February 27, 2002 | Byte
- As we have said in the past: Never, ever, open a file attactment
to a e-mail message until you check with the sender first.
This article from Chaos Manor has an example of this
and also discusses system upgrades. A worthwile read.
February 13, 2002 | CNet
- A government-backed computer security group warned of a
security flaw that could make computers across the Internet
and within company networks vulnerable to hackers.
January 9, 2002 | CNet
- Antivirus companies warned PC users Tuesday that future
Macromedia Flash movies could carry malicious viruses and
worms.
January 2, 2002 | Microsoft
- Microsoft has created a page that will check your Internet
Explorer browser for the latest security upgrades. Windows
Assistance tried it using Windows 98 and IE 5.5 and all it
did was recommend upgrading to IE 6.0. Give it a try and see
what you think.
December 22, 2001 | NY
Times - Consumers and corporations using Microsoft Corp.
new Windows XP software are being warned by the FBI
to take added steps against hackers who might try to take
advantage of major flaws. see
note
December 20, 2001 | Microsoft
- Unchecked Buffer in Universal Plug and Play can Lead to
System Compromise. This could result in intruder running code
of their choice. This is not a trival security breach.
It can destroy your entire file system if not fixed!
Expect more bulletins involving Microsoft software with unchecked
buffers.
December 17, 2001 | Microsoft
- This is a cumulative patch that, when installed, eliminates
all previously discussed security vulnerabilities affecting
IE 5.5 and IE 6. In addition, it eliminates three newly
discovered vulnerabilities. This patch supercedes
MS01-055. To download the patch go directly to the Download
page.
Important Note: Before you can apply the patch to
IE 5.5 you must have installed SP2. This Service Pack is a
17MB download. Suggest you get someone with fast Internet
access and then once downloaded burn to a CD. IE5.5 SP2 can
be downloaded from
this page.
Is it just us or Microsoft? Tried to install patch for IE6.0
and was informed we needed to have IE6.0 installed. Excuse
me! We have IE6.0 installed on Windows XP just like Microsoft
installed it!
October 31, 2001 | CNet
- A new variant of the Nimda worm has started spreading
slowly throughout the Asia-Pacific region, antivirus experts
said Tuesday.
The variant, called Nimda.E, spreads using
the same methods as the original worm, but its files
have been renamed to mimic existing Windows files.
August 8, 2001 | CNet
- Adobe's popular PDF file format --
known to anyone who's ever
called up a tax form on the IRS Web site -- has generally been considered immune
to viruses. But a new virus carried by programs embedded in PDF files raises
concerns that the format itself could become susceptible.
July 24,
2001 | LA
Times - The nation's leading Internet
security group issued an extraordinary warning Monday
that vast numbers of home computers with high-speed
Internet connections are being targeted by hackers who
use them to launch potentially devastating online
attacks.
July 24,
2001 | LA
Times - Practicing Safe Computing Can Minimize
Chances of Invasion. Home users can take
several easy steps to avoid being infected with the
tools used by hackers to launch online attacks.
note: The two above LA Times articles may
not be online for long. I advise everyone to read
these stories and learn all you can about online
security. Finally go to CERT's
page on safe online security.
July 23, 2001 | PC-cillin.com
- W32.Sircam.Worm: This worm is a high-level
program created in Delphi that propagates via email
using SMTP commands. It sends copies of itself to all
addresses listed in an infected user's address book
and in temporary Internet cached files. It arrives
with a random subject line, and an attachment by the
same name.
June 11, 2001 |
CNet
- A program created to
automatically overload Microsoft's Web and e-mail servers has been discovered on
several corporate networks and may have spread further on the Internet,
anti-virus researchers said Friday.
June 1, 2001 | Trend-Micro - This hoax warns
against a virus contained in a file called SULFNBK.EXE,
that arrives hidden in an email message.
SULFNBK.EXE is a Windows System file that is
installed in the Windows Command folder when the
Windows Operating System is installed. Therefore, the
presence of this file does not necessarily mean a
system is infected.
SULFNBK.EXE is a utility used to restore
long file names on the Start menu, when it is replaced
with MS-DOS-compatible (short) file names in 8.3
format. For example, the Accessories folder on the
Start menu may be displayed as "Access~1" if
the SULFNBK utility is not installed.
This file is not destructive or malicious,
but it can be infected with a virus and could be mass
mailed. The virus PE_MAGISTR.A.
is capable of using the SULFNBK.EXE file to propagate.
If you receive an email with the attachment
SULFNBK.EXE there is a possibility that the file is
infected. Trend Micro recommends that you scan your
system with HouseCall,
Trend Micro's free online virus scanner.
If you fell for the scam and deleted sulfnbk.exe
then see the article
on how to recover this file from your Windows CD.
May 24, 2001 | PC
World - CERT/CC, one of the most important
reporting centers for Internet security problems, has
been offline sporadically this week due to a
distributed denial of service attack.
April 27, 2001 | PC
World - Customers of software giant's Premier
Support service could have been infected, company
says.
