Date: 02/08/07 (Security)    Keywords: security, microsoft

Slew of Patch Tuesday security updates will include "critical" fixes for Windows, Office and Microsoft's security tools.

Source: http://news.zdnet.com/2100-1009_22-6157698.html

Date: 02/08/07 (Security)    Keywords: security, virus, antivirus

A serious security hole in a wide swath of the company's antivirus products could let an outsider crash or hijack a computer.

Source: http://news.zdnet.com/2100-1009_22-6157554.html

Date: 02/09/07 (Security)    Keywords: security

Security improvements in Office 2007 mean cyberattackers will focus on flaws in other desktop applications, security experts warn.

Source: http://news.zdnet.com/2100-1009_22-6157960.html

Date: 02/09/07 (Security)    Keywords: security, spyware

Congress has tried for years to enact spyware regulations and restrictions on Social Security numbers, with no luck so far.

Source: http://news.zdnet.com/2100-1009_22-6157826.html

Date: 02/13/07 (Security)    Keywords: security

The multibillion-dollar player in security tools for businesses plans to move into the lucrative consumer market later this year.

Source: http://news.zdnet.com/2100-1009_22-6158757.html

Date: 02/13/07 (Security)    Keywords: security

Company releases patches for 20 security flaws in many products, but none of the Windows problems affect the recent update.

Source: http://news.zdnet.com/2100-1009_22-6159053.html

Date: 02/13/07 (Security)    Keywords: security

Security bugs in Sun Microsystems' telnet service could allow attackers to gain unauthorized access to a system.

Source: http://news.zdnet.com/2100-1009_22-6158955.html

Date: 02/14/07 (Security)    Keywords: security

Financial institution failed to operate effective security measures to protect customers from data theft, government watchdog agency says.

Source: http://news.zdnet.com/2100-1009_22-6159349.html

Date: 02/15/07 (Security)    Keywords: software, security, microsoft

Microsoft is working to patch a security flaw in its word-processing software that is being used in targeted cyberattacks.

Source: http://news.zdnet.com/2100-1009_22-6159824.html

Date: 02/16/07 (Security)    Keywords: security

News of holes in security appliances come a few days after company patches operating system bugs.

Source: http://news.zdnet.com/2100-1009_22-6160109.html

Date: 02/16/07 (Security)    Keywords: security, web

Recently disclosed security holes that affect Internet Explorer 7 and Firefox could let attackers grab data via malicious Web sites.

Source: http://news.zdnet.com/2100-1009_22-6160186.html

Date: 02/17/07 (Computer Help)    Keywords: browser, java, security, web, linux

This applies to any platform that runs Java, be it Mac, PC Windows or PC Linux. This also applies to any browser that supports Javascript, including all versions of IE, Firefox and Safari.

If you own or buy a Linksys, DLink or Netgear wired or wireless router/firewall box to allow you to share your broadband throughout your household, make sure you change the administrator password on that unit from the factory default. It doesn't matter if your router does not accept administrative connections from the outside - this attack comes from the inside of your network. (Most routers now ship with external admin access turned off, although you can turn it on if you need to get to your router remotely . . . but again, make sure you set a STRONG admin password if you turn that option on for any reason.)

A new exploit uses JavaScript and can access the routers settings from inside your network when you allow that script to run on your computer. The malicious code can be embedded within Javascript that you might want to trust, like - for example - a game applet. Simply surfing a compromised site and allowing Java to run in your browser is enough to get hacked. It may not trigger your browsers security settings, as it never attempts to access or change local files on your computer.

In the background, out of your sight, the script looks up your networks internal gateway address. It then attempts to logon to your routers admin panel using that IP. It can guess the password from one of about five typical login combinations that are widely used by almost all home router manufacturers as their factory setting. It takes advantage of the fact that many owners never change that password.

Once it has control, it changes the DNS settings on your router to point at a hackers "poisoned" DNS server. The idea is that when you browse to your bank (for example) using the correct URL or bookmark, the router looks at the compromised DNS server and sends you off to a phishing site that could look exactly like your banks login site. From there they capture your user ID, password, and of course your bank account.

