Attack Pierces Fully Patched XP Machines:
"Security researchers have identified a new version of the Download.Ject attack that is now being used on the Internet and can compromise fully patched Windows XP machines.
The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page. "
The page is being hosted by a number of different sites, all of which share common "whois" information and appear to be deliberately serving the page, according to Thor Larholm, senior security researcher at PivX Solutions LLC, based in Newport Beach, Calif. The Trojan also will change the start page of the infected PC.
Once a user clicks on the link, the Web server attempts to download the back door. Larholm said a PC running a fully patched copy of Windows XP and Internet Explorer 6 will be compromised by the new version of Download.Ject, as will machines running older version of Windows and IE.
But machines running SP2 (Service Pack 2) for XP are not vulnerable to the new attack. Larholm added that the vulnerabilities exploited in this attack have been known for some time.…
http://www.eweek.com/article2/0,1759,1638037,00.asp?kc=ewnws082004dtx1k0000599
Friday, August 20, 2004
Judges rule file-sharing software legal - News - ZDNet
Judges rule file-sharing software legal - News - ZDNet:
"Like the lower court, the Ninth Circuit implied that any ability to hold software developers liable for copyright infringement might have to come from Congress rather than from the courts. Indeed, the RIAA is already pursuing that goal, with a bill sponsored by Sen. Orrin Hatch, a Republican from Utah, that would put legal responsibility for copyright infringement back on the peer-to-peer developers.
But the Appeals Court closed its decision with words that some technology lawyers are interpreting as a cautionary note to Congress, as it debates that bill.
'The introduction of new technology is always disruptive to old markets and particularly to those copyright owners whose works are sold through well-established distribution mechanisms,' the court wrote. 'Yet history has shown that time and market forces often provide equilibrium in balancing interests, whether the new technology be a player piano, a copier, a tape recorder, a video recorder, a personal computer, a karaoke machine or an MP3 player. Thus, it is prudent for courts to exercise caution before restructuring liability theories for the purpose of addressing specific market abuses, despite their apparent present magnitude.' "
http://zdnet.com.com/2100-1104_2-5316570.html?tag=adnews
"Like the lower court, the Ninth Circuit implied that any ability to hold software developers liable for copyright infringement might have to come from Congress rather than from the courts. Indeed, the RIAA is already pursuing that goal, with a bill sponsored by Sen. Orrin Hatch, a Republican from Utah, that would put legal responsibility for copyright infringement back on the peer-to-peer developers.
But the Appeals Court closed its decision with words that some technology lawyers are interpreting as a cautionary note to Congress, as it debates that bill.
'The introduction of new technology is always disruptive to old markets and particularly to those copyright owners whose works are sold through well-established distribution mechanisms,' the court wrote. 'Yet history has shown that time and market forces often provide equilibrium in balancing interests, whether the new technology be a player piano, a copier, a tape recorder, a video recorder, a personal computer, a karaoke machine or an MP3 player. Thus, it is prudent for courts to exercise caution before restructuring liability theories for the purpose of addressing specific market abuses, despite their apparent present magnitude.' "
http://zdnet.com.com/2100-1104_2-5316570.html?tag=adnews
Thursday, August 19, 2004
Security Watch Letter: New MyDoom Piggybacks More Dangerous Worm
Security Watch Letter: New MyDoom Piggybacks More Dangerous Worm:
"… MyDoom is back with W32/MyDoom.S-mm. This variation, also known as MyDoom.Q@mm, Worm_Ratos.A, and I-worm.Win32.Ratos, was discovered on August 15th, and jumped to a medium-level threat very quickly. While MyDoom.S doesn't really do much, it downloads a particulary nasty trojan called Backdoor.Ratos.A. …"
http://www.pcmag.com/article2/0,1759,1637560,00.asp
http://www.pcmag.com/print_article/0,1761,a=133647,00.asp
"… MyDoom is back with W32/MyDoom.S-mm. This variation, also known as MyDoom.Q@mm, Worm_Ratos.A, and I-worm.Win32.Ratos, was discovered on August 15th, and jumped to a medium-level threat very quickly. While MyDoom.S doesn't really do much, it downloads a particulary nasty trojan called Backdoor.Ratos.A. …"
http://www.pcmag.com/article2/0,1759,1637560,00.asp
http://www.pcmag.com/print_article/0,1761,a=133647,00.asp
Study: Unpatched PCs compromised in 20 minutes - News - ZDNet
Study: Unpatched PCs compromised in 20 minutes - News - ZDNet:
"Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.
