The ability to use tiny USB memory sticks to download and walk away with relatively large amounts of data has already made the ubiquitous devices a potent security threat in corporate environments. Now, the emergence of USB flash drives that can store and automatically run applications straight off the device could soon make the drives even more of a security headache.
Demonstrating the potential danger, Hak.5, a security-related podcast, earlier this month showed how a USB memory stick can -- in just a few seconds -- be turned into a device capable of automatically installing back doors, retrieving passwords or grabbing software product codes.
Hak.5's "hacking framework" is called USB SwitchBlade and gives hackers a way to automate different payloads running on a USB flash drive, said Darren Kitchen, the Williamsburg, Va.-based co-host of Hak.5.
Read Full story
Wednesday, September 27, 2006
Sunday, August 20, 2006
Yahoo fixes Web mail bug
Yahoo fixes Web mail bug
August 17, 2006 2:47 PM PDT
Web giant Yahoo has fixed a security flaw in its Yahoo Mail service that exposed user accounts to cyberattacks.
The flaw involves how Yahoo Mail handles attachments and was discovered in early August by Israeli security company Avnet, according to various online news reports. An attacker could hijack a user's account after a malicious attachment was opened, these reports said.
"Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week," a Yahoo representative said Thursday.
Because Yahoo Mail is a hosted service, users don't have to take any action to be protected against potential attacks that exploit the flaw, the representative said. "There were no documented cases of this vulnerability being exploited prior to our fix being released," the representative said.
The flaw could let an attacker craft an HTML attachment to an e-mail and bypass Yahoo Mail's security filter to execute malicious JavaScript code, according to an IDG News Service report Thursday.
Posted by Joris Evers
Read More
August 17, 2006 2:47 PM PDT
Web giant Yahoo has fixed a security flaw in its Yahoo Mail service that exposed user accounts to cyberattacks.
The flaw involves how Yahoo Mail handles attachments and was discovered in early August by Israeli security company Avnet, according to various online news reports. An attacker could hijack a user's account after a malicious attachment was opened, these reports said.
"Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week," a Yahoo representative said Thursday.
Because Yahoo Mail is a hosted service, users don't have to take any action to be protected against potential attacks that exploit the flaw, the representative said. "There were no documented cases of this vulnerability being exploited prior to our fix being released," the representative said.
The flaw could let an attacker craft an HTML attachment to an e-mail and bypass Yahoo Mail's security filter to execute malicious JavaScript code, according to an IDG News Service report Thursday.
Posted by Joris Evers
Read More
Saturday, August 12, 2006
Hackers Expose 'Critical' Wi-Fi Driver Flaw
Black Hat Briefings: A pair of hackers show off a new technique for breaking into computers via flaws in wireless drivers shipped on Windows and Mac systems.
LAS VEGAS—Wi-Fi-enabled computers are sitting ducks for code execution attacks because of gaping flaws in wireless drivers shipped on both Mac and Windows systems, security researchers warned at the Black Hat Briefings security conference here.
A pair of hackers—David Maynor and Jon Ellch—demonstrated such a break-in on an Apple MacBook laptop fitted with a wireless card that was broadcasting its presence to another computer set up as an access point.
Read More
LAS VEGAS—Wi-Fi-enabled computers are sitting ducks for code execution attacks because of gaping flaws in wireless drivers shipped on both Mac and Windows systems, security researchers warned at the Black Hat Briefings security conference here.
A pair of hackers—David Maynor and Jon Ellch—demonstrated such a break-in on an Apple MacBook laptop fitted with a wireless card that was broadcasting its presence to another computer set up as an access point.
