News: More Hacking Woes

By | November 24, 2011
 These days the Internet reads like a bad movie script. Reuters reports that security holes in Microsoft’s Internet Explorer browser have been exploited by hackers to hijack AOL instant messaging accounts and force unsuspecting Web surfers to run up massive phone bills. Some Internet Explorer users are also finding that malicious Web sites are secretly slipping trojan programs onto their computers, according to eEye Digital Security, which discovered the original security vulnerability. Such stealth programs can include keystroke loggers that record everything a person types or software to erase the hard drive, among other things.
 
The attacks are accomplished by leading Internet Explorer users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging. When the Web site appears, it downloads code that can execute commands on its own onto the unsuspecting computer user’s machine, according to Copley. An attacker has written a program that uses a security hole in Internet Explorer to hijack an already running AOL Instant Messenger account, changes the password and send a message to the buddies list with a link to the malicious Web page, according to postings on the Bugtraq security e-mail list.

Software: More Spam Options

By | November 24, 2011
 Matterform Media, who make anti-spam software for the Mac, have said that October 1 their Spamfire will be available for Windows. Matterform Media’s Spamfire for Windows is available at a suggested retail price of $39.95, which includes one year of automatic filter updates at no additional charge, and is available for immediate download from the company’s website, www.matterform.com.
Matterform also sell something called SpamVaccine, which converts email addresses on your website to something that the spammers’ little robots can’t recognise, and therefore harvest. (This is how spammers get most of their email addresses.) No mention is made of whether that will be available for Windows.

News: Segway Takes A Tumble

By | November 24, 2011
 A blow for Segway, the Human Transporter scooter stand-up thingy, which is being recalled after it was found that riders might fall from the device as the batteries are drained of power. The recall, ITWorld reports, affects about 6,000 two-wheeled units sold between March 2002 and September 2003. The Manchester, New Hampshire, company has received three reports of incidents related to this problem, including one person who endured a head injury requiring stitches after falling off , the CPSC said.
 
 

News: Worming Its Way Into Korea

By | November 24, 2011
 Warning of a new computer worm, this time from South Korea. Yonhap reports Friday that W32/Smess.worm, BadTrans, appears attached to an instant message in MSN’s instant messenger service. The worm is a mutant version of another worm called Sinmsn, which was detected last July.
 
MSN’s messenger service, which gives pairs or groups of users the capability to send instantaneous text messages to each other via the Internet, is one of the most popular communication tools in South Korea, where more than 10 million customers are connected to the broadband Internet.

Update: One Of Microsoft Security Report Authors Fired

By | November 24, 2011
 One of the authors of the security paper (PDF file) that said Microsoft was a threat to national security has been fired, according to CNET. Cambridge, Mass-based @Stake, where Dan Geer worked as chief technical officer, said in a statement Thursday that the researcher had not gotten his employers’ approval for the study’s release, and that he was no longer associated with the company. Although independently financed and researched, the study was distributed by the Computer and Communications Industry Association (CCIA), a Washington-based trade association largely made up of Microsoft’s rivals.
 
A Microsoft spokesman said the software maker had not pressured @Stake to make any decision on Geer’s status. Bruce
Schneier, a security expert and co-author of the report, saw things differently, according to CNET. He said the idea for the report had come from Geer and the other researchers, not from the CCIA or other Microsoft rivals. The group had found it hard to find other researchers to sign on to the idea, even if those approached agreed with the study’s premises, he said. “When we were conceiving and writing the report, a surprising number of researchers said ‘No,’ because of the fear of Microsoft,” Schneier said. “Dan was not talking for @Stake. We were speaking as researchers. The fact that @Stake couldn’t get around that shows the pressure that Microsoft brings to bear.”