Today's featured artist:
Visit Studio Blue for more on bernie
Mission Statement
The mission of the Amazon Conservation Team (ACT) is to work in partnership with indigenous people in conserving biodiversity, health, and culture in tropical America.
Microsoft Tackles Vista, Virtualization Patches
By Lisa Vaas
Patch Tuesday finds Microsoft addressing a host of security issues with Vista and virtualization.
Patch Tuesday brings with it a host of security issues with Vista, issues with virtualization and a fun time for system administrators who deal with clients using some wildly popular Microsoft applications: Internet Explorer and Excel.
On Aug. 14, Microsoft released nine security patches for 14 vulnerabilities, with six of the updates rated critical, in its biggest patch release since February.
Today's featured artist:
Visit Studio Blue for more on bernie
Facebook Leaks Its Own Code
By Lisa Vaas
Facebook reveals part of its source code on a blog named Facebook Secrets due to a server error.
Social networking site Facebook on Aug. 12 posted Facebook's homepage source code onto a newly created blog named Facebook Secrets on Aug. 12 and is now telling people not to use it.
Biggest Pump-and-Dump Scam Ever Spikes Spam 445%
By Lisa Vaas
August 10, 2007
The largest spam scam ever tracked increased the spam count by 445 percent in one day.
The largest spam attack ever tracked wound down Aug. 9 after delivering enough big, fat PDF files to increase total spam size 445 percent in one day, according to Postini, a hosted e-mail filtering company that's been tracking the attack since it started Aug. 7.
Researchers Crack the iPhone
By Lisa Vaas
July 23, 2007
Updated: Apple's popular multifunctional device can be exploited for data theft or snooping purposes, according to a security firm.
A security firm has run the first remote exploits on Apple's iPhone, proving that the widely popular smart phone is vulnerable not only to data theft but also to being turned into a remote snooping device.
A trio of researchers from Independent Security Evaluators—Charlie Miller, Jake Honoroff and Joshua Mason—have created an exploit for the iPhone's Safