Details of next week’s Patch Tuesday released
by Isabelle ChaizeMicrosoft's next monthly security update release, due to take place next Tuesday, will include five 'critical' patches. The eight patches to be released will address flaws in Windows' most recently added products, Windows Vista SP1 and Windows Server 2008. One of the 'critical' patches affects every single version of the Windows OS, including Vista SP1 and Server 2008, which were made available to the public only a fortnight ago and five weeks ...
‘Ethical hacking’ taught at training camps
by Isabelle ChaizeA new generation of hackers are being specially trained by companies like InfoSec Institute. They are being taught how to hack into IT systems in order to understand how genuine cyber criminals gain access, and so to better prevent them from infiltrating companies' systems. The InfoSec Institute is a US training organisation based in Illinois, one of nearly 500 such training camps worldwide. Once a potential 'ethical hacker' has completed the course they ...
April 2, 2008
Increasing amount of malware spread by USB
by Isabelle ChaizeOver 10% of all malware is being created with distribution by portable storage devices in mind. Tools such as removable USB drives are being targeted by hackers as a vehicle for attacks. According to security firm ESET, 10.3% of all malware detected by them in March was made up by malicious codes programmed to launch automatically once they are inserted into a machine on a portable disk drive or other removable media. ...
McAfee running S.P.A.M experiment
by Isabelle ChaizeA worldwide experiment to find out the effects of spam on an unprotected computer is underway. The experiment, the first of its kind, is called S.PA.M - an acronym for Spammed Persistently All Month, and is being run by McAfee. It involves 50 participants in global locations who will spend 30 days going about business ranging from simple web-surfing to online shopping and registering for promotions. The participants come from all walks of ...
ICO calls for tougher data breach laws
by Isabelle ChaizeThe Information Commision Officer has emphasised the importance of maintaining a tough stance on data breaches. Richard Thomas, the ICO, expressed his approval for pat of the new Criminal Justice and Immigration bill, currently in the process of being passed by Parliament. Clause 76 of the bill could potentially mean time behind bars for criminals dealing in personal data by buying or selling it illegally. He criticised those who have tried to water ...
April 1, 2008
Malware staying longer in infected sites
by Isabelle ChaizeAccording to the most recent threat report form Scansafe, growing numbers of legitimate sites are unwittingly playing host to malware. What is more, these sites are staying infected for longer, with their operators oblivious to the malware sitting under their noses. This means that some sites are not being purged of malicious codes for as much as two months. According to Mary Landesman, senior security researcher at ScanSafe, new ...
International Space Station breached by hackers
by Isabelle ChaizeHackers have managed to penetrate computer systems, describe by Nasa as ' significant', on board the International Space Station. Nasa were alerted to the problem after the three astronauts onboard reported last night that their email was no longer functioning. It is thought that a Trojan was planted in the computer systems at the Space Centre in Houston, from where they were transferred to the Space Station via satellite uplink. The problem is ...
April Fool’s Day not so funny for Storm victims
by Isabelle ChaizeThis April Fool's Day saw a new offensive launched by the now infamous Storm worm. The attack makes use of greetings cards sent by email to trick users into downloading and launching the Trojan. Users are told, on receipt of a spam message, that they have been sent an online April Fool's Day card. When they cloick on the link in order to open their card, they are redirected to a numeric URL, ...
HP acquires Tower Software
by Isabelle ChaizeHewlett-Packard, the American IT company, have agreed the purchase of Tower Software for an undisclosed sum. Tower is an Australian company focussing on software which helps businesses to keep track of their records, both electronic and on paper. Tower's software will become part of the IT giants compliance portfolio, which assists companies with the administration of their documents and making sure their records comply with data archiving and e-discovery laws. Robin Purohit, vice ...
March 28, 2008
Fix issued for ‘critical’ Firefox flaws
by Isabelle ChaizeMozilla has released an update for its open source browser, Firefox. The fix corrects various security related problems with the browser. There are nine flaws addressed in the update, including two 'critical' flaws. 'Critical' is the highest risk level in Mozilla's threat rating system. One of the two critical vulnerabilities is to do with the way in which Firefox deals with JavaScript code. A specially designed JavaScript code could potentially exploit ...
