security

A computer running Windows 7 stayed secure for longer than a Mac in the "PWN2OWN" hacking contest this week. But the challenge showed that Internet Explorer 8 -- just released today -- is still vulnerable. The contest, dubbed PWN2OWN, takes place at ... the annual CanSecWest security conference. Participants have to find a way to breach security on one of several computers, each running a different browser and operating system which have been fully patched with all currently available security updates. The winner this year took just 10 seconds to compromise a MacBook. It's bad news for ... (view more)

How much thought do you give to security when you use your credit card at a retail location? According to the Chicago Tribune, most consumers don't think about what happens to their credit card information when their plastic gets swiped at the cash ... register. Unfortunately, large retailers have networks that are potentially vulnerable to breaches connected to cash registers, bar code scanners and store computers. (Source: chicagotribune.com ) In some high-profile cases of network vulnerability, thieves don't just pluck one credit card number. They pluck millions of them. For instance, in 2007 ... (view more)

The frightening Conficker worm is just getting bigger and meaner all the time. W32.Downadup.C, a third variant of the Conficker/Downadup worm , is reportedly being pushed out to systems that are already infected. Analysis of the third variant of the ... worm by Symantec is still in the early stages, but their initial research found a couple of new attributes -- one of which includes targeting antivirus software and security tools with the intention of disabling them. (Source: symantec.com ) New Variant Protects itself from AntiVirus Software The Conficker/Downadup authors moved from a 250-a-day ... (view more)

eBay buyers are being asked to take extra precautions when conducting their online shopping after security specialists warned that a string of hackers had infiltrated the popular auction site. The hackers exploited several unpatched vulnerabilities ... in Firefox and Internet Explorer browsers to create false listings and entice people to bid on fraudulent items. Details of the Stealth Attack Analysts believe that it was an XSS (cross-site scripting) attack that implemented unauthorized java script elements stored on third-party websites. This allowed eBay pages to contain outside email links and ... (view more)

Microsoft has warned users that yet another critical vulnerability has been found in its popular Office spreadsheet program Excel. The flaw could allow remote hackers to open and run malicious code on an unsuspecting user's computer through an ... infected spreadsheet file. The attack effects users of Microsoft Office Excel 2007 but also those using any of the older binary .XLS files. A user opening a file, probably through an email, will be asked to open a malicious spreadsheet. They'll then begin downloading at least two files onto their system, one valid, the other the malicious binary. Once ... (view more)

Research teams at Microsoft are currently working on a new and improved browser that has the potential to be far more secure than the existing options. In the wake of financial problems, layoffs, and legal nightmares, Gazelle -- Microsoft's new ... browser-operating system hybrid -- could help the software company recover from its landslide in market shares . The Gazelle prototype, first unveiled in 2008 under the title "MashupOS" at the Microsoft TechFest Research Fair, incorporates the best of both browser and operating system characteristics in order to provide enhanced security features. ... (view more)

A reward of $250,000 has reportedly been offered by Microsoft to find who is behind the Downadup/Conficker virus. Since its inception last October, the Conficker worm has infected millions of computers worldwide. Microsoft is offering a cash reward ... because they view the Conficker as a criminal attack and believe the people responsible for writing it have to be held accountable. As noted by Sophos, Microsoft's reputation is badly shaken whenever a computer virus causes widespread problems for its users, so it's not surprising that they would offer a reward. (Source: sophos.co.uk ) George ... (view more)

A hole allowing hackers to take control of Microsoft Exchange was just one "critical" issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer ... browser, Office, and its SQL Server . Three of the eight vulnerabilities patched yesterday were marked "critical". The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be ... (view more)

Microsoft has agreed to tweak the User Account Control (UAC) system in Windows 7 to avoid an inherent security risk . During the production of Windows 7 , Microsoft decided to change the default UAC so that it no longer asks for confirmation when a ... user adjusts his or her Windows settings. Security experts suggest that these settings include UAC itself, meaning rogue software could turn this protection off completely without the user knowing. Microsoft argued that this was not a true vulnerability because one can only take advantage by getting the victim to run the rogue software; for example ... (view more)

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently. BeyondTrust Corp. (BTC), a ... software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk. The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could ... (view more)