Thursday, November 04, 2004

Apple disables iTunes plug-in | Tech News on ZDNet

Apple disables iTunes plug-in Tech News on ZDNet:
"With the latest version of iTunes, Apple Computer has disabled an add-on program that let people transfer songs off of their iPod. "

Apple introduced iTunes 4.7 last week, announcing new features such as support for the iPod Photo and the ability to find and delete duplicate tracks in a music library. But this week, Apple confirmed that version 4.7 does break compatibility with iPodDownload. The iTunes plug-in is designed to enable iPod owners to copy songs from the music player to an iTunes library, a feature that Apple has not supported.

Apple has in the past used new versions of iTunes to disable support for third-party software that adds unintended file-sharing abilities to the popular jukebox software. The company has also been pushing users to continue moving to more current versions of iTunes.

An Apple representative did not say why the company had disabled support for iPodDownload. The program's creator had already stopped distributing the software after Apple's lawyers contacted the company that housed its Web hosting.

"After Apple threatened my Web-hosting company, and my site was shut down for more than one hour, I had to withdraw the plug-in," Sylvain Demongeot said on the iPodDownload Web site. Demongeot did not return an e-mail.

http://news.zdnet.com/2100-1040_22-5436447.html


IE exploit is top of the hacks | Tech News on ZDNet

IE exploit is top of the hacks Tech News on ZDNet:
"A Microsoft Internet Explorer exploit represented the highest number of hacking attacks in the second quarter, according to figures from ScanSafe. "

The London-based security company said that the No. 1 hack was Exploit.HTML.Mht, which attempts to download and install a malicious program on a computer by using a security breach in Microsoft's IE browser software. The exploit was used to target almost twice as many organizations as other exploits, ScanSafe said.

"One of the things we've been surprised at is the growth rate of threats," said Roy Tuvey, director of ScanSafe. "There's been a 15 percent rise every quarter, and the threat is really rising. The first thing exploited are browser vulnerabilities."

Twenty-one percent of virus attacks occurred on Wednesdays and 6 percent at the weekend, ScanSafe found. The managed Web security company said the reason was that most viruses were launched at weekends and spread during the week.

http://news.zdnet.com/2100-1009_22-5436186.html


Monday, November 01, 2004

Flaws found in non-Microsoft Windows media players

Flaws found in non-Microsoft Windows media players:
Microsoft Windows users need to watch out for several flaws in non-Microsoft media players, security experts said.

Apple Computer and RealNetworks have both issued fixes for their Windows software to patch serious security vulnerabilities. Apple released Quicktime 6.5.2 on Wednesday to plug two holes in its Windows media player. On Tuesday RealNetworks advised users of its RealPlayer 10, RealPlayer 10.5 and RealOne Player software to use the "Check for Updates" feature to download the latest patch.

One of the flaws in Apple's Quicktime player affects Mac OS X users as well, but the company patched the problems at the end of September.

http://news.zdnet.com/2100-1009_22-5430912.html?tag=adnews


Reheated Bagle smokes out antivirus defenses

Reheated Bagle smokes out antivirus defenses:
A new version of the fast-spreading Bagle mass-mailing worm was discovered Friday, with its threat level quickly rising to a moderate level, according to security experts.

Bagle.BB, also known as W32/Bagle.bb@MM, was raised to a medium risk assessment by security company McAfee. The virus had triggered more than 100 reports to McAfee's antivirus and vulnerability emergency response team by early morning in Europe. Antivirus software makers have also identified two other variants of the Bagle virus that are successfully spreading.

Other security experts noted that there are specific challenges with the latest variant of Bagle.

"This version tries to block the Netsky virus on users' machines, which seems like retaliation on Netsky," said Stefana Ribaudo, a security management product manager for Computer Associates International. The authors of the Bagle and Netsky variants have taken to taunting each other in the worms' software code.

Ribaudo added that the Bagle virus, which is also known as Bagel AX and W32.Beagle.AV, tries to disable antivirus software loaded on people's computers.

Increasingly, computer viruses are serving as a tool to surreptitiously use another person's computer to send out spam or collect personal financial information.

Security experts note that the profit that can be made from these activities is driving the rapid rise in virus and hacker attacks.”

The most recent version of the Bagle virus is another in a long list of variants of the virus, which began infecting computers in January.

BitDefender Labs noted that the new Bagel variant creates copies of itself in varying lengths, in a move to make it harder to filter out of e-mails using antivirus software.

Bagle.BB harvests addresses from local files and then uses those addresses in the "from" field to send itself, according to McAfee.

As a result, the recipient of Bagle.BB receives a bogus e-mail with a spoofed sender address, which, for example, may appear to come from a legitimate friend, business associate or family member.

http://news.zdnet.com/2100-1009_22-5432334.html?tag=adnews