Read More
Monday, August 07, 2006
Unpatched flaw revealed in Cisco firewall
Vulnerability in PIX firewall appliances could allow outside attackers to gain access to corporate networks
By Robert McMillan, IDG News Service
August 04, 2006
Cisco Systems just can't seem to make it through the Black Hat USA conference unscathed. On Wednesday a security researcher showed how an unpatched vulnerability in the company's PIX firewall appliances that could allow outside attackers to gain access to corporate networks
Read More
By Robert McMillan, IDG News Service
August 04, 2006
Cisco Systems just can't seem to make it through the Black Hat USA conference unscathed. On Wednesday a security researcher showed how an unpatched vulnerability in the company's PIX firewall appliances that could allow outside attackers to gain access to corporate networks
Read More
Saturday, August 05, 2006
Microsoft Challenges Hackers To Crack Vista
LAS VEGAS - After suffering embarrassing security exploits over the past several years, Microsoft Corp. is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista, the next generation of its Windows operating system.
Microsoft made a test version of Vista available to about 3,000 security professionals Thursday as it detailed the steps it has taken to fortify the product against attacks that can compromise bank account numbers and other sensitive information.
"You need to touch it, feel it," Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. "We're here to show our work."
Microsoft has faced blistering criticism for security holes that have led to network outages and business disruptions for its customers. After being accused for not putting enough resources into shoring up its products, the software maker is trying to convince outsiders that it has changed.
Read More
Microsoft made a test version of Vista available to about 3,000 security professionals Thursday as it detailed the steps it has taken to fortify the product against attacks that can compromise bank account numbers and other sensitive information.
"You need to touch it, feel it," Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. "We're here to show our work."
Microsoft has faced blistering criticism for security holes that have led to network outages and business disruptions for its customers. After being accused for not putting enough resources into shoring up its products, the software maker is trying to convince outsiders that it has changed.
Read More
Even offline computers can be hacked, researchers say
LAS VEGAS — Some computers with wireless Internet capabilities are vulnerable to malicious software that would let hackers take over the machines even if their owners aren't actually online, researchers announced here Wednesday.
The researchers planned to detail the vulnerability in a demonstration at a computer-security conference, showing how to take complete control of a MacBook from Apple. But researchers David Maynor and Johnny Ellch said the technique will work on an array of machines, including those that run Microsoft's Windows and the free Linux operating system.
Read More
The researchers planned to detail the vulnerability in a demonstration at a computer-security conference, showing how to take complete control of a MacBook from Apple. But researchers David Maynor and Johnny Ellch said the technique will work on an array of machines, including those that run Microsoft's Windows and the free Linux operating system.
Read More
Tuesday, July 25, 2006
Monday, July 17, 2006
Microsoft Hands Vista Over To Hackers
Microsoft has announced plans to attend the Hack in the Box Security Conference 2006, an Asian hackers' conference. What's more, the company intends to bring along Vista. This isn't as strange as it sounds - an increasing number of businesses like to solicit the opinions of security communities (even shady ones) on their new products.
This practice has the potential to save a company's time, money, and reputation. If problems are found in the software before it hits the market, it's considerably cheaper and easier to correct the issue at that point in time. It also saves the need for patches and updates, which are at best a nuisance.
Read More
This practice has the potential to save a company's time, money, and reputation. If problems are found in the software before it hits the market, it's considerably cheaper and easier to correct the issue at that point in time. It also saves the need for patches and updates, which are at best a nuisance.
Read More
Thursday, June 22, 2006
Google hit by data stealing worm
SAO PAULO: A new Internet worm capable of stealing bank details and other personal data from users is circulating via Orkut, Google Inc's social networking service, a computer security company warned on Monday.
Instant-messaging service provider FaceTime Communications said its software security lab had detected the spread of the electronic virus, the third such threat to disseminate itself via messages posted on Orkut users personal Web pages.
Google's service, while available globally, is wildly popular among Brazilians which make up the bulk of its users.
The malicious programme, dubbed as "MW.Orc," works its way on to users' personal computers when they click on infected links on Orkut scrapbook pages. The link is followed by a message in Portuguese that entices the user to click.
Once the link is activated, a file is uploaded to the PC, according to a description of how the worm works contained in a statement by the Foster City, California-based company.
When infected Orkut users use Microsoft Corp.'s widely used Windows XP operating system to find personal files on their PCs through their "My Computer" icon, an e-mail is sent back to the creator of MW.Orc creator filled with personal information stored on the PC, FaceTime said.
