Security software slaps IE in "Sandbox"

GreenBorder Pro uses virtualisation-like technologies to separate IE from the rest of the system, so that if malicious software does execute, it doesn’t actually touch the computer. A California company better known for “sandbox”-style security aimed at enterprises on Tuesday launched consumer software that puts Internet Explorer in a protected virtual machine. The approach blocks some malware from reaching the operating system and lets users “wipe” the browser slate clean to return IE to a pristine state. Continue reading at http://www.itnews.com.au/newsstory.aspx?CIaNID=34163

Symantec announced "Norton Confidential"

Symantec Corp. today announced Norton Confidential, a comprehensive online transaction security solution that will allow consumers to transact on the Internet with confidence that their personal information will remain safe. Designed to restore consumers’ trust in the online world, Norton Confidential protects consumers at the moment they are transacting and provides unprecedented zero-hour protection against fraudulent Web sites and crimeware. Separate versions of Norton Confidential are scheduled to be available for users of the Windows operating system in September and the Macintosh operating system in October. More in http://symantec.com/about/news/release/article.jsp?prid=20060626_01

Top 10 network hackers named

3Com’s Asia Pacific CyberThreat Research found the top 10 hackers to target Australian private and public bodies had racked up 1,337 attempts to compromise networks already for the calendar year to 23 June. The most prominent hacker or hackers, “hackbsd crew” — named after the BSD operating system — racked up 369 attempted intrusions from January to June. Some distance behind was “Hacker1” with 204 attempts, and “TiTHacK” with 142. Other top 10 hackers were aLpTurkTegin (134), coldraider (106), Amfibi-Slayer (104), TC-THC (102), iskorpitx (69), LORD (60) and oldschool (47). The attempts were reported by security researchers and academies such … Continue reading Top 10 network hackers named

IBM Offers Free Security Tools to Developers

IBM is making available a set of enterprise I.T. security tools in an effort to help application developers take a proactive approach in combating the onslaught of hackers, identity thieves, and other digital miscreants. The primary objective of this free offering — which includes data-encryption software and a Java-based set of development tools — is to give developers the ability to integrate better protections within business applications while they are being created rather than after the fact. More in NewsFactor

Trend Micro Control Manager Access Log Client-Side Cross Site Scripting Vulnerability

A vulnerability has been identified in Trend Micro Control Manager, which could be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the logging feature that does not validate user-supplied parameters (e.g. “username”) before being stored in the log file and displayed via the administrative interface, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator’s browser in the security context of an affected Web site. Affected Products:  Trend Micro Control Manager version 3.5 and prior Solution:  The FrSIRT is not aware of any … Continue reading Trend Micro Control Manager Access Log Client-Side Cross Site Scripting Vulnerability

Nokia PC Suite and Sony Products Vulnerability

A vulnerability has been identified in Nokia PC Suite and in various Sony products, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the Gracenote CDDB (CD Data Base) ActiveX Control when handling an overly long option, which could be exploited by remote attackers to execute arbitrary commands on a vulnerable system via a specially crafted Web page. Affected Products Nokia PC Suite version 6.8Nokia PC Suite version 6.7 Sony CONNECT PlayerSony SonicStage version 3.3Sony SonicStage version 3.4Sony SonicStage Mastering Studio version 2.1Sony SonicStage … Continue reading Nokia PC Suite and Sony Products Vulnerability

Apple Mac OS X Multiple Command Execution and Privilege Escalation Vulnerabilities

Apple has released security updates to address multiple vulnerabilities identified in Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, or disclose sensitive information. The first issue is due to an error in the AFP server when displaying search results, which could be exploited by malicious users to disclose the names of files and folders for which they have no access. The second vulnerability is due to a stack overflow error in ImageIO when handling malformed TIFF images, which could be exploited by attackers to crash an … Continue reading Apple Mac OS X Multiple Command Execution and Privilege Escalation Vulnerabilities

Erunt and Windows Genuine Advantage Program issue

A Calendar of Updates forum member reported that the Windows Genuine Advantage Tool by Microsoft complains that Windows is pirated.  It happened after the user restore Windows using a third party application, Erunt – a Registry Backup and Restore for Windows NT/2000/2003/XP program. Discussion in CoU’s Updates Talk forum

Apple releases Mac OS X 10.4.7 Update

The Mac OS X 10.4.7 Update (delta) updates Mac OS X 10.4.6 to version 10.4.7 on both Intel-based Macs and PowerPC-based Macs. (If you are updating from Mac OS X 10.4, 10.4.1, 10.4.2, 10.4.3, 10.4.4, or 10.4.5 to 10.4.7, see this article instead.) The 10.4.7 Update is recommended for all users and includes general operating system fixes. See http://docs.info.apple.com/article.html?artnum=303771 for list of fixes. via Calendar of Updates