Spyware, Viruses, & Security forum

General discussion

NEWS - December 15, 2005

Microsoft security zaps laptop tracer
By Joris Evers, CNET News.com
Published on ZDNet News: December 14, 2005, 5:06 PM PT

As Microsoft takes its first steps into the consumer PC security space, it is discovering that security software can do more than protect systems; it can also cause trouble.

Windows OneCare Live, freely available as a test version since Nov. 29, has been found to disable Absolute Software's Computrace LoJack, an application that functions like a homing device to help recover a laptop after theft.

"The OneCare product detects one of our modules as belonging to another application that it does not like, so it puts in place a defense that it does not need to," Philip Gardner, chief technology officer at Absolute Software in Vancouver, British Columbia, said Tuesday.

more here
http://news.zdnet.com/2100-1009_22-5995763.html?tag=zdnn.alert
Discussion is locked
You are posting a reply to: NEWS - December 15, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 15, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Kazaa owners may face time in jail

In reply to: NEWS - December 15, 2005

By Steven Deare, CNET News.com
Published on ZDNet News: December 14, 2005, 9:50 PM PT

The masterminds behind the Kazaa file-sharing software could face time behind bars after the record industry initiated contempt of court proceedings, claiming an earlier ruling wasn't adhered to.

Record companies allege that Sharman Networks, the owner of Kazaa, didn't comply with an Australian Federal Court order to modify the software to ensure 3,000 keywords would be filtered by Dec. 5.

However, Sharman disagreed since it managed to block Australian users from downloading Kazaa by identifying their Internet Protocol address.

"Contempt proceedings are fairly rare in this court and I've never yet sent anyone to jail," Justice Murray Wilcox said Thursday in the Federal Court in Sydney. "I've threatened to a few times, but there's always a first I suppose."

more here
http://news.zdnet.com/2100-9588_22-5995971.html?tag=zdnn.alert

Collapse -
Adobe moving to monthly security patches

In reply to: NEWS - December 15, 2005

Adobe "has decided to follow Microsoft's lead and begin releasing security patches on a predictable monthly basis". The regular updates will begin "within in the next six months and are expected to cover most, if not all, of Adobe's products". Although "most software companies have not moved to this kind of regular patching cycle" some analysts predict that "it is likely to become an industry standard".

http://www.techworld.com/security/news/index.cfm?NewsID=5010

Collapse -
Roundup: 2005's 'curious malicious code'

In reply to: NEWS - December 15, 2005

Panda Software has released its list of 2005's most 'curious' malwares. The list includes such viruses as Assiral-A, a copycat of 2000's LoveLetter virus. Crowt-A delivered CNN headlines, Elitper-D disrupted 90 applications, including Word and Excel and Zar-A and Downloader-ENC exploited charitable impulses after the Indian Ocean tsunami and Hurricane Katrina. Rona-A kept highly organized logs of its malicious activity, including a timestamp of its installation. The list also includes social engineering attacks and viruses that targeted gaming platforms.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1152377,00.html

Collapse -
From passwords to 'passthoughts'

In reply to: NEWS - December 15, 2005

Julie Thorpe, a researcher at Carleton University in Ottawa, suggests it may be possible to develop technology to recognize 'passthoughts', passwords that users will need to only think to access a computer system. Brainwave patterns vary from person to person, allowing their use as a biometric identifier. Users could also use images or childhood memories as passthoughts. However, such a system requires better MMI (mind-machine interface) and proof that users would be able to generate the same thought on demand. Thorpe's research is primarily focused on developing computer interfaces for the paralyzed.

http://www.smh.com.au/news/breaking/from-passwords-to-passthoughts/2005/12/14/1134500895603.html

Collapse -
DOD wants to authenticate devices

In reply to: NEWS - December 15, 2005

The Department of Defense (DOD) plans to "verify the identities of at least 25 million of its Internet-enabled devices, similar to how it authenticates human users". DOD's Public Key Infrastructure (PKI) Program Management Office hopes to "develop, deploy and operate a PKI system for devices on DOD networks", including laptops, desktop computers, cell phones, modems, routers, servers, firewalls and portable media players. Potential Vendors are invited to respond to the request, and must "identify existing DOD resources for tracking PKI certificates and use existing permissions to pass through DOD firewalls", among other requirements.

http://www.fcw.com/article91725-12-14-05-Web

Collapse -
New Bagle Trojan horse distributed widely via spam email

In reply to: NEWS - December 15, 2005

Experts at SophosLabs have warned users about a new variant of the Bagle Trojan horse which has been spammed out to internet users. Sophos is advising users to ensure their anti-virus protection is up-to-date to protect against attacks.

