Microsoft is preparing to release six software updates on Tuesday, four of which will fix ‘critical’ vulnerabilities in Windows or its components. Two of the ‘critical’ bulletins address flaws in Windows XP, 2000 and Server 2003. A flaw in versions 5.01, 6.0 and 7.0 of Internet Explorer spans all currently supported versions of Windows including Vista. It ranges in severity, however.
Read more…
Web servers running Microsoft’s IIS software are twice as likely to host malware as other site servers, it was claimed this week. Nagendra Modadugu, of Google’s newly-formed Anti-Malware Team, based his claims on an analysis of 70,000 domains that were either distributing malware or hosting attack code.
Read more…
A Chilean gay rights group claims its Web site was hacked by a Chilean skinhead group. Calling itself the Skinheads from Pitana, the supremacy group allegedly removed from the gay right’s Web site a banner featuring actors supporting the group known as the Movement for Homosexual Integration and Freedom, or MOVILH, the Santiago Times reported Wednesday. In its place, the hackers pasted a large picture of skinheads.
Read more…
IronPort Systems has announced the introduction of the IronPort X1050 e-mail security appliance. The IronPort X1050 offers a significant increase in performance, scanning more than 2.5 million messages per hour. This is 400% more processing power than IronPortâs previous generation of carrier-class appliances, the IronPort X1000, and as much as 10 times the performance of competing systems.
Read more…
PHP version 5.2.3 released at the beginning of the month purported to eliminate a security vulnerability in the chunk_split() function that splits strings into user-defined substrings. However, according to the PHP security specialist and co-initiator of the Month of PHP Bugs Stefan Esser, this is actually not the case. According to Esser, the original fix was not only malfunctional, but more or less even nonsense, since it only pushed the fundamental problem, an integer overflow, into another line in the source code. An additional fix has been now developed which is supposed to finally eliminate the bug – thus far, however, it has been reported officially only in CVS from PHP.
Read more…
Out of the top five search engines, Yahoo returns the riskiest sites for users, according to security vendor McAfee. In research published on Monday by McAfee SiteAdvisor, 5.4 percent of Yahoo searches returned links to “risky” internet sites. AOL was found to be the safest of the top five, with 2.9 percent of sites. According to McAfee SiteAdvisor, Yahoo returned the most results rated “red” or “yellow”. “Red” rated sites failed McAfee SiteAdvisor’s safety tests. “Examples are sites that distribute adware, send a high volume of spam, or make unauthorised changes to a user’s computer,” said the report. Examples of “Yellow” rated sites are those which send a high volume of “non-spammy” email, display many pop-up ads, or prompt a user to change browser settings.
Read more…
MICROSOFT IS showing all comers how to hack into its Internet Information Server and is not giving any hints how to work around the problem. The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature. Apparently versions 5.x allow bypass of basic authentication by using the “hit highlight” feature. The hit-highlighting feature can be used by an unauthorised user to nick documents.
Read more…
One of the most popular mail solutions on the Internet, Google’s Gmail, was again affected by a vulnerability that can permit an attacker to view or delete some of the messages stored into an account. The Mountain View company’s employees were quite quick in fixing the flaw and managed to repair it in a few hours since it was reported. Basically, the vulnerability could be exploited through a malicious page that provided the attacker the access to the Gmail account. As The Hacker Webzine reports, it is extremely dangerous because the giant Google keeps all its web-based services such as Calendar, AdWords and Gmail on the same sign-on technology. Using a simple vulnerability discovered in the mail solution, the hacker would be able to access all these services.
Read more…
Security researchers have warned of new vulnerabilities in Mozilla’s Firefox and Microsoft’s Internet Explorer. In a posting to the Full Disclosure mailing list, security researcher Michal Zalewski outlined two vulnerabilities in each of the popular browsers. The vulnerabilities could allow attackers to overwrite the URL bar, or steal user data and remotely download and execute code.
Read more…
Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology, new research claims.
Read more…