Simply logging into your routers panel and changing the Admin password to your own unique password will stop this attack.



1) Open your network settings, and look at the Status of your LAN connection. In Windows click on the Support tab. (Not sure how to get this on a Mac, anyone that knows feel free to chime in.) You should see a gateway IP address listed.

2) Enter that IP address into the URL field in any web browser. That's the address for your routers administration panel.

3) You will see a request to login. Try these combinations (or refer to your routers owners manual):

User: (blank)
Password: password

User: (blank)
Password: admin

User: (blank)
Password: (blank)

User: admin
Password: password

User: admin
Password: admin

Once you log in successfully, you will see your routers control panel.

4) Refer to your owners manual, or surf the control panel (usually under Setup, or Password, or Administrative Settings) for the Administrators Password reset. Enter in the old password (factory default) in the first field, and your new password twice in the second and third fields, then save or apply your settings.

5) Close your browser, and re-open it to the same gateway IP address, and test the login with your new password. Do NOT check any box that offers the option to remember your password.

Voila, you will not be vulnerable to this particular attack.

-- X-posted from my own Livejournal --

Source: http://community.livejournal.com/computer_help/747016.html

Date: 02/18/07 (Computer Geeks)    Keywords: software, security

At work, I have some Windows XP systems that are considered to be "kiosks" - that is, they are available to anyone who walks up to them, as a convenience, while they're in my lab. As you can imagine, there's a potential for these systems to get crufted up with people's personal files, extraneous software that people install, they could make configuration changes to the system, and the like. And as it turns out, my company has some IT security rules about systems like this, mandating that on a periodic basis, extraneous files and such must be removed from publicly accessible systems.

What I would like to do with these systems is something like this: partition the drive so that there is a primary partition that Windows boots from, and an additional partition (preferably hidden somehow, so people can't mess with it) on which is a Ghost image (or something similar) of a "fresh install" of the system. Then, on a periodic scheduled basis (maybe once a week, in the middle of the night on a weekend), the system automatically rebuilds itself from the Ghost image, returning itself to a pristine "freshly installed" state, and effectively removing anything that anyone has left there and undoing any configuration changes that they've made.

What is the best way to go about doing something like this? The publicly available computers at the local public library actually do this on a nightly basis (though I think they get their "fresh install" image over the network, rather than from a partition on the hard drive), so I know it's possible. But I don't know where to even look for products that would accomplish this.

Any hints?

Source: http://community.livejournal.com/computergeeks/1040201.html

Date: 02/21/07 (Security)    Keywords: software, security, google

Google plugs security holes in popular desktop search software that could open up data on a PC to intruders.

Source: http://news.zdnet.com/2100-1009_22-6161171.html

Date: 02/22/07 (Security)    Keywords: security

Small banks fed up with footing the bill for other companies' security leaks support the effort. But what does it mean for consumers?

Source: http://news.zdnet.com/2100-1009_22-6161536.html

Date: 02/23/07 (Security)    Keywords: security

Updates to both old and new versions of Firefox and Thunderbird seek to address security and stability issues.

Source: http://news.zdnet.com/2100-1009_22-6161850.html

Date: 02/26/07 (Security)    Keywords: software, security

The risky security holes are in tools commonly provided by software makers and ISPs to provide remote tech support.

Source: http://news.zdnet.com/2100-1009_22-6162278.html

Date: 02/26/07 (Security)    Keywords: security

New flagship consumer product is the company's latest salvo in the fight for consumer security dollars.
Read the review of Norton 360

Source: http://news.zdnet.com/2100-1009_22-6162139.html

Date: 02/27/07 (Javascript Community)    Keywords: java, security

Hi, my name is Sam, i am new to the community. I am also a new agent in the Mod-x security challenge games. The main reason i have joined this community is to ask a few questions regarding javascript. Does anyone know how to access the password for a javascript passowrd protected page?
Thank You
-Sam

Source: http://community.livejournal.com/javascript/128257.html

Date: 02/27/07 (Security)    Keywords: security

Legal threat from HID prompts security researchers to cancel discussion on flaws of radio tag-embedded building access ID cards.

Source: http://news.zdnet.com/2100-1009_22-6162547.html