Spyware, Viruses, & Security forum

General discussion

NEWS - December 13, 2006

by Marianna Schmudlach / December 13, 2006 12:17 AM PST

Microsoft Posts, Then Pulls Mac Office Update

Microsoft quickly yanked a security and stability patch for Office 2004 for the Mac once it noticed it was accidently made public.

By Gregg Keizer
InformationWeek

Dec 13, 2006 10:53 AM

Microsoft accidentally posted a pre-release update for Office 2004 for the Mac Wednesday, but quickly yanked the security and stability patch once it noticed the mistake.

According to the update description still on the Microsoft Web site, the unspecified fixes were to "vulnerabilities in Office 2004 that an attacker can use to overwrite the contents of your computer's memory with malicious code," as well as a stability patch for PowerPoint and several improvements to Entourage, the suite's e-mail client.

But the posting was actually a screw-up, said Microsoft.

http://www.informationweek.com/story/showArticle.jhtml?articleID=196603812&cid=RSSfeed_IWK_Security

Discussion is locked
You are posting a reply to: NEWS - December 13, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 13, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Wireless growth in Asia leads to security woes
by Marianna Schmudlach / December 13, 2006 12:19 AM PST

Speedy adoption draws warning from Citrix expert
Dan Nystedt




December 13, 2006 (IDG News Service) -- The fast growth in wireless Internet use throughout Asia leaves users vulnerable to data theft over unsecured networks and lost or stolen mobile devices, a security expert warned Tuesday.

Citrix Systems Inc. Chief Security Officer Kurt Roemer said during an interview that trends in Asia suggest increasing vulnerability as time goes on because wireless use is growing much faster than fixed-line use in many countries.

Japan, for example, is a global leader in developing 3G (third-generation) mobile networks and applications, which is increasing demand for smarter phones that can handle more data and computing work -- the kind that increases the likelihood of stolen data.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005978&source=rss_topic17

Collapse -
Rustock Trojan A Model For Future Threats
by Marianna Schmudlach / December 13, 2006 4:36 AM PST

Among Rustock's distinguishing characteristics are its heavy reliance on advanced rootkit technologies to hide from security software and its changeling-like ability to morph itself each time it infects a file.

By Gregg Keizer
InformationWeek

Dec 13, 2006 02:18 PM

The tactics used by a sophisticated threat of 2006 will become staples in exploits during the year to come, a security researcher said Wednesday.

That threat, dubbed "Rustock" by Symantec, is a family of backdoor Trojan horses that first appeared nearly a year ago, says Patrick Martin, a senior product manager with the Cupertino, Calif., company's security response team.

"The techniques that [Rustock] is using will be the baseline for threats in the future," Martin says. "Attackers are looking around to see what techniques are working, then incorporating them. [Things] like this are the threats of the future."

Among Rustock's distinguishing characteristics are its heavy reliance on advanced rootkit technologies to hide from security software and its changeling-like ability to morph itself each time it infects a file.

http://www.informationweek.com/story/showArticle.jhtml?articleID=196603916&cid=RSSfeed_IWK_Security

Collapse -
Virus scanners bypassed by MIME flaw
by Marianna Schmudlach / December 13, 2006 4:39 AM PST

Security News13 December 2006
Virus scanners bypassed by MIME flaw
By Matthew Broersma, Techworld
Some of the most popular anti-virus scanners on the market are open to exploitation according to a security researcher.


Hendrik Weimer, author of Quantenblog, said he had found a way of encoding viruses so they go undetected by most of the scanners he tested.
The exploit involves MIME encoding, which was the subject of serious concern two years ago. Weimer said the trick could be significantly more dangerous than a vulnerability that lets attackers bypass a single virus scanner. "Much rarer are discoveries of new attack classes that are able to blindfold not one but many virus scanners. Here is one," he said in a blog post.
Multipurpose Internet Mail Extensions (MIME) is used to encode emails so that they can be handled by Simple Mail Transport Protocol (SMTP), which is designed to handle text only. Base64 encoding, an encoding method that falls under the MIME standard, uses an alphabet of 64 characters, each representing a previously defined value.

