Month: October 2005

A worm found spreading via America Online’s Instant Messenger is carrying a nastier punch than usual, a security company has warned. The unnamed worm delivers a cocktail of unwanted software, including a so-called rootkit, security experts at FaceTime Communications said Friday. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. “A very nasty bundle is downloaded to your machine” when you click on the worm link, said Tyler Wells, senior director of engineering at FaceTime. “This is the first time that we have seen … Continue reading AIM worm plays nasty new trick

The problems that beleaguer the old internet are appearing again in newer technologies known collectively as Web 2.0, a term coined by O’Reilly Media Vice President Dale Dougherty to describe post-dot-com sites and services that use the web as a platform – such as Flickr, BitTorrent, tagging and RSS syndication. Proponents say Web 2.0 has been better engineered to withstand the troubles that wrecked Usenet, BBSes and free e-mail, but misuses abound, such as splogging and manipulation of Google rankings. Some decry the open media movement, saying it is driving out traditional, quality-controlled media. Wikipedia has been singled out for … Continue reading Web 2.0 Cracks Start to Show

Interest is growing in open source databases, in part due to security concerns. Evans Data surveyed 400 industry database administrators and found that use of the open source database software MySQL increased over 25% in six months and 44% of developers are now using it. Respondents said security was an important part of database development. Only 9% of those using open source reported a security breach within the last year, but 85% said proprietary database server data was compromised at least once in the last year. This situation may be similar to that of Firefox, which was relatively immune to … Continue reading Are open source databases more secure?

Consumer Reports WebWatch reported that “some computer users are cutting back on time spent surfing the internet”. Twenty-five percent reported that they do not purchase items online anymore, and 80% say they’re “at least somewhat concerned someone could steal their identity from personal information on the internet” and have stopped providing such information inline. Wired

The U.K.’s National Hi-Tech Crime Unit (NHTCU) has been raising funds for its latest Get Safe Online initiative by signing up security and online fraud experts willing to pay between £50,000 and £150,000. In return, the sponsors are “offered the opportunity to use the public sector-run campaign to drive sales and promote their own products and services to the consumers and businesses which the secure computing initiative is targeting.” A prospectus meant for potential sponsors was sent in error to silicom.com, thus disclosing the arrangement. According to the document, sponsors of the program include BT, Dell, eBay, HSBC, Lloyds TSB, … Continue reading The cost of joining Get Safe Online

The first meeting of the OASIS Web Services Secure Exchange (WS-SX) Technical Committee is set for early December 2005, and the long-anticipated WS-Trust, WS-SecureConversation and WS-SecurityPolicy specifications will be up for review. WS-Trust sets up an XML syntax for management of credentials across secure domains; WS-SecureConversation will allow multiple message conversations without having to check each new message; and WS-SecurityPolicy defines a set of overarching, general security policies for Web services. No specific timetable has been set for ratifying the specifications, but vendors are already building to the proposed specifications, which have been up on IBM’s developerWorks site for quite … Continue reading Web services security specs hit the standards track

Anti-Spyware Coalition Finalizes Spyware Definition; Releases Risk Modeling Document; Announces Public Meeting Washington, D.C. – October 27, 2005 – The Anti-Spyware Coalition (ASC), an alliance of technology companies and public interest groups, today announced several key accomplishments in its ongoing effort to help users combat the unwanted and often dangerous spyware infesting their computers. As both Cyber-Security and Domestic Violence Awareness Month draws to a close,  ASC today unveiled its final, consensus definition of spyware, which was developed by coalition members including major anti-spyware companies, software developers and public interest groups. The definitions were further shaped by almost 400 comments … Continue reading Anti-Spyware Coalition Finalizes Spyware Definition

Stopping Zombies Before They Attack: Microsoft Teams with Federal Trade Commission and Consumer Action to Promote PC Protection[/B] “Don’t Get Tricked on Halloween” campaign and new lawsuit extend efforts by Microsoft to crack down on illegal methods used by spammers to distribute unsolicited e-mail. Like medical researchers studying a strain of a contagious virus, Microsoft Internet Safety Enforcement investigators carefully experimented this summer with a tiny piece of malicious code used by computer criminals to hijack personal computers. The investigators began by placing a single copy of the code onto a healthy computer and then connected the computer to the … Continue reading Stopping Zombies Before They Attack

The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with Service Pack 2 (SP2) in three distinct environments: Enterprise Client (EC). Client computers in this environment are located in an Active Directory directory service domain. Stand-Alone (SA). Client computers in this environment are not members of an Active Directory domain. Specialized Security – Limited Functionality (SSLF). Client computers in this environment are subject to extraordinary security concerns. These concerns are so great that a significant loss of functionality and manageability is acceptable. Information about the security features in … Continue reading Windows XP Security Guide updated

Four in five authoritative domain name system (DNS) servers across the world are vulnerable to types of hacking attacks that might be used by hackers to misdirect surfers to potentially fraudulent domains. A survey by net performance firm the Measurement Factory commissioned by net infrastructure outfit Infoblox of 1.3m internet name servers found that 84 per cent might be vulnerable to pharming attacks. Others exhibit separate security and deployment-related vulnerabilities. http://www.theregister.co.uk/2005/10/24/dns_security_survey/