Spyware, Viruses, & Security forum

General discussion

NEWS - May 20, 2005

Popular Japanese Web site hard hit by major hack

Kakaku.com, Japan's largest price comparison engine, announced that Trojan horse programs were installed on the company's servers during a May 11, 2005 attack. Kakaku.com elected to continue running its website until May 14 in an effort to trace the attack, according to company president Yoshiteru Akita. The programs, trojandownloader.small.AAO and PSW.Delf.FZ, affect computers running Windows operating systems and include key-logging and remote control capabilities. The company expects its website to be back up and running no earlier than May 23.

http://news.yahoo.com/news?tmpl=story&u=/infoworld/20050519/tc_infoworld/58326

Discussion is locked
You are posting a reply to: NEWS - May 20, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 20, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Information Security Issues for Instant Messaging

In reply to: NEWS - May 20, 2005

In today’s fast-moving business environment, Instant Messaging offers a number of advantages, such as sending e-mails, transfer file etc. Because IM uses Peer-to-Peer technology to enable direct communication, it can allow hackers to bypass firewalls and access IT systems and has the potential to threaten your entire network with a whole raft of security attacks.

A key concern with IM is the lack of encryption for data sent across the network, allowing attackers to view sensitive information. Instant Messaging, usually based on HTTP protocol, creates issues for server-based anti-virus systems, which do not monitor IM traffic. This could allow worms to propagate inside the network.

What can you do about IM?

Read the recommendation of IT Obverser on what you should do about IM in http://www.it-observer.com/articles.php?id=731

Collapse -
Fake Microsoft Patch Triggers Virus Attack

In reply to: NEWS - May 20, 2005

By Ryan Naraine
May 19, 2005

Like day follows night, a bogus "cumulative update" with a malicious attachment has followed Microsoft's patch day.

In what has become a monthly staple, virus writers are taking advantage of the heightened public interest around Microsoft's patching cycle to trick users into executing a malicious attachment.

The latest social engineering trick arrives via e-mail with an attachment that purports to be a "cumulative patch" for May 2005.

The claim is that the executable file contains patches for vulnerabilities in Internet Explorer, Microsoft Outlook and Outlook Express, three widely used products with a history of serious security bugs.

more here
http://www.eweek.com/article2/0,1759,1817915,00.asp?kc=ewnws052005dtx1k0000599

Collapse -
Netscape patches 1-day-old browser

In reply to: NEWS - May 20, 2005

By Joris Evers, CNET News.com
Published on ZDNet News: May 20, 2005, 11:00 AM PT


A day after launching Netscape 8 and touting the browser's security features, Netscape has released an update to fix several serious security flaws.

The original Netscape 8, released early Thursday, is based on version 1.0.3 of the open-source Firefox browser. Netscape thought the new browser was immune to security vulnerabilities in the Firefox software that were fixed last week in Firefox 1.0.4. It turns out Netscape 8 is vulnerable.

"We had been misinformed by an external security vendor that the Firefox security issues did not affect us," Netscape spokesman Andrew Weinstein said Friday. "Within hours of discovering that the vendor was not accurate, we had addressed those issues and posted an updated version of the browser."

more here
http://news.zdnet.com/2100-1009_22-5715360.html?tag=nl.e589

Collapse -
Cheaper to patch--Windows or open source?

In reply to: NEWS - May 20, 2005

Published: May 20, 2005, 10:08 AM PDT
By Munir Kotadia
Special to CNET News.com

Microsoft has sparked heated debate by claiming that Windows software is cheaper to patch than open-source alternatives.

A Microsoft-commissioned study--conducted by its business partner Wipro--outlined the main areas of so-called "cost savings" by using Windows.

The survey of 90 organizations found that Windows database servers cost 33 percent less to patch than their open-source counterparts. Respondents said on average, Windows clients are 14 percent cheaper to patch.

The findings were criticized in several quarters, with some critics dubbing them unrealistic and outdated.

more here
http://news.com.com/Cheaper+to+patch--Windows+or+open+source/2100-7355-5715229.html?part=dht&tag=ntop&tag=nl.e433

Collapse -
HP muscles in on small-business security

In reply to: NEWS - May 20, 2005

Published: May 20, 2005, 7:31 AM PDT
By Dan Ilett
Special to CNET News.com

Hewlett-Packard is attempting to simplify security for small companies lacking IT resources or knowledge.

The company has teamed with Symantec to help small and midsize businesses avoid virus and spyware attacks but will also offer services for patch management and data backup.

HP will charge $20 per month per employee for a new security and data backup service.

HP customers who were present Thursday in New York at the launch of the company's Smart Desktop Management Service said the move can be a big help to businesses.

Chuck Ostrowski, director of IT for Los Angeles law firm Weston Benshoof, said that the math makes sense. "It might not stop something from happening, but it really decreases the risks," he said.

more here
http://news.com.com/HP+muscles+in+on+small-business+security/2100-7355_3-5715043.html?tag=fd_nbs_ent&tag=nl.e433

Collapse -
VeriSign to put more backbone into the Net

In reply to: NEWS - May 20, 2005

: May 19, 2005, 4:50 PM PDT
By Joris Evers
Staff Writer, CNET News.com

REDWOOD CITY, Calif.--VeriSign plans to significantly increase the number of DNS servers it operates, a move that it says will make a key part of the Internet's infrastructure more resilient to cyberattacks.

Over the next year, VeriSign aims to place additional replicas of one of its Domain Name System root servers--the "J"--in up to 100 data centers around the world, Aristotle Balogh, VeriSign's senior vice president of operations and infrastructure, said in an interview with CNET News.com on Thursday. The company runs two of the DNS root servers--the "A" is the other--that form an essential part of the Internet's naming system.

Ultimately, VeriSign intends to have machines handling traffic sent to the "J" DNS server in more than 200 additional locations, a shift from its original strategy of having a few servers in several data centers at key Internet hubs. The company currently runs "J" replicas in 18 facilities, Balogh said at VeriSign's annual financial analyst event here.

more here
http://news.com.com/VeriSign+to+put+more+backbone+into+the+Net/2100-7347_3-5714319.html?tag=fd_nbs_ent&tag=nl.e433

Collapse -
Widget security worries dog Apple

In reply to: NEWS - May 20, 2005

Published: May 20, 2005, 5:34 PM PDT
By Joris Evers
Staff Writer, CNET News.com

Though Apple Computer updated its latest OS this week to solve a security problem with widgets, worries persist that the small applications still pose a potentially serious risk.

Widgets, or small programs that automatically install after downloading, were introduced in Tiger for the Dashboard, which overlays the desktop. An attacker could write a malicious widget for Mac OS X 1.4 Tiger that would run invisibly in the background and hijack a user's "sudo," or administrative, privileges on a system, according to an alert distributed on the Full Disclosure mailing lists late Wednesday. With administrative privileges, the attacker would have full control over the targeted Mac.

more here
http://news.com.com/Apple+dogged+by+widget+security+worries/2100-1002_3-5715752.html?tag=html.alert

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.