Symantec kills ‘broken’ NAV script blocker

Symantec has killed off the script blocker in Norton Anti-Virus 2006 because the company said the technology is no longer necessary. However, security experts disagree, with one researcher claiming that script blocking was quietly removed because it didn’t work. ZDNet Australia

The Web’s Download Disasters, Inaugural Edition

Shane Keats of SiteAdvisor started crawling the Web looking for bad downloads last year.  After testing million Web sites and 140,000 download, he confidently blogged that there are some great programs to be downloaded out there but don’t celebrate yet because there’s also plenty of train wrecks waiting to happen to a PC! Read more about it in SiteAdvisor blog

Security Advisory on Outpost Firewall software

It has been discovered that a 3rd party firewall – Outpost by Agnitum will not protect a system during startup/shutdown from unsolicited traffic for short period of time (some seconds). Fix is on the way as per the advisory but an item in their “What should I do?” got me tad curious – how an attack will not succeed in accessing a system during shutdown. They said “successful attack would almost immediately be terminated by Windows itself closing down”. IMHO, successful attack means successful ‘as in’ someone is ‘in’ and if the attack is malicious f.e. halt the shutdown (although … Continue reading Security Advisory on Outpost Firewall software

Kaspersky: AV companies losing malware war

Anti-virus manufacturers are failing to keep up with malware creators, a leading IT security expert argued in a recently published paper. Eugene Kaspersky, head of virus research at the Massachusetts-based Kaspersky Lab, said in “The Contemporary Antivirus Industry and its Problems” that software companies are on the losing end of the “virus arms race” against new malware. SCMagazine

Simple wireless flaw revealed

A simple feature in the way Windows handles wireless connections could be exploited to gain access, according to information released this weekend at ShmooCon. A document on nmrc.org by Mark Loveless explains the process ( http://www.nmrc.org/pub/advise/20060114.txt ), which despite being quite simple may have implications for many wireless users. The issue involves ad-hoc wireless connections, which are automatically created when the laptop is powered up and no infrastructure access points are available. The laptop in question assigns a private address in the 169.254.x.x space, and an SSID mimicking the last network it successfully connected to. When a second computer comes … Continue reading Simple wireless flaw revealed

Sebek 3: Tracking the attackers

It has become increasingly important for security professionals to deploy new detection mechanisms to track and capture an attacker’s activities.  Third Generation (GenIII) Honeynets provide all the components and tools required to gather this information at the deepest level.  Sebek is the primary data capture tool for GenIII Honeynets. The first of this two-part series will discuss what Sebek is and what makes it so interesting.  We’ll start by looking at the latest Sebek release, version 3, its new capabilities, the Sebek protocol specification and how it integrates with GenIII Honeynet infrastructures.  The second article will briefly address how to … Continue reading Sebek 3: Tracking the attackers

AOL "YGP Picture Finder Tool" ActiveX Control Buffer Overflow Vulnerability

A vulnerability has been identified in AOL software and AOL You’ve Got Pictures, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the AOL YGP Picture Finder Tool ActiveX control (YGPPicFinder.dll) that does not properly handle overly long input strings, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted web page. Affected Products AOL version 8.0AOL version 8.0+ AOL version 9.0 Classic Solution Upgrade to AOL 9.0 Optimized or AOL 9.0 Security Edition http://downloads.channel.aol.com/ or download and … Continue reading AOL "YGP Picture Finder Tool" ActiveX Control Buffer Overflow Vulnerability

Renowned spyware researcher Eric Howes joins Sunbelt Software

Leading malware expert to head Sunbelt¹s Threat Research Team Worcester, UK, 16th January 2005 Sunbelt System Software, the leading provider of Windows system administration tools and enterprise security solutions, today announces the appointment of renowned security expert, Eric Howes, to the position of director of malware research. In his new role, Eric will be responsible for spearheading Sunbelt¹s threat research initiatives and manage the talented efforts of Sunbelt¹s threat research team. He will be based at Sunbelt¹s office in Tampa Bay, Florida. Howes, formerly an instructor and researcher at the University of Illinois, has been studying spyware behaviour for over … Continue reading Renowned spyware researcher Eric Howes joins Sunbelt Software

Mac users ‘too smug’ over security

Technology commentator Bill Thompson is worried about the lack of herd immunity among his fellow Apple Mac users. Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised by malicious software and opened up to exploitation by others Full article in http://news.bbc.co.uk/2/hi/technology/4609968.stm

IMPORTANT: Dr.Web v4.32b & below end of support

IMPORTANT! The following information is for users of Dr.Web anti-virus versions 4.32b and below! On January 15, 2006 several weekly add-ons to version 4.32 of the Dr.Web anti-virus were compiled into a single add-on. As we have informed our users earlier, support Dr.Web of version 4.32 will be terminated in February, 2006 due to several technological reasons, which make it impossible to provide the anti-virus protection of the same level as for users of Dr.Web v.4.33. More in http://info.drweb.com/show/2737/en