Accessible Web Typography - an introduction for web designers:
"A book by Jim Byrne
The author is available for accessible web design development and consultancy work: jim@scotconnect.com
The HTML version of the book is free:"
http://www.scotconnect.com/webtypography/
Friday, February 13, 2004
The Windows Patch—What You Need to Know :
"On Tuesday February 10th, Microsoft released three new security updates to patch new vulnerabilities, one of which is catching a lot of attention. Security Update MS04-007 is rated as critical because it has the potential to leave a user of Windows NT, 2000, XP or 2003 Server open to an attack that could result in remote code execution. The vulnerability has no workarounds, and is being very strongly recommended by Microsoft and security organizations. However, at this time, Microsoft says there are no reported incidents using the vulnerability, but is recommending the patch as a preemptive strike against attack.…"
http://www.pcmag.com/article2/0,4149,1525075,00.asp
"On Tuesday February 10th, Microsoft released three new security updates to patch new vulnerabilities, one of which is catching a lot of attention. Security Update MS04-007 is rated as critical because it has the potential to leave a user of Windows NT, 2000, XP or 2003 Server open to an attack that could result in remote code execution. The vulnerability has no workarounds, and is being very strongly recommended by Microsoft and security organizations. However, at this time, Microsoft says there are no reported incidents using the vulnerability, but is recommending the patch as a preemptive strike against attack.…"
http://www.pcmag.com/article2/0,4149,1525075,00.asp
Microsoft TechNet:
"Microsoft Security Bulletin MS04-007
ASN.1 Vulnerability Could Allow Code Execution (828028)"
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Security Update Replacement: None
Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.…
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp
"Microsoft Security Bulletin MS04-007
ASN.1 Vulnerability Could Allow Code Execution (828028)"
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Security Update Replacement: None
Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.…
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp
MyDoom author may be covering tracks - News - ZDNet:
"A worm that started spreading on Sunday places the source code for the original MyDoom virus on victims' hard drives, an action equivalent to planting evidence, antivirus experts said Tuesday.
The worm, Doomjuice, spreads to computers that have already been infected by either the original MyDoom virus or the MyDoom.B variant, and among other actions, places several copies of the source code for MyDoom.A on a victim's computer.
The author may be using the tactic to create a crowd of PC users in which to hide, or the author could be spreading the code in hopes that other virus writers will create variations on MyDoom, said Graham Cluley, senior technology consultant for antivirus company Sophos. "
Doomjuice is one of two opportunistic programs--the other dubbed Deadhat--that started spreading this week. Both viruses infect computers that have already succumbed to either of the two MyDoom viruses. Doomjuice also attempts to direct any re-infected PCs to attack Microsoft's Web site.
Doomjuice's possession of the source code for the original MyDoom virus suggests that the creator of the worm is also the writer of the original virus. A word in both MyDoom viruses--the name "andy"--has already suggested to some researchers that the original MyDoom and the MyDoom.B variant were created by the same person or group.
Other antivirus researchers agree that the latest hostile program could be intended to confuse investigations into who created the viruses.…
http://zdnet.com.com/2100-1104_2-5156836.html
"A worm that started spreading on Sunday places the source code for the original MyDoom virus on victims' hard drives, an action equivalent to planting evidence, antivirus experts said Tuesday.
The worm, Doomjuice, spreads to computers that have already been infected by either the original MyDoom virus or the MyDoom.B variant, and among other actions, places several copies of the source code for MyDoom.A on a victim's computer.
The author may be using the tactic to create a crowd of PC users in which to hide, or the author could be spreading the code in hopes that other virus writers will create variations on MyDoom, said Graham Cluley, senior technology consultant for antivirus company Sophos. "
Doomjuice is one of two opportunistic programs--the other dubbed Deadhat--that started spreading this week. Both viruses infect computers that have already succumbed to either of the two MyDoom viruses. Doomjuice also attempts to direct any re-infected PCs to attack Microsoft's Web site.
Doomjuice's possession of the source code for the original MyDoom virus suggests that the creator of the worm is also the writer of the original virus. A word in both MyDoom viruses--the name "andy"--has already suggested to some researchers that the original MyDoom and the MyDoom.B variant were created by the same person or group.
Other antivirus researchers agree that the latest hostile program could be intended to confuse investigations into who created the viruses.…
http://zdnet.com.com/2100-1104_2-5156836.html
Study: Spammers turning blind eye to the law - News - ZDNet:
"Only 3 percent of bulk commercial e-mail includes a valid U.S. postal mail address and a valid link to opt out of future messages, according to data released on Tuesday by MX Logic, a maker of mail-filtering software. Those requirements are part of the Can-Spam Act, short for Controlling the Assault of Non-Solicited Pornography and Marketing, the nation's first federal spam law.
