ComScore Doesn’t Always Get Consent

Ben Edelman published today an article about ComScore by describing “multiple recent ComScore RelevantKnowledge installations that occur without user consent.” He provided video proof of one such installation. Read the article at http://www.benedelman.org/news/062907-1.html

Major Flaw Found In Security Products

“A stealthy and potentially dangerous bug has been discovered in security products from eight different vendors, including Check Point Software, according to an article in Dark Reading. The so-called cross-site request forgery (CSRF) lets an attacker access the user’s network and even conduct transactions on behalf of the user. It could affect over a million installations, but so far, Check Point is the only security vendor to step up and patch it. This vulnerability is found in most everything with a Web-based interface, including printers, firewalls, DSL routers, and IP phones.” http://it.slashdot.org/article.pl?sid=07/06/28/1427228

Experts challenge claim of undetectable rootkits

Four well-known researchers challenged rootkit guru Joanna Rutkowska on Thursday to prove that a rootkit can be made undetectable. The four researchers — independent Dino Dai Zovi, Peter Ferrie of Symantec, Nate Lawson of Root Labs (corrected) and Thomas Ptacek of Matasano — stated that any rootkit that runs on the host of a virtual environment, leaves so many telltale signs that it can be detected. More at http://www.securityfocus.com/brief/537 Also: Researchers: ‘Blue Pill’ Rootkit Detectable Joanna Rutkowska, the security researcher who one year ago built a working prototype, code-named Blue Pill, of a rootkit capable of creating malware that remains … Continue reading Experts challenge claim of undetectable rootkits

Mini version of Panda’s NanoScan launched

Panda Software has launched the mini, customisable version of NanoScan, the instant virus scanner from Panda Software, designed to detect active malware on a PC in less than one minute. NanoScan is available at: http://www.infectedornot.com “With this launch, Panda Software is contributing to the rapidly expanding Web 2.0 user community,” says Jeremy Matthews, MD of Panda Software SA. “Portals such as iGoogle, Windows Live, NetVibes or Protopage, already have custom versions of NanoScan, where visitors can benefit from the speed and detection capacity of NanoScan.” http://www.ictworld.co.za/EditorialEdit.asp?EditorialID=29196

Windows Update Version 6 error code list

http://support.microsoft.com/default.aspx?scid=kb;en-us;938205 The above link contains an article that lists the error codes for Microsoft Windows Update Version 6. These error codes are useful when you view the %systemroot%windowsupdate.log file.

DoJ warns U.S. citizens of phishing attacks

he United States Department of Justice has released information warning the public of a recent surge in fraudulent spam e-mail messages claiming to be from the DOJ. The messages contain a malicious attachment that supposedly contains information regarding complaints filed against them with the DOJ and IRS, but instead launches malware on the user’s system when opened. More information regarding these messages can be found in the DOJ Justice Department Alerts Public about Fraudulent Spam Email Press Release. http://www.us-cert.gov/current/index.html#justice_department_warns_public_of

Netsky is still on the loose

Pretending again to be from trusted entity – support@symantec.com with infected attachment as signature.zip. See http://www.dozleng.com/updates/index.php?showtopic=14894

Fake Adobe Shockwave Player download page

http://www.dshield.org/diary.html?storyid=3024 “When visited, the web page in question (a game site related to RuneScape) shows couple of broken icons and all links just point to another web page that conveniently inform the user that his version of Macromedia Flash Player needs to be updated. After this notice, the user is redirected to a web site hosting a complete replica of the Shockwave Player Download Center” via http://www.dozleng.com/updates/index.php?showtopic=14855