Spyware, Viruses, & Security forum

General discussion

NEWS - January 9, 2007

UPDATE - Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

Last Updated: 2007-01-09 02:29:36 UTC
by Adrien de Beaupre (Version: 1)
As reported on full-disclosure, MS Internet Explorer is vulnerable to a race condition. The PoC is a Denial of Service, it causes IE 6 to stop responding when tested, other versions are also likely vulnerable. Likely more to report on this flaw in the AM. The author reports that it is possible this issue could lead to remote compromise.


Discussion is locked
You are posting a reply to: NEWS - January 9, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 9, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
For Windows Vista Security, Microsoft Called in Pros

In reply to: NEWS - January 9, 2007

When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency.

For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft's new operating system -- the brains of a computer -- to protect it from worms, Trojan horses and other insidious computer attackers.

More at http://www.washingtonpost.com/wp-dyn/content/article/2007/01/08/AR2007010801352.html

Collapse -
(NT) & To Be Sure Their Backdoor Is Still Fully Functional (LOL?)

In reply to: For Windows Vista Security, Microsoft Called in Pros

Collapse -
Dangers of unprotected Wi-Fi prompt new security laws

In reply to: NEWS - January 9, 2007

Collapse -
F-Secure check's preloaded vulnerability in Acer notebook

In reply to: NEWS - January 9, 2007

F-secure analyse the preloaded applications in Acer Notebook. LunchApp.ocx is preloaded in Acer notebook is something to concern about:

"The library, named LunchApp.ocx, is probably supposed to help with browsing the vendor's website, enable easy updates and such – it turns out… it also makes all those machines vulnerable to a specially crafted html file that could instantly download malicious file(s) onto the user's machine and then execute them. It gets even better… Acer enabled "safe for scripting" on that ActiveX library so you wouldn't even see when it's used.

It would be nice if Acer (and other vendors) thought twice before providing a "feature" like this in the future."

See http://www.f-secure.com/weblog/archives/archive-012007.html#00001073
See also http://isc.sans.org/diary.html?storyid=2025

Collapse -
UK chip and PIN payment system faces new threat

In reply to: NEWS - January 9, 2007

New research from Cambridge has put a major doubt over the robustness of chip and PIN terminals against tampering. The method involves reprogramming a handheld payment terminal, making it possible to record private payment details that are keyed in by the user during the payment operation. According to researchers at Cambridge University, who have sounded the alarm bells, their idea could be easily replicated and criminals could substitute "fake" payment terminals without shoppers suspecting anything.

APACS, Britain's payment clearing organisation, has already acknowledged the seriousness of the problem and admitted it is in talks with payment terminal manufacturers to see what can be done to protect users.

Complete article at http://www.viruslist.com/en/news?id=208274020

Collapse -
Experts: Vendors need to reach DRM consensus

In reply to: NEWS - January 9, 2007

Time for a showdown

Elizabeth Montalbano
January 09, 2007 (IDG News Service) -- It's time for a DRM showdown, according to experts and industry executives.

The debate over digital rights management (DRM) is as contentious today as it was five years ago. But industry experts on a panel at the International Consumer Electronics Show (CES) Monday said there will have to be some industry consensus soon over digital content protection as the purchase of digital multimedia files become more pervasive among the average consumer.

Pundits on various sides of the debate weighed in on where the future of DRM is headed, agreeing that the issue that has plagued music downloads will get even more complicated now that digital downloads have moved beyond music to television and films, both of which have their own set of complexities.

Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007560&source=rss_topic17

Collapse -
Sophos seeks to stand between harmful sites, surfers

In reply to: NEWS - January 9, 2007

Hardware appliance handles bans, malware infectors

Jeremy Kirk
January 09, 2007 (IDG News Service) -- Sophos PLC has released a Web filtering appliance for business users, one of several vendors adding the technology to their security product line-up.

The WS1000 appliance, which sits at the gateway, is designed to stop users from infecting their computers with harmful programs as a result of Web surfing, said Graham Cluley, senior technology consultant for Sophos, on Tuesday.

Web filtering software and appliances are a growing area for security vendors, as they offer the advantage of stopping malicious code and executables before they reach the desktop. They aren't a replacement for desktop antivirus software, however, as users can still infect their machines by clicking on, for example, a link in an instant message or an email.

Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007558&source=rss_topic17

Collapse -
Spam shows sudden slide

In reply to: NEWS - January 9, 2007

By Matthew Broersma, Techworld
Worldwide spam levels have mysteriously dropped off over the past week, according to managed email provider SoftScan, possibly as a result of a major botnet going out of service.

Spam levels continued to rise in December, but crashed by 30 percent in the first week of January, SoftScan said on Tuesday. The company has seen nothing similar in the past, but believes the most likely explanation is that a botnet - a network of compromised machines - has temporarily lost control of its client systems.
The results are based on SoftScan's analysis of the email systems it scans for about half a million users, mostly international businesses, according to chief technology officer Diego d'Ambra.

Read more: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=7735

Collapse -
Mozilla To Update Firefox Feb. 1 With Vista Patches

In reply to: NEWS - January 9, 2007

About 100 bugs have already been spotted and quashed, but about 60 remain unpatched.

By Gregg Keizer

Jan 9, 2007 12:59 PM

Mozilla developers plan to update Firefox on Feb. 1 with bug fixes to make the browser work better under Microsoft's new Windows Vista operating system, which will have been rolled out to consumers two days earlier.

