Coming on the heels of a bogus Better Business Bureau e-mail last week, criminal hackers have now unleashed phony IRS e-mails. The new e-mails state that an IRS criminal investigation probe has been opened against the recipient, or that a customer has filed a complaint against a company and has asked the IRS to act as an arbitrator. In both cases, the information is false, but to learn more, the recipient must open the attached file. The attached file contains a Trojan that attempts to download and install a keylogger, which then uploads stolen data from the compromised PC.
The … Read more
Mozilla has released Firefox 184.108.40.206 and Firefox 220.127.116.11 to address six security vulnerabilities. Most users will automatically receive this update and be asked to restart Firefox to install it. This update will probably be the final one for Firefox 1.5. As such, Mozilla provides an easy upgrade path for current 1.5 users to upgrade to 2.0. All Firefox users are urged to install this update, as it addresses the following security issues CVE-2007-2871 (XUL Popup Spoofing); CVE-2007-2870 (XSS using addEventListener); CVE-2007-1362 (Path Abuse in Cookies) CVE-2007-2869 (Persistent Autocomplete Denial of Service) … Read more
As traditional security vendors race to embrace mobile phones as their next platform offering, a few are stepping back and making sure they get it right. Symantec's new suite is designed for home users running Windows Mobile technology on their mobile devices. It includes an antivirus application; a personal firewall; an anti-SMS spam application; data encryption for both the device itself and memory cards; feature control to disable Bluetooth, wireless and syncing when not necessary; and an optional virtual private network (VPN), version 2.6, with network access control that can be set to allow only policy-compliant devices.
The … Read more
Mozilla enjoys a large development community to build add-ons for its Firefox browser. Now it seems all that development might not be a good thing. A security researcher in Indiana has found that the process used to update some of these add-ons automatically appears to be flawed, allowing criminal hackers to intercept the browser's call to the developer to see if there's a new version available. Worse, the most vulnerable add-ons aren't from vendors you've never heard of; they include brand-name sites like Google, Yahoo, Facebook, and LinkedIn.
Extensions for Firefox contain hard-coded Internet addresses for … Read more
Yoggie, an Israeli security vendor, has released USB device called Pico, a Linux-based computer on a stick that provides enterprise-level security on a home laptop or desktop PC. Corporate desktops and laptops reside behind an IT department with dedicated servers blocking inbound malicious content. As home software-based security suites attempt to match these blocking features, they sometimes tax the computer's CPUs--and the end-user's patience. Instead, the Yoggie device handles all the heavy lifting of Internet blocking and security within the USB device itself, liberating desktop or laptop resources ordinarily dedicated for antivirus and antispyware software for other use. … Read more
Today, Apple released a security update for Quicktime 7.1.6, further removing a vulnerability first used by a security researcher in April to win $10,000 and a new Macbook in the "PWN 2 0WN" contest at CanSecWest 2007. This security update complements an earlier bug patch for Quicktime 7.1.6 released by Apple on May 1, 2007. The 1.1Mb Windows Quicktime 7.1.6 update affects users of Windows 2000 SP4, and Windows XP SP2. The 1.4 Mb Mac Quicktime 7.1.6 update affects users of Mac OS X v10.3.9 … Read more
Google's purchase of GreenBorder Technologies--a browser virtualization software company that creates a sandboxed environment for your existing Firefox or Internet Explorer browse--follows on the heels of Google announcing a blog from its nascent antimalware team. With rumors of a possible forthcoming antivirus acquisition, the Mountain View search giant has jumped into the Internet security business feet first.
Nerves must be raw at traditional security vendors Symantec and McAfee. Last year Microsoft announced its own security suite, Microsoft Windows Live Onecare, and proceeded to capture a lion's share of sales in the Internet security suite space. Now Google … Read more
The acquisition, according to a posting Monday on the Google Operating System blog, should provide the Internet giant with a Web "sandbox" for its users. Basically users could enter the sandbox, search and interact with various Web sites, and leave any viruses they encounter back in the sandbox when they exit.
As it turns out, a couple weeks back GreenBorder customers had been wondering the company's discussion board if something was afoot.
On its Web site, the security software developer noted it would discontinue sales of its GreenBorder Pro products, … Read more
Although China's government has been mired in human rights problems for years, the bureaucrats do know a thing about customer service.
Communist party members have to undergo the "360" review process for promotions, the peer-review system that helps determine promotions at companies like Intel. (The party picked it up from U.S. corporations, Jian Daning, director of the Shanghai Waigaoqiao Free Trade Zone, told us a few years ago).
Want to open a company here? The system for tax breaks for exporters is well mapped-out, and there are several regions offering deals on land in industrial parks. … Read more