Date: 08/16/05 (Security)    Keywords: security

Design error leads to security vulnerability that could put corporate networks at risk of attack.

Source: http://news.zdnet.com/Another+flaw+hits+Veritas+backup+tools/2100-1009_22-5833857.html?part=rss&tag=feed&subj=zdnn

Date: 08/18/05 (Security)    Keywords: security

A security flaw in the popular Acrobat and Reader PDF applications could put PCs at risk of attack.

Source: http://news.zdnet.com/Adobe+warns+of+Reader%2C+Acrobat+bug/2100-1009_22-5837253.html?part=rss&tag=feed&subj=zdnn

Date: 08/17/05 (Security)    Keywords: security

The U.S. electricity grid will be governed by new federal regulations to ward off future "cybersecurity incidents."

Source: http://news.zdnet.com/New+law+may+tighten+power+plant+security/2100-1009_22-5835534.html?part=rss&tag=feed&subj=zdnn

Date: 08/17/05 (Security)    Keywords: security

Network worms are shutting down computers running Windows 2000, security experts warned.

Source: http://news.zdnet.com/Windows+worms+knocking+out+computers/2100-1009_22-5835530.html?part=rss&tag=feed&subj=zdnn

Date: 08/17/05 (Security)    Keywords: security

Recently merged security giant plans to acquire Sygate, as it continues on its expansion spree.

Source: http://news.zdnet.com/Symantec+to+buy+compliance+specialist/2100-1009_22-5835431.html?part=rss&tag=feed&subj=zdnn

Date: 08/16/05 (Security)    Keywords: security

Still, of the 44 flaws addressed, only a handful are critical, according to security experts.

Source: http://news.zdnet.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1009_22-5834873.html?part=rss&tag=feed&subj=zdnn

Date: 08/17/05 (IT Professionals)    Keywords: security, virus, microsoft

Worm strikes down Windows 2000 systems
Problems reported in three continents




WASHINGTON (CNN) -- A fast-moving computer worm Tuesday
attackedcomputer systems using Microsoft operating systems, shutting down
computers in the United States, Germany and Asia.

Among those hit were offices on Capitol Hill, which is in the midst of
August recess, and media organizations, including CNN, ABC and The New York
Times. The Caterpillar Co. in Peoria, Illinois, reportedly also had
problems.

A small number of computers in an administrative office at San
Francisco International Airport also crashed, but they were not essential to
the airport's operation, spokesman Mike McCarron said.

The FBI said the computer problems did not appear to be part of any
widespread attack.

While the worm affects primarily Windows 2000, it also can affect some
early versions of Microsoft XP, said Johannes Ullrich, director of the Sans
Institute, a network security firm based in Jacksonville, Florida.

Symptoms include the repeated shutdown and rebooting of a computer.

Microsoft has a downloadable patch on its security homepage,
Microsoft.com/security, a company spokesperson said. The spokesperson told
CNN that Microsoft would not estimate how many users have been affected and
described the problem as low-impact.

Lysa Myers, a virus researcher for the computer security firm McAfee,
Inc., said the worm exploits a vulnerability in Microsoft's plug-and-play
service. "How it's spreading is it's looking for machines that are unpatched
and running itself," she said.

What was causing the damage was unclear, although experts pointed to a
new worm called worm-rbot.cbq.

David Perry of Trend Micro, an Internet monitoring firm, said the
latest worm may have been derived from the Zotob worm, which was first
reported over the weekend.

Ullrich, of the Sans Institute, said Zotob "will connect to a control
server to ask for instructions. It scans network neighborhoods and tries to
infect them, as well."

Typically, the worm enters a system via a laptop connected to
unsecured networks, Ullrich said. "This laptop will infect your systems from
the inside."

Several versions of the worm have been released, some as late as
Tuesday, he said.

Around 5 p.m. problems began at CNN facilities in New York and Atlanta
before being cleared up about 90 minutes later.

The New York Times also was able to bring its systems back up, and
"newspaper production will not be affected," spokeswoman Kathy Park said.

The White House said it did not have reports of computer problems.

At any given time there are thousands of computer worms and viruses in
existence.

So far, the impact has not been as great as the 2003 Blaster virus
attack, said Jeff Havrila, a technical analyst with the U.S. Computer
Emergency Readiness Team, a coalition of public and private groups that
combats computer attacks.