The new threat to Orkut follows an earlier worm, Banker-BWD, which was uncovered by Sophos, an anti-virus company.
Orkut has around 21.1 million users, 68.56 per cent of whom identify themselves as Brazilians, 12.26 per cent as living in the United States and 5.32, who say they live in India.
Instant-messaging service provider FaceTime Communications said its software security lab had detected the spread of the electronic virus, the third such threat to disseminate itself via messages posted on Orkut users personal Web pages.
Google's service, while available globally, is wildly popular among Brazilians which make up the bulk of its users.
The malicious programme, dubbed as "MW.Orc," works its way on to users' personal computers when they click on infected links on Orkut scrapbook pages. The link is followed by a message in Portuguese that entices the user to click.
Once the link is activated, a file is uploaded to the PC, according to a description of how the worm works contained in a statement by the Foster City, California-based company.
When infected Orkut users use Microsoft Corp.'s widely used Windows XP operating system to find personal files on their PCs through their "My Computer" icon, an e-mail is sent back to the creator of MW.Orc creator filled with personal information stored on the PC, FaceTime said.
The new threat to Orkut follows an earlier worm, Banker-BWD, which was uncovered by Sophos, an anti-virus company.
Orkut has around 21.1 million users, 68.56 per cent of whom identify themselves as Brazilians, 12.26 per cent as living in the United States and 5.32, who say they live in India.
Wednesday, June 21, 2006
Yahoo e-mail under worm attack
Symantec warns of mass-mail worm that exploits a vulnerability in Yahoo's Web e-mail
By Jeremy Kirk, IDG News Service
June 12, 2006
A mass-mail worm that exploits a vulnerability in Yahoo's Web e-mail is making the rounds but the impact appears to be low, security vendor Symantec said Monday.
The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.
The worm, written in JavaScript, takes advantage of a vulnerability that allows scripts embedded in HTML (Hypertext Markup Language) e-mail to run in the users' browsers. Yahoo users should be able to modify their settings to block the zero-day exploit, Hogan said.
Read More
By Jeremy Kirk, IDG News Service
June 12, 2006
A mass-mail worm that exploits a vulnerability in Yahoo's Web e-mail is making the rounds but the impact appears to be low, security vendor Symantec said Monday.
The worm, which Symantec calls JS.Yamanner@m, is different from others in that a user merely has to open the e-mail to cause it to run, said Kevin Hogan, senior manager for Symantec Security Response. Mass-mail worms have usually been contained in an attachment with an e-mail note encouraging a user to open it.
The worm, written in JavaScript, takes advantage of a vulnerability that allows scripts embedded in HTML (Hypertext Markup Language) e-mail to run in the users' browsers. Yahoo users should be able to modify their settings to block the zero-day exploit, Hogan said.
Read More
Monday, June 19, 2006
Microsoft: Vista Most Secure OS Ever
Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point.
From the network perimeter to deep inside the Windows client, the significance of security has permeated into every facet of technology. Norman Mailer said that 20th century man's default status was anxiety. We have barely dipped our toes into the 21st, and our default status has already been elevated to outright fear.
Read More
From the network perimeter to deep inside the Windows client, the significance of security has permeated into every facet of technology. Norman Mailer said that 20th century man's default status was anxiety. We have barely dipped our toes into the 21st, and our default status has already been elevated to outright fear.
Read More
Is your computer a zombie?
While it may be tempting to think your PC is safe and that computer nasties are a thing of the past, think again. Malicious attacks have evolved beyond previous attacks from virus writers who wanted to show off their skills and get caught for self publicity.
According to Raimund Genes, CTO of Trend Micro, the threat landscape has changed to more targeted, varied threats developed mainly for commercial reasons. "Professional malware writers today don't want to make a big fuss. The worst that could happen to them is for their malware to get noticed and for people to then update their systems and protect themselves", Raimund points out.
