Monthly Archive for November, 2008
Adobe has issued a software update to fix at least eight security flaws in its Acrobat and Adobe Reader applications, that if left unpatched could be used by attackers to take control of vulnerable systems, the company said. The vulnerabilities affect Acrobat and Reader versions 8.1.2 and earlier. Adobe characterizes this as a "critical" update -- its most serious rating -- meaning the flaws could let an attacker run and install malicious software on a victim's computer without the victim's knowledge. Updates are available for Reader versions on Microsoft Windows, Linux/Solaris and Mac OS X. The software maker says users with Adobe Reader 8.0 through 8.1.2, who can't update to Adobe Reader 9, should update to Adobe Reader 8.1.3, and that the latest full version of both products, Adobe Reader 9 and Acrobat 9, are not vulnerable to these issues. Links to updates for different versions of Acrobat are available
An e-mail hoax telling 35,000 George Mason University students, faculty and staff, that the election had been moved to Nov. 5, was sent through servers run by a D.C. based company that seeks to help political campaigns promote their messages online. The fake e-mail, sent just after 1 a.m. this morning to a campus listserv, was crafted to appear as though it was sent from GMU's provost. In a follow-up e-mail sent this morning by the real GMU provost, the university said the hoax was perpetrated by someone who had apparently "hacked into" the school's e-mail system. But information sent to washingtonpost.com by a GMU student indicates that the hoax succeeded because of a lack of proper filtering on the university's e-mail servers. In addition, it appears that the message was routed through e-mail servers at a local political advocacy group. According to information contained in the e-mail header --
Unknown hackers broke into George Mason University's e-mail system and sent students a forged message from the school's provost early this morning stating that Election Day had been moved to Nov. 5. The messaged, dated 1:16 a.m., Nov. 4, with the subject line : Election Day Update, read: To the Mason Community: Please note that election day has been moved to November 5th. We apologize for any inconvenience this may cause you. Peter N. Stearns Provost Seven hours later, students, faculty and staff received another message, this time from the real GMU provost, who blamed the e-mail hoax on a compromise of the school's e-mail system. GMU spokesman Daniel Walsch said the university has been fielding calls all morning from students and parents upset or confused about the fraudulent missives. "This is upsetting and embarrassing and has caused a lot of confusion and concern among people," Walsch said. Walsch said
Microsoft Vista users fed up with the incessant security prompts from the operating system's "user access control" feature can now spend less time clicking on the pop-ups. Symantec Corp. has released a free tool that adds a simple "don't ask me again" option to each prompt. The UAC feature, which throws up a "Windows needs your permission to continue" prompt each time Vista users install a program or make minor changes to system settings within Windows, was designed to keep users safer by warning them about downloads or malicious software trying to make changes that the user did not request. It was also an effort by Microsoft to force software developers to write programs that don't need all-powerful administrator access to function properly. But some Vista users find the prompts so annoying that they turn the UAC feature off entirely. Part of the trouble is that there is no easy
Microsoft's successes in producing more secure software are being offset in part by organized cyber criminals, who continue to make inroads into customer PCs largely through faulty third-party software and old-fashioned trickery, the software giant said in a report released today. The analysis comes in Microsoft's latest "Security Intelligence Report," which examined the prevalence of malicious software threats removed from Windows machines by the company's various free and subscription security offerings in the first half of this year. Malware that promotes rogue security and anti-virus programs continues to be the largest single security problem plaguing Microsoft Windows users, the company said. Redmond found that Trojan horse programs - specifically, those that attempt so-called drive-by downloads -- were responsible for the biggest share of malicious software Microsoft removed from systems this year (about 30 percent). The overwhelming majority of that malware highlights non-existent threats on the victim's PC in an effort
