3/31/2005

Microsoft Files 117 Suits That Target ‘Phishing’

Filed under: — Aviran Mordo

Microsoft Corp. on Thursday said it was filing 117 lawsuits against unknown Internet site operators it charged were engaged in “phishing” schemes to obtain personal and financial information from unsuspecting consumers.

Often scam artists pose as banks or other legitimate businesses, sending out millions of e-mails or pop-up Web advertisements with requests that the recipient update their account information but instead direct them to fake sites.

The world’s biggest software company said it was filing “John Doe” defendant lawsuits in U.S. District Court in Washington state in an attempt to establish connections between worldwide phishers and discover the largest-volume operators.

Source: Reuters

Microsoft: Windows patch is flawed

Filed under: — Aviran Mordo

Microsoft has acknowledged that a security patch issued in January for its Windows 98 and Windows ME operating systems may cause performance issues for customers who have downloaded the patch.

According to a notice posted Friday in the discussion group section of the company’s TechNet site, Microsoft’s KB891711 update, which was released to address a vulnerability related to cursor and icon format handling, fails to adequately protect users of Windows 98, Windows 98 SE and Windows ME. The patch was included as part of security bulletin MS05-002, one of the software giant’s regular monthly updates.

In the short statement, a company representative stopped short of telling people to uninstall the update, noting that removal of the patch would still leave customers compromised.

Source: News.com

Microsoft releases Windows XP Pro x64 to manufacturing

Filed under: — Aviran Mordo

Microsoft announced late Wednesday that it has sent four 64-bit versions of Windows into mass production. Windows XP Professional x64 as well as the server editions 2003 Standard x64, 2003 Enterprise x64 and 2003 Datacenter x64 are expected to be available in late April.

Better late than never - Microsoft finally has finished work on its first 64-bit client operating system. Windows XP Professional x64 was released together with three server Editions of the software to manufacturing. The development track of the client software is plastered with a series of delays, but Microsoft kept its most recent promise made at the Spring Intel Developer Forum to ship the software in the April timeframe.

Microsoft will officially announce the operating systems at WinHEC 2005, which is held from April 25 to 27 in Seattle. Commercial availability of the client and server packages is indicated as “late April”.

Source: Tom's Hardware

Microsoft Expands Windows Piracy Check

Filed under: — Aviran Mordo

Expanding its measures to combat software piracy, Microsoft will require users who want to download local language add-ons to Windows to first validate their copy of the operating system as legitimate.

Microsoft offers versions of Windows XP in 24 languages at present. It supports an additional 20 languages with free operating system add-ons, called Windows XP Language Interface Packs. The add-ons do not offer complete translations of the Windows XP user interface, but cover many of its common features.

Over the coming months, Microsoft will require users who want to download the add-ons to first authenticate their copy of Windows, blocking access for users of pirated Windows copies, the company says in a statement. The first add-on to be affected will be the Vietnamese language interface pack, which was made available this week and requires validation to download.

Microsoft has been testing the piracy lock, which it calls Windows Genuine Advantage, on its Download Center Web site since September. Over 5 million users have taken part in the test, according to Microsoft.

The Redmond, Washington-based software maker has gradually been expanding the piracy check, beginning with certain international versions of Windows XP. Currently Download Center visitors using Norwegian, Czech, and Simplified Chinese versions of Windows are required to validate their copy of Windows.

Source: PCWorld

90% of Companies Computers are Infected with Spyware

Filed under: — Aviran Mordo

Spyware is one of the most common security risks for corporations. It directly affects user privacy and is one of the main reasons why users call internal technical support centers. Recently, Panda Software updated its free online antivirus scan and repair solution “Panda ActiveScan” to also detect spyware. Since the update the data collected by Panda Software shows that 84 percent of the malware now found installed on computers is spyware. This results appear to be similar to a recent report compiled by the companies Webroot and Earthlink showing that 9 in 10 computers were found to have spyware. This means that 90 percent of computers are affected by this type of malware. What’s more, an average of 25 spyware programs were installed on the computers studied.

“Traditional antivirus solutions do not detect or remove Spyware infestations. Spyware is installed by many different methods and the infection is not usually visible to the user. These factors increase the infection rate for this type of malware,” said Patrick Hinojosa, CTO, Panda Software US.

This type of malware could pose the largest threats to business not only from the risk of user privacy, but also due to the high internal support costs spyware generates while causing instability and performance problems caused in company computers.

Wi-Fi on steroids

Filed under: — Aviran Mordo

USAToday published a very interesting article about an impressive new wireless technology called Mimo (pronounced My-moh) stands for multiple input, multiple output.

Just as performance-enhancing drugs apparently led to more home runs, Mimo in its own (perfectly legitimate) way extends the range of Wi-Fi network base stations while maintaining a speedy connection. Indeed, you can enjoy fast Wi-Fi coverage throughout your home or office, without the “dead spots” you may encounter with your current gear.

