Spyware, Viruses, & Security forum

General discussion

NEWS - March 4, 2005

by roddy32 / March 3, 2005 8:44 PM PST
Security patches issued for RealPlayers
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: March 3, 2005, 7:09 AM PT

RealNetworks has released patches for its audio-video players in an effort to prevent attacks via buffer overflows.

RealNetwork's patches, released Tuesday, address vulnerabilities in the software that could allow an attacker to run arbitrary or malicious code on a person's computer when a malicious WAV or SMIL file is processed.

Secunia, a security information company, rated the vulnerabilities as critical.

The company released updates for flaws in the Mac RealPlayer 10 and for several Windows players, including RealPlayer 10.5, RealPlayer 10, RealPlayer Enterprise and certain versions of RealOne Player v2.

Upgrades are required for Windows players RealOne Player v1, RealPlayer 8 and certain versions of RealOne Player v2. Upgrades are also needed for the Mac RealOne Player, Linux RealPlayer 10, and the Helix Player for Linux.

more here
http://news.zdnet.com/2100-1009_22-5598064.html?tag=zdnn.alert
Discussion is locked
You are posting a reply to: NEWS - March 4, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 4, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft trades Windows discount for piracy info
by roddy32 / March 3, 2005 8:47 PM PST
In reply to: NEWS - March 4, 2005

By Winston Chai, CNET News.com
Published on ZDNet News: March 3, 2005, 4:35 PM PT

Microsoft has extended its antipiracy olive branch to China, offering users of bootleg copies of Windows a 50 percent discount on a legitimate version if they come clean on how they got their pirated copy.

As part of a two-month promotion that started in February, the company is offering a Chinese version of Windows XP Home Edition and Professional Edition at 786 yuan ($95), and 1,270 yuan ($153), respectively. According to Microsoft's Web site, the two products normally retail for about $199 and $299.

To qualify for this offer, users with unlicensed copies of Windows installed on their machines need to complete an online form in which they disclose how they obtained the bogus software.

For example, they will have to specify whether their existing Windows packages were installed by an independent reseller, bundled with their PCs at the point of sale or purchased from street peddlers. A discount voucher will then be e-mailed to these users following their submissions.

more here
http://news.zdnet.com/2100-3513_22-5598882.html?tag=zdnn.alert

Collapse -
Fixing a hole in security
by roddy32 / March 3, 2005 8:49 PM PST
In reply to: NEWS - March 4, 2005

By Robert Lemos, Special to ZDNet
Published on ZDNet News: March 3, 2005, 12:18 PM PT

Last year was a bad year for the Secure Hash Algorithm. This year has been worse.

A key technology used in digitally signing documents and programs, the Secure Hash Algorithm, or SHA, is used by U.S. federal agencies and by corporations. It's used to reduce long documents to a smaller unique digital fingerprint, or hash, which is then signed using public-key encryption.

Last year, researchers found holes in various techniques used to create the numerical fingerprints. Among the results was a successful attack against the first version of the SHA algorithm, SHA-0.

This year, two of the researchers responsible for finding that attack--Xiaoyun Wang and Hongbo Yu of China's Shandong University--teamed up with Yiqun Lisa Yin, an independent security consultant in the United States. Together, they broke the more popular version of the algorithm, SHA-1. The paper describing that break will likely be published in May.

more here
http://news.zdnet.com/2100-1009_22-5598536.html?tag=zdnn.alert

Collapse -
SurfControl buys anti-spyware tools
by roddy32 / March 3, 2005 8:51 PM PST
In reply to: NEWS - March 4, 2005

By Dan Ilett, ZDNet (UK)
Published on ZDNet News: March 3, 2005, 12:48 PM PT

SurfControl is looking to claim a stake in the anti-spyware market. The London-based security company announced on Wednesday that it had paid $6.8 million for application security company Apreo's anti-spyware technology. The technology is set to feature in SurfControl's Enterprise Threat Shield (SETS), which will go on sale in April.

more here
http://news.zdnet.com/2110-1009_22-5598611.html?tag=zdnn.alert

Collapse -
Security firm trashes customer e-mails
by roddy32 / March 3, 2005 8:54 PM PST
In reply to: NEWS - March 4, 2005

By Dan Ilett, CNET News.com
Published on ZDNet News: March 3, 2005, 4:13 PM PT

An e-mail security scanning company has accidentally deleted thousands of its customers' e-mails.

GFI, a Microsoft "gold certified partner," is offering free upgrades to all its customers, after it trashed their e-mails by sending out incorrect update information.

According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its e-mail scanning.

"Unfortunately, some changes had been made to BitDefender," said Angelica Micalleff-Trigona, public relations manager at GFI. "We were not aware of this, and we did not foresee this problem. We are deeply sorry for what happened. It took us by surprise."

When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all e-mails by default. BitDefender and GFI then rolled back the updates.

more here
http://news.zdnet.com/2100-1009_22-5598860.html?tag=zdnn.alert

Collapse -
Anti-virus expert claims spyware does not exist
by Donna Buenaventura / March 3, 2005 10:58 PM PST
In reply to: NEWS - March 4, 2005

Reports of spyware's life have been greatly exaggerated, according to anti-virus expert Eugene Kaspersky.