Read More
According to Raimund Genes, CTO of Trend Micro, the threat landscape has changed to more targeted, varied threats developed mainly for commercial reasons. "Professional malware writers today don't want to make a big fuss. The worst that could happen to them is for their malware to get noticed and for people to then update their systems and protect themselves", Raimund points out.
Read More
Wednesday, May 24, 2006
Ten Principles of Microsoft Patch Management
Patch management is a critical part of maintaining the security of your systems and network. The patch management system that you build and maintain is, among other things, the channel through which you deploy security updates from Microsoft and other vendors. Although patch management is sometimes viewed as a systems management discipline rather than a security discipline, its role in addressing vulnerabilities through the deployment of updates makes it a vital component in an organization’s security operations. Because the timely application of security updates is one of the most important and effective things you can do to protect your systems and network, your patch management system must be as efficient as possible.
Read More
Read More
Tuesday, May 09, 2006
Viruses no longer top security threat
Early reports of malware distribution in April show that viruses are swiftly declining as a threat in comparison with other malicious software.
Separate research from Fortinet and Sophos shows that the top viruses were mainly old timers, and that Trojans and spyware are coming to the fore in their place.
Read More
Separate research from Fortinet and Sophos shows that the top viruses were mainly old timers, and that Trojans and spyware are coming to the fore in their place.
Read More
Monday, May 08, 2006
ISA Server 2006 Overview
ISA Server 2006 is the next step in Microsoft’s Security Strategy. ISA Server 2006 is the successor of ISA Server 2004. ISA Server 2006 RTM is expected to be released at end of June 2006.
ISA Server 2006 contains all the features of ISA Server 2004 with SP2 except for the Message Screener. The Message Screener from ISA Server 2004 is no longer available in ISA Server 2006
Read More
ISA Server 2006 contains all the features of ISA Server 2004 with SP2 except for the Message Screener. The Message Screener from ISA Server 2004 is no longer available in ISA Server 2006
Read More
Saturday, May 06, 2006
Battle of the browser betas
Not since the early days of the Netscape vs. Microsoft Internet Explorer browser wars has the development behind Internet browsers been so energized, with developers rushing out new features every few weeks. Forget what's available today, let's look ahead and see what the next versions of Internet Explorer, Firefox, and Opera have in store. One caveat: since all these browsers are still in beta, not all Web sites may display properly, not all ad-ons or extensions may work within the new builds, and the apps themselves may unexpectedly crash or freeze.
Read More
Read More
Wednesday, May 03, 2006
Preventing P2P and IM programs from hijacking your network with ISA 2004
Instant Messaging has become one of the most useful tools of communication in these times. The pure speed in which information can be transferred from one end of the globe to the other is phenomenal. However, we are becoming aware of some major implications of the availability of this technology.
Network and Firewall Administrators have been facing a battle to uphold the integrity and productivity of their networks. Some of the major issues they have found with these potentially dangerous applications (P2P, IM’s) are the potential to disclose corporate information (source code etc) in a non mediated forum, the misuse of company resources, legal issues, possible virus incursion and simply the fact that it is another (flavor of the month) type point of attack, potentially jeopardizing the entire network.
Read More
Network and Firewall Administrators have been facing a battle to uphold the integrity and productivity of their networks. Some of the major issues they have found with these potentially dangerous applications (P2P, IM’s) are the potential to disclose corporate information (source code etc) in a non mediated forum, the misuse of company resources, legal issues, possible virus incursion and simply the fact that it is another (flavor of the month) type point of attack, potentially jeopardizing the entire network.
Read More
Friday, April 28, 2006
Update for HTTP issues in ISA 2004 SP2
Microsoft has released an update for HTTP issues in Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2).
More Info
More Info
Microsoft ISA Server 2006 Beta: Frequently Asked Questions
Learn more about the ISA Server 2006 Beta by reading this frequently asked questions page. It will help you understand ISA Server 2006, why you should consider trying the beta in your infrastructure, and some features that will help you secure your Microsoft application infrastructure, streamline your network, and safeguard your IT environment
Read More
Read More
Wednesday, April 26, 2006
Microsoft Details SMS 2003 R2
Microsoft Details SMS 2003 R2, Configuration Manager 2007
Microsoft will release SMS 2003 R2 by the end of June as it preps System Center Configuration Manager 2007 for delivery next year.