What's more, the amount of spam has continued to grow since the law went into effect at the beginning of the year. As much as 60 percent of the e-mail sent in January was spam, up from 58 percent in December, according to San Francisco-based Brightmail, one of the largest spam-filtering companies.…"
http://zdnet.com.com/2100-1104_2-5156629.html?tag=adnews
"Only 3 percent of bulk commercial e-mail includes a valid U.S. postal mail address and a valid link to opt out of future messages, according to data released on Tuesday by MX Logic, a maker of mail-filtering software. Those requirements are part of the Can-Spam Act, short for Controlling the Assault of Non-Solicited Pornography and Marketing, the nation's first federal spam law.
What's more, the amount of spam has continued to grow since the law went into effect at the beginning of the year. As much as 60 percent of the e-mail sent in January was spam, up from 58 percent in December, according to San Francisco-based Brightmail, one of the largest spam-filtering companies.…"
http://zdnet.com.com/2100-1104_2-5156629.html?tag=adnews
Microsoft Warns Software Users of 'Critical' Flaw:
"The company called the software flaw a "critical" vulnerability, its highest rating. It is the second major security flaw announced this month by Microsoft, which recently began issuing regularly scheduled security patches for its software. "We urge all of our customers to apply this update," said Stephen Toulouse, a security program manager with Microsoft's security response center.
The flaw, one of three announced yesterday by Microsoft, affects a fundamental building block of network operating systems known as Abstract Syntax Notation One, and helps govern how machines communicate with one another and how they establish secure communications. Microsoft's version of that protocol is flawed, and could be used to gain control of the target machine. The company said there was no evidence that any attacks based on the flaw had occurred.… "
For now, Mr. Cooper said, computer users are probably safe because the flaw "is not exactly a simple one" to take advantage of, and no attack that would exploit the flaw had appeared on the hacker sites where such code is freely circulated. But once such an attack method is created, he said he expected to see a malicious program that could circulate via e-mail messaging and which would have as profound an effect on computer networks as the widespread "Blaster" worm of last year.…
http://www.nytimes.com/2004/02/11/technology/11worm.html
"The company called the software flaw a "critical" vulnerability, its highest rating. It is the second major security flaw announced this month by Microsoft, which recently began issuing regularly scheduled security patches for its software. "We urge all of our customers to apply this update," said Stephen Toulouse, a security program manager with Microsoft's security response center.
The flaw, one of three announced yesterday by Microsoft, affects a fundamental building block of network operating systems known as Abstract Syntax Notation One, and helps govern how machines communicate with one another and how they establish secure communications. Microsoft's version of that protocol is flawed, and could be used to gain control of the target machine. The company said there was no evidence that any attacks based on the flaw had occurred.… "
For now, Mr. Cooper said, computer users are probably safe because the flaw "is not exactly a simple one" to take advantage of, and no attack that would exploit the flaw had appeared on the hacker sites where such code is freely circulated. But once such an attack method is created, he said he expected to see a malicious program that could circulate via e-mail messaging and which would have as profound an effect on computer networks as the widespread "Blaster" worm of last year.…
http://www.nytimes.com/2004/02/11/technology/11worm.html
Wednesday, February 11, 2004
MyDoom.C Slams Into Microsoft.com:
"UPDATED: A stripped-down version of the MyDoom worm, a k a Doomjuice, on Monday spread through network backdoor and attacked Microsoft's Web site.
A new version of the MyDoom worm appears to be circulating on the Internet and may be responsible for some disruptions to Microsoft Corp.'s Web site Sunday night and Monday morning, researchers said.
When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory under the file name 'intrenat.exe' and also creates a file named 'sync-src-1.00.tbz' in several locations. "
But unlike the two previous versions of MyDoom, this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., based in Reston, Va. The worm's code is not encrypted, but it contains all of the source code for MyDoom.A.
The new worm's infection procedure may limit its spread, experts said. MyDoom.C spreads by scanning for machines that are already infected with one of the other variants of the worm. So the possibility of spreading widely in the enterprise is mitigated by the fact that most companies affected by one of the other worms likely already has cleaned up those PCs. Also, administrators can trump the new variant by blocking Port 3127 at the firewall.
