General discussion

NEWS - February 17, 2005

Updated MyDoom targets Google--again
By Munir Kotadia, CNET News.com
Published on ZDNet News: February 16, 2005, 10:40 PM PT

Another variant of the MyDoom worm, which spreads by sending copies of itself using its own SMTP engine and harvesting potential e-mail targets from search engines such as Google and Yahoo, was spreading quickly on Thursday.

In August 2004, a MyDoom variant pumped so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines--including Lycos and Altavista--off the Web completely.

Antivirus firm Sophos said the latest MyDoom variant searches an infected computer's hard disk for e-mail addresses and then reverts to an Internet search. Interestingly, the worm tries to search the Internet for e-mail addresses in the infected computer's domain--effectively targeting all users from a specific company or service provider.

more here
http://news.zdnet.com/2100-1009_22-5580111.html?tag=zdnn.alert

Discussion is locked

Follow
Reply to: NEWS - February 17, 2005
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - February 17, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Software firms fault colleges' security education

By Robert Lemos CNET News.com
Published on ZDNet News: February 16, 2005, 8:57 AM PT

SAN FRANCISCO--Software companies are taking colleges to task for not producing computer science graduates who know how to create secure programs.

In a two-hour panel session Tuesday at the Secure Software Forum here, Oracle, Microsoft and other software makers attempted to analyze why flawed software is still overwhelmingly the rule and not the exception in the industry. A major contributor, the companies said, is college students' lack of a good grounding in secure programming.

"Unfortunately, if you are a vendor, you have to train your developers until the universities start doing it," said Mary Ann Davidson, chief security officer at Oracle, who kicked off the panel discussion that, while separate from the ongoing RSA Security Conference, addressed many of the same topics.

more here
http://news.zdnet.com/2100-1009_22-5579014.html?tag=zdnn.alert

- Collapse -
Long fuse for Microsoft's security challenge

By Matt Hines CNET News.com
Published on ZDNet News: February 16, 2005, 12:40 PM PT

As security companies brushed off any immediate threat from Microsoft's plan to give away anti-spyware tools, analysts noted that the software giant could yet become a force in the security market.

On Wednesday, security business leaders responded to Microsoft's announcement of its plan at RSA Conference 2005 by challenging the company's ability to offer technology that rivals existing tools. In that, they echoed Symantec CEO John Thompson, who said on Tuesday that his company's products could "whip" any security software that Microsoft has to offer.

While most acknowledged that Microsoft can quickly ramp up to build useful applications for battling spyware and other pests, the consensus among Microsoft's newest rivals was that the learning process would take years rather than months.

more here
http://news.zdnet.com/2100-1009_22-5579418.html?tag=zdnn.alert

- Collapse -
Time to regulate the software industry?

By Dawn Kawamoto, CNET News.com
Published on ZDNet News: February 16, 2005, 8:20 PM PT

SAN FRANCISCO--A panel of security experts on Wednesday debated the merits of regulating the software industry to curtail software flaws--and hence reduce the volume of virus attacks.

With software flaws serving as the open door to viruses and worms, a panel of industry experts at the RSA Conference here debated whether it's time to regulate software companies. The experts were mixed on the effectiveness of such a plan and whether it could be undertaken without curtailing innovation.

"The issue is not to regulate or not," said Harris Miller, president of the Information Technology Association of America. "Our industry is all about innovation, and my concern with regulation is it's often the enemy of innovation."

more here
http://news.zdnet.com/2100-1009_22-5579963.html?tag=zdnn.alert

- Collapse -
Microsoft fixes potential antipiracy hole

By John Borland, and Stefanie Olsen, CNET News.com
Published on ZDNet News: February 16, 2005, 4:15 PM PT

Microsoft said Tuesday that Japanese hackers had discovered a potential weakness in its copy protection technology but that the software company fixed the flaw before it was widely used.

The Redmond, Wash., giant on Tuesday introduced an update to its Windows Media Player, which included changes aimed at blocking the Japanese hackers' work, as well as a security update.

The copy protection changes mark the first time in nearly four years that Microsoft's digital rights management (DRM) protections have been publicly broken, even if largely in theory. As in an earlier case, the company says it was able to update its software before the flaws advanced much beyond the theoretical stage.

more here
http://news.zdnet.com/2100-1009_22-5579720.html?tag=zdnn.alert

- Collapse -
Microsoft Warns of New Security Threat

System monitoring programs, called rootkits, may pose a serious danger to your PC.

Paul Roberts, IDG News Service
Thursday, February 17, 2005
Microsoft security researchers are warning about a new generation of powerful system monitoring programs, or "rootkits," that are almost impossible to detect using current security products and that could pose a serious risk to corporations and individuals.

The researchers discussed the growing threat posed by kernel root kits at a session at the RSA Security Conference in San Francisco this week. The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.

More: http://www.pcworld.com/news/article/0,aid,119720,tk,dn021705X,00.asp

- Collapse -
IM still a security weak spot, analysts warn

Published: February 17, 2005, 11:50 AM PST
By Munir Kotadia
Special to CNET News.com

The recent flaw plugged by Microsoft in its MSN Messenger software highlights a serious security threat to enterprise security, analysts said.

Last Friday, Microsoft forced its millions of MSN Messenger users to download a new version of the software to plug a security vulnerability.

The software giant put the mandatory upgrade in place after a security company posted information that might help a would-be attacker exploit the vulnerability. Users of the instant-messaging application were greeted with a notice to upgrade before they could view their buddy lists.

Analyst firm Gartner commended Microsoft for acting so quickly to control the problem by locking out vulnerable clients, but it warned that future threats may not be so easily dealt with and that enterprises may have to take the matter into their own hands.

more here
http://news.com.com/IM+still+a+security+weak+spot%2C+analysts+warn/2100-7355-5581019.html?part=dht&tag=ntop&tag=nl.e433

- Collapse -
iDEFENSE Labs Website Launch
- Collapse -
Mozilla Response to IDN Spoofing Attack

CNET Forums

Forum Info