A federal court this week shut down a big-time Florida spammer and froze his assets, using the CAN-SPAM Act to put a stop to his mass mailings. Creaghan A. Harry is “responsible for what likely amounts to millions of illegal spam messages,” said the Federal Trade Commission (FTC) in a statement. http://www.techweb.com/wire/story/TWB20040730S0002
Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. … Continue reading Microsoft Security Bulletin July 30, 2004
Pests could easily run undetected on handhelds and spread quickly online, security expert warns. Viruses that target handhelds can be even more dangerous than their cousins that attack PCs, spawning self-replicating programs that hide easily, a security researcher told an audience of security professionals at the Black Hat Briefings conference here this week. The first virus aimed at Pocket PC handhelds, revealed last week, could be far worse if it were modified slightly to carry a harmful payload, said Seth Fogie, a vice president of Airscanner, which develops security software for the Window Mobile platform. http://www.pcworld.com/news/article/0,aid,117164,00.asp
Massively parallel computing has rendered DES breakable, standards institute claims The National Institute of Standards and Technology (NIST) is proposing that the Data Encryption Standard (DES), a popular encryption algorithm, lose its certification for use in software products sold to the government. http://www.infoworld.com/article/04/07/29/HNdesinadequate_1.html
Google, the world’s most popular search engine, is one of the handiest tools for hackers, according to one security expert. Google’s ability to record Internet sites’ content can be used to pinpoint those with weak security, Johnny Long, a security researcher and computer scientist for Computer Security Corp. told attendees at the Black Hat Security Briefings. Though the technique is not new, well-crafted searches turned up so many sites with vulnerabilities that even jaded researchers laughed during the session. “It is an old dog with new tricks,” Long said. “It never ceases to amaze people, all the vulnerabilities out there.” … Continue reading Is Google the hacker’s best friend?
Panda Software has been busy designing its new solutions for 2005 that will protect computer users against the new types of computer threats that seem to spread almost instantly. Panda Software answers these threats with its TruPREVENT technologies which will be a key feature for all Panda solutions in the coming year. Panda’s new technology will help detect and stop threats even without virus signatures so that new and unknown threats can be stopped before causing damage to the user. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-29-2004/0002221490&EDATE=
Another ‘social engineering’ phish attempt, targeting eBay customers. The message has an eBay header and footer, a convincing sender and nice (at a first glance) URL. They are all spoofed: Summary Email subject: ‘Update Your Billing Informations’ Scam target: eBay customers Distribution medium: a HTML email (click here for the HTML code of the message itself) Sender: aw-confirm@ebay.comSender spoofed? Yes Scam call to action: ‘During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information. … Please update and verify your information by clicking the link below…’ Scam goal: Getting victim’s ebay and paypal usernames/passwords, credit/debit card information, bank account information, SSN, contact … Continue reading Anti-Phishing:eBay-Update Your Billing Information
MessageLevel.com, the leader in email authentication technology, today announced the availability of the Message Level Email Authentication Protocol. This patent-pending technology enables full protection against email spoofing, electronic messaging fraud, and email Phishing attacks. Using components of the email messages themselves, the Message Level Protocol creates origination records for each outgoing message, which enables Receiving Systems to query back automatically as to the authenticity ofreceived email based upon whether or not the messages actually originated from the purported sender. As such, the Message Level Protocol creates an impenetrable solution against email fraud, guarantees 100% detection ofspoofed emails, and generates absolutely … Continue reading Email Spoofing and Phishing Finally Has a Solution
Microsoft is currently alpha-testing its upcoming anti-virus product, according to industry sources. The sources claim that the anti-virus software works as a behaviour blocker that monitors different events and actions on computers. If the event or action is typical of a virus or is harmful, it will be prevented. Behaviour blockers do not use code signatures like traditional scanner-based anti-virus programs, so they may be able to protect against new types of viruses without being updated. The anti-virus product was also referred to as an Intrusion Detection and Protection System by sources, indicating that it may work in conjunction with … Continue reading Microsoft alpha-tests anti-virus product
Release Date: 2004-07-30 Critical: Moderately critical Impact: Spoofing Where: From remote Software: Mozilla 0.xMozilla 1.0Mozilla 1.1Mozilla 1.2Mozilla 1.3Mozilla 1.4Mozilla 1.5Mozilla 1.6Mozilla 1.7.xMozilla Firefox 0.x Description:A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface. The problem is that Mozilla and Mozilla Firefox don’t restrict websites from including arbitrary, remote XUL (XML User Interface Language) files. This can be exploited to “hijack” most of the user interface (including tool bars, SSL certificate dialogs, address bar and more), thereby controlling almost anything the user sees. The Mozilla user interface is built using XUL files. A PoC (Proof of Concept) exploit for Mozilla … Continue reading Mozilla / Mozilla Firefox User Interface Spoofing Vulnerability