Sophos has received reports of the Troj/BagleDl-AN Trojan horse being spammed out in emails as a ZIP file attachment containing a malicious file called S3700020.EXE. Some emails have been seen containing the message body "New Year's Day", but the hacker could send the malware out using different email characteristics.

Users opening their email may be at risk from infection if not properly protected. Once it has infected a computer, the Trojan horse attempts to download further malicious code from the internet.

More details in http://www.sophos.com/pressoffice/news/articles/2005/12/bagledlan.html

Collapse -
Mr. LUA Goes to Washington

In reply to: NEWS - December 15, 2005

The gospel according to LUA (least-privileged user account) took center stage at Microsoft Corp.'s Security Summit East here with a pair of Redmond consultants pitching the idea of a well-funded security deployment repository to help developers create applications for non-admin users.

The LUA principle, which promotes the use of accounts with fewer access rights than Administrator accounts, has been largely ignored by end users, but if Aaron Margosis and Shelly Bird have their way, code writers will have a central place to get tools and training to create least-privilege applications.

Despite the fact that LUA is accepted within software security circles as a key to reducing damage from malicious hacker attacks, Margosis said a large percentage of customers still run Windows with full admin rights, making them sitting ducks for malware attacks that rely on "maximum privileges."

http://www.eweek.com/article2/0,1895,1901903,00.asp

Collapse -
Open-source antivirus tech may get commercial help

In reply to: NEWS - December 15, 2005

eEye Digital Security may adopt and improve the open-source Clam AntiVirus technology to add to its intrusion-prevention product.

eEye's Blink intrusion-prevention product includes system- and application-level firewalls and protects computers against phishing, spyware and exploitation of known vulnerabilities. "Antivirus is the only missing piece," Ross Brown, eEye's chief operating officer, said in an interview with CNET News.com.

http://news.com.com/Open-source+antivirus+tech+may+get+commercial+help/2100-1029_3-5992194.html

Collapse -
Microsoft Files 10 Lawsuits to Help Protect Its Partners,

In reply to: NEWS - December 15, 2005

Consumers

Microsoft Corp. today announced that it has filed 10 lawsuits against companies for allegedly pirating software and against people for allegedly selling not-for-resale software to unsuspecting purchasers. The actions, taken amid a technology landscape pocked by the fraudulent activities of those seeking to undermine fair business practices, are designed to help protect Microsoft's partners and consumers from those engaging in the illegal sale of Microsoft software - from counterfeit products to not-for-resale software deceitfully obtained and sold at retail.

Seven lawsuits filed against nine individuals from California, Maryland, New York, Texas and Virginia allege breach of a software agreement by which the individuals obtained a number of Microsoft Action Pack Subscriptions (MAPS). The MAPS Initiative is a program that provides eligible partners with discounted Microsoft software packages for product evaluation and internal use. The MAPS-related lawsuits, the first Microsoft has filed, allege egregious abuse of this program by people who have repeatedly and knowingly broken the terms of the agreement. Some of those named in the suits have allegedly attempted to sell software from their subscriptions to consumers through online auction sites.

http://www.microsoft.com/presspass/press/2005/dec05/12-15MAPSDecPR.mspx

Collapse -
Warning toned down on Perl app flaws

In reply to: NEWS - December 15, 2005

By Joris Evers
Staff Writer, CNET News.com
Published: December 15, 2005, 4:28 PM PST

The Perl Foundation has toned down a warning on a type of vulnerability commonly found in applications written in the Perl programming language.

Two weeks after experts sounded an alarm on so-called "format string flaws" in Perl applications, changes have been made to Perl. These updates ensure that such flaws can't be used as a conduit to run malicious code on target systems, Andy Lester, a spokesman for the Perl Foundation and co-author of the book "Pro Perl Debugging," said on Thursday.

Perl is a popular open-source programming language that's widely used for Web applications, often on servers that run the Linux operating system. Format strings are a way programmers specify how output should be formatted in an application. A flaw occurs when a programmer uses the strings incorrectly.

It was always thought that format string vulnerabilities in Perl applications could lead only to denial-of-service attacks. However, late last month experts cautioned that an attacker could exploit a format string flaw to commandeer a system running a vulnerable Perl application.

more here
http://news.com.com/Warning+toned+down+on+Perl+app+flaws/2100-7349_3-5997378.html?tag=html.alert

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.