As the company's annual management summit got underway in San Diego Tuesday morning, Microsoft provided a broad overview of its expanding System Center product lineup but later drilled down on the future of SMS, now named System Center Configuration Manager 2007.
During his keynote, Microsoft Server & Tools Senior Vice President Bob Muglia demonstrated System Center's new drag and drop feature for applying new policies, Task-based GUI interface to simplify use and tight integration with the Windows Vista client and the Network Access Protection feature in the next Windows Longhorn Server
Read More
Microsoft will release SMS 2003 R2 by the end of June as it preps System Center Configuration Manager 2007 for delivery next year.
As the company's annual management summit got underway in San Diego Tuesday morning, Microsoft provided a broad overview of its expanding System Center product lineup but later drilled down on the future of SMS, now named System Center Configuration Manager 2007.
During his keynote, Microsoft Server & Tools Senior Vice President Bob Muglia demonstrated System Center's new drag and drop feature for applying new policies, Task-based GUI interface to simplify use and tight integration with the Windows Vista client and the Network Access Protection feature in the next Windows Longhorn Server
Read More
Wednesday, April 19, 2006
WEBCAST:Smart Tactics for Antivirus and Antispyware
Antivirus is a necessary component of any intrusion defense strategy. However, while choosing where to place Antivirus is a relatively simple matter, choosing how much Antivirus your organization needs can be challenging. In this Webcast, guest instructor Joel Snyder discusses Antivirus and Antispyware from an architectural perspective. Joel explains the benefits of standalone products vs. integrated suites, and tells you what you need to know about perimeter and gateway Antivirus and Antispyware.
In this 20-minute Webcast, you will explore:
Where in your network Antivirus and Antispyware should sit
Antivirus implementation challenges
Best practices for implementing Antivirus
register
In this 20-minute Webcast, you will explore:
Where in your network Antivirus and Antispyware should sit
Antivirus implementation challenges
Best practices for implementing Antivirus
register
Mozilla fixes nearly two dozen Firefox flaws
The Mozilla Foundation has fixed approximately 21 flaws in the Firefox Web browser that could be exploited to bypass security restrictions, tamper with sensitive data or conduct cross-site scripting and phishing attacks
Read More
Read More
Security concerns of extended schema in Active Directory
The structure of Active Directory -- the formatting of records, the type of information stored in it, etc. -- is referred to as its schema. Since AD is basically a database, the default schema is not set in stone and it can in fact be changed if needed. That said, extending the AD schema is not something you want to do trivially. The presence of third-party products that do this can complicate the issue, especially as far as security is concerned.
The first thing to be conscious of when using these products is that any additions to the schema are typically available by default in a read-only fashion to everyone. If you extend the schema, you also need to take into account what kind of access to grant to the new schema elements -- who gets to add or change these new elements, whether or not they can be seen by most users, etc.
Read More
The first thing to be conscious of when using these products is that any additions to the schema are typically available by default in a read-only fashion to everyone. If you extend the schema, you also need to take into account what kind of access to grant to the new schema elements -- who gets to add or change these new elements, whether or not they can be seen by most users, etc.
Read More
Monday, April 17, 2006
Is Open Source Really More Secure?
In this article we'll discuss the claim made by proponents of open source software that such software is more secure. Is open source really inherently more secure than closed source commercial software? If so, why? And if not, why do so many have that perception?
Read More
Read More
Tuesday, April 11, 2006
Microsoft Announces Beta Availability of ISA Server 2006 and Acquisition of a Web-Filtering Product from FutureSoft
REDMOND, Wash., Feb. 9, 2006 – Microsoft’s commitment to customers in the area of security is to ensure the highest degree of quality in Microsoft software, to deliver new security technology innovations in the Windows platform, and to invest in and develop security products and services that will evolve to meet future business and IT security needs.