According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.
The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute 'survival time' by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.… "
The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.
Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.
"It's a tough problem, and it's getting tougher," Conti said.
One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.
The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.…
http://zdnet.com.com/2100-1105_2-5313402.html
"Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.
According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.
The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute 'survival time' by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.… "
The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.
Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.
"It's a tough problem, and it's getting tougher," Conti said.
One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.
The school is now checking the status of computers before letting them connect to the Internet. If a machine doesn't have the latest patches, it gets quarantined with limited network access until the PC is back up to date.…
http://zdnet.com.com/2100-1105_2-5313402.html
Wednesday, August 18, 2004
MyDoom.s prevention and cure
MyDoom.s prevention and cure - ZDNet: Reviews:
"This mass-mailing virus appears to contain photos but actually attempts to install a backdoor Trojan horse."
http://reviews-zdnet.com.com/4520-6600_16-5428414.html
"This mass-mailing virus appears to contain photos but actually attempts to install a backdoor Trojan horse."
http://reviews-zdnet.com.com/4520-6600_16-5428414.html
News: Special Reports: XP update: Windows XP SP2 on the hot seat
News: Special Reports: Windows XP SP2 on the hot seat:
"As Microsoft releases its major update for Windows XP, Service Pack 2, companies are examining the software to see how it will fit into their systems. IBM, for one, wants to hold off until it has been further tested. Companies will also want to consider options to replace or enhance some of the new security features."
http://zdnet.com.com/2251-1110-5302605.html
"As Microsoft releases its major update for Windows XP, Service Pack 2, companies are examining the software to see how it will fit into their systems. IBM, for one, wants to hold off until it has been further tested. Companies will also want to consider options to replace or enhance some of the new security features."
http://zdnet.com.com/2251-1110-5302605.html
Tuesday, August 17, 2004
TechNet Support WebCast: Understanding Microsoft Windows XP Service Pack 2 - 883733
883733 - TechNet Support WebCast: Understanding Microsoft Windows XP Service Pack 2:
"Thursday, August 19, 2004: 10:00 AM Pacific time (Greenwich mean time - 7 hours)
The changes to Microsoft Windows Firewall, Automatic Updates, and the Windows kernel help provide a better environment for Microsoft Windows customers. These changes may require modifications to be fully deployed in an enterprise computing environment. This Support WebCast discusses the changes in Microsoft Windows XP Service Pack 2 (SP2). The session also talks about how customers in enterprise computing environments can prepare to deploy the service pack. It discusses the details of buffer overflow prevention, network protection, and patching technologies in Windows XP SP2, and the deployment mechanisms to control each."
http://support.microsoft.com/default.aspx?scid=kb;en-us;883733&Product=winxp
"Thursday, August 19, 2004: 10:00 AM Pacific time (Greenwich mean time - 7 hours)
The changes to Microsoft Windows Firewall, Automatic Updates, and the Windows kernel help provide a better environment for Microsoft Windows customers. These changes may require modifications to be fully deployed in an enterprise computing environment. This Support WebCast discusses the changes in Microsoft Windows XP Service Pack 2 (SP2). The session also talks about how customers in enterprise computing environments can prepare to deploy the service pack. It discusses the details of buffer overflow prevention, network protection, and patching technologies in Windows XP SP2, and the deployment mechanisms to control each."
http://support.microsoft.com/default.aspx?scid=kb;en-us;883733&Product=winxp
Windows XP Service Pack 2 on CD Available Later this Summer. Order Here.
