A Stopgap Fix for the IE8 Zero-Day Flaw
Microsoft has released an stopgap solution to help Internet Explorer 8 users blunt the threat from attacks against a zero-day flaw in the browser that is actively being exploited in the wild.
Tag Archives: microsoft
SWATting Incidents Tied to ID Theft Sites?
Many readers have been asking for an update on the “SWATting” incident at my home last month, in which someone claiming to be me called in a phony home invasion in progress at my address, prompting a heavily armed police response. There are two incremental developments on this story. The first is I’ve learned more about how the hoax was perpetrated. The second is that new evidence suggests that the same party or parties responsible also have been SWATting Hollywood celebrities and posting their personal information on site called exposed.re.
Privacy 101: Skype Leaks Your Location
The events of the past week reminded me of a privacy topic I’ve been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.
The Obscurest Epoch is Today
To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.
Help Keep Threats at Bay With ‘Click-to-Play’
Muzzling buggy and insecure Web browser plugins like Java and Flash goes a long way toward blocking attacks from drive-by downloads and hacked or malicious Web sites. But leaving them entirely unplugged from the browser is not always practical, particularly with Flash, which is used on a majority of sites. Fortunately, there is a relatively simple and effective alternative: Click-to-Play.
Fat Patch Tuesday
Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.
Microsoft, Symantec Hijack ‘Bamital’ Botnet
Microsoft and Symantec said Wednesday that have teamed up to seize control over the “Bamital” botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.
Flaw Flood Busts Bug Bank
The Common Vulnerability & Exposures (CVE) index, the industry standard for cataloging software security flaws, is growing so rapidly that it will soon be adding a few more notches to its belt: The CVE said it plans to allow for up to 100 times more individual vulnerabilities to be indexed each year to accommodate an increasing number of software flaw reports.
Spam Volumes: Past & Present, Global & Local
Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years. Below is a graphic that’s based on spam data collected by Symantec’s MessageLabs. It shows that global spam volumes fell and spiked fairly regularly, from highs of 6 trillion messages sent per month to just below 1 trillion. I produced this graph based on Symantec’s raw spam data.
Microsoft Issues Fix for Zero-Day IE Flaw
Microsoft today deviated from its usual monthly patch cycle in issuing an emergency security update to fix a critical security hole in its Internet Explorer Web browser that attackers have been exploiting to break into Windows PCs.
