Friday, June 20, 2008

Friday News Feed 6/20/08

Apple does about-face, fixes Safari's 'carpet bomb' bug Apple has updated the Windows version of Safari, patching four flaws including one that prompted rival Microsoft to urge users to stop using Apple's browser. Read more...

Safari 3.1.2 for Windows released to address vulnerabilities






EBay boosts fraud protections for PayPal users






Fraudulent ATM transactions overseas could be tied to Indiana bank breach






Microsoft admits XP's Bluetooth patch didn't work






Mozilla investigates critical Firefox 3.0 bug
Windows, Mac and Linux versions all have the vulnerability
June 19, 2008 (Computerworld) Mozilla Corp. today downplayed a threat posed by the first vulnerability reported for Firefox 3.0, telling users that the risk is "minimal."
"There is no public exploit, the details are private, and so the risk to users is minimal," Window Snyder, Mozilla's chief security officer, said in an entry to a company blog.
...
Snyder was responding to news yesterday that 3Com Corp.'s TippingPoint, a security vendor that runs the Zero Day Initiative bug bounty program, had purchased a critical Firefox 3.0 vulnerability from an unnamed researcher and then forwarded information on the bug to Mozilla.






Nuance sues start-up Vlingo over speech recognition patent infringement
I wonder who their lawyers are... ;-)






Patch-blocking bug also stymies Microsoft's WSUS







Fraud-Fighting Community Launches in US - 6/19/2008 5:40:00 PM Subscribers share information about fraudulent online transactions in online service







ID Protection Startup Prepares Commercial Push - 6/19/2008 10:00:00 AM After completing identity theft study and numerous breach response engagements, Debix says it's good to go







Stolen Healthcare, Airline Credentials Found on Servers - 6/18/2008 5:45:00 PM Researchers at Finjan say cybercriminals are looking beyond stolen credit card accounts







Why Global Hackers Are Nearly Impossible to Catch
livescience.com — They're in our computers, reading our files. The Chinese government, that is, according to two U.S. Congressmen who recently accused Beijing of sending hackers to ferret out secret documents stored on Congressional computers. The Chinese deny any involvement, but if they were lying, would we be able to prove it?More… (Security)







Teens Charged With Loading Spyware, Changing GradesPC World - Wed Jun 18, 8:30 PM ET
Two Orange County teenagers have been charged with breaking into school computers, installing spyware and altering grades.






MS08-030 Re-released for Windows XP SP2 and SP3








Federal Court Limits Employers' Access to Employees' E-Communications
The 9th Circuit Court upheld the workplace privacy rights of employees in its decision in Quon v. Arch Wireless. Sgt. Jeff Quon and 3 other officers sued Arch Wireless for sharing wireless communication records with their employer, the Ontario Police Department. The City contracted for text messaging service for employees, and later obtained records to investigate whether all communications were work related. The court's decision reversed a lower court ruling, and found that the carrier was in violation of the 4th Amendment and California constitutional guarantees.
Court limits employer access to worker messages, Associated Press, June 19, 2008
Posted by EPIC on June 19, 2008.Permanent link to this item.







Citibank to Replace ATMs Following Crime Spree
http://blogs.washingtonpost.com/securityfix/
One of my sources, the other day, tipped me off that Citibank was in the process of replacing most of its automated teller machines (ATMs), but the source couldn't definitively say why. Citibank told ATM & Debit News that it was replacing some 2,000 proprietary ATMs in "a bid to improve customer service." But a story today by Wired.com reporter Kevin Poulsen suggests that the financial giant is responding to a computer intrusion into a Citibank server that processes ATM withdrawals, an incident that appears to have led to an ATM crime spree.







FISA deal worries privacy groupsNews Brief, 2008-06-18Congressional leaders are reportedly close to a compromise on revamping the Foreign Intelligence Surveillance Act and allowing telecoms a way to sidestep wiretapping lawsuits.







...And worth every penny...
Windows Live OneCare 2.0 Available for Free

Microsoft is indeed offering Windows Live OneCare 2.0 for free, but only the 90-day trial period version. However, the fully fledged security solution can be grabbed from Amazon.com for a total cost of $0. The official price of the product is $49.95. But the actual deducted price is just $30, the e-commerce website offering no less than 40%, or $19.95 off. But in addition to the discount, Amazon.com has also set up a rebate of no less than $30, e...







AP: China admits taking, burying US POW (AP)







Local root escalation vulnerability in Mac OS X 10.4 and 10.5 discovered








Breaking News… NOT!
Friday June 20, 2008 at 4:18 am CSTPosted by Kevin McGhee
No Comments
There mustn’t be much going on in the world today as the Nuwar spammers have moved from jumping on real news of natural disasters and current affairs to creating their own fictional events! This high volume spam campaign is using some wacky subjects to lure people into clicking on the links:

Subject: Britney found hanged in locker room
Subject: White House hit by lightning, catches fire
Subject: Oprah found sleeping the streets
Subject: Eiffel Tower damaged by massive earthquake
Subject: Donald Trump missing, feared kidnapped
Subject: Lastest! Obama quits presidential race

This clever social engineering technique plays on peoples inquisitiveness in news of natural disasters and celebrities. The emails also follow the simple format of some text and a link that looks fairly harmless to the uneducated user.
All the links go to a fake pornotube page hosted on legitimate sites that have been hacked. If you click on the video (that’s actually just an image) it tries to download a .exe file. This is detected as BackDoor-DNM and the spam is also currently detected with our Anti-Spam products.
So it goes without saying.. NEVER click on links in an email unless you are sure of its origin, keep your Anti-Virus software up-to-date and if you have a website make sure its properly secured so you’re not hosting stuff like this.







Disgruntled hacker sentenced to five years
Sue Marquette Poremba June 19, 2008
A network engineer and technical services manager for San Diego's Council of Community Health Clinics was sentenced to 63 months in prison on federal hacking charges.







Kentucky Agrees To Stop Selectively Blocking State Employees From Reading Critical Blogs








Lame NHS loses 31,000 patient records
Michael Krigsman:Setting an example for irresponsibility while violating internal Department of Health policies, the UK National Health Service has lost unencrypted data on 31,000 patients.

No comments: