IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« December 2006 | Main | February 2007 »

Unpatched Word 2000 flaw

Hackers are reported to already be using an unpatched flaw in Word 2000. The bug allows remote control of systems. Although there is no patch yet, keeping your AV software up to date should stop infected files getting through.

January 30, 2007 | Permalink | Comments (0) | TrackBack

Debian warns on Mozilla bugs

Over the weekend, Debian issued an advisory on several bugs affecting Mozilla and Firefox. Most of them allow denial of service and in some cases remote execution of code. Haven't seen anything from the other distros or even Mozilla yet.

More here.

January 28, 2007 | Permalink | Comments (0) | TrackBack

Who wants to be a millionaire?

If you receive an email telling  you you've won £80k in a lottery organised by the "Who wants to be a millionaire?" people, it's probably too good to be true.

There's a scam email going around with a "call this number to receive your prize" type line. This is not a phone a friend, this is a phone a scammer.

January 28, 2007 | Permalink | Comments (0) | TrackBack

Topical viruses

The Dorf family of malware which cropped up during the storms recently has reappeared under the disguise of a valentine card.

Be careful or you might catch something nasty.

January 25, 2007 | Permalink | Comments (0) | TrackBack

Pirates ahoy!

Microsoft has revealed stats from its Windows Genuine Advantage (WGA) programme and they're not pretty. Out of 500 million that have validated their copies of Windows, 100 million failed the check.

Those who have genuinely been duped can shop their dealer in exchange for a valid copy of the OS. But I wonder how many were false positives?

January 24, 2007 | Permalink | Comments (0) | TrackBack

The US spam kings

Sophos has outed the US as the nation that relayed the most spam worldwide in 2006. Maybe no surprises there but it was kind of nice to see the UK way down in 19th place. Apparently too many US sites still have weak security.

January 22, 2007 | Permalink | Comments (0) | TrackBack

Storm warning

As if having the roof blown of your house wasn't enough to worry about, now some canny crooks are capitalising on the bad weather. Emails appearing to be storm warning documents are actually packing some nasty trojans. Pretty fast work from the baddies this time round.

Back to putting up those fences....

January 21, 2007 | Permalink | Comments (0) | TrackBack

Don't steal wifi in Singapore

This guy has been given an 18 month suspended sentence for hijacking his neighbours wifi. He faces a possible sentence of up to three years and fine of 10,000 Singapore dollars (£3,300) if he reoffends.

January 18, 2007 | Permalink | Comments (1) | TrackBack

HD-DVD torrents appear

Not long after a video showing how to circumvent HD-DVD copy protection was posted on YouTube, the first HD-DVD rips have appeared on torrent sites.

A number of films includig Serenity,  Batman Begins, The Chronicles of Riddick, Pitch Black, The Mummy, Superman Returns and Miami Vice have appeared with .evo file sizes ranging around the 20-25GB mark.

January 17, 2007 | Permalink | Comments (0) | TrackBack

Oracle's 52 security patches

Taking a leaf out of Microsoft's book - in more ways that one - Oracle has started pre-announcing patches. The most recent one covers 52 security updates.

Ouch. Check it out here.

January 16, 2007 | Permalink | Comments (0) | TrackBack

Hitman scam takes spam to new level

This has surely got to be one of the most disturbing examples of spam ever. The message comes from a supposed hitman who claims he will terminate his contract unless he is paid $80,000. If you don't pay up, he will kill you.

In one way its very far fetched, but people have fallen for plenty of other scams.

January 11, 2007 | Permalink | Comments (0) | TrackBack

Is somebody's botnet broken?

Softscan reckons that a sudden drop in spam activity is the result of a bot herder losing control of some of his bot network.

Spam levels have apparently dropped 30 per cent in the past week. Let's hope he doesn't regain control.

January 10, 2007 | Permalink | Comments (0) | TrackBack

Chip & pin tetris

We all know the Chip & Pin system is supposed to be tamper-proof right? Well all that means is that the kit doesn't work if it's removed from its installation. But what if someone places a whole fake terminal somewhere? Potentially you could bag a load of card details and Pins.

Or play tetris...

January 8, 2007 | Permalink | Comments (0) | TrackBack