Google Calendar used to deliver spam
by Isabelle ChaizeAccording to Trend Micro, the Google Calendar tool is being used by spammers to get round spam filters, which is the first time they have seen such a mechanism being used. Trend Micro have been tracking spam in all its different forms over the last 12 months, and have discovered this new method for delivering spam only recently. Google Calendar meeting invitations differ from the average email in that the ...
March 27, 2008
Euro 2008 ticket sales site attacked by hackers
by Isabelle ChaizeA malicious code has been discovered in one of the official websites selling tickets for this summer's European Championship football competition. The site containing the code ranks high in search engine results, and has sponsored links to it from other sites, meaning that the potential target group for the hackers could be huge. Once a hopeful buyer attempts to purchase a ticket from the site, they are at risk from the ...
Hackers break into Facebook
by Isabelle ChaizeHackers recently managed to break through Facebook's security barriers, raising concerns for businesses whose employees use social networking sites. The security lapse allowed open access to private photos, supposed to be visible only to members' friends. The photos belonged to celebrities such as 'it-girl' Paris Hilton, as well as Facbook founder Mark Zuckerburg. With the explosion in the popularity of social networking sites, and a growing number of people accessing them whilst at ...
March 24, 2008
Excel patch updated by Microsoft
by Isabelle ChaizeMicrosoft have admitted that their patch for Excel, released on March 11th, has been causing problems and they have released an update to fix it. Microsoft spokesman Tim Rains said ‘The original version released on 11 March did fully protect against the security issues discussed in the bulletin. ‘However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data ...
Problems with Windows Vista SP1
by Isabelle ChaizeMicrosoft’s recently released service pack, made available only last week, has been causing glitches in PC’s according to bloggers. One blogger, 'SeppDietrich', wrote: "What a disaster. It exiled all my Nvidia drivers to the Bermuda Triangle." Another, ‘Bikkja’, said that the performance of his computer had decreased – ‘After installing SP1 things seem to go really slow, even though my computer shouldn't have any problems’. Microsoft had already anticipated some problems, and ...
March 19, 2008
Facebook tightens privacy controls
by Isabelle ChaizeThe social networking site Facebook plans to add new ways of protecting privacy for users. Whereas now users can choose only whether to make their profile visible to all their friends, everyone on a network, or none, the new features will enable distinctions to be made between different types of relationship. Soon people will be able to choose between showing their profile to friends, family or colleagues. Making a profile visible to ...
Wave of tax-themed spam in US
by Isabelle ChaizeResearchers at Symantec have been noticing new types of spam attacks which capitalise on the approaching US tax deadline. The tax-themed attacks trick users into downloading malware by various methods, one of which is an message sent from an email address which appears to be a genuine Internal Revenue Service (IRS) address. The email contains information about filing taxes, and informs the victim that there is a recently passed law which ...
Japanese man in court over spread of Trojan
by Isabelle ChaizeMasato Nakatsuji, a 24 year old Japanese man, has become the first virus writer to be arrested in Japan. He has admitted in Kyoto District Court that he used copyrighted footage to spread a Trojan which he had created. The code, thought to be the Pirlames Trojan, was created with the aim of deleting media files from infected computers. It was spread during 2007 via the file-sharing system Winny, whose author ...
March 15, 2008
BBC releases fix to protect iPlayer from hackers
by Isabelle ChaizeThe BBC have issued a fix intended to prevent PC users downloading programmes from iPlayer that are exclusively for iPhone and iPod owners. Digital rights management issues prevent the broadcaster from streaming programmes more than a week after they were originally aired. The download service's DRM, however, allows programmes to remain available longer, only expiring after 30 days. A FireFox plug-in discovered by hackers shortly after the launch of the ...
Chairman of Sun speaks out in favour of industry wide security standards
by Isabelle ChaizeScott McNealy, current chairman of Sun Microsystems and one of its founding members, has criticized the lack of industry wide initiatives dealing with security and called for a more professional approach to tackling IT security problems. In an interview with the British Computer Society's member magazine, which will be published next week, he said that businesses needed to think carefully about the issue of security, suggesting that a more standards-based approach ...