In advance of next week's RSA Conference 2006 (Feb. 13-17 in San Jose, Calif.), PressPass spoke with Ted Kummert, corporate vice president, Security, Access and Solutions Division, Server and Tools Business, at Microsoft to understand how security products are helping customers better manage and address current and future security challenges.
Read More
REDMOND, Wash., Feb. 9, 2006 – Microsoft’s commitment to customers in the area of security is to ensure the highest degree of quality in Microsoft software, to deliver new security technology innovations in the Windows platform, and to invest in and develop security products and services that will evolve to meet future business and IT security needs.
In advance of next week's RSA Conference 2006 (Feb. 13-17 in San Jose, Calif.), PressPass spoke with Ted Kummert, corporate vice president, Security, Access and Solutions Division, Server and Tools Business, at Microsoft to understand how security products are helping customers better manage and address current and future security challenges.
Read More
Monday, April 10, 2006
Securing Your Exchange Server with Antigen and ISA Server
Event Description
Products: Exchange Server.
Recommended Audience: IT Professional.
Language: English-American
Description:
Every enterprise needs inter-site communication, but it opens conduits for everything from bandwidth-gobbling spam to malicious attacks that can cripple your organization. This webcast shows how to use Sybari Antigen and Microsoft Internet Security and Acceleration (ISA) Server to protect Microsoft Exchange Server from viruses, worms, spam and external attacks. Product managers from the ISA Server and Antigen teams discuss best practices for common Exchange deployment types, emphasizing configuration and tuning Antigen and ISA Server. This session is appropriate for information technology professionals who have a surface-level understanding of ISA and Antigen, and are ready to take their knowledge to the next level.Presenter: Peter Eicher, Senior Product Manager, Microsoft Corporation & Tom Bartlett, Security Solutions Specialist, CISSP, 2003 MCSE, Microsoft Corporation
Read More
Event Description
Products: Exchange Server.
Recommended Audience: IT Professional.
Language: English-American
Description:
Every enterprise needs inter-site communication, but it opens conduits for everything from bandwidth-gobbling spam to malicious attacks that can cripple your organization. This webcast shows how to use Sybari Antigen and Microsoft Internet Security and Acceleration (ISA) Server to protect Microsoft Exchange Server from viruses, worms, spam and external attacks. Product managers from the ISA Server and Antigen teams discuss best practices for common Exchange deployment types, emphasizing configuration and tuning Antigen and ISA Server. This session is appropriate for information technology professionals who have a surface-level understanding of ISA and Antigen, and are ready to take their knowledge to the next level.Presenter: Peter Eicher, Senior Product Manager, Microsoft Corporation & Tom Bartlett, Security Solutions Specialist, CISSP, 2003 MCSE, Microsoft Corporation
Read More
TechNet Webcast: Configuring Exchange and VPN Connectivity with ISA Server 2004
Event Description
Products: ISA Server.
Recommended Audience: IT Professional.
Language: English-American
Description:
Do you currently have an effective way to secure your network perimeter against risks introduced by the Internet, remote users, and remote network segments? Learn how Microsoft Internet Security and Acceleration (ISA) Server 2004 can help protect against all of these threats and more. This session demonstrates how ISA Server 2004 can enhance security for internal servers as well as external-facing resources such as Microsoft Exchange Server or Microsoft Internet Information Services. We will also show how ISA Server can operate as a virtual private networking server for more secure remote access to the internal network.
Presenter: Kevin Remde, TechNet Presenter, Microsoft Corporation
Read More
Event Description
Products: ISA Server.
Recommended Audience: IT Professional.
Language: English-American
Description:
Do you currently have an effective way to secure your network perimeter against risks introduced by the Internet, remote users, and remote network segments? Learn how Microsoft Internet Security and Acceleration (ISA) Server 2004 can help protect against all of these threats and more. This session demonstrates how ISA Server 2004 can enhance security for internal servers as well as external-facing resources such as Microsoft Exchange Server or Microsoft Internet Information Services. We will also show how ISA Server can operate as a virtual private networking server for more secure remote access to the internal network.
