign E-Mail Security Service redirect corporate e-mail to mail servers hosted in VeriSign data centers, including those in Mount View, Calif., and Dulles, Va., to have their … Continue reading VeriSign announces security, anti-phishing services

Brightmail upgrades anti-spam software

As anti-spam software maker Brightmail officially becomes part of Symantec, the company is releasing an upgrade to the enterprise version of Brightmail Antispam. Version 6.0 has an enhanced reputation service and non-English filtering capabilities, and blocks a new spam technique called signature attachments, says Carlin Wiegner, director of product management. http://www.nwfusion.com/news/2004/062804brightmail.html

Experts agree on method, not scope of IIS attacks

Accounts of impact vary One day after reports of Web site attacks surfaced, there was disagreement about how widespread the attacks were and how many Internet users were affected by them. Read full article in http://www.infoworld.com/article/04/06/25/HNexperts_1.html

IETF Releases Anti-Spam Sender ID Internet Draft Specification

The IETF has released a revised version of the Internet Draft MTA Authentication Records in DNS from the MARID Working Group, now called the ‘Sender ID’ specification. Jointly authored by Jim Lyon (Microsoft) and Meng Weng Wong (Pobox.com), the Sender ID draft represents a merger of the Sender Policy Framework (SPF) specification and Microsoft’s Caller ID for E-mail proposal. The authors “hope to simplify industry adoption of effective e-mail authentication technology, thereby helping more swiftly provide greater spam protection to e-mail users worldwide.” Meng Weng Wong has authored a separate informational I-D Behind The Curtain: An Apology for Sender ID. … Continue reading IETF Releases Anti-Spam Sender ID Internet Draft Specification

Blue Coat Secures Against IE Redirection Threat and JS/Scob Trojan

Threat Exhibits Spyware Characteristics and Transmits Confidential Data from User Desktops Blue Coat Systems, Inc., a leading provider of proxy appliances, today announced that its ProxySG and ProxyAV appliances safeguard organizations from threats exploiting the recently discovered HTTP Redirect Vulnerability in Microsoft Internet Explorer (IE), including the JS/Scob Trojan. This widespread vulnerability can allow hackers to take control of desktop computers and extract confidential information from corporate systems. PRNewswire  

Microsoft Statement Regarding Download.Ject Malicious Code Security Issue

Microsoft Statement Regarding Download.Ject Malicious Code Security Issue Microsoft is committed to helping customers keep their information safe. We are currently working with law enforcement and industry partners to identify the individuals or entities responsible for a new Internet attack, known as Download.Ject, and bring those responsible for this criminal act to justice. On Thursday, June 24, at 4:00 p.m. PDT, Microsoft responded to reports that some enterprise customers running un-patched versions of IIS 5.0 (Internet Information Services), a component of Windows 2000 Server, were being targeted by malicious code, known as Download.Ject. More information is available at: http://www.microsoft.com/downloadject This … Continue reading Microsoft Statement Regarding Download.Ject Malicious Code Security Issue

Internet Information Services (IIS) 5.0 – Download.Ject Detection and Recovery Advisory

Microsofts’ article  describes how administrators can determine if a Microsoft Windows 2000-based computer that is running IIS 5.0 is compromised with malicious code that exploits a vulnerability that is addressed in Microsoft Security Bulletin MS04-011 (835732). Note Microsoft believes that if you installed the updates for MS04-011 manually or by using Automatic Updates before April 25, 2004, and you have restarted your computer, you are already protected against this issue. If you find that your computer has been compromised, please contact Microsoft Product Support Services (PSS) immediately.  

XP Service Pack 2 to Skip Older Windows, for Now

http://www.eweek.com/article2/0,1759,1617450,00.asp Microsoft Corp. has no plans to port the security and feature enhancements due in Windows XP Service Pack 2, now in final beta testing, to older versions of Windows. The decision means that enterprises running older versions of Windows will be less secure and more vulnerable to attacks than those running XP systems that upgrade to the latest service pack, which includes many security improvements. Microsoft officials in Redmond, Wash., last week said the company’s focus is on shipping a high-quality SP2 release to customers. It is, however, leaving the door open to supporting older versions and is evaluating … Continue reading XP Service Pack 2 to Skip Older Windows, for Now

Serious Glitch in Intel’s Grantsdale Chip Uncovered

Intel has discovered a glitch involving some of the I/O controllers in the company’s new “Grantsdale” chip set, which can cause a PC to fail to boot up or to freeze. Between 100,000 and 200,000 chipsets are affected, according to one Wall Street analyst, who pubished a report to his clients on Friday. Intel had polled its customers for the lot numbers of the affected chips, which were sent to manufacturers before the chipset’s official launch this past Monday. Samples of the lots are being sent to Intel for further testing. http://www.eweek.com/article2/0,1759,1617088,00.asp