April 19, 2001 | PC
World - Can hackers trick Explorer into misrepresenting file types, disguising viruses?
Microsoft's Windows Explorer and Web browser Internet Explorer can be tricked into masking dangerous files as innocent ones, a security specialist says.
March 31, 2001 | Central
Command - W32.Winux is the world’s first cross
platform virus capable of infecting computers using
both the Microsoft Windows and Linux operating
systems.
March 29, 2001 | Microsoft -
The Security
Bulletin Search Page now includes a search
function that will let you view all of the security
patches available for a particular product according
to the service packs you've installed on your system. Microsoft
stated that this feature was a most requested
improvement. Gee, I wonder why?
This is just the latest step in the campaign to
simplify the process of keeping systems secure, which
Microsoft outlined in a recent security
essay.
March 21, 2001 | NY
Times - Two cryptologists announced yesterday that they had found a flaw in the most widely used program for sending encrypted, or coded, e-mail messages. If confirmed, the flaw would allow a determined adversary to obtain secret codes used by senders of encrypted e-mail.
see note
March 7, 2001 | Trend-Micro
- Naked Wife Email Virus. The email has the subject line
"FW: Naked Wife" and the attachment NakedWife.EXE.
NakedWife.EXE is a Flash program. Do not start or
save the attachment. This is a very destructive
program.
Upon execution the attachment displays a "Flash"
window. While the window is displayed, this Trojan deletes files with the following file extensions in the Windows and System directories:
DLL, INI, EXE, BMP, LOG and COM.
It propagates via MS Outlook and Outlook Express, by sending out an email to every email address listed in the infected user's address book.
February 21, 2001 | AnchorDesk
- David Coursey, Executive Editor, AnchorDesk, has
developed a simple 5-point plan for protecting your
data.
February 14, 2001 | WinAssist - On
February 13, 2001 PBS aired a Frontline
documentary about computer hacking, Hackers.
Prominent throughout the documentary was mention of a program
called BackOrifice. Back in August, 1998 Microsoft
issued a Security Bulletin, MS98-010, outlining the dangers
of BackOrifice. Check it out. Then travel to the PBS
site for the documentary.
February 13, 2001 | C-Net
News - [update] A virus posing as a photo of Russian tennis player Anna Kournikova spread aggressively on Monday, as major security companies rushed to update their
anti-virus software to detect the fast-spreading e-mail virus.
February 7, 2000 | C-Net
News - A maker of anti-virus software warns that computer users may not have learned much from the "Love" bug, which caused so much disaster for Internet users last May.
February 5, 2001 | NYTimes.com
| A New Trick Gives Snoops Easy Access to E-Mail.
January 26, 2001 | Microsoft - Microsoft
has released a patch, MS01-002, that eliminates a security
vulnerability in Microsoft® PowerPoint 2000. The vulnerability
could allow a user to construct a PowerPoint file that, when
opened, could potentially run code on the reader’s system.
note: The patch for this fix has been updated since
it's original release.
January 20, 2001 | PC
World - Remember Melissa? It's been almost two years since that
infamous
worm swept through the world's e-mail servers, spreading faster than any
virus ever had before. Now a new variant of Melissa threatens to get past the
defenses designed to protect us from the original.
January 19, 2001 | C-Net
News - C-Net reports on several new viruses that
are hitting various OSs and applications, including Shockwave.
January 19, 2001 | Gibson
Research - LeakTest
is used to check your firewall's vulnerability to an
extremely common and easily exploited design flaw
revealed by this test. At this time, every firewall
but one is vulnerable to this danger, and some are
more vulnerable than others.
November 10, 2000 | CERT
- There continues to be new variations of the Love-Letter
e-mail virus. This one has the subject line: 'US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (http://WWW.2600.COM)<='
and the body contains: 'VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURES..'
with an Attachment: (random_name.ext).vbs'
Do not open the attachment. Destroy the email message.
To review what damage this virus can do go to the 'CERT® Advisory CA-2000-04 Love Letter Worm.'
October 10, 2000 | Chaos
Manor - The Covert team at pgp.com have identified a huge hole in the architecture of Microsoft's
NETBIOS-based data communications architecture. This remote exploit (so named because someone can do this from practically anywhere, so long as both he and his target are connected by either the Internet or a private network) gives malicious individuals the ability to fool any Windows 9x/NT/2000 computer into connecting to a network share or other service of the attacker's choice, thus setting the stage to execute a Trojan that will give him the ability to take control of the targeted computer.
September 22,
2000 | New
worm creates a new notepad.exe of it's own. Once
on your computer it will spread itself to other
computers and also has the capability to load and run
far more dangerous programs. The link above will give
details but it also provides you with a special
registry file that will allow you to remove this
worm's entries in the registry.
August 26, 2000 |
CERT
- A serious problem in the handling of certificates when encrypting
with PGP versions 5.5.x through 6.5.3 has recently been discovered.
Note:
The NY Times requires that you register. Do it. They
require very little information for what is probably the best
general news site on the web.
|