Monthly Archive for February, 2009
Apple last week issued security updates to plug more than 50 security holes in its OS X operating system and other software. The patches, which affect Mac OS X 10.4 and 10.5, Java for the Mac and Safari for Windows systems, are available through Apple Downloads or via the company's automatic update program. Apple's Security Update 2009-001 addresses roughly four dozen security flaws in the operating system and bundled software. Java Release 8 patches at least four security flaws in Apple's version of Java for Mac OS X 10.4 and 10.5 Cupertino also fixed a critical vulnerability in its Safari Web browser for Windows XP and VIsta systems. Sarari 3.2.2 for Windows fixes a flaw that Apple said could allow a Web site to run hostile Javascript on the user's system if he or she subscribed to an RSS feed that included a malicious link. Brian Mastenbrook, the researcher Apple
As sure as the taxman cometh each year, so do the scam artists. The Internal Revenue Service is warning U.S. taxpayers to be prepared for a steady increase in scams and virus attacks via e-mail, telephone and the Web as the April 15 tax-filing deadline approaches. "We see a big upswing in complaints about these phishing emails January through April during the tax filing season," IRS spokeswoman Nancy Mathis said. The most common type of scam arrives via e-mails claiming to come from the IRS or Treasury Department. They typically try to either scare consumers into thinking there is an error with their tax filing, or that they are eligible for a tax rebate or benefit from the government economic stimulus package that just passed on Capitol Hill. These so-called "phishing" e-mails typically arrive in an e-mail that urges users to visit a site, which in turn prompts visitors to
Microsoft Corp. today said it is offering a $250,000 reward for information that leads to the arrest and conviction of those responsible for launching the "Conficker" computer worm, a threat that has infected millions of Microsoft Windows PCs over the past two months. The reward is the most public acknowledgment yet of the damage inflicted by the Conficker worm - known to some anti-virus companies as "Downadup" -- which wiggles into Microsoft systems primarily through a security hole in the Windows operating system. Microsoft issued a software update in late October to help customers guard against the attack, but Conficker can spread even to systems that have already been patched, by piggybacking on removable media -- such as USB drives -- that launch the worm when connected to a Windows system. "As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools
Microsoft Corp. today released four patch bundles to fix at least eight security vulnerabilities in PCs powered by its Windows operating system and other software. The fixes are available through Microsoft Update or via Automatic Updates. Half of the flaws fixed in February's patch batch earned Microsoft's most urgent "critical" rating, meaning attackers could wield them to break into vulnerable systems with little or no assistance from users, aside from maybe convincing users to visit a booby-trapped Web site or open a specially-crafted e-mail. Two of the critical vulnerabilities reside in Microsoft's Internet Explorer 7 Web browser (oddly enough, Microsoft says IE6 is not affected). The other two critical flaws Redmond fixed are found in Microsoft Exchange, an e-mail server program used by tens of millions of organizations. Andrew Storms, director of security operations for nCircle, a network security company, said the Exchange vulnerability is especially serious for businesses, because
Firefox users looking for a little more control over the privacy of their Web browsing habits should check out a handy add-on called "RefControl," a Firefox extension that lets you decide which sites should be allowed to see your most recent browsing history. When you visit a Web site, the people who run that site can see by looking at their traffic logs the name and Internet address of the site you were at directly before visiting their site, also known as the "referrer" link. Using RefControl, Firefox users can block all referrers, or block referrers for all sites except those included on your personal exclusion list. RefControl users can even set a fake referrer for all or specific sites that includes a custom message (e.g., "NoReferrerForYou"), a sentiment that will show up in the visited Web site's logs. RefControl is very easy to use. By default, the add-on doesn't
An uptick in malware that infects music files being traded on popular peer-to-peer (P2P) file-sharing networks should give Windows users pause about downloading songs from unknown sources. Symantec is reporting a spike in the number of audio files infected with what it calls Trojan.Brisv.A (detected as Worm.Win32.GetCodec.a by other antivirus vendors). The malicious software resides in otherwise innocuous-looking music Windows Media Audio (.wma) files that, when opened, changes all .mp3 and .mp3 files on a host system to Windows Media Audio (.wma) format. Audio files altered by the Trojan won't lose their .mp2 or .mp3 file extensions. Rather, the Trojan embeds in each converted media file a placeholder, so that when a victim tries to listen to it, the song is opened up in Windows Media Player. At that point, the victim is prompted to download an audio codec in order to continue playback. If the victim installs the codec,
In another sign that the recently disclosed data breach at credit card processing giant Heartland Payment Systems may indeed be one for the record books, a quick survey of community banks indicates that a majority of institutions have been notified that at least some of their debit or credit cards were compromised in the breach. Princeton, N.J., based Heartland has not disclosed how many credit and debit card accounts may have been intercepted by malicious software the company recently found on its payment processing network. Heartland's president and chief financial officer Robert Baldwin told Security Fix last month that the company processes about 100 million card transactions each month. The Independent Community Bankers of America, a trade group that includes some 5,000 banks representing 18,000 locations nationwide, took an informal poll of its members recently to find out how many were contacted by Heartland. According to the ICBA, 83 percent
A nationwide ATM heist late last year netted thieves $9 million in cash in one day, according to published reports. The coordinated attack stemmed from a computer intrusion at payment processor RBS WorldPay. Atlanta-based RBS WorldPay announced on Dec. 23 that hackers had broken into its database and made off with personal and financial data on 1.5 million customers of its payroll cards business. Some companies use payroll cards in lieu of paychecks by depositing employee salaries or hourly wages directly into payroll card accounts, which can then be used as debit cards at ATMs. RBS said that thieves also might also have accessed Social Security numbers of 1.1 million customers. New York's Fox 5 cites FBI sources as saying that thieves used the stolen payroll cards recently to withdraw $9 million from ATMs from 49 cities, including Atlanta, Chicago, New York, Montreal, Moscow, and Hong Kong. Steve Lazarus, a
An alert reader let me know that the latest version of OpenOffice, the open source alternative to the Microsoft Office productivity suite, also installs a very old, insecure version of Java. Users who accept the default installation options for OpenOffice 3.0.1 also will get Java 6 Update 7, a version of Java that Sun Microsystems released last spring (the latest version is Java 6 Update 12). This is notable because not only could attackers target security vulnerabilities that were fixed in subsequent versions of Java, but Java 6 Update 7 was released prior to Sun's inclusion of a feature known as "secure static versioning," which is intended to prevent Web sites from invoking even older versions of Java that may be present on the user's system. Starting with Java 6 Update 11, Sun included a feature that uninstalls older versions, but that functionality for whatever reason did not automatically remove
Nearly 83 percent of all Web sites advertised through spam can be traced back to just 10 domain name registrars, according to a study to be released this week. The data come from millions of junk messages collected over the past year by Knujon ("no junk" spelled backwards and pronounced "new john"), an anti-spam outfit that tries to convince registrars to dismantle spam sites. While there are roughly 900 accredited domain name registrars, spammers appear to register the Web sites they advertise in junk e-mail through just one percent of those registrars. Knujon's rankings include: 1. XinNet Cyber Information Company Limited 2. eNom 3. Network Solutions 4. Register.com 5. Planet Online 6. Regtime Ltd. 7. OnlineNIC Inc. 8. Spot Domain LLC 9. Wild West Domains 10. Hichina Web Solutions Knujon co-founder Garth Bruen said registrars made his list based on several factors, including: the number of reported illicit domains held