Order Windows XP Service Pack 2 on CD:
"You will be able to order this CD when it becomes available later this summer. "
The best way to ensure you get SP2 when it is released is by turning on the Automatic Updates feature in Windows XP. Visit the Protect Your PC site to let us turn it on for you or follow these manual steps—either way you'll get SP2 automatically as Microsoft releases it.
http://protect.microsoft.com/security/protect/WSA/en/default.asp
http://www.microsoft.com/athome/security/protect/windowsxp/updates.aspx
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx
"You will be able to order this CD when it becomes available later this summer. "
The best way to ensure you get SP2 when it is released is by turning on the Automatic Updates feature in Windows XP. Visit the Protect Your PC site to let us turn it on for you or follow these manual steps—either way you'll get SP2 automatically as Microsoft releases it.
http://protect.microsoft.com/security/protect/WSA/en/default.asp
http://www.microsoft.com/athome/security/protect/windowsxp/updates.aspx
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx
Microsoft Takes New Development Track
Microsoft Takes New Development Track:
"In addition to efforts to recruit developers through its many high-school and college programs, Microsoft is looking to its recently announced Express tools to bring in a new class of developers. Microsoft announced the Express versions of its Visual Studio tools at Tech Ed Europe last month, saying the tools are aimed at casual developers, hobbyists and students.
At the conference, Microsoft announced Express versions of its popular tools, including Visual Web Developer 2005 Express Edition, for building Web sites and Web services; Visual Basic 2005 Express Edition, which is aimed at helping beginners learn to program; and SQL Server 2005 Express Edition, a lightweight version of SQL Server, also for students and hobbyists, among others.…"
Two developers said they were impressed with the Express tools but put off by Microsoft's marketing plans. Tim Huckaby, CEO of InterKnowlogy LLC, in Carlsbad, Calif., said Microsoft is "selling itself short and doing a small disservice to the Express tools when they proclaim them to be 'for hobbyists, enthusiasts and students.' To me, that type of statement implies that the Express line is a set of toys.
"Those who have seen or used them know this is far from the case. There is no reason in the world that highly scalable enterprise software cannot be built in the Express tools," Huckaby said.
Huckaby said he can envision business analysts and nontechnical users using the Express tools to prototype applications. "How perfect is a world where part of the design is a prototype built by the business owner of the project itself?" he asked. "Then they throw it over the wall to the developers to build."
Stephen Forte, chief technology officer of New York-based Corzen Inc., agreed. Forte said he began programming using macros because he found using professional tools "intimidating." But after working with the program for a while, he moved on to master other tools and languages, he said. Forte said the Express tools are quite capable. "What's great about the Express products is that they use the full-blown .Net Framework," he said.…
http://www.eweek.com/article2/0,1759,1636268,00.asp
"In addition to efforts to recruit developers through its many high-school and college programs, Microsoft is looking to its recently announced Express tools to bring in a new class of developers. Microsoft announced the Express versions of its Visual Studio tools at Tech Ed Europe last month, saying the tools are aimed at casual developers, hobbyists and students.
At the conference, Microsoft announced Express versions of its popular tools, including Visual Web Developer 2005 Express Edition, for building Web sites and Web services; Visual Basic 2005 Express Edition, which is aimed at helping beginners learn to program; and SQL Server 2005 Express Edition, a lightweight version of SQL Server, also for students and hobbyists, among others.…"
Two developers said they were impressed with the Express tools but put off by Microsoft's marketing plans. Tim Huckaby, CEO of InterKnowlogy LLC, in Carlsbad, Calif., said Microsoft is "selling itself short and doing a small disservice to the Express tools when they proclaim them to be 'for hobbyists, enthusiasts and students.' To me, that type of statement implies that the Express line is a set of toys.
"Those who have seen or used them know this is far from the case. There is no reason in the world that highly scalable enterprise software cannot be built in the Express tools," Huckaby said.
Huckaby said he can envision business analysts and nontechnical users using the Express tools to prototype applications. "How perfect is a world where part of the design is a prototype built by the business owner of the project itself?" he asked. "Then they throw it over the wall to the developers to build."
Stephen Forte, chief technology officer of New York-based Corzen Inc., agreed. Forte said he began programming using macros because he found using professional tools "intimidating." But after working with the program for a while, he moved on to master other tools and languages, he said. Forte said the Express tools are quite capable. "What's great about the Express products is that they use the full-blown .Net Framework," he said.…
http://www.eweek.com/article2/0,1759,1636268,00.asp
Monday, August 16, 2004
InfoWorld: New tool identifies 'phishy' Web sites: August 16, 2004: By : SECURITY
InfoWorld: New tool identifies 'phishy' Web sites: August 16, 2004: By : SECURITY:
"The new product, called Web Caller-ID, can detect Web pages dressed up to look like legitimate e-commerce sites. WholeSecurity is marketing the technology to banks, credit card companies and online retailers as a way to prevent unwitting customers from accessing false sites, to reduce fraud and increase confidence in online commerce, the company said.
