Microsoft to Make MSN Messenger Fixes Mandatory

Filed under: — Aviran Mordo

Microsoft Corp. on Friday lashed out at two security research firms for publishing proof-of-concept exploit code for MSN Messenger hours after Microsoft released security patches for the product.

In one instance, the software giant said malicious hackers have modified the proof-of-concept code into an exploit that puts millions of users at risk of code execution attacks that require no user interaction.

Moving swiftly to blunt an attack, Microsoft has decided to push out patched versions of MSN Messenger as a mandatory update. As of Thursday evening, users of the popular instant messaging client must update to MSN Messenger version 6.2.0205 or the MSN Messenger 7.0 beta before they are allowed to log on.

“When the vulnerability was announced this week we initially introduced an optional upgrade and had plans to make the upgrade mandatory,” a Microsoft spokesperson said. “But when we learned that detailed exploit code had been published on the Internet we felt the need to take decisive action.”

According to the exploit code seen by eWEEK.com, an attacker need only load a malicious PNG (Portable Network Graphics) file as a buddy icon to launch an attack against every MSN Messenger user on a buddy list.

Microsoft late Thursday released a security advisory to warn customers of the risk. The company also provided step-by-step instructions in a separate notice for both consumer and enterprise MSN Messenger users.

Source: eWeek

MPAA gets LokiTorrent Server Logs

Filed under: — Aviran Mordo

A Dallas federal court has ordered file-swapping site LokiTorrent.com to shut down and provide Hollywood lawyers with access to its full server logs, including data that could expose hundreds of thousands of people to copyright lawsuits.

The Motion Picture Association of America said Thursday that it had won a quick court victory against LokiTorrent, and was launching a new round of actions against other online piracy hubs. The data provided by the onetime file-swapping hub would provide “a roadmap to others who have used LokiTorrent to engage in illegal activities,” the trade group said.

MPAA Warning

Hard numbers on the site’s traffic are hard to come by. However, according to researchers at the Delft University of Technology, LokiTorrent was responsible for more than 800,000 downloads in the month of October alone.

MPAA executives said the information could “quite possibly” lead to lawsuits against individuals.

“This should give us information about LokiTorrent visitors who were involved in flagrant piracy of filmed entertainment,” said John Malcom, director of worldwide piracy operations for the MPAA. “We are going to look at all the information…and decide what the appropriate action is to take.”

Source: News.com

House approves electronic ID cards

Filed under: — Aviran Mordo

he U.S. House of Representatives approved on Thursday a sweeping set of rules aimed at forcing states to issue all adults federally approved electronic ID cards, including driver’s licenses.

Under the rules, federal employees would reject licenses or identity cards that don’t comply, which could curb Americans’ access to airplanes, trains, national parks, federal courthouses and other areas controlled by the federal government. The bill was approved by a 261-161 vote.

The measure, called the Real ID Act, says that driver’s licenses and other ID cards must include a digital photograph, anticounterfeiting features and undefined “machine-readable technology, with defined minimum data elements” that could include a magnetic strip or RFID tag. The Department of Homeland Security would be charged with drafting the details of the regulation.

Republican politicians argued that the new rules were necessary to thwart terrorists, saying that four of the Sept. 11, 2001, hijackers possessed valid state-issued driver’s licenses. “When I get on an airplane and someone shows ID, I’d like to be sure they are who they say they are,” said Rep. Tom Davis, a Virginia Republican, during a floor debate that started Wednesday.

States would be required to demand proof of the person’s Social Security number and confirm that number with the Social Security Administration. They would also have to scan in documents showing the person’s date of birth and immigration status, and create a massive store “so that the (scanned) images can be retained in electronic storage in a transferable format” permanently.

Another portion of the bill says that states would be required to link their DMV databases if they wished to receive federal funds. Among the information that must be shared: All data fields printed on drivers’ licenses and identification cards, and complete drivers’ histories, including motor vehicle violations, suspensions and points on licenses.

Source: News.com

Powered by WordPress