USB Flash drive worm spreads Aids info

Security experts have disclosed details of a worm that copies itself onto removable drives, such as USB Flash drives, in an attempt to spread information about Aids and HIV. The LiarVB-A worm hunts for removable drives such as floppy disks and USB memory sticks, as well as spreading via network shares. http://www.vnunet.com/vnunet/news/2192450/usb-flash-drive-worm-spreads

Google warns Phishers and Malware authors

Google launched Safe Browsing API (http://code.google.com/apis/safebrowsing/overview.html) It provides a simple mechanism for downloading Google’s lists of suspected phishing and malware URLs, so now any developer can access the blacklists used in products such as Firefox and Google Desktop. The API is still experimental and they hope it will be useful to ISPs, web-hosting companies, and anyone building a site or an application that publishes or transmits user-generated links. http://googleonlinesecurity.blogspot.com/2007/06/phishers-and-malware-authors-beware.html

Q&A with the Security MVP Experts

We invite you to attend an Q&A with the Microsoft Security MVPs*. In this chat the MVP experts will answer your questions regarding online safety issues such as phishing, spyware, rootkits as well as server related topics. If you have questions on how to protect your PC, please bring them to this informative chat. When: Thursday June 21stTime: 4pm PST and 7pm ESTWhere: TechNet Chat Room http://www.microsoft.com/technet/community/chats/chatroom.aspx (No password required) * About Microsoft MVPs or What are MVPs

Hackers meet for coding festival

Web developers are gathering in London for the first BBC/Yahoo hackday. The free-form event aims to show web developers how to get more out of the data feeds and interfaces the two organisations make available. http://news.bbc.co.uk/1/hi/technology/6757361.stm

A Software-Free Approach to Blocking Online Porn

Many readers have asked for advice on how to protect their kids from accidentally or purposefully viewing Internet porn, so over the next week or so Security Fix will examine various free methods for helping users block adult Web sites on their home networks. Read about it at http://blog.washingtonpost.com/securityfix/2007/06/a_softwarefree_approach_to_blo.html

Italy Under Attack: Mpack Gang Strikes Again!

Symantec verified a report of a large-scale web attack on going in Italy. They wrote:The attack is similar to what we described in our previous blog; it just uses a new different final domain which runs the hostile exploits of Mpack 0.86 kit. The gang behind the attack had successfully compromised the homepages of hundreds of legitimate Italian websites. We checked many of them and we verified that they include now a malicious IFRAME (detected as Trojan.Mpkit!html) which redirects to the same bad IP address. The list of compromised sites is huge and from Mpack statistics this attack is working … Continue reading Italy Under Attack: Mpack Gang Strikes Again!

Check Point Launches ZoneAlarm For Vista

Check Point today announced the availability of ZoneAlarm Internet Security Suite 7.1 for the Microsoft Windows Vista operating system. ZoneAlarm Antivirus and the free ZoneAlarm firewall were also made available today for Vista. More at http://download.zonelabs.com/bin/free/pressReleases/2007/pr_5.html

Microsoft Security Bulletins minor revisions

The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS07-034 – Critical   – http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx  – Reason for Revision: Updated the Microsoft Knowledge Base Article to reference KB Article 929123 in the Known Issues section.    – Originally posted: June 12, 2007  – Updated: June 13, 2007  – Bulletin Severity Rating: Critical  – Version: 1.3 * MS07-033 – Critical   – http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx  – Reason for Revision: Registry Key Verification corrected for Internet Explorer 6 Service Pack 1 on all supported editions of Microsoft Windows 2000 Service Pack 4; Removed duplicate text … Continue reading Microsoft Security Bulletins minor revisions

Yahoo defect endangers users — do web sites care?

Summary: Critical cross-site scripting (XSS) defect in Yahoo services is discoveredProof of concept of exploit is includedXSS bugs are on the rise because of web 2.0+The web industry is mostly negligent about dealing with XSS Details at http://netcooties.blogspot.com/2007/06/yahoo-endangers-users-do-web-sites-care.html