15 total posts
Microsoft to secure IE for XP only
If you're one of about 200 million people using older versions of Windows and you want the latest security enhancements to Internet Explorer, get your credit card ready.
Microsoft this week reiterated that it would keep the new version of Microsoft's IE Web browser available only as part of the recently released Windows XP operating system, Service Pack 2. The upgrade to XP from any previous Windows versions is $99 when ordered from Microsoft. Starting from scratch, the OS costs $199.
That, say analysts, is a steep price to pay to secure a browser that swept the market as a free, standalone product.
"It's a problem that people should have to pay for a whole OS upgrade to get a safe browser," said Michael Cherry, analyst with Directions on Microsoft in Redmond, Wash. "It does look like a certain amount of this is to encourage upgrade to XP."
Microsoft affirmed that its recent security improvements to IE would be made available only to XP users.
Virus-obsessed firms ignore insider risk
Company chiefs are aware of the threats of information security breaches posed by their employees, but are failing to safeguard their assets against insider attack. Keeping control of security will only get more difficult as organisations move toward increasingly decentralised business models through outsourcing and other external partnerships, Ernst & Young's 2004 Information Security Survey warns.
5 years ago... Hotmail continues to suffer security scares
No such thing as a (decent) free lunch?
23.09.99: Microsoft's free email service, Hotmail, is still struggling with security gremlins that caused a systems' breach at the end of August.
23.09.04: The popularity of Hotmail has been its undoing in many respects. It was one of the first major victims of dictionary-attack spam tactics which exercise as many possible combinations of words and letters @hotmail.com.
Demand and continued attacks against such a large target have also resulted in problems for customers accessing the service and the competition from services such as Yahoo! is also being added to by the considerable pull of Google's Gmail service - which has raised the bar in terms of free storage.
Hotmail is yet to show signs of following suit to the same degree, but continues to be universally popular and provide quality free-email service - accepting that 'free' always equates with some draw-backs over paid for services. MSN has also made huge in-roads into controlling the amount of spam users get in their Hotmail accounts.
Complete article at http://www.silicon.com/research/specialreports/thespamreport/0,39025001,39124241,00.htm
Panda to integrate Mailshell spam filter into its anti-virus
and security software products
09/22/2004. Panda Software, a leading developer of virus and intrusion prevention solutions, has announced an agreement with Mailshell, the OEM anti-spam leader, to integrate Mailshell's anti-spam engine into Panda's enterprise and personal security software products. The millions of Internet users who depend on Panda for protection from intrusion, viruses, spam and other malicious code will now join those users worldwide who currently rely on 'Powered by Mailshell' products to filter spam.
Under the agreement, Panda will integrate the Mailshell anti-spam engine which optimizes, compiles and executes more than 300,000 checks to determine if a message is spam or not, conducting thousands of simultaneous calculations in a fraction of a second. By combining a fast, compact, flexible, complete decision tree with an automatically self-tuning intelligent engine, Mailshell is able to consistently generate highly accurate results in recognizing spam.
"Our customers around the world require a spam filtering solution that integrates intelligently with our layered defenses against blended attacks of viruses, spam and other malicious code," said Jos
Panda Software reinforces it support to the channel with
a microsite dedicated to TruPrevent Technologies
09/23/2004. From now on, the channel can access a microsite dedicated to the TruPrevent Technologies, which is located in the Partners area of Panda Software's website (http://www.pandasoftware.com/partners/truprevent and http://www.pandasoftware.es/partners/truprevent). This microsite is part of the company's firm commitment to the channel, to which it now offers the most intelligent technologies to combat Internet threats, covering all the protection needs of all clients at unprecedented security levels.
The microsite Panda Software has designed for the channel incorporates detailed documentation to help professionals of the distribution channel to rapidly and easily discover the TruPrevent Technologies. This information is organized into several sections, including the following:
-Functionality and benefits, providing information about how TruPrevent Technologies work and their characteristics and advantages.
-Sales, detailing all the aspects to bear in mind when selling these technologies to all types of clients (from those that do not have protection installed to those that already have a Panda Software antivirus, through users that have other manufacturers' antivirus products installed).
-FAQs, including the most frequently asked questions about TruPrevent Technologies.
-Evaluation version, where you can download an evaluation version with one month's free services of Panda Software's corporate solutions with TruPrevent Technologies.
-Launch kit, a section that allows the channel to access technical material (product sheet and white papers), sales material (license programs, sales offer models, etc.) and marketing material (logos, e-mailing, multimedia animation, etc.) to help it to promote the new TruPrevent Technologies.
RSA Security Joins the Anti-Phishing Working Group
RSA Security Inc. today announced its membership in the Anti-Phishing Working
Group (http://www.antiphishing.org), the prominent industry coalition committed to
combating phishing scams and online identity theft.
Consumers and businesses are increasingly subject to fraud through phishing attacks and other online scams, due in part to the fact that many of them are still using simple passwords to protect their accounts and sensitive transactions. The current explosion in online identity theft is both hurting e-business and damaging consumer confidence in the Internet.
