News - May 20, 2004

by Donna Buenaventura / May 19, 2004 5:40 PM PDT

Microsoft to submit antispam standard

Microsoft on Wednesday said it plans to submit a proposal to make its antispam technology a standard, becoming the latest Internet giant to seek industry approval for the adoption of its technique.

The technology, called "Caller ID for E-mail," is an Internet Protocol-based method to ensure that the sender's return e-mail address is authentic. Many spammers have used a method called "spoofing," which makes their return addresses appear legitimate to the recipient's spam filters. Often, people open unwanted spam, thinking it originated from a contact, which could lead to the further dissemination of viruses and user annoyance.

Microsoft plans to file its proposal to the Internet Engineering Task Force (IETF), an industry standards body, either this week or next

http://news.com.com/Microsoft+to+submit+antispam+standard/2100-1032_3-5216255.html

10 total posts
Shavlik Technologies Partners with NetIQ and ENDFORCE
by Donna Buenaventura / May 19, 2004 5:57 PM PDT
Shavlik Technologies announced they have entered into partnering agreements with NetIQ and ENDFORCE. The two companies will incorporate Shavlik's HFNetChkPRO patch management software into their respective enterprise solutions.

ENDFORCE will integrate the tool into its ENDFORCE Enterprise management solution. Dennis Brouwer, senior vice president of business development said, "Corporate and government networks continue to remain extremely vulnerable to threats posed by endpoints attempting to log in to virtual private networks. Our vendor-neutral endpoint enforcement expertise combined with Shavlik's operating system patch assessment capability will allow companies to identify and isolate vulnerable endpoints before network access is granted."

NetIQ will re-brand the tool as NetIQ Patch Manager and integrate the product into its new Security Management Suite, which consists of the company's Security Manager, Vulnerability Manager, and Patch Manager.

http://www.winnetmag.com/Article/ArticleID/42717/42717.html

German Government Email Crippled by Spam
by Donna Buenaventura / May 19, 2004 6:19 PM PDT
Over a half million unwanted e-mail messages has flooded and shut down the servers of various German ministries and the chancellory. The e-mail flood has caused some legitimate e-mails to arrive days late or not at all. Whether the e-mail flood constitutes an attack against German federal severs or stems from an internal glitch remains unclear. The incident comes as the German parliament debates antispam legislation.

http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=5195414

Symantec Buys Brightmail
by Marianna Schmudlach / May 20, 2004 6:27 AM PDT
Security application developer eyes antispam prowess at the gateway.

Todd R. Weiss, Computerworld
Wednesday, May 19, 2004
Utility software vendor Symantec has announced it is acquiring antispam vendor Brightmail in a deal worth about $370 million in cash.

In an announcement made Wednesday after the financial markets closed, Cupertino, California-based Symantec said it is buying San Francisco-based Brightmail. Symantec says the deal will complement its existing gateway security products in the fight against unsolicited commercial e-mail.

The deal is expected to close by early July, according to Symantec.

http://www.pcworld.com/news/article/0,aid,116200,tk,dn052004X,00.asp

Re:News - May 20, 2004
by Donna Buenaventura / May 20, 2004 1:52 PM PDT
Virus help fund gets closed down

http://news.bbc.co.uk/2/hi/technology/3732697.stm

Supporters of the man who wrote the Sasser web worm have been forced to stop raising funds for him.

The effort ended when the organisers of the fund raisers found it difficult to contact Sasser author Sven Jaschan to hand over the cash.

Mr Jaschan was arrested in early May by German police following a tip-off.

The fund-raising potential was further crippled when the operators of the web-based system used to collect donations closed the Sasser Support Fund account.

(OT) A First Look at Longhorn (Build 4074)
by Donna Buenaventura / May 20, 2004 1:56 PM PDT
Microsoft released the second build of Windows Longhorn at the Windows Hardware Engineering Conference (WinHEC) in early May. This latest build is much more stable than the one distributed at the Professional Developer Conference (PDC) in 2003, and includes more features as well.

If you haven't obtained the latest build (Build 4074) yet, and are an MSDN subscriber, you can download it from the MSDN Subscriber Download site. The download is about 700+ MB, so you need to have broadband access in order to download it. Also, the image will not fit onto a CD; you need a DVD writer.

In this article, I will walk you through some of the features in the most recent build of Longhorn.

http://www.windowsdevcenter.com/pub/a/windows/2004/05/18/longhorn.html

New Mac-hack whack
by Donna Buenaventura / May 20, 2004 2:00 PM PDT
Unsanity has released Paranoid Android to protect Mac users from a security vulnerability in OS X.


This weakness potentially allows a malicious hacker to execute arbitrary commands on their Mac, such as deleting a home directory or other damaging moves. The weakness exploits parts of a URL that define what application should be used to handle that address.


The software exists to protect users against the weakness (until Apple releases an official fix, the developers say). It does this by watching the URL schemes that are requested and delaying them until you've had a chance to say whether you'd like to proceed or not.


Apple has been notified of the vulnerability. Paranoid Android is free.

http://www.macworld.co.uk/news/main_news.cfm?NewsID=8727

Winnipeg online banking users fall victim to Trojan
by Donna Buenaventura / May 20, 2004 2:04 PM PDT
A Trojan horse may be responsible for an online banking scam that has cost at least two Winnipeg customers thousands of dollars.

The Winnipeg Police Service this week is investigating two cases where money was transferred unknowingly from bank accounts. One family charges that $2,500 has been taken from their account and a retired teacher in April reported $2,000 removed from his account without his knowledge. The department also has information pertaining to five other individuals who lost money with the same scam.

http://itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-017ef952-cc9e-4d5e&s=334096

Malware Analysis for Administrators
by Donna Buenaventura / May 20, 2004 2:09 PM PDT
The purpose of this article is to help administrators and power users use behavioral analysis to determine if a binary is harmful malware, by analyzing it in a lab environment without the use of anti-virus software, debuggers, or code disassembly.

http://www.securityfocus.com/infocus/1780

How Are Script Kiddies Outwitting I.T. Experts?
by Donna Buenaventura / May 20, 2004 2:33 PM PDT
Ten years ago, a person needed good programming skills to write an effective virus. Presently, it seems that virus making tools make the field open to anyone, giving rise to 'script kiddies'--teenagers with little programming skills making a huge impact on the Internet. However, Mikael Albrecht of antivirus firm F-Secure says the script kiddy threat is less pernicious than the public believes. 95% of virus writers are not good programmers and have a difficult time getting their viruses to work. David Perry of Trend Micro says that although there have been a handful of brilliant virus writers, most do not have the skills for a commercial software venture, producing 'junk' viruses. Though script kiddies often force systems administrators to constantly update their antivirus protection, they also force antivirus vendors to write protections for vulnerabilities that competent attackers could exploit. Of the 75,000 viruses in existence, only 1,000 have successfully infected a computer.

http://www.newsfactor.com/story.xhtml?story_id=24111

