Month: February 2006

Symantec on Tuesday plans to launch the Symantec Internet Threat Meter, a free service meant to inform consumers about the state of Net security. Available on the Symantec Web site, the new threat meter will provide information on the current risk level associated with specific online activities: e-mail, Web surfing, instant messaging and file-sharing. ZDNet

A critical vulnerability in the popular Shockwave player was disclosed Thursday by a bug bounty program, and patched that same day by Adobe. TippingPoint’s Zero Day Initiative — one of two prominent reward programs that pay researchers for information about software vulnerabilities — warned users that a malicious Web site could hijack a user’s computer if the site convinced the visitor to install Shockwave, a player used on many sites to display multi-media content. Shockwave’s ActiveX installer was at fault, said TippingPoint in its advisory. Adobe, meanwhile, repaired the defective ActiveX installer, and said “since the vulnerability occurs in the … Continue reading Critical Shockwave Install Bug Fixed

Demonstrating the increasing financial motivation by malware writers, PandaLabs, part of Bilbao Spain-based security vendor Panda Software, said today that it detected a complex malware creation system in which cyber crooks can buy customized code used to steal specific bank details and data from Web forms. http://www.securitypipeline.com/181400656

Several million copies of a password-stealing Trojan horse were spammed to Internet users late last week, so workers returning to the office should be especially careful. http://www.securitypipeline.com/181400633

180solutions, the controversial adware marketer admitted last week that it was initially unable to identify the rogue affiliate that was installing its Zango software illegally. http://www.securitypipeline.com/181400632

Oracle has released a critical security patch to the company’s E-Business Suite software. The patch, which was released nearly two months ahead of Oracle’s next regularly scheduled security updates, fixes a number of vulnerabilities in the Oracle Diagnostics troubleshooting component of the company’s E-Business Suite 11i. InfoWorld

Security researchers say it was only a matter of time before Mac users had to face security vulnerabilities; every platform has imperfections to exploit if only hackers have enough interest in finding them.  Pete Lindstrom, an analyst at Spire Security, credits media stories about the strength of the Apple platform and the switch to Intel chips for drawing the attention of hackers.  Within the course of the week, Apple has seen two low risk viruses and a vulnerability in the Safari browser that could launch malicious code without user interaction.  While Mac users are unlikely to face a flood of … Continue reading Analysts warn that security ‘holiday is over’ for Mac users

This document is intended for users of existing heterogeneous 802.11b networks. It is intended to be a concise list of steps you can take to limit the security risk of operating an 802.11b network. This checklist is not all-inclusive, and as always, some features listed here may not be practical (or even possible) with your network hardware. You mileage may vary, but this list is a good start for those home and corporate users interested in getting a good start towards securing their wireless network. – Check with your vendor about security upgrades.– Change your SSID / Turn off SSID … Continue reading Wi-Fi Security Checklist

Cybercriminals seem to be constantly expanding their scope. This time they’re moving further into the mobile phone market, targeting phones that are Java application capable. A new Trojan called RedBrowser looks to be making the rounds now and while it is annoying, it’s easily beatable. Kaspersky Labs reported they received a sample of the RedBrowser Trojan for mobile phones on Monday. They point out this means smartphones are the only ones in trouble now but most modern handsets are potentially susceptible. SecurityProNews