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7560

Collapse -
Patch Craze To Continue In 2007
by Marianna Schmudlach / December 13, 2006 4:40 AM PST

The cycle of vulnerability disclosure-exploit-patch that's accelerated in 2006 will continue next year, security expertrs say.

By Gregg Keizer
InformationWeek

Dec 13, 2006 02:02 PM

Windows users should expect 2006's high patch numbers to grow even larger next year, security experts said Wednesday.

With Microsoft's 2006 total breaking previous records of both the number of security updates issued and the number of critical vulnerabilities patched, it may come as a shock that 2007 will likely meet or beat those figures.

"Although Microsoft is fixing a lot more of its vulnerabilities faster than in the past, we'll see the trend continuing [of more updates]," says Chris Andrew, the VP of security technologies at patch management vendor PatchLink Corp. "Vista will still have security vulnerabilities."

The cycle of vulnerability disclosure-exploit-patch that's accelerated in 2006, adds Andrew, will also continue next year. "With two [Microsoft Word] zero-day threats still active and no patches in sight, December is a preview of what's to come in 2007," Andrew says. And according to a survey released by PatchLink on Wednesday, almost 70% of companies expect foresee an increase in zero-day threats during 2007.

http://www.informationweek.com/story/showArticle.jhtml?articleID=196603893&cid=RSSfeed_IWK_winsecurity

Collapse -
Microsoft Black Tuesday - December 2006 overview
by Marianna Schmudlach / December 13, 2006 4:42 AM PST

Published: 2006-12-13,
Last Updated: 2006-12-13 18:21:39 UTC by Swa Frantzen (Version: 3(click to highlight changes))

Overview of the December 2006 Microsoft patches and their status.

http://isc.sans.org/

Collapse -
Who or What Is 'Rock Phish' and Why Should You Care?
by Marianna Schmudlach / December 13, 2006 5:43 AM PST

Security experts believe that the entity or people behind Rock Phish are the rock stars/innovators of most new evil phishing scams.
Robert McMillan, IDG News Service


SAN FRANCISCO -- The first thing you need to know about Rock Phish is that nobody knows exactly who, or what, they are.

Wikipedia defines the Rock Phish Kit as "a popular tool designed to help nontechnical people create and carry out phishing attacks," but according to security experts, that definition is not correct.

They say that Rock Phish is actually a person, or perhaps a group of people, responsible for as much as one-half of the phishing attacks being carried out these days.

Why should you care? Phishers try to trick Internet users into divulging sensitive information on phony Web pages made up to look like a bank site or an online shopping site. It's a type of attack that is becoming very lucrative. Research firm Gartner estimates that phishers will cost U.S. businesses and consumers a whopping $2.8 billion this year. The average take: $1244 per victim.

http://www.pcworld.com/article/128175-1/article.html?tk=nl_dnxnws

Collapse -
Microsoft and HP, both quiet on details, to announce enterpr
by Marianna Schmudlach / December 13, 2006 5:45 AM PST

Microsoft and HP, both quiet on details, to announce enterprise software partnership next week

Fiona Raisbeck Dec 13 2006 16:57
Microsoft and HP will announce a new partnership in enterprise software at a press conference next Wednesday.


The deal is to be unveiled by Kevin Turner, Microsoft's COO, and Ann Livermore, executive vice president of HP's technology solutions, according to a joint news release.

The two computer giants said they plan to announce an "enterprise agreement", but revealed no further details about the nature of the joint venture.

Other executives expected to attend the conference are Peter Boit, vice president of enterprise partners at the software giant, and John McCain, senior vice present and general manager of the IT company's services group.

http://www.scmagazine.com/us/news/article/609674/microsoft-hp-quiet-details-announce-enterprise-software-partnership-next-week/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.