Presenter: Kevin Remde, TechNet Presenter, Microsoft Corporation
Read More
Sunday, April 09, 2006
Branch Office Integration with ISA Server 2004 SP2
Learn how ISA Server 2004 Service Pack 2 can help you deliver streamlined branch office connectivity and security to your customers.
Read More
Learn how ISA Server 2004 Service Pack 2 can help you deliver streamlined branch office connectivity and security to your customers.
Read More
Thursday, April 06, 2006
Fake BBC e-mails seek to exploit IE flaw
Attackers are spamming out these messages and hoping readers will click on a link to "read more." Those who do will be sent to a Web site that exploits the createTextRange flaw in Internet Explorer, dropping keyloggers onto victims' machines that can be used to steal bank account information.
That warning comes from San Diego-based Websense Inc., which offered details on its Web site, including a screen shot of an infected Web page.
"These e-mail messages contain excerpts from actual BBC news stories and offer a link to 'read more,'" Websense said. "Users who follow this link are taken to a Web site that is a spoofed copy of the BBC news story from the e-mail."
Read more...
Attackers are spamming out these messages and hoping readers will click on a link to "read more." Those who do will be sent to a Web site that exploits the createTextRange flaw in Internet Explorer, dropping keyloggers onto victims' machines that can be used to steal bank account information.
That warning comes from San Diego-based Websense Inc., which offered details on its Web site, including a screen shot of an infected Web page.
"These e-mail messages contain excerpts from actual BBC news stories and offer a link to 'read more,'" Websense said. "Users who follow this link are taken to a Web site that is a spoofed copy of the BBC news story from the e-mail."
Read more...
Security Concerns Threaten Enterprise Rollout of Mobile Technology
Symantec Global Survey Finds that Businesses are Slow to Deploy Mobile Security
Las Vegas, NV - April 4, 2006 - Security concerns are the biggest obstacle to the widespread adoption of wireless and remote computing in businesses worldwide today, according to a global survey by the Economist Intelligence Unit and sponsored by Symantec Corp (Nasdaq: SYMC). More than 60 percent of companies are holding back on deployment, citing security concerns. Close to 47 percent of respondents cite cost and complexity as a major obstacle to deployment. All the while, almost one in five businesses has already experienced financial loss due to attacks via mobile data platforms.
http://symantec.com/about/news/release/article.jsp?prid=20060404_01
Symantec Global Survey Finds that Businesses are Slow to Deploy Mobile Security
Las Vegas, NV - April 4, 2006 - Security concerns are the biggest obstacle to the widespread adoption of wireless and remote computing in businesses worldwide today, according to a global survey by the Economist Intelligence Unit and sponsored by Symantec Corp (Nasdaq: SYMC). More than 60 percent of companies are holding back on deployment, citing security concerns. Close to 47 percent of respondents cite cost and complexity as a major obstacle to deployment. All the while, almost one in five businesses has already experienced financial loss due to attacks via mobile data platforms.
http://symantec.com/about/news/release/article.jsp?prid=20060404_01
Wednesday, April 05, 2006
Internet Security Threat Report
The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, and future trends. The latest report, released March 7, is now available.
http://www.symantec.com/enterprise/threatreport/index.jsp
The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, and future trends. The latest report, released March 7, is now available.
http://www.symantec.com/enterprise/threatreport/index.jsp
The HP ProLiant DL320 Security Server running Microsoft® Internet Security & Acceleration Server 2004 is an advanced firewall, VPN, and Web caching solution that can be quickly and easily deployed in multiple network environments to protect Windows Server, Exchange, and other key applications against new and emerging security threats.
- Built on ISA Server 2004 advanced multi-layer application firewall, VPN, cache technology
Advanced RPC and OWA filtering
Tightly integrated with Exchange
Hardened (more secure) Windows Server 2003 OS
HP Virus Throttle installed and enabled
Subscribe to:
Posts (Atom)