Latest News: updated
October 13, 2004
Microsoft Releases New 'Critical' Patches
By Brian Krebs, washingtonpost.com Staff Writer
Microsoft Corp. today released an unprecedented number of software
security updates to plug flaws in its products, including seven "critical"
defects that it said hackers could use to hijack vulnerable computers
running the Windows operating system.
The free updates, available at Microsoft's
Windows Update Web site, are designed to fix at least 21 new vulnerabilities,
several of which reside on nearly every version of the Windows operating
system and affect hundreds of millions of computers.
Microsoft Issues Patches for 7 Software Flaws
Tue Oct 12, 5:55 PM ET Technology - Reuters
SEATTLE (Reuters) - Microsoft Corp. warned on Tuesday of seven newly
found flaws in its software that could allow an attacker to steal data
and take over a personal computer running the Windows operating system.
The world's largest software maker also issued software patches to
fix the glitches, included in Microsoft's monthly security update, and
urged users to set Windows to download and install them immediately.
Critical Flaws Found in Windows, Office
Tue Oct 12, 4:00 PM ET Technology - PC World
Microsoft this week released ten software security patches for its
products, including seven that it deemed critical and that could allow
remote attackers to take control of systems running the company's software.
The Redmond, Washington, software maker advised customers to download
and install critical patches for a wide range of products as soon as
possible, including its Windows operating system, Exchan
Authenticate Us From Evil
August 11, 2004
Authentication is next step in spam war
With legislation like the Can Spam Act having virtually no impact on
spam, the majority of spam fighters are pinning their hopes on e-mail
authentication. According to InfoWorld,
September will see Yahoo implementing their Domain
Keys solution, while AOL and Microsoft forge ahead with their Sender
ID authentication architecture - a combination of Microsoft's callerid
for e-mail and Sender Policy Framework (SPF).
It's hoped that by confirming the origins of an e-mail and limiting
spoofing, the technologies can have a considerable impact on both spam
and phishing scams.
June 21, 2004
Authentication is next step in spam war
The FTC recently noted that a Do Not Spam Registry won't work until
an e-mail authentication standard is agreed upon. Vint Cerf, co-creator
of the TCP/IP protocol apparently
agrees, noting that working toward an authentication standard is
the best angle from which to approach the war on spammers. The authentication
systems being developed by AOL, Microsoft, and Yahoo all could prove
lucrative. There was a degree of consolidation recently after Microsoft
agreed to integrate (SPF)
Sender Policy Framework into their own solution.
March of the Zombies
June 04, 2004
Trojan spammers grow in number
According to antivirus firm Sophos,
one in three spam messages was sent via an infected spam relay machine.
Sandvine Incorporated, also obviously looking to pitch product, claims
that up to 80%
of spam is sent via such unsuspecting home or business PC's. With
more ingenious worms actually testing available bandwidth to determine
if you're even worthy of infection, the problem is only likely to get
worse - particularly since nearly half of all broadband users still
don't use a firewall. In the end, it's up to the user's ISP to identify
spammers and terminate accounts until the PC is secured. Unfortunately,
the largest culprits (like Comcast) are slow to take action. This week
found one of the more draconian spam blacklists run by SPEWS escalating
Comcast's mail server to a level 1 listing.
E-mail from tribcsp.com Information Services
March 17, 2004
Susbscribers have seen recently e-mail message purportedly from "staff@tribcsp.com"
or "Administrator@tribcsp.com" asking for verification on account
status or activities, and the message had an attachment that needed
to be opened. These e-mail messages do not come from tribcsp.com Internet
Services administration or staff.
These messages are the result of computers infected with W32/Beagle
variants [info] or W32/Netsky variants [info]
worms. Infected PC will generate e-mail messages that "spoofs"
the FROM: address, and contains an attachment that when opened or viewed,
infects your computer, and in turn makes your PC generate e-mail messages
infected with the worm.
As a policy, tribcsp.com Internet Services DOES NOT send
e-mail messages with attachments (unless previously requested). tribcsp.com
Internet Services DOES NOT encourage the use of e-mail
attachments, and only supports the transmission of attachments in e-mail
messages due to subscribers demands.
Information Week's Spyware Special Report
August 09, 2004
This is a pretty good set of articles and links covering the problems
encountered in corporate and enterprise environments. They discuss the
issues, popular tools, culprits and reader recommendations.
quote from article
Call it spyware, malware, or adware--users loathe it, ad networks love
it, Congress has it in its crosshairs. Most importantly, as an IT professional,
you can't ignore it. It slows down your users' systems, impacts your
end users' productivity, and could even degrade performance of your
networks and network applications.
Seeking to get a better handle on the spyware problem, InformationWeek.com
asked readers to rate its impact today in an online poll. Their feedback
was clear--spyware is a growing problem in the enterprise. The results
from 941 responses to this online, nonscientific poll:
** Spyware is not a problem at all, we haven't noticed it, 6%
** It's a minor problem, we've had to clean up a few desktop PCs, 44%
** It's a major problem; we've been forced to clean up many PCs and
institute corporate policies to prevent reoccurrence, 42%
** It's a catastrophic problem; it has caused major IT problems, including
significant downtime or high costs to remove and monitor, 8%
End quote
Article at Information
Week
Spyware Information
March 10, 2004
"Spyware" is any program that collects information about
your computer use and web activity and reports it to a central company.
The related "Adware" is any program used to deliver advertising,
usually in the form of pop-up and on-screen advertisements, regardless
of your normal web activity. These programs are typically installed
without the user's knowledge, and sometimes come bundled with other
programs downloaded from the Internet.
Several high-quality anti-spyware programs are available on a free
basis. Ad-aware, freely available for non-commercial use from Lavasoft,
is one of the most comprehensive and easiest to use. Get Ad-aware only
from the download sites listed at www.lavasoftusa.com
and nowhere else. The free SpywareBlaster program from Javacool
Software provides solid proactive protection and gives good technical
details on its activities. You can find a list of, and downloads for,
other spyware removal tools at c|net's download.com.