security

Microsoft says more than 10,000 computers have been attacked through a bug in the Windows XP help system. Strangely, it has resisted criticizing the security researcher who publicized the security flaw. The bug involves the way XP directs web ... browsers towards help pages, having first checked the page against a "whitelist" to make sure it is legitimate. It's possible for hackers to exploit the flaw by fooling the computer during this checking process. The result is that the browser can be relocated to a page containing malicious software. Microsoft hasn't yet found a permanent solution to the ... (view more)

Microsoft is making it easier to help spread the word on incidents of Internet fraud and stolen personal data. In its latest corporate venture, the company has teamed with the National Cyber-Forensics and Training Alliance (NCFTA) to establish a ... centralized service called "Internet Fraud Alert." Security researchers now have one universal location for which to report any kind of stolen data, ranging from online account login information to credit card numbers. The service can also be used to warn financial institutions immediately after a security breach has been identified. Program ... (view more)

A recent hack of AT&T's web site has left over 100,000 Apple 3G iPad owners with exposed email addresses. It's feared the security hole could open the door to similar future hacks with more devastating results. Reporting on the hack is tech blog ... Gawker, which finds that a specialized hacking group was able to acquire 114,000 email addresses owned by iPad users when the former exploited a security gap in AT&T's central web site. The hacker group, known as Goatse Security, was also able to acquire the identification number these iPads use when communicating over AT&T's network, ... (view more)

Microsoft has identified a potential security risk in the Help function of Windows XP. But there is some controversy over the way the issue has come to light. This bug involves XP's Help and Support Center, and specifically a style of link which ... routes a browser to a help page built into Windows rather than a web page. Such links begin hcp:// rather than the more familiar http:// and are a way of making it easier to give online help and advice by allowing writers to include smooth links to Windows' own help pages. Whitelist Help Pages Spoofed Tavis Ormandy, an information security engineer ... (view more)

Thousands of legitimate websites have fallen victim to a widespread web attack. While the full extent of the attacks remain unknown, security analysts suspect that the hackers used what is called an "SQL injection attack" in an attempt to fool ... legitimate web sites into running malicious database commands. In short, the attack injects malicious HTML content into a web browser while users are viewing an otherwise legitimate site. If the malware is successfully installed, it opens a gateway which allows hackers to remotely control a PC. (Source: networkworld.com ) Up to 114,000 Sites ... (view more)

Microsoft has released security updates for 34 different problems, a monthly total that has only been matched once. Three sets of problems are ranked as critical, and several are so-called zero-day bugs. A zero-day bug is one in which the problem is ... not discovered by the software developer itself. This creates the risk that hackers will be able to get a head-start on finding a way to exploit the bug before the developer is able to produce a fix. The critical issues affect both Internet Explorer and Windows itself. Of the 10 security bulletins, these are the priority for installation and ... (view more)

A recent report says that Google, which is working hard to complete its upcoming Chrome operating system (OS), has started phasing out its own internal use of the Microsoft Windows. The report on Google's OS use emerged Tuesday when the Financial ... Times said search engine leader Google had decided to cut back its employment of Windows, citing for reasons of security concerns. (Source: computerworld.com ) Google Testing Chrome OS Internally It's likely the move to phase out Windows is primarily the result of Google's continuing work on its own operating system, Chrome OS. Google is currently " ... (view more)

New research suggests that a number of major corporations are unwilling to update their web browsers to Internet Explorer 8, instead deciding to continue the use of the ever-aging and ever-dangerous Internet Explorer 6 (IE6). The reason for the ... resistance is not a question of cost; rather, companies are willing to stick it out with IE6 not only because of compatibility reasons for use with their own internal applications -- but also because Internet Explorer 6 lacks social networking features. "Companies are happy to stay with Internet Explorer 6 because a lot of the social networking sites ... (view more)

A new security flaw in Microsoft's very popular Windows 7 operating system (OS) could open users up to a remote code execution and denial-of-service attack, Microsoft said in a security advisory on Tuesday evening. The vulnerability affects only ... 64-bit versions of Windows Server 2008 R2 and Windows 7. The flaw affects the Canonical Display Driver, or CDD.DLL, used in the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability is tied to the graphics system's desktop composition process. (Source: zdnet.com ) Microsoft: Remote Code Attack "Unlikely" Luckily, it ... (view more)

A group of security researchers say they've found a workaround for just about every antivirus product on the market today, effectively making Windows-based security programs totally useless. Security research site Matousec.com recently issued an ... advisory for a process that allows malware to evade security detection. Note that this doesn't just apply to Microsoft's free Security Essentials software or other freeware antivirus products, but also targets full software packages from industry leaders like Norton, BitDefender and McAfee. Matousec's Morphing Malware According to reports, Matousec. ... (view more)