In a study conducted jointly by RSA Security and Opinion Research Corporation in February 2004, more than one in three consumers said that traditional User ID/Password schemes do not offer enough protection for their personal information. Another study conducted in the United Kingdom by RSA Security and MORI Research relating to online banking showed that nearly 40 percent of all Internet users would be more likely to bank online if security measures improved.
US credit card firm fights DDoS attack
US credit card processing firm Authorize.Net is fighting a sustained distributed denial of service (DDoS) attack that has left it struggling to stay online.
In a statement to users posted yesterday, Authorize.Net said it "continues to experience intermittent distributed denial of service (DDoS) attacks. Our system engineers have successfully minimised the impact of each attack and have quickly restored services to affected merchants. Industry experts are onsite and working with Authorize.Net to expedite a resolution. Please be aware that the stability and reliability of the Authorize.Net platform remains our top priority; and we are doing everything we can to restore and maintain secure transaction processing despite these unforeseen attacks."
Agnitum and Canon System Solutions: More Protection For
Agnitum Ltd announces a partnership with Canon System Solutions, one of the greatest world IT enterprises.
Canon System Solution has become an exclusive premium distributor of Outpost Firewall in Japan. Outpost will be available as the box version, as a download file and promotional discount sales to NOD32 Anti-Virus
The box version of Outpost Firewall Pro Japanese version will be sold at retail shops all over Japan distributed by SoftBank, the biggest distributor in Japan. At the largest malls in Tokyo and other big cities, it will be also sold aggressively. Tom Takamoto, Senior Security Consultant at Canon System Solutions says “Canon Sales group is also an important channel for us to sell our products to small and medium corporate customers. They are quite successful in selling NOD32 Anti-Virus, so we think they will be also successful in Outpost”.
As for download sales, potential customers should visit Canon System Solutions web site. The payment will be processed by Vector Inc and the sales will start on September 3rd, Friday. 30 days trial version is also available in http://canon-sol.jp/product/op/trial.html
Macromedia Products Not Affected by Microsoft JPEG/GDIPlus
Originally posted: September 22, 2004 - http://www.macromedia.com/devnet/security/security_zone/mpsb04-07.html
On September 14, 2004, Microsoft released a security bulletin warning that there may be wide-ranging effects on software that handles JPEG images. Macromedia has reviewed its products and found none of them to be at risk from this issue.
For more technical details, please visit Microsoft's security bulletin: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx.
For users of Macromedia products, the relevant portion of the bulletin states: “not every program that installs this file is vulnerable to this issue because it may not use the Gdiplus.dll file to process JPEG images. However, only the manufacturer of that program can make that determination.”
Although some Macromedia products do install a vulnerable version of gdiplus.dll, no Macromedia product uses this Microsoft graphics library to process JPEG images, therefore there is no security risk.
In some configurations, the following Macromedia products may install a gdiplus.dll file; however, because these products do not invoke the affected JPEG routines, there is no security risk:
September 21, 2004 - Bulletin first created.
Computer Associates to Pay $200M to Avoid Prosecution
Computer Associates International Inc. (CA) has agreed to pay more than $200 million to avoid criminal prosecution in a massive accounting scandal, a federal law enforcement source told The Associated Press on Wednesday.
In addition, the company's former general counsel, Steven Woghin, is expected to plead guilty in Brooklyn federal court Wednesday to securities fraud, conspiracy and obstruction of justice, according to the source, speaking to the AP on condition of anonymity.
The settlement was expected to be announced in Washington.
Firm justifies job for virus writer
A German computer security firm has defended its decision to hire the self-confessed teenage author of the Sasser and Netsky worms.
Securepoint said its decision to employ Sven Jaschan offered the German teen a "second chance".
The job offer has certainly reopened the debate about how closely anti-virus firms should work with the people it is employed to counter.
Some anti-virus firms have criticised Securepoint, arguing that it is sending a dangerous message to virus writers.
Researchers Study Real Viruses to Thwart Virtual
U.S. university researchers will soon begin a $13 million study of the spread of Internet viruses using methods pioneered in tracking the outbreak of human epidemics, researchers said on Wednesday.
The goal is to create a computer network so robust that it can fend off the Internet attacks as they happen, much as the body's immune system reacts to infection, scientists said.
Carl Landwehr, a program director at the National Science Foundation, which is distributing the grants, said the funds are aimed at identifying Internet worms and viruses quicker and building global defenses.
Jail time for California file swappers?
California Gov. Arnold Schwarzenegger signed a law Tuesday establishing fines and potential jail time for anonymous file swappers. The new law says that any California resident who sends copyrighted works without permission to at least 10 other people must include his or her e-mail address and the title of the work.
Swappers who do not include this information will face fines of up to $2,500 and up to one year in prison.
Microsoft Files More Spam Suits
Microsoft filed nine lawsuits against individuals and companies alleged to be involved in the distribution of spam, the company says.
The suits, all filed in the last month, include eight against individuals alleged to be behind spam campaigns that offered e-mail users a variety of products including generic online drugs, tee-shirts, software, pornography, and dating services. The ninth lawsuit is against a Web hosting company that catered to the spammer community by claiming to be "bulletproof," or incapable of being shut down, Microsoft says in a statement.
The lawsuits are just the latest salvo in a legal war on spammers by Microsoft, as well as Internet service providers like America Online and EarthLink.