"The risk presented by Mydoom.C needs to be tempered with the fact it is easily foiled by protection available from as early as two weeks ago. The fact the worm preys on existing Mydoom infected computers is much like a flock of vultures circling around an unfortunate soul about to succumb to the elements in that it is picking through scraps," said Ian Hameroff, eTrust security strategist at Computer Associates International Inc. of Islandia, N.Y.…
MyDoom.C does have the ability to launch a denial-of-service attack against Microsoft's main Web site, which experienced some severe performance problems overnight Sunday and again Monday morning, according to data compiled by Netcraft Ltd. If the worm is started between Feb. 8 and Feb. 12, it starts a thread that sleeps for a random amount of time and then spawns 80 threads that begin requesting pages from Microsoft.com at once. MyDoom.C does not try to attack The SCO Group's Web site, however, as the two previous versions did.…
http://www.eweek.com/article2/0,4149,1522236,00.asp
"UPDATED: A stripped-down version of the MyDoom worm, a k a Doomjuice, on Monday spread through network backdoor and attacked Microsoft's Web site.
A new version of the MyDoom worm appears to be circulating on the Internet and may be responsible for some disruptions to Microsoft Corp.'s Web site Sunday night and Monday morning, researchers said.
When it's executed, the new variant, called MyDoom.C, or Doomjuice, begins scanning for machines listening on TCP port 3127. When it finds available PCs, it copies itself to the new machine's Windows directory under the file name 'intrenat.exe' and also creates a file named 'sync-src-1.00.tbz' in several locations. "
But unlike the two previous versions of MyDoom, this third variant does not spread via e-mail, nor does it install a backdoor on infected machines or have a kill date, according to an analysis done by Ken Dunham, malicious code manager for iDefense Inc., based in Reston, Va. The worm's code is not encrypted, but it contains all of the source code for MyDoom.A.
The new worm's infection procedure may limit its spread, experts said. MyDoom.C spreads by scanning for machines that are already infected with one of the other variants of the worm. So the possibility of spreading widely in the enterprise is mitigated by the fact that most companies affected by one of the other worms likely already has cleaned up those PCs. Also, administrators can trump the new variant by blocking Port 3127 at the firewall.
"The risk presented by Mydoom.C needs to be tempered with the fact it is easily foiled by protection available from as early as two weeks ago. The fact the worm preys on existing Mydoom infected computers is much like a flock of vultures circling around an unfortunate soul about to succumb to the elements in that it is picking through scraps," said Ian Hameroff, eTrust security strategist at Computer Associates International Inc. of Islandia, N.Y.…
MyDoom.C does have the ability to launch a denial-of-service attack against Microsoft's main Web site, which experienced some severe performance problems overnight Sunday and again Monday morning, according to data compiled by Netcraft Ltd. If the worm is started between Feb. 8 and Feb. 12, it starts a thread that sleeps for a random amount of time and then spawns 80 threads that begin requesting pages from Microsoft.com at once. MyDoom.C does not try to attack The SCO Group's Web site, however, as the two previous versions did.…
http://www.eweek.com/article2/0,4149,1522236,00.asp
Tuesday, February 10, 2004
Chicago Tribune | 'Mydoom' Creators Start Up 'Doomjuice':
"Finnish computer security experts warned Tuesday of a new worm, known as 'Doomjuice,' that is expected to attack computers infected by 'Mydoom,' despite the fact it's programmed to stop spreading later this week.
The virus, first detected by F-Secure on Monday night, has so far infected at least 30,000 computers worldwide since it was activated Sunday, said the company's director of antivirus research, Mikko Hypponen. "
Like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Corp.'s Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world.
"Unlike Mydoom, it does not spread via e-mail. It comes through a backdoor left open by Mydoom," Hypponen told The Associated Press. "People won't even realize their computers are being attacked, and then they'll have both Mydoom and Doomjuice in their computers."
Doomjuice drops the original source code of the Mydoom.A worm in an archive to folders on infected computers.
"This proves to us that Doomjuice and Mydoom.A are written by the same people," Hypponen said. "The source code of Mydoom.A has not been seen circulating in the underground before."
Doomjuice's ability to spread is limited because it will only attack computers infected by Mydoom, Hypponen said. "And lots of them are being cleaned up already at a quick rate."
But, he warned, unlike Mydoom which is programmed to stop spreading on Feb. 12, Doomjuice could run forever. "At least until all computers everywhere infected by both worms have been cleaned up, and that could be years," Hypponen said.
F-Secure said it is difficult to fully assess how destructive Doomjuice has been so far, but that one sensor monitoring a fifth of the world's Internet traffic Monday found 30,000 hits.
So far, www.microsoft.com, one of the largest web sites in the world, appears to be operational, but F-Secure had noticed a disruption in service on Monday.
