|
| |
|
Monday, December 12, 2005 |
Study: One in Four Users Is Target of E-Mail Phishing Scams. Roughly one in four U.S. Internet users are targets of phishing attacks[~]phony e-mails seeking personal financial data[~]according to a study conducted by Time Warner Inc.'s Internet unit AOL and the National Cyber Security Alliance. [eWEEK Security] |
PermaLink
Most Americans Unprepared For Phishing Attacks. Americans are increasingly unable to tell the difference between legitimate and scam e-mail, a survey released Wednesday showed. [Security Pipeline] |
The secret life of a rootkit. Opinion: Rootkits can cause a lot of trouble for IT managers. They can hide malicious code so it remains undetected by most security software. However, there are ways to find them, and Matthew Williamson of Sana Security explains how. [Computerworld Security News] |
Intel readies rootkit- rooting hardware. |
Sites Installing Spyware Via Zero-Day IE Bug. A still-unpatched Internet Explorer vulnerability that's been used by attackers late November to compromise Windows PCs is now being used by large numbers of malicious Web sites to plant spyware and adware, a security company claimed Thursday.
[Security Pipeline] |
Rootkits Making More Spyware, Adware Stick. The sharp rise in rootkits is due to spyware and adware purveyors trying to prevent their wares from being easily uninstalled, security experts said Thursday. [Security Pipeline] |
Airport passcodes leaked from virus-infected PC. Passcodes needed to enter secure areas at 17 airports have appeared on the Internet after a virus infected a PC belonging to a JAL co-pilot. [Computerworld Security News] |
Microsoft tightening security defaults in IE 7. Microsoft plans to introduce several changes in how Internet Explorer 7 classifies Web sites for security, a move aimed at reducing the likelihood that users will fall victim to malicious code. |
Small security bug in Firefox, users unscathed. |
|
A Fool's Choice: Features Or Security In Web Applications. New tools help developers find and fix flaws. But the strategy also must change. [Security Pipeline] |
Port Scans Don't Always Precede Network Hacks. Contrary to popular perception, port scans alone are not a reliable indicator of an impending hacker attack, according to a researcher at the University of Maryland.
|
SANS to launch graduate-level programs in information security. The SANS Institute is adding two new graduate-level degree programs to the list of information security training and certification courses it offers. [Computerworld Security News] |
Fingerprint Scanners Fooled By Play-Doh. * * Beatles-Beatles writes to tell us YubaNet is reporting that in recent tests by Stephanie C Schuckers, an associate professor of electrical and computer engineering at Clarkston University, she has shown that, among other things, biometric security measures were fooled 90% of the time by simple attacks like Play-Doh molds. From the article: "Schuckers' biometric research is funded by the National Science Foundation (NSF), the Office of Homeland Security and the Department of Defense. She is currently assessing spoofing vulnerability in fingerprint scanners and designing methods to correct for these as part of a $3.1 million interdisciplinary research project funded through the NSF."
|
An unspecified vulnerability has been reported to exist in Microsoft
Excel. The vulnerability was announced on eBay. The discoverer was
offering to sell the vulnerability details until the auction was
terminated by eBay. According to the auction description, it is
possible to have a large value passed to "msvcrt.memmove()" through
data fields in an Excel .xls file. The discoverer has claimed that code
execution is possible. |
MS Excel exploit on auction.
geo_2677 writes "Someone had put up for auction on eBay the details of an exploit in Microsoft Excel according to a recent article
on Securityfocus. According to the article Microsoft has confirmed that
this vulnerability exists, but in the meantime the original listing on
eBay has been pulled. " --- The now pulled auction, but it does appear that Microsoft has confirmed the vulnerability in an eweek article. [Slashdot] |
"Fast Track" Air Traveler Identification System Expands. Just one U.S. airport -- in Orlando, Fla. -- has a Registered Traveler
program, in which passengers who pay a fee and get a background check
can bypass an airport's general checkpoint and use a special lane for
security clearance. The Transportation Security Administration wants to
expand the program nationally by summer, using private companies to
sign up participants and run the checkpoints. [Privacy.org - The Source for News, Information, and Action] |
|
An Industry Unwilling to Play by Rules of 'Fair Use'. |
Last update: 1/2/06; 1:41:13 AM .
