IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« January 2006 | Main | April 2006 »

How much help does Microsoft need?

I mean...even security firms are making their own patches to help those Internet Explorer users out of a sticky situation.

So eEye creates a temporary patch to sort the 'createTextRange' call on a radio button problem, but all Microsoft can offer is a "maybe we'll release an out of cycle patch." C'mon guys.

March 28, 2006 | Permalink | Comments (0) | TrackBack

The industry of espionage

Well, this is something that seems to be cropping up more and more. Security companies are claiming that cyber crooks are actually hiring hackers to build them rootkits or other espionage tools - like this couple who apparently made a business out of building worms and selling them to private dicks. Not nice.

March 28, 2006 | Permalink | Comments (0) | TrackBack

Bot army fingered in bank heist

Apparently a sizeable army of bots has been gathering for the past month or so, preparing to hijack bank details in the UK, Spain and Germany.

The MetaFisher trojan has been called one of the most sophisticated trojans to date and is thought to have infected in the region of 1 million PCs.

Fortunately, this beast exploits the Windows Metafile vulnerability that has been known about for some time now, so make sure your patches are up to date.

March 23, 2006 | Permalink | Comments (0) | TrackBack

Sendmail slammed by security bug

Well, here's one Windows admins can probably feel smug about. Apparently, a serious bug exists in all Linux and Unix-based versions of Sendmail 8 up to version 8.13.5, but not Microsoft Windows flavours of the program. ISS' superbly named X-Force discovered the flaw, which allows a sneaky attacker to exploit the Sendmail SMTP server and take over an affected machine.

Worry not though, for patches are already available.

March 23, 2006 | Permalink | Comments (0) | TrackBack

Phishers need to change their bait

Well here's some heart warming news for a Saturday. Online bankers are catching onto the ridiculously high number of security scams out there. Nearly four out of five online banking customers now ignore emails that purport to be from their bank, and a vast majority would like to have their account monitored for unusual activity. Good call I say, personally I ignore all information from my bank as it's usually along the lines of - "Sir, we think there's been some unusual activity with your bank account - it's empty..." "No, no, that was me. I spent it all on Guiness yesterday..."

March 18, 2006 | Permalink | Comments (0) | TrackBack

What is it with wi-fi security?

Despite a significant number of well published flaws and, more significantly, well published levels of ignorance surrounding the secure configuration of wi-fi networks, a majority of wi-fi networks still lack adequate protection.

And even more worrying, is the number of wi-fi security gaffes at this year's CeBIT. You'd have thought that participants in the king of techie conferences would have a clue about security, wouldn't you?

March 18, 2006 | Permalink | Comments (0) | TrackBack