HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

News - November 5, 2004

by Donna Buenaventura / November 5, 2004 10:19 AM PST

Virus writers elude Microsoft's bounty hunt

Virus writers have a price on their heads--but it's done little to discourage them.

In the year since Microsoft kicked off its Anti-Virus Reward Program, it has tallied only a single success. The program has offered $1 million to informants who help close official investigations into four major viruses and worms, and has another $4 million earmarked for future rewards, but the deluge of online threats has continued to swell.

"I think it is fair to say for every time they have gone public to offer a bounty, it hasn't worked," said Graham Cluley, a senior technology consultant at Sophos, an antivirus software company.

More in

Discussion is locked
You are posting a reply to: News - November 5, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: News - November 5, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Second Order Code Injection Attacks
by Donna Buenaventura / November 5, 2004 10:29 AM PST

"Many forms of code injection targeted at web-based applications (for instance cross-site scripting and SQL injection) rely upon the instantaneous execution of the embedded code to carry out the attack (e.g. stealing a user's current session information or executing a modified SQL query). In some cases it may be possible for an attacker to inject their malicious code into a data storage area that may be executed at a later date or time. Depending upon the nature of the application and the way the malicious data is stored or rendered, the attacker may be able to conduct a second-order code injection attack.

A second-order code injection attack can be classified as the process in which malicious code is injected into a web-based application and not immediately executed, but instead is stored by the application (e.g. temporarily cached, logged, stored in a database) and then later retrieved, rendered and executed by the victim."

The full article can be viewed online:

Collapse -
Panda launches its new security solutions for home users,
by Donna Buenaventura / November 5, 2004 10:36 AM PST

small businesses and professionals

11/04/2004. Titanium Antivirus 2005, Platinum Internet Security 2005 and TruPrevent Personal 2005 incorporate the new TruPrevent Technologies, the most intelligent technologies to combat unknown viruses and intruders and can prevent attacks from malicious code like Sasser or Mydoom

Panda Software is launching the new security solutions Titanium Antivirus 2005, Platinum Internet Security 2005 and TruPrevent Personal 2005. These have been designed to meet the needs of home users, small businesses and professionals for protection against all kinds of Internet threats, including unknown viruses and intruders.

As Internet threats begin to spread faster and faster, users and antivirus companies also need to react with increasing swiftness to prevent epidemics. Worms like Sasser, Mydoom, Blaster or SQLSlammer succeeded in infecting thousands of computers in just a few minutes, demonstrating how new attacks can propagate faster than any human reaction to the problem. The problem is aggravated by an increasing tendency of malicious code to exploit other techniques such as security flaws, buffer overflows, etc. To solve this problem, security systems need to be able to preempt the problem and detect and block threats before they enter or leave the computer.

More in

Collapse - barred from business in Idaho
by Donna Buenaventura / November 5, 2004 10:40 AM PST

Idaho has won a court order permanently barring the advertising company from doing business within the state.

The Aliso Viejo, Calif.-based company is believed to be the largest volume "fax-spammer" in the nation, Idaho Attorney General Lawrence Wasden said Friday.

Wasden's office filed a lawsuit against in December 2003 claiming that the company had faxed hundreds of unsolicited advertisements to Idaho consumers, using automatic dialing machines to find active fax numbers and then compiling those numbers in a database.

Though did not admit to the allegations, the company agreed to stop doing business in Idaho...

Collapse -
SonicWall to bolster next OS with antivirus scanning
by Donna Buenaventura / November 5, 2004 10:54 AM PST

Security vendor SonicWall is expected to formally announce on Monday a new operating system that includes the capability for scanning for viruses at the gateway.

SonicWall is planning to include its Realtime Gateway Anti-Virus with its SonicOS 3.0. The antivirus scanning feature is designed to scan for viruses on a packet-by-packet basis, rather than copy all packets and put them into files, which are then scanned.

Collapse -
WPA Cracking Proof of Concept Available
by Donna Buenaventura / November 5, 2004 10:57 AM PST

Wi-Fi Networking News wrote:

"We warned you: short WPA passphrases could be cracked--and now the software exists: The folks who wrote tinyPEAP, a firmware replacement for two Linksys router models that has on-board RADIUS authentication using 802.1X plus PEAP, released a WPA cracking tool."

Collapse -
Beware of Cyber Pearl Harbor
by roddy32 / November 6, 2004 3:23 AM PST

I know today is the 6th but this article is from the 5th, I just saw it now LOL.

Lawmaker: Beware of cyber-Pearl HarborReuters November 5, 2004, 11:19 AM PT
Future wide-scale terror attacks will be executed by a person sitting behind a computer, not necessarily by a suicide truck bomber or plane hijacker, a U.S. lawmaker predicted on Thursday.

Counterterrorism agents are grappling with a new type of security threat--a malicious piece of computer code capable of disabling the world's critical infrastructure, from power grids to air traffic control networks.

"If you're a terrorist, you don't even need the bombs. If you can control the (power) grids, if you can do it from a computer somewhere, you can do a lot of damage," U.S. congressman Tom Davis, a co-chair of the U.S government's Information Technology Working Group, said.

The rest of the article is here.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.