By Joris Evers
Staff Writer, CNET News.com
Published: January 4, 2006, 1:36 PM PST
An early version of a security fix for a Windows flaw that is being used as a conduit for cyberattacks was prematurely posted online by a Microsoft employee.
The fix was briefly posted on a security community Web site, Debby Fry Wilson, a director in Microsoft's Security Response Center, said on Wednesday. Copies of the file have since been posted online elsewhere, but Microsoft recommends that customers wait for the final version in its monthly security release on Jan. 10, she said.
"It really was an inadvertent thing that happened," Fry Wilson said. "We have the security update on a fast track...(and) somebody accidentally posted a prerelease version on a community site. It has been taken down, and we don't recommend customers use it--it is not the version that we will be releasing on Tuesday."
more here
http://news.com.com/Microsoft+inadvertently+posts+WMF+patch/2100-1002_3-6018263.html?tag=html.alert
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
NEWS - January 4, 2005
By Tom Espiner, ZDNet (UK)
Published on ZDNet News: January 4, 2006, 11:22 AM PT
The Sober attack expected later this week is unlikely to have much effect on company systems, antivirus experts predicted.
As reported last month, machines that were infected by Sober in November have the potential to download malicious code from certain Web sites and then launch a new wave of viruses on Jan. 5 or 6.
But experts from antivirus companies F-Secure, Websense and MessageLabs all agreed on Wednesday that this Sober attack is unlikely to cause many problems, because systems administrators and antivirus companies have had time to prepare for it.
F-Secure raised the possibility that there might not even be an attack, as Internet service providers could block access to the malicious Web sites.
more here
http://news.zdnet.com/2100-1009_22-6018012.html?tag=zdnn.alert
Discussion is locked
7 Posts
- Collapse
- Collapse -
- Collapse -
By Tom Espiner, CNET News.com
Published on ZDNet News: January 4, 2006, 2:41 PM PT
A site hosting unauthorized protection against the Microsoft WMF flaw has been taken offline after being swamped by users trying to protect themselves from a growing list of threats.
Ilfak Guilfanov's personal Web site was switched off by his hosting provider on Wednesday morning after hordes of Microsoft users scrambled to download his unofficial patch against the Windows Meta File vulnerability, according to antivirus company F-Secure.
The site was temporarily closed as "half the planet tried to download WMFFIX_HEXBLOG.EXE." reported F-Secure in its blog.
At the time of writing, the unofficial patch is again available from Guilfanov's site. It's also available from the Sunbelt Blog.
more here
http://news.zdnet.com/2100-9595_22-6018377.html?tag=zdnn.alert
- Collapse -
By Joris Evers
Staff Writer, CNET News.com
Published: January 3, 2006, 6:00 PM PST
Windows users know that opening a malicious e-mail attachment can wreak havoc on their PC. It appears BlackBerry users have to use caution too.
Opening a malicious image sent via an e-mail on the popular mobile devices could disable a user's capability to view attachments, BlackBerry maker Research In Motion said Tuesday.
The problem occurs because of a software flaw in the BlackBerry Enterprise Server, RIM said in a posting on its customer support Web site. An attacker would have to craft a special TIFF, or Tagged Image File Format, to perform the attack, the company said.
more here
http://news.com.com/BlackBerry+users+face+security+threat/2100-1002_3-6016847.html?tag=fd_nbs_ent&tag=nl.e433
- Collapse -
Reuters
Published on ZDNet News: January 4, 2006, 3:44 PM PT
McAfee, the world's second-largest security software maker, agreed to pay $50 million to settle charges that it overstated revenue and earnings by hundreds of millions of dollars from 1998 through 2000, the U.S. Securities and Exchange Commission said on Wednesday. The SEC said that during that period McAfee inflated its cumulative net revenue by $622 million and, for 1998 alone, the company overstated revenue by $562 million--a misstatement of 131 percent.
more here
http://news.zdnet.com/2110-1009_22-6018475.html?tag=zdnn.alert
- Collapse -
By Gregg Keizer, TechWeb News
Tallies kept by the U.S. government's computer security group show that Linux and Unix operating systems faced nearly three times the number of vulnerabilities in 2005 than did Microsoft's often-maligned Windows.
In the US-CERT (United Stated Computer Emergency Readiness Team) year-end vulnerability summary, Linux/Unix accounted for a whopping 2,328 vulnerabilities, about 45 percent of the 5,198 total.
Windows, on the other hand, sported just 812 vulnerabilities during the year, said US-CERT, or 16 percent of the total.
http://www.techweb.com/wire/security/175801128
- Collapse -
This post is misleading. It suggests that *nix based operating systems are less secure than windows, which is simply not true.
These numbers are not properly processed and misleading because:
1. They compare a few operating systems (Windows is out there in what, five varieties?) to an entire family of operating systems (under *nix based operating systems there are several BSDs, hundreds of Linuxes, Mac OS X, then you have Sun Solaris, etc...). It would be more accurate to compare Mac OS X vulnerabilities (25) to Windows XP vulnerabilities (hundreds). Or, maybe you should compare FreeBSD vulnerabilities to IIS vulnerabilities...
2. Vulnerabilities to *nix based operating systems are better documented than those to Windows, and all vulnerabilities are public knowledge as soon as they are discovered due to its open-source development model. Many vulnerabilities are fixed before an exploit has time to circulate. In Microsoft, only vulnerabilities that have been successfully exploited are public knowledge and thus make their way into this log.
3. Also due to *nix's open source development, vulnerabilities are updated more frequently and therefore more frequently logged.
4. The seriousness of the vulnerability is not documented. Your average *nix vulnerability is not as serious as your average Windows vulnerability.
Basically, you are comparing a barrel of apples to a box of oranges.
There is a reason that most web servers (including cnet's) run on a *nix: (if you want to see my numbers go to http://news.netcraft.com/archives/web_server_survey.html). Professional IT people choose their OSs purely for economic reasons. Given that the total cost of ownership for a corporate *nix based system is higher than a Windows system (according to Microsoft, anyway), the reason must be that it is safer, more secure, more stable...
From an amature level, you do not see Linux forums filled with people trying to deal with hackers and malware...
- Collapse -
By Joris Evers, CNET News.com
Published on ZDNet News: January 4, 2006, 6:00 PM PT
While users wait for a Microsoft fix, many antivirus products will protect PCs against attacks that exploit a recently disclosed Windows flaw, but not all.
According to a test of a range of antivirus products published on Wednesday, Trend Micro was the only major antivirus vendor that failed to catch a number of malicious files that exploit the new Windows vulnerability.
In the test, administered by independent testing organization AV-Test, 206 malicious files were pushed through virus shields from a number of vendors. Of the top three antivirus companies, Symantec and McAfee caught all bad files, while Trend Micro missed 63, according to the test results, which were e-mailed to CNET News.com.
more here
http://news.zdnet.com/2100-1009_22-6018696.html?tag=zdnn.alert
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic