Anti-phishing features inside popular browsers are failing to curb the onslaught of emails that attempt to steal confidential information. Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2.0 incorporate blacklists that warn users when they attempt to visit known phishing websites.
Faculty members at the University of Virginia have had their personal records hacked, including salary details and social security numbers. The hack, which is believed to have gone undetected for two years, netted details on over 6,000 staff who had taught at the university from 1990 to August 2003. The hacker defaced a web page on the university’s portal and when IT staff cleaned up they found evidence of the attack. “We sincerely regret the distress this causes to our colleagues,” said James Hilton, vice president and chief information officer at the University of Virginia.
GLOBAL – Microsoft has unveiled a partnership with Linux vendor Xandros that mimics the controversial Novell deal. The Redmond giant will provide Xandros users with a patent covenant that protects users from intellectual property claims. Microsoft will provide the patent licence directly to the end user, which allows it to circumvent patent licensing requirements in the General Public Licence (GPL) which governs Linux. Both companies said that they will collaborate to improve interoperability between Xandros and Microsoft software for servers and systems management.
Microsoft is preparing to release six software updates on Tuesday, four of which will fix ‘critical’ vulnerabilities in Windows or its components. Two of the ‘critical’ bulletins address flaws in Windows XP, 2000 and Server 2003. A flaw in versions 5.01, 6.0 and 7.0 of Internet Explorer spans all currently supported versions of Windows including Vista. It ranges in severity, however.
Web servers running Microsoft’s IIS software are twice as likely to host malware as other site servers, it was claimed this week. Nagendra Modadugu, of Google’s newly-formed Anti-Malware Team, based his claims on an analysis of 70,000 domains that were either distributing malware or hosting attack code.
Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology, new research claims.