F-Secure: http://F-Secure.com/
http://www.chicagotribune.com/technology/sns-ap-finland-doomjuice-worm.story
"Finnish computer security experts warned Tuesday of a new worm, known as 'Doomjuice,' that is expected to attack computers infected by 'Mydoom,' despite the fact it's programmed to stop spreading later this week.
The virus, first detected by F-Secure on Monday night, has so far infected at least 30,000 computers worldwide since it was activated Sunday, said the company's director of antivirus research, Mikko Hypponen. "
Like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Corp.'s Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world.
"Unlike Mydoom, it does not spread via e-mail. It comes through a backdoor left open by Mydoom," Hypponen told The Associated Press. "People won't even realize their computers are being attacked, and then they'll have both Mydoom and Doomjuice in their computers."
Doomjuice drops the original source code of the Mydoom.A worm in an archive to folders on infected computers.
"This proves to us that Doomjuice and Mydoom.A are written by the same people," Hypponen said. "The source code of Mydoom.A has not been seen circulating in the underground before."
Doomjuice's ability to spread is limited because it will only attack computers infected by Mydoom, Hypponen said. "And lots of them are being cleaned up already at a quick rate."
But, he warned, unlike Mydoom which is programmed to stop spreading on Feb. 12, Doomjuice could run forever. "At least until all computers everywhere infected by both worms have been cleaned up, and that could be years," Hypponen said.
F-Secure said it is difficult to fully assess how destructive Doomjuice has been so far, but that one sensor monitoring a fifth of the world's Internet traffic Monday found 30,000 hits.
So far, www.microsoft.com, one of the largest web sites in the world, appears to be operational, but F-Secure had noticed a disruption in service on Monday.
F-Secure: http://F-Secure.com/
http://www.chicagotribune.com/technology/sns-ap-finland-doomjuice-worm.story
Monday, February 09, 2004
MyDoom sparks talks of security's future - News - ZDNet:
"Despite a deep understanding of how such viruses spread, security experts seem to be at a loss at how to stop them. Popular antivirus technology is generally ineffectual against many of the attacks until an update is downloaded by the user. Moreover, even though antivirus software is the most popular security technology in use--about 99 percent of corporations use it, according to the Computer Security Institute--many home users still don't use the software.
'Many people don't even have the software,' said Bruce Schneier, chief technology officer for Counterpane Internet Security. 'And for those that do, the first few hours of an epidemic is a race against time.' "
MyDoom spread through e-mail a week ago, infecting a new computer every time an unwary user opened the attached filed containing the program. As many as 2 million computers may have been infected. The original virus was programmed to attack The SCO Group's Web site last Sunday, while a variant is scheduled to target Microsoft on Tuesday.
E-mail service provider MessageLabs has quarantined more than 17 million e-mail messages in a week, said Alex Shipp, senior antivirus technologist for the company. From data captured early in the epidemic, MessageLabs says that for every Internet address with an infected PC behind it, eight e-mails are sent, on average, to one of the company's customers.
However, even though companies are still seeing massive quantities of e-mail messages bearing the MyDoom virus, the spread has slowed, stressed Shipp.…
http://zdnet.com.com/2100-1105_2-5152165.html?tag=zdaresources
"Despite a deep understanding of how such viruses spread, security experts seem to be at a loss at how to stop them. Popular antivirus technology is generally ineffectual against many of the attacks until an update is downloaded by the user. Moreover, even though antivirus software is the most popular security technology in use--about 99 percent of corporations use it, according to the Computer Security Institute--many home users still don't use the software.
'Many people don't even have the software,' said Bruce Schneier, chief technology officer for Counterpane Internet Security. 'And for those that do, the first few hours of an epidemic is a race against time.' "
MyDoom spread through e-mail a week ago, infecting a new computer every time an unwary user opened the attached filed containing the program. As many as 2 million computers may have been infected. The original virus was programmed to attack The SCO Group's Web site last Sunday, while a variant is scheduled to target Microsoft on Tuesday.
E-mail service provider MessageLabs has quarantined more than 17 million e-mail messages in a week, said Alex Shipp, senior antivirus technologist for the company. From data captured early in the epidemic, MessageLabs says that for every Internet address with an infected PC behind it, eight e-mails are sent, on average, to one of the company's customers.
However, even though companies are still seeing massive quantities of e-mail messages bearing the MyDoom virus, the spread has slowed, stressed Shipp.…
http://zdnet.com.com/2100-1105_2-5152165.html?tag=zdaresources
Subscribe to:
Posts (Atom)
Posts