Here’s a simplified version of how Mimo works: For about a century, scientists have wanted to mitigate a natural phenomenon known as “multipath.” That’s when transmitted radio signals bounce off barriers and take multiple paths to get to a receiver, resulting in interference. In the mid-1990s, Stanford researchers determined that not only was multipath not the enemy, but that they could actually take advantage of it. So instead of sending out a single stream of data like most base stations, Mimo sends out multiple data streams simultaneously and uses multiple antennas to sort out the signals.

Read the full article @ source.

Source: USAToday

Passport Chip Criticism Grows

Filed under: — Aviran Mordo

usiness travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.

But the U.S. State Department, which plans to start issuing the new passports to citizens later this year, says its critics are overstating the risks. Officials say that the chips will cut down on passport forgery, improve security and speed up border crossings.

The State Department is also adding technical features to prevent the radio-frequency identification devices, or RFID chips, in new passports from being “skimmed” by unauthorized readers, according to Frank Moss, the deputy assistant secretary for passport services at the State Department.

The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture. The chips include enough space so that fingerprints or iris prints can be added later.

Border agents, using special readers, will be able to call up all the passport information included on the chips on a computer screen. They will also use facial-identification software and a digital camera to verify that the person presenting the passport is the person who was issued the passport.

But Bill Scannell, a publicist and freelance civil liberties provocateur, thinks the risk is far greater than the State Department is admitting. On Monday, Scannell launched an internet campaign called RFID Kills to stop the government’s plans.

The site accuses the State Department of putting Americans abroad at risk, saying the chips “turn tourists into targets, and American business travelers will transmit their identities to kidnappers wherever they go.”

Source: Wired

Microsoft RTMs Windows Server 2003 SP1

Filed under: — Aviran Mordo

Microsoft has released to manufacture Windows Server 2003 Service Pack 1 and it is making big claims for the upgrade’s security enhancements and simpler administration.

It is designed to “effectively reduce the attack surface of Windows Server 2003, protect system services with stronger default settings and reduce server privileges”.

Citing security concerns, Microsoft recommends customers start evaluating SP1 as soon as possible, with a view to near-term deployment.

Windows Server 2003 SP1 is ready to download, free of charge, here.

Source: The Register

3/30/2005

Google Adds Stock Quotes To Search Results

Filed under: — Aviran Mordo

Looking for stock quotes? Now the leading search engine, Google gets a direct feed of market data.

In order to get stock quotes, all you need to do it to type the ticker symbol into the search engine, such as GOOG, and Google will present the latest exchange and real-time ECN quote, intraday chart, volume and market cap.

These quotes are also available on Google SMS. Just send a text message to 46645 (’GOOGL’) with the ticker and you’ll quickly see the latest market data.

Cops get cybercrime help from Microsoft

Filed under: — Aviran Mordo

Microsoft is developing analytical tools to help international law enforcement agencies track and fight cybercrime.

Microsoft unveiled the tools development program at the kickoff on Wednesday of three days of technical training for Australian law enforcement agencies. The Forensic Computing and Computer Investigations Workshops are designed to help investigators fight crimes such phishing, online child exploitation and money laundering.

Source: News.com

Phishing attacks ease off

Filed under: — Aviran Mordo

The rate at which identity theft e-mails hit consumers is beginning to slow, a study published on Wednesday suggests.

The Anti-Phishing Working Group found that 13,141 new phishing e-mails were reported to the organization in February, an increase of just 2 percent compared with January results. The number of phishing Web sites supporting these attacks only rose by 1.8 percent–from 2,578 to 2,625–over the same period, the APWG said.

The APWG said that the monthly growth rate of phishing attacks since July 2004 is 26 percent. However, since the group’s results depend on the number of people that report phishing scams to its Web site, the increase in reported scams could simply be a result of growing awareness of the APWG and its actions. It’s not clear why there was such a small rise in reported phishing scams between January and February 2005.

The Wednesday report confirmed that scammers have started using a new practice called pharming, a fraud technique that hijacks authentic domain names and secretly redirects users to fraudulent Web sites.

Source: News.com

Symantec details flaws in its antivirus software

Filed under: — Aviran Mordo

Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications.

In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005.

The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of the Norton AntiVirus consumer product, Symantec said. AutoProtect is used to scan files for viruses, Trojan attacks and worms.

The flaw essentially causes Symantec’s software to crash when it is asked to inspect a file specifically designed to exploit the flaw. The file could be submitted either remotely from outside a system or internally by someone with physical access to a computer, Symantec said.

The second flaw, discovered by the Japan Computer Emergency Response team, can be used to launch denial-of-service attacks by scanning specific file modifications using the SmartScan feature in Norton AntiVirus. Symantec said that any malicious use of that vulnerability would specifically require someone with authorized access to a computer to exploit the issue. SmartScan is designed to scour for viruses hidden in file extensions, as well as in executable and document files.

No attacks related to either problem have been reported so far, according to Symantec. The company also said in its warning that both vulnerabilities are “low impact” threats to its customers.

Source: News.com

Powered by WordPress