Anti-adware misses most malware

Windows Secrets Newsletter presented a simple chart showing which anti-adware application did the best job at removing the unwanted components.  The chart was based on Eric Howes’ Anti-Spyware Programs Feature Comparison Check the chart and read the article entitled “Anti-adware misses most malware” in Windows Secrets Newsletters’ (January 27, 2005 issue). 

DOJ Takes a Long Look at Longhorn

Government wants to make sure the upcoming OS complies with antitrust ruling. Microsoft will meet with representatives from the U.S. Department of Justice (DOJ) next month for the first of several briefings intended to ensure that its upcoming Longhorn operating system complies with the terms of the final judgment in the government’s antitrust case against the software maker. http://www.pcworld.com/news/article/0,aid,119459,00.asp

Flaw finders go their own way

David Aitel, founder of vulnerability assessment company Immunity, has received criticism from software makers and security researchers for irresponsible disclosure of software flaws. Immunity discovered four flaws in Apple’s Mac OS X, but only provided the information to customers, keeping it secret from the public and Apple for seven months. While an increasing number of researchers delay announcing a flaw until software makers can release a fix–a process known as “responsible disclosure”–some believe that arrangement has made companies lax about releasing patches in a timely manner. However, many also consider it dangerous to release details of a flaw to the … Continue reading Flaw finders go their own way

Crafted Packet Causes Reload on Cisco Routers

Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces. A system that supports MPLS is vulnerable even if that system is not configured for MPLS. The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.  Cisco has made free software available to address this vulnerability.  There are workarounds available to mitigate the effects. Affected Products:Vulnerable ProductsOnly the following products … Continue reading Crafted Packet Causes Reload on Cisco Routers

Congress Puts Spyware on Hit List

With horror stories of clogged computers ringing in their ears, lawmakers get ready to drop the hammer on malware makers. Penalties as high as $3 million could await homepage hijackers and other troublemakers. Michael Grebb reports from Washington. http://www.wired.com/news/politics/0,1283,66407,00.html

Multiple Vulnerabilities in Pocket IE

Airscanner reported several weaknesses in Pocket IE that can be used to trick end users into submitting local and/or sensitive data, such as usernames and passwords. The potential for exploiting these vulnerabilities are restricted only by an attacker’s imagination. However, Pocket IE is not as powerful as its big brother, and as such, an attacker is limited in what techniques she can use to launch the attack. For example, Pocket IE has no support for the IFrame tag, which is extremely useful in XSS and browser-based attacks. In addition, Pocket IE does not support every JavaScript command commonly used by attackers. … Continue reading Multiple Vulnerabilities in Pocket IE

Bugzilla Site Vandalized

The bugzilla bug reporting and tracking system on the Mozilla development site mozdev.org was vandalized yesterday. Mozdev is a community site for Mozilla developers to create and host applications and various add-ons to the Mozilla source code. Mozilla contributor Henrik Gemal reported the activity on his blog. “A couple of hours ago bugzilla mails started to pour in from bugzilla.mozdev.org,” Gemal wrote. “They all contained the same comment and the same action. Sexymeluckyyou73@yahoo.com changed status on all open bugs into Resolved Fixed. All bugs were submitted with the following comment: these bugs are not from me they where on there … Continue reading Bugzilla Site Vandalized

[Feb. 15, 2005] Implementing Security in the Development Lifecycle

Start Time:   Tuesday, February 15, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Tuesday, February 15, 2005 12:30 PM (GMT-08:00) Pacific Time (US & Canada) Description:    Security should be your primary concern throughout the development process. This session discusses how security can be implemented at each stage of the software development life cycle. Microsoft has created the Security Development Life Cycle to describe how to implement security best practices by adding pointed and well-defined checkpoints to the existing development life cycle. This session outlines recommended changes to the design, development, testing, verification and release phases that … Continue reading [Feb. 15, 2005] Implementing Security in the Development Lifecycle

[Feb. 15, 2005] Security360 with Mike Nash: Raising The Bar: Bill Gates Keynote at RSA Conference 2005

Start Time:   Tuesday, February 15, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  End Time:   Tuesday, February 15, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada) Description:   This month’s Security360 is a special edition of the show as we present the RSA Conference 2005 Keynote address by Microsoft Chairman and Chief Software Architect, Bill Gates. This will be an exciting opportunity to watch this live keynote where Bill will discuss his perspective on the state of security today, the importance of continued innovation, and advances in the Microsoft platform, products, and technologies designed to better protect customers. Security360, … Continue reading [Feb. 15, 2005] Security360 with Mike Nash: Raising The Bar: Bill Gates Keynote at RSA Conference 2005