Phishing scams are online crimes that use unsolicited commercial, or 'spam,' e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account or credit card number, often under the guise of updating account information.… "
http://www.infoworld.com/article/04/08/16/HNphishywebsites_1.html
"The new product, called Web Caller-ID, can detect Web pages dressed up to look like legitimate e-commerce sites. WholeSecurity is marketing the technology to banks, credit card companies and online retailers as a way to prevent unwitting customers from accessing false sites, to reduce fraud and increase confidence in online commerce, the company said.
Phishing scams are online crimes that use unsolicited commercial, or 'spam,' e-mail to direct Internet users to Web sites controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, Social Security number, bank account or credit card number, often under the guise of updating account information.… "
http://www.infoworld.com/article/04/08/16/HNphishywebsites_1.html
Programs seem to stop working after you install Windows XP Service Pack 2 - 842242
842242 - Some programs seem to stop working after you install Windows XP Service Pack 2:
"After you install Microsoft Windows XP Service Pack 2 (SP2), some programs may seem not to work. By default, Windows Firewall is enabled and blocks unsolicited connections to your computer. This article discusses how to make an exception and enable a program to run by adding it to the list of exceptions. This procedure permits the program to work as it did before the service pack was installed. "
To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and permit someone to connect to your computer.
After you install Windows XP SP2, client applications may not successfully receive data from a server.
Alternatively, server applications that are running on a Windows XP SP2-based computer may not respond to client requests.…
http://support.microsoft.com/default.aspx?kbid=842242
"After you install Microsoft Windows XP Service Pack 2 (SP2), some programs may seem not to work. By default, Windows Firewall is enabled and blocks unsolicited connections to your computer. This article discusses how to make an exception and enable a program to run by adding it to the list of exceptions. This procedure permits the program to work as it did before the service pack was installed. "
To help provide security for your Windows XP SP2-based computer, Windows Firewall blocks unsolicited connections to your computer. However, sometimes you might want to make an exception and permit someone to connect to your computer.
After you install Windows XP SP2, client applications may not successfully receive data from a server.
Alternatively, server applications that are running on a Windows XP SP2-based computer may not respond to client requests.…
http://support.microsoft.com/default.aspx?kbid=842242
Internet's 'white pages' allow data attacks | CNET News.com
Internet's 'white pages' allow data attacks | CNET News.com:
"The same technology that allows Web surfers to locate and connect to computers on the Internet can be used to create covert communications channels, bypass security measures and store distributed content, a security researcher said.
The security hack essentially uses data transferred by domain name service (DNS) servers to hide additional information in the network communications. DNS servers act as the white pages of the Internet, invisibly transforming easy-to-remember domain names--such as www.cnet.com--into the numerical network addresses used by computers. Moreover, corporate security measures, such as firewalls, tend to ignore DNS data because they assume it's harmless, said Dan Kaminsky, a security researcher for telecommunications firm Avaya and a speaker at the Defcon hacking conference here.
'DNS is everywhere--you cannot communicate over the global Internet without knowing where to go,' he said. 'No one notices DNS. No one monitors it.…'"
http://news.com.com/2100-1002_3-5291874.html
"The same technology that allows Web surfers to locate and connect to computers on the Internet can be used to create covert communications channels, bypass security measures and store distributed content, a security researcher said.
The security hack essentially uses data transferred by domain name service (DNS) servers to hide additional information in the network communications. DNS servers act as the white pages of the Internet, invisibly transforming easy-to-remember domain names--such as www.cnet.com--into the numerical network addresses used by computers. Moreover, corporate security measures, such as firewalls, tend to ignore DNS data because they assume it's harmless, said Dan Kaminsky, a security researcher for telecommunications firm Avaya and a speaker at the Defcon hacking conference here.
'DNS is everywhere--you cannot communicate over the global Internet without knowing where to go,' he said. 'No one notices DNS. No one monitors it.…'"
http://news.com.com/2100-1002_3-5291874.html
Subscribe to:
Posts (Atom)
Posts
