General discussion

News - September 23, 2004

AOL offers RSA authentication security to its members

America Online and RSA Security have launched AOL PassCode, a new premium service that
offers members a second level of AOL account protection through the use of a keychain-sized device that generates and displays a unique six-digit numeric code every 60 seconds.

"AOL PassCode is like adding a deadbolt to your AOL account by automatically creating a new secondary password every 60 seconds," said Ned Brody, AOL's senior vice president for Premium Services. "Many of our members use their accounts for business purposes, financial transactions or other sensitive activities. AOL PassCode offers a higher standard of protection through the same state-of-the-art two-factor authentication system used by many financial institutions, technology companies, and other major businesses."

Discussion is locked
Reply to: News - September 23, 2004
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: News - September 23, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Microsoft to secure IE for XP only

If you're one of about 200 million people using older versions of Windows and you want the latest security enhancements to Internet Explorer, get your credit card ready.

Microsoft this week reiterated that it would keep the new version of Microsoft's IE Web browser available only as part of the recently released Windows XP operating system, Service Pack 2. The upgrade to XP from any previous Windows versions is $99 when ordered from Microsoft. Starting from scratch, the OS costs $199.

That, say analysts, is a steep price to pay to secure a browser that swept the market as a free, standalone product.

"It's a problem that people should have to pay for a whole OS upgrade to get a safe browser," said Michael Cherry, analyst with Directions on Microsoft in Redmond, Wash. "It does look like a certain amount of this is to encourage upgrade to XP."

Microsoft affirmed that its recent security improvements to IE would be made available only to XP users.

- Collapse -
Virus-obsessed firms ignore insider risk

Company chiefs are aware of the threats of information security breaches posed by their employees, but are failing to safeguard their assets against insider attack. Keeping control of security will only get more difficult as organisations move toward increasingly decentralised business models through outsourcing and other external partnerships, Ernst & Young's 2004 Information Security Survey warns.

- Collapse -
5 years ago... Hotmail continues to suffer security scares

No such thing as a (decent) free lunch?

23.09.99: Microsoft's free email service, Hotmail, is still struggling with security gremlins that caused a systems' breach at the end of August.

23.09.04: The popularity of Hotmail has been its undoing in many respects. It was one of the first major victims of dictionary-attack spam tactics which exercise as many possible combinations of words and letters

Demand and continued attacks against such a large target have also resulted in problems for customers accessing the service and the competition from services such as Yahoo! is also being added to by the considerable pull of Google's Gmail service - which has raised the bar in terms of free storage.

Hotmail is yet to show signs of following suit to the same degree, but continues to be universally popular and provide quality free-email service - accepting that 'free' always equates with some draw-backs over paid for services. MSN has also made huge in-roads into controlling the amount of spam users get in their Hotmail accounts.

Complete article at,39025001,39124241,00.htm

- Collapse -
Panda to integrate Mailshell spam filter into its anti-virus

and security software products

09/22/2004. Panda Software, a leading developer of virus and intrusion prevention solutions, has announced an agreement with Mailshell, the OEM anti-spam leader, to integrate Mailshell's anti-spam engine into Panda's enterprise and personal security software products. The millions of Internet users who depend on Panda for protection from intrusion, viruses, spam and other malicious code will now join those users worldwide who currently rely on 'Powered by Mailshell' products to filter spam.

Under the agreement, Panda will integrate the Mailshell anti-spam engine which optimizes, compiles and executes more than 300,000 checks to determine if a message is spam or not, conducting thousands of simultaneous calculations in a fraction of a second. By combining a fast, compact, flexible, complete decision tree with an automatically self-tuning intelligent engine, Mailshell is able to consistently generate highly accurate results in recognizing spam.

"Our customers around the world require a spam filtering solution that integrates intelligently with our layered defenses against blended attacks of viruses, spam and other malicious code," said Jos

- Collapse -
Panda Software reinforces it support to the channel with

a microsite dedicated to TruPrevent Technologies

09/23/2004. From now on, the channel can access a microsite dedicated to the TruPrevent Technologies, which is located in the Partners area of Panda Software's website ( and This microsite is part of the company's firm commitment to the channel, to which it now offers the most intelligent technologies to combat Internet threats, covering all the protection needs of all clients at unprecedented security levels.

The microsite Panda Software has designed for the channel incorporates detailed documentation to help professionals of the distribution channel to rapidly and easily discover the TruPrevent Technologies. This information is organized into several sections, including the following:

-Functionality and benefits, providing information about how TruPrevent Technologies work and their characteristics and advantages.

-Sales, detailing all the aspects to bear in mind when selling these technologies to all types of clients (from those that do not have protection installed to those that already have a Panda Software antivirus, through users that have other manufacturers' antivirus products installed).

-FAQs, including the most frequently asked questions about TruPrevent Technologies.

-Evaluation version, where you can download an evaluation version with one month's free services of Panda Software's corporate solutions with TruPrevent Technologies.

-Launch kit, a section that allows the channel to access technical material (product sheet and white papers), sales material (license programs, sales offer models, etc.) and marketing material (logos, e-mailing, multimedia animation, etc.) to help it to promote the new TruPrevent Technologies.

- Collapse -
RSA Security Joins the Anti-Phishing Working Group

RSA Security Inc. today announced its membership in the Anti-Phishing Working
Group (, the prominent industry coalition committed to
combating phishing scams and online identity theft.

Consumers and businesses are increasingly subject to fraud through phishing attacks and other online scams, due in part to the fact that many of them are still using simple passwords to protect their accounts and sensitive transactions. The current explosion in online identity theft is both hurting e-business and damaging consumer confidence in the Internet.

