Microsoft Delivers New Tools to Help Reduce Spam by launching MSN Postmaster Web site

REDMOND, Wash. — May 26, 2005 — Microsoft Corp. today announced new MSN® Hotmail® tools and services designed to expand e-mail industry collaboration in fighting spam — MSN Postmaster and Smart Network Data Services. These new services complement ongoing industry efforts supported by Microsoft, including e-mail authentication mechanisms such as the Sender ID Framework, to help protect MSN Hotmail customers as well as the overall e-mail community from online safety concerns such as spam, phishing and viruses. New Tools Against Spam Central to the effort by MSN Hotmail to engage with the e-mail community is the launch of the new … Continue reading Microsoft Delivers New Tools to Help Reduce Spam by launching MSN Postmaster Web site

LucidLink Home Office Edition free for home users (wireless security software)

LucidLink announced on April 18th that LucidLink Home Office Edition (wireless security software) is available free of charge from Interlink Networks at www.lucidlink.com. The easy-to-use application, called “dazzling” by PC Magazine, supports up to three Wi-Fi users and offers high-level protection for wireless networks by blocking unauthorized users and hackers. (See – Free LucidLink – 3 User Home Office Edition) It is still available as free – a $99 Value through the end of this year

Phishing Threat: PHISH.Yahoo.STAR

Name : PHISH.Yahoo.STAR Date : 5/24/2005 Type : Phishing Threat Protocol : Yahoo Messenger Risk :   Medium Risk Threat Description : This threat is a phishing attack that encourages users to click on the following URL: http://yahoopremium.bravehost.com/STAR_GAMES Once at the web site, the user is encouraged to enter their Yahoo credentials. Prevention : Administrators are advised to educate their users about the dangers of social engineering. Administrators can block this virus by using the Content Filtering feature of IMManager. Also administrators should ensure they have the latest updates from their anti-virus provider. http://www.imlogic.com/im_threat_center/threatdetail.asp?iThreatID=597

Gibraltar Firewall Anti-Virus Detection May Fail When Scanning Certain Viruses

Juha-Matti Laurio reported a vulnerability in the Gibraltar firewall. The firewall may fail to detect viruses. When using the optional Clam AntiVirus scanning feature, the firewall may fail to detect certain unspecified types of viruses. The vendor disclosed this vulnerability. Juha-Matti Laurio advised us of this vulnerability.  Impact:  The firewall may fail to detect viruses.Solution:  The vendor has released a fixed version (2.2a) http://www.securitytracker.com/alerts/2005/May/1014030.html

Is Deleting Spyware A Crime?

Mark Rasch wrote for SecurityFocus: “On my computer right now I have three anti–spyware programs, three anti-virus programs, and three anti-spam programs, together with a hardware and software firewall, an IPsec VPN, and data level encryption on certain files (and no, this is not intended to be an invitation for you to try to test my security.) The anti-spyware, anti-virus, and anti-spam software all work in very much the same way ?- they have definitions of known malicious programs, and they may also have algorithms to raise flags about unknown programs which operate in an unusual way. Depending upon user … Continue reading Is Deleting Spyware A Crime?

Jot down your passwords

Speaking on the opening day of a conference hosted by Australia’s national Computer Emergency Response Team, or AusCERT, Microsoft’s Jesper Johansson said that the security industry has been giving out the wrong advice to users by telling them not to write down their passwords. Johansson is senior program manager for security policy at Microsoft. “How many have (a) password policy that says under penalty of death you shall not write down your password?” asked Johansson, to which the majority of attendees raised their hands in agreement. “I claim that is absolutely wrong. I claim that password policy should say you … Continue reading Jot down your passwords

Bypass found for Windows piracy check

A tool provided by Microsoft could let people get around a check meant to prevent those with pirated copies of Windows from downloading additional software from the company, according to a security researcher. Researcher Debasis Mohanty outlined what he said was a technique to trick Microsoft’s Windows Genuine Advantage validation check in a posting to the Full Disclosure security mailing list on Monday. WGA is a software tool that verifies whether a particular copy of the operating system is properly licensed. Using a secondary Microsoft validation tool called “GenuineCheck.exe,” it may be possible for people to trick the checking mechanism, … Continue reading Bypass found for Windows piracy check

Microsoft seeks protection from spyware firms

Microsoft wants the Senate to rewrite anti-spyware legislation in order to protect companies that provide spyware removal utilities. The software maker warned Tuesday that two bills approved by the House of Representatives this week fail to prevent “frivolous lawsuits” filed by adware and spyware companies that are upset when their code is removed. More in News.com

Computer Associates fixes bug in antivirus products

A high-risk security flaw in several of Computer Associates International’s antivirus products could put users at risk of cyberattack, the software vendor warned on Monday. The flaw lies in the scanning engine used in CA’s enterprise and consumer antivirus products, the company said. An attacker could gain full control over a victim’s PC by sending a specially crafted Microsoft Office document, according to a security advisory published on the CA Web site. CA rates the issue “high risk” because an attacker can gain full access to a computer without any user interaction, according to the advisory. The flaw in CA’s … Continue reading Computer Associates fixes bug in antivirus products

Microsoft Security Resource Center (MSRC) Blog

Syndicate Microsoft Security Resource Center (MSRC) blog.  It offers expert commentary on bulletins and advisories RSS – http://blogs.technet.com/msrc/rss.aspxAtom – http://blogs.technet.com/msrc/atom.aspxBrowser – http://blogs.technet.com/msrc/default.aspx