Kaspersky, head of his self-titled company, claimed spyware has been around for years, and recent scare stories are simply the result of marketing men profiteering.

"The term spyware is basically a marketing gimmick," said Kaspersky on the company weblog. "Just to separate new ersatz-security products from traditional ones, just to push almost zero-value products to the security market."

According to Kaspersky programs now called spyware, in one form or another, has been around for years.

"The first malicious software designed to spy and steal confidential information was detected back in 1996 – the AOL password stealing trojans," he said. "Have we already seen other malicious programs which can be described as spyware? Certainly!"

Some industry watchers take a slightly different view.

Read more in SC Magazine

Collapse -
Website owners with .us domains can't shield their name
by Donna Buenaventura / March 3, 2005 11:16 PM PST
In reply to: NEWS - March 4, 2005

anymore

Wired News reported:

"The U.S. Commerce Department has ordered companies that administer internet addresses to stop allowing customers to register .us domain names anonymously using proxy services.

The move does not affect owners of .com and .net domains. But it means website owners with .us domains will no longer be able to shield their name and contact information from public eyes."

Read more in Wired News website, entitled Domain Owners Lose Privacy

Collapse -
Email security firm deletes thousands of emails
by Donna Buenaventura / March 3, 2005 11:37 PM PST
In reply to: NEWS - March 4, 2005

An email security scanning company has accidentally deleted thousands of its customers' emails.

GFI, a Microsoft "gold certified partner", is now offering free upgrades to all its customers after it trashed their emails by sending out incorrect update information.

According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its email scanning. When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all emails by default. BitDefender and GFI then rolled back the updates.

A BitDefender spokesman said: "We've learned our lesson. From now on we'll try to give more support to our integration partners. The other companies that integrate our scanning engine did not have the same problem."

A reader of silicon.com's sister site ZDNet UK affected by the problem says a GFI salesman told him the update had not been tested.

Complete article in Silicon.com

Collapse -
Related article: Aussies saved from security software glitch
by Donna Buenaventura / March 3, 2005 11:41 PM PST

"Customers down under have been saved from a bug in BitDefender that was responsible for trashing emails worldwide.

The fault came about because an update, which was sent from the company’s automatic upgrading server, was a little too rigorous in deciding which emails were too dangerous and wiped the lot.

However, according to the Sydney Morning Herald, the company’s Australian customers have mostly escaped the problem because their software was set to upgrade 24 hours later than the rest of the world."

The above is from The Inquirer

Collapse -
It's official: Spammers are hijacking ISPs
by Donna Buenaventura / March 4, 2005 12:10 AM PST
In reply to: NEWS - March 4, 2005

An email security company says it has found evidence that spammers are tricking Internet service providers into helping them evade anti-spam security measures.

ZDNet UK reported last month that spammers are using software tools that force virus-infected PCs to relay spam attacks through their ISP's own mail server. Traditionally, infected computers have been used as mail servers to send spam directly to recipients. But the new technique means the spam appears to come from the ISP itself, making it hard for an anti-spam blacklist to block the spam without also blocking legitimate mail from the ISP.

More in ZDNet

Collapse -
Tracking PCs anywhere on the Net
by roddy32 / March 4, 2005 5:15 AM PST
In reply to: NEWS - March 4, 2005

Published: March 4, 2005, 10:56 AM PST
By Renai LeMay
Special to CNET News.com

A University of California researcher says he has found a way to identify computer hardware remotely, a technique that could potentially unmask anonymous Web surfers by bypassing some common security techniques.

Tadayoshi Kohno, a doctoral student, wrote in a paper on his research: "There are now a number of powerful techniques for remote operating system fingerprinting, that is, remotely determining the operating systems of devices on the Internet. We push this idea further and introduce the notion of remote physical device fingerprinting...without the fingerprinted device's known cooperation."

The potential applications for Kohno's technique are far-reaching. For example, it could be possible to track "a physical device as it connects to the Internet from different access points, counting the number of devices behind a NAT even when the devices use constant or random IP identifications, remotely probing a block of addresses to determine if the addresses correspond to virtual hosts."

more here
http://news.com.com/Tracking+PCs+anywhere+on+the+Net/2100-1029-5600055.html?part=dht&tag=ntop&tag=nl.e433

Collapse -
Microsoft takes a patch breather
by roddy32 / March 4, 2005 5:17 AM PST
In reply to: NEWS - March 4, 2005

Published: March 4, 2005, 8:59 AM PST
By Dawn Kawamoto
Staff Writer, CNET News.com

Microsoft plans to forgo its regular monthly patch release next Tuesday, after having taken the more unusual step of issuing a dozen updates in last month's release.

System administrators may appreciate the reprieve, after facing a broad swath of updates last month, eight of which were rated "critical," the company's highest severity rating. Critical updates included fixes for vulnerabilities in Microsoft's Office XP, Internet Explorer 6 and MSN Messenger.

"I suspect that Microsoft feels there is no need for a critical patch that needs to be pushed out," said Charles Kolodgy, an IDC analyst. "That's a good sign there is no need for critical patches every month."

more here
http://news.com.com/Microsoft+takes+a+patch+breather/2100-1002-5599841.html?part=dht&tag=ntop&tag=nl.e433

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!