In a study conducted jointly by RSA Security and Opinion Research Corporation in February 2004, more than one in three consumers said that traditional User ID/Password schemes do not offer enough protection for their personal information. Another study conducted in the United Kingdom by RSA Security and MORI Research relating to online banking showed that nearly 40 percent of all Internet users would be more likely to bank online if security measures improved.

- Collapse -
US credit card firm fights DDoS attack

US credit card processing firm Authorize.Net is fighting a sustained distributed denial of service (DDoS) attack that has left it struggling to stay online.

In a statement to users posted yesterday, Authorize.Net said it "continues to experience intermittent distributed denial of service (DDoS) attacks. Our system engineers have successfully minimised the impact of each attack and have quickly restored services to affected merchants. Industry experts are onsite and working with Authorize.Net to expedite a resolution. Please be aware that the stability and reliability of the Authorize.Net platform remains our top priority; and we are doing everything we can to restore and maintain secure transaction processing despite these unforeseen attacks."

- Collapse -
Agnitum and Canon System Solutions: More Protection For

Japanese Users

Agnitum Ltd announces a partnership with Canon System Solutions, one of the greatest world IT enterprises.

Canon System Solution has become an exclusive premium distributor of Outpost Firewall in Japan. Outpost will be available as the box version, as a download file and promotional discount sales to NOD32 Anti-Virus

The box version of Outpost Firewall Pro Japanese version will be sold at retail shops all over Japan distributed by SoftBank, the biggest distributor in Japan. At the largest malls in Tokyo and other big cities, it will be also sold aggressively. Tom Takamoto, Senior Security Consultant at Canon System Solutions says “Canon Sales group is also an important channel for us to sell our products to small and medium corporate customers. They are quite successful in selling NOD32 Anti-Virus, so we think they will be also successful in Outpost”.

As for download sales, potential customers should visit Canon System Solutions web site. The payment will be processed by Vector Inc and the sales will start on September 3rd, Friday. 30 days trial version is also available in

- Collapse -
Macromedia Products Not Affected by Microsoft JPEG/GDIPlus


Originally posted: September 22, 2004 -


On September 14, 2004, Microsoft released a security bulletin warning that there may be wide-ranging effects on software that handles JPEG images. Macromedia has reviewed its products and found none of them to be at risk from this issue.


For more technical details, please visit Microsoft's security bulletin:

For users of Macromedia products, the relevant portion of the bulletin states: “not every program that installs this file is vulnerable to this issue because it may not use the Gdiplus.dll file to process JPEG images. However, only the manufacturer of that program can make that determination.”

Although some Macromedia products do install a vulnerable version of gdiplus.dll, no Macromedia product uses this Microsoft graphics library to process JPEG images, therefore there is no security risk.

In some configurations, the following Macromedia products may install a gdiplus.dll file; however, because these products do not invoke the affected JPEG routines, there is no security risk:
RoboSource Control
Studio MX


September 21, 2004 - Bulletin first created.

- Collapse -
Computer Associates to Pay $200M to Avoid Prosecution

Computer Associates International Inc. (CA) has agreed to pay more than $200 million to avoid criminal prosecution in a massive accounting scandal, a federal law enforcement source told The Associated Press on Wednesday.

In addition, the company's former general counsel, Steven Woghin, is expected to plead guilty in Brooklyn federal court Wednesday to securities fraud, conspiracy and obstruction of justice, according to the source, speaking to the AP on condition of anonymity.

The settlement was expected to be announced in Washington.

- Collapse -
Firm justifies job for virus writer

A German computer security firm has defended its decision to hire the self-confessed teenage author of the Sasser and Netsky worms.

Securepoint said its decision to employ Sven Jaschan offered the German teen a "second chance".

The job offer has certainly reopened the debate about how closely anti-virus firms should work with the people it is employed to counter.

Some anti-virus firms have criticised Securepoint, arguing that it is sending a dangerous message to virus writers.

- Collapse -
Researchers Study Real Viruses to Thwart Virtual

U.S. university researchers will soon begin a $13 million study of the spread of Internet viruses using methods pioneered in tracking the outbreak of human epidemics, researchers said on Wednesday.

The goal is to create a computer network so robust that it can fend off the Internet attacks as they happen, much as the body's immune system reacts to infection, scientists said.

Carl Landwehr, a program director at the National Science Foundation, which is distributing the grants, said the funds are aimed at identifying Internet worms and viruses quicker and building global defenses.

- Collapse -
Jail time for California file swappers?

California Gov. Arnold Schwarzenegger signed a law Tuesday establishing fines and potential jail time for anonymous file swappers. The new law says that any California resident who sends copyrighted works without permission to at least 10 other people must include his or her e-mail address and the title of the work.

Swappers who do not include this information will face fines of up to $2,500 and up to one year in prison.

- Collapse -
Microsoft Files More Spam Suits

Microsoft filed nine lawsuits against individuals and companies alleged to be involved in the distribution of spam, the company says.

The suits, all filed in the last month, include eight against individuals alleged to be behind spam campaigns that offered e-mail users a variety of products including generic online drugs, tee-shirts, software, pornography, and dating services. The ninth lawsuit is against a Web hosting company that catered to the spammer community by claiming to be "bulletproof," or incapable of being shut down, Microsoft says in a statement.

The lawsuits are just the latest salvo in a legal war on spammers by Microsoft, as well as Internet service providers like America Online and EarthLink.,aid,117903,pg,1,RSS,RSS,00.asp

CNET Forums