He noted that improved firewalls and faster patches may have limited
the worm's spread.

He also said it is unclear how long the worm may take to run its
course, noting that many people are away on summer vacation and may be
affected only when they return.

Source: http://www.livejournal.com/community/itprofessionals/17559.html

Date: 08/17/05 (IT Professionals)    Keywords: software, security

CNN Reports:
A worm shut down computers running Windows 2000 software across the United States. More soon.

Zotob seems to only affect Win 2000 but it requires port 445 to be exposed to the Internet.. could that many Win2k machines really be that exposed?

xposted to itsecurity

Source: http://www.livejournal.com/community/itprofessionals/17180.html

Date: 08/20/05 (IT Professionals)    Keywords: technology, security, virus

I just got my associate's in science for computer network technology. I'm working on my A+ certification. I would like to finish up with a bachelor's for network security. I would love to do cyber crimes to hunt down pedophiles and hackers that put out viruses. I've been looking into many schools that offers that online. But I'm not sure how seriously employers would take a degree from an online school. Has anyone gotten a degree in network security on here? and if so, which school did you get it from? or if you know of any good schools that are well respected. Let me know. Thanks!

Source: http://www.livejournal.com/community/itprofessionals/18443.html

Date: 08/21/05 (Computer Help)    Keywords: security

Are there any ourTunes experts out there that could give me a hand? OurTunes used to work perfectly before I download a security update for Tiger. Now it seems to be working but saves the music files as documents in the choosen folder. I've deleted and redownloaded but to no avail. Help?

Source: http://www.livejournal.com/community/computer_help/470969.html

Date: 08/20/05 (Security)    Keywords: software, security

A security bug in Internet Explorer discovered this week mostly affects users of certain developer tools, the software giant says.

Source: http://news.zdnet.com/Microsoft%3A+New+IE+flaw+limited+in+scope/2100-1009_22-5840367.html?part=rss&tag=feed&subj=zdnn

Date: 08/22/05 (IT Professionals)    Keywords: software, security, microsoft

French information security company that sells early exploit warning services has released a zero-day exploit that attacks all versions of Microsoft Internet Explorer.

 » Releasing zero-day exploits to sell a product George Ou ZDNet.com

As companies are still picking up the pieces from the Zotob worm and its malicious siblings, a French information security company that sells early exploit warning services has released a zero-day exploit that attacks all versions of Microsoft Internet Explorer.  The same company also released exploit code for the Windows PNP (Plug and Play) vulnerability less than 24 hours after Microsoft released a fix which led to the birth of the Zotob worm 5 days later.  Many companies running Windows 2000 were not prepared to patch their systems on such short notice and they were hit the hardest.  The release of this new exploit is even more alarming since it affects all instances of Internet Explorer and Microsoft has not had a chance to release a patch for this exploit.

Microsoft responded by issuing an emergency security advisory which offers some temporary workarounds to the issue.  Since the instructions are a little confusing for the average user, I wrote this explanation and some scripts to automate the Microsoft workaround and SANS wrote their own set of utilities for automating this temporary fix the same day.  I would highly recommend that everyone apply the temporary workaround since the exploit code is out in the wild.

Last month when Cisco sued Michael Lynn for simply talking about a Cisco vulnerability that was supposedly already patched by Cisco, I defended Lynn because Cisco had plenty of fair warning and Lynn wasn't releasing any actual exploit code.  This case is the exact opposite because a company is releasing the actual exploit code without giving the software maker any time to issue a fix and they're doing it in a way to benefit their own business which borders on a "protection" racket.  Since the company is located in France, legal challenges are a bit tricky.  It's mind boggling that this sort of thing is even allowed in a civilized world governed by the rule of law.

Source: http://www.livejournal.com/community/itprofessionals/19168.html

Date: 08/22/05 (Security)    Keywords: software, technology, security

The ISP will buy Aluria's assets and integrate the technology into its upcoming security software bundle.

Source: http://news.zdnet.com/EarthLink+nabs+Aluria%27s+anti-spyware/2100-1009_22-5841387.html?part=rss&tag=feed&subj=zdnn

Date: 08/24/05 (Security)    Keywords: security

Security firm Sunbelt warns that personal information is still being gleaned from infected machines.

