Month: December 2007

It often seems as if the number of threats that you must be on guard against only increases, stretching your resources past the limits. But the truth is that threat profiles change over time, and some things you may be investing in are no longer as great a threat or are now handled by the tools you have in place. So, although you can’t get lax about security, you can focus more on newer threats. Complete list of 2007 underreported tech stories:1.  Java is becoming the new Cobol2.  Sun Microsystems is back in the game3.  Hackers take aim at Mac … Continue reading There are some security threats you can worry less about

Some of the new features in Firefox 3 are not immediately obvious — at least, not to the casual user. Among other things, Mozilla is incorporating new graphics- and text-rendering architectures in its browser layout engine (Gecko 1.9) to offer rendering improvements in CSS and SVG; adding a number of security features, including malware protection and version checks of its add-ons; and offline support for suitably coded Web applications. Other new features — some of which are listed here — are more visible to end users, such as the menu bar that now appears asking if you want to save … Continue reading 5 Things You’ll Love About Firefox 3

Web designer David Airey has succeeded in recovering his domain after hackers exploited flaws in Gmail to trick his hosts into authorising a fraudulent transfer. Airey’s woes began when he took his girlfriend for a month-long holiday to India on 21 November, a trip he mentioned in his blog. The holiday was a break from work and he only occasionally checked his emails. All seemed well until shortly before his return when Airey received an email from a friend informing him that his website, Davidairey.com, had “disappeared”. At first Airey thought he’d made a mistake and allowed his domain name … Continue reading Gmail exploit aids domain hijack

Been receiving the email that will try to encourage user to click a link:    Hopefully users don’t fall into it or else, your browser might download the happynewyear2008.exe:    Too bad… only 14 malware scanner will detect the variant of Storm worm (as of the time of this writing) :       Be very careful.  Happy Safe Computing!!

Software giant Microsoft has sued domain name registrar Red Register for typo squatting and cyber squatting in a lawsuit filed in Seattle. http://www.cbronline.com/article_news.asp?guid=2A92DC89-28C3-440A-A3E5-3DDD586AD3B0

Hundreds of blogs on the Bloggers service have been found to contain links to servers that will infect visitors with the notorious Storm worm. http://www.webpronews.com/topnews/2007/12/27/googles-blogger-plagued-by-storm-worm

Series Summary: Fire-proofing your network with Unified Threat Management     [Dec. 27, 2007]    Part 1: Battling new security threats     [Dec. 28, 2007]    Part 2: Deploying a UTM appliance      [Dec. 31, 2007]    Part 3: Layering on anti-X defenses     [Dec. 31, 2007]    Part 4: Delivering UTM as a managed service

The rise of customized malware is forcing security software vendors to change their tactics quickly and begin using customers’ machines as their initial line of threat detection intelligence, according to a new report from Yankee Group. Echoing recent comments made by industry leaders like Symantec – which is considering white-listing techniques, among many other emerging plans, to thwart the trend toward so-called server-side polymorphism – Yankee Group Analyst Andrew Jaquith writes in a new research note that “herd intelligence” will be one of the most effective ways for vendors to detect and address increasingly customized threats. By turning their customers’ … Continue reading Anti-malware vendors to merge PC scans

The ongoing Storm Trojan attack that began Monday has morphed again, security researchers said today, changing the malicious file’s name, shifting to new malware hosting servers, and adding a rootkit to cloak the bot code from anti-virus software. Spam messages attempting to dupe users into installing the bot-making Trojan now include links happycards2008.com or newyearcards2008.com, different URLs than in the second-wave attack that began Christmas Day. According to analysts at the SANS Institute’s Internet Storm Center (ISC) and U.K.-based Prevx Ltd., the name of the file users are asked to download has also changed from Tuesday’s “happy2008.exe.” The file being … Continue reading Storm switches tactics third time, adds rootkit

People who received MP3 players as holiday gifts may want to steer clear of some Web sites that claim to offer legal music but don’t have licensing agreements with major music labels, the Center for Democracy and Technology said. The CDT, a consumer rights group, has published a list of more than 30 MP3 download sites that don’t have licensing deals with major U.S. music labels. The sites, which charge between $20 and $35 for subscriptions, say they offer music from artists signed to the major labels, according to the CDT. Consumers should be aware of the sites on the … Continue reading Group warns of sites offering unlicensed music