CA to Boot Unused User IDs

Computer Associates acquired an identity management tool for mainframes that removes outdated and foreign access rights. CA said it bought eTrust Cleanup software from security provider InfoSec for an undisclosed sum. The purchase gives CA another weapon in the fight against Web-based hacking and virus attacks. The tool should also help the Islandia, N.Y., company’s customers better meet government regulations and requirements for consumer privacy. http://www.internetnews.com/security/article.php/3493796

Microsoft develops cybercrime-fighting tools

Microsoft announced a program to develop cyber forensics tools for law enforcement during The Forensic Computing and Computer Investigations Workshops for Australian police. The workshop is designed to teach law enforcement techniques to track down the culprits of child exploitation, phishing, and cyberattacks against business and government. Microsoft is developing its own internal tools, such as artificial intelligence and data mining tools, for use by “extremely competent individuals.” ZDNet Australia

Microsoft Outlook Connector for IBM Lotus Domino vulnerability

Affected version: 2002, 2003 Juha-Matti Laurio reported a vulnerability in the Microsoft Outlook Connector for IBM Lotus Domino. A user can choose to store passwords locally in violation of Group Policy. A remote authenticated user can select ‘Remember password’ when authenticating to a Lotus Domino server, causing the user’s password to be cached locally even if there is a Group Policy that prohibits local password caching. The flaw resides in ‘MSOC32.dll’ and ‘MSOCep.dll’.  The system may also store older, previous passwords.  Impact:  A user can choose to store passwords locally in violation of Group Policy. Solution:  A hotfix is available from … Continue reading Microsoft Outlook Connector for IBM Lotus Domino vulnerability

Upgrade your Kerio Personal Firewall

Petr Matousek has reported a vulnerability in Kerio Personal Firewall, which can be exploited by malicious programs to bypass the firewall rules.  The vulnerability affects versions 4.1.2 and prior.  Upgrade to Kerio Personal Firewall which fixes the said issue. http://secunia.com/advisories/14717/

Stolen Laptop Exposes Data of 100,000

A thief recently walked into a University of California, Berkeley office and swiped a computer laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants, highlighting a continued lack of security that has increased society’s vulnerability to identity theft. http://www.securitypipeline.com/159907438

Mac virus-writing contest cancelled

A $25,000 Mac virus-writing competition has been cancelled – because Apple is worried about the real possibility of people creating one. The contest, run by DVForge, was intended to undermine recent suggestions by Symantec that threats against OS X were on the rise. But Apple security experts warned that such a virus was possible, and a lawyer warned that encouraging its creation could be regarded as illegal, prompting the company to pull the competition. http://www.techworld.com/opsys/news/index.cfm?NewsID=3388

Recovering from Viruses, Worms, and Trojan Horses

Check the newest security tip by US-CERT entitled Recovering from Viruses, Worms, and Trojan Horses “Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your computer gets infected with malicious code, there are steps you can take to recover.“ How do you know your computer is infected?What can you do if you are infected?How can you reduce the risk of another infection? Read the complete security tip in http://www.us-cert.gov/cas/tips/ST05-006.html

Denial of Service in Symantec Norton AntiVirus AutoProtect

OverviewSymantec responded to two denial of service (DoS) issues identified in the AutoProtect functionality of the Symantec Norton AntiVirus consumer product. The Information-Technology Promotion Agency-Japan, IPA, reported one situation where a real time scan of a specific file type can cause a system crash, Blue Screen of Death (BSOD), with both Symantec Norton AntiVirus 2004 and 2005 Windows applications. This type of file, while not malicious on it’s own, could be maliciously introduced either remotely from outside the system through email or over http, or internally by an authorized user to disrupt service on a targeted system. Scanning specific file … Continue reading Denial of Service in Symantec Norton AntiVirus AutoProtect

[April 27, 2005] Introduction to Microsoft AntiSpyware

Start Time: Wednesday, April 27, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada) End Time: Wednesday, April 27, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada) Event Description Products: SecurityRecommended Audience: Business Decision Maker. Language: English-American Description: Do you see pop-up advertisements even when you are not on the Web? Is a new toolbar is installed on your browser that you didn’t want and can’t get rid of? You may have spyware on your computer. Join us as we talk about spyware and explain how it can harm your system, reduce your resources and affect your business. Learn … Continue reading [April 27, 2005] Introduction to Microsoft AntiSpyware