Source: http://news.zdnet.com/Servers+keep+churning+in+ID+theft+case/2100-1009_22-5842723.html?part=rss&tag=feed&subj=zdnn

Date: 08/25/05 (Security)    Keywords: technology, security

The online security company will buy Vocent and add its biometric voice recognition technology to its authentication services.

Source: http://news.zdnet.com/PassMark+picks+up+voice+authentication/2100-1009_22-5842835.html?part=rss&tag=feed&subj=zdnn

Date: 08/26/05 (Java Web)    Keywords: mysql, sql, security, web, hosting

One of the strong security concerns in shared hosting environments is whether your sensitive data like MySQL server login/password or other login/password is actually safe from other users sharing the same web hosting machine. Few shared hosting providers do not provide telnet/ssh. They are normally more secure. However I would not recommend them for two [...]

Source: http://blog.taragana.com/index.php/archive/how-to-determine-if-your-sensitive-data-is-safe-in-shared-hosting/

Date: 08/28/05 (Computer Help)    Keywords: security, virus, antivirus, yahoo, google

I cannot check Gmail. When I try to get to the Gmail.com page, Firefox says "The connection was refused while trying to contact www.google.com . But I can get onto Google just fine, I can't get to Gmail. And I can't log onto Google Talk, either.

I can get onto LJ just fine. I can get on AIM. I just can't check my Gmail.

I was online last night and it worked fine, then my sister got online [which is something I say a lot because it's always after she's on that something goes wrong] and she couldn't get to Yahoo Mail because Norton Internet Security launched the Parental Controls and blocked Yahoo, saying "Norton Antivirus blocked the page http://mail.yahoo.com" or something like that. So I went around and reset the accounts to allow Yahoo Mail and it was fine, so I thought. But when I got back on, I couldn't access Gmail. I cleared my cache, cookies, passwords, history, and rebooted. I ran MSCONFIG and set my startup to run all the programs it ran when I bought the computer, because I'd set it yesterday to not run anything it didn't need to. I thought that would make it better, but I didn't notice a change at all. I tried using IE, Mozilla, and Netscape after that. They all said "The connection was refused while trying to contact www.google.com" except for IE which pulled up a "This page could not be displayed" page.

When I got online this morning, my DSL box said that everything was connected and running, but Firefox would not load anything, AIM would not connect, and Google Talk still wasn't working. I restarted again and tried Firefox again and still no Gmail. LJ is fine, AIM is fine, GTalk is still not working.

Scratch that, GTalk just started working right now and told me I have 7 emails. I tried to check them through a link GTalk, but it said "The page you requested is invalid."

I'm completely stumped. I just bought this computer, a Compaq at Circuit City [I don't remember the model, but it was $374 which was all I had enough for] two weeks ago and have had problems with it since I bought it. I have an old eMachines that ran Win95 when I bought it, and even though it was on the fritz all the time, it is running better than this computer is, but it's not connected to the internet, so that might be what's making it go faster.

Does anyone have any idea what could be blocking me from using Gmail?

[Edit: It is now working, after trying for an hour. I've always had a problem on this computer with it not starting Gmail when I first connect. Is that a normal problem or is there any way to fix it?]

Source: http://www.livejournal.com/community/computer_help/476561.html

Date: 08/29/05 (Security)    Keywords: security, microsoft

Microsoft is talking up Secure Startup in Windows Vista, the sole piece of its original hardware-based security plan to make it into the OS.

Source: http://news.zdnet.com/Microsoft%27s+leaner+approach+to+Vista+security/2100-1009_22-5843808.html?part=rss&tag=feed&subj=zdnn

Date: 08/29/05 (Security)    Keywords: security

Taking stock of Hurricane Katrina's destructive might, IT managers may want to develop disaster-recovery plans, security expert says.

Source: http://news.zdnet.com/Safeguarding+IT+against+the+next+Katrina/2100-1009_22-5844041.html?part=rss&tag=feed&subj=zdnn

Date: 08/30/05 (Security)    Keywords: software, security, microsoft

Commentary--Counterpane CTO Bruce Schneier says Microsoft is stalling the adoption of a best-practices document on software security to make sure it doesn't apply to the next version of Windows.

Source: http://news.zdnet.com/Is+Microsoft+skirting+the+issue%3F/2100-1009_22-5844520.html?part=rss&tag=feed&subj=zdnn