According to notes from the weekly status meeting held Monday, the first of next month is the tentative release date for Firefox and, the next security updates to the two versions that Mozilla is supporting. About 100 bugs have already been spotted and quashed, but about 60 remain unpatched, the notes said. Special attention will be paid to bugs involving Windows Vista in the hope that most or all can be fixed before Vista releases to retail.

Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196802279&cid=RSSfeed_IWK_Security

Collapse -
Microsoft Turned To National Security Agency For Vista Secur

In reply to: NEWS - January 9, 2007

Microsoft Turned To National Security Agency For Vista Security Help

The NSA detailed a team to work with Microsoft on the new operating system, which is expected to be used by hundreds of millions of computer users.

By W. David Gardner

Jan 9, 2007 11:25 AM

Microsoft has confirmed and elaborated on the role the National Security Agency played in helping secure the firm's Vista operating system, according to a report in Tuesday's Washington Post.

The eavesdropping and code-breaking agency has some of the best cryptographers in the world, and the NSA detailed a team to work with Microsoft on the new operating system, which is expected to be used eventually by hundreds of millions of computer users.

The relationship isn't exactly top secret: The newspaper noted that Microsoft's Web pages take note of the NSA's involvement in the "Windows Vista Security Guide."

Read more: http://www.informationweek.com/story/showArticle.jhtml?articleID=196802240&cid=RSSfeed_IWK_Security

Collapse -
Five predictions for instant messaging security in 2007

In reply to: NEWS - January 9, 2007

Ericka Chickowski Jan 9 2007 19:07
Organizations will face a number of factors in 2007 that will force them to address their instant messaging (IM) security and compliance practices, predicted messaging security firm Akonix last week.

Akonix predicted five major drivers that will spur companies to quit ignoring IM management and security as the technology continues to spread in the workplace. According to a recent paper by the Radicati Group, IM use at work will grow at a 22-percent clip over the next five years.

"The underlying principle is that the use of IM in a corporate setting is on the rise - both formally and informally," Peter Shaw, CEO of Akonix, told SCMagazine.com. "Companies need to make sure that they understand that IM is a piece of their landscape and they need to put the proper safeguards in place so they can stay in compliance. We think it will percolate up beyond the IT people to the people responsible for corporate governance because there is more scrutiny on senior level management."

Read more: http://www.scmagazine.com/us/news/article/625181/five-predictions-instant-messaging-security-2007/

Collapse -
New Office for Mac Coming

In reply to: NEWS - January 9, 2007

Microsoft announces Office for the Mac 2008 and converters to make the current version compatible with Office 2007's XML formats.
Yardena Arar, PC World
Tuesday, January 09, 2007

Office for Mac users who've been wondering about a new version--and Office 2007 compatibility--got some answers today as Microsoft said it will ship Office for Mac 2008 by year's end.

At MacWorld in San Francisco, officials of Microsoft's Macintosh Business Unit also announced plans for spring delivery of beta versions of converters that will allow the current version of the popular suite, Office for Mac 2004, to open, edit, and save files in Office 2007's new default XML formats for Word, PowerPoint, and Excel. The final converters will appear six to eight weeks after Office for Mac 2008 ships, Microsoft says.

Read more: http://www.pcworld.com/article/128461-1/article.html?tk=nl_dnxnws

Collapse -
NSA offers Vista installation tips

In reply to: NEWS - January 9, 2007

Microsoft got input from the National Security Agency for a document with tips on how to use the Windows Vista operating system in larger organizations.

The National Security Agency Information Assurance Directorate reviewed the Windows Vista Security Guide and provided comments that were incorporated in the published version, according to Microsoft. The U.S. Department of Commerce's National Institute of Standards and Technology, NIST, had a similar role, Microsoft said.

"Feedback from these agencies as well as enterprise customers informed Microsoft's development of a security configuration guide to aid governments and other large organizations in deploying and configuring Windows Vista to meet their specific security and privacy needs," a Microsoft representative said in an e-mailed statement Tuesday.

The NSA or any of the other agencies did not, however, have a special role in the development of the actual Vista operating system, a Microsoft representative said by phone. But they were free to provide feedback on Vista throughout the beta process, just like any other testers, the representative said.


Collapse -
Mozilla Takes Aim at Opera Security

In reply to: NEWS - January 9, 2007

Opera Software may well be putting its browser users at risk by not properly disclosing security vulnerabilities to vulnerable users.

At least that's the allegation made by Mozilla Corp.'s Asa Dotzler. According to the security research firm that discovered the recent Opera vulnerabilities, Opera's security disclosure practices are no better (or worse) than most vendors'.

Dotzler alleges that Opera downplays the severity of its security announcements, which come weeks after a new product release.

"Now, let me make this clear up front. I am not claiming that they should be releasing the explicit details of their fixes or specific information about how to exploit the unfixed versions of the browser," Dotzler blogged.

"But not telling the user that an update is a critical security update and that the unfixed versions of the browser are vulnerable to remote attack is just wrong."

More at http://www.internetnews.com/dev-news/article.php/3653031

See also previous post on the above at http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=227024&messageID=2367613#2367613

Collapse -
Googlebot Indexing Windows Installer Files .msi

In reply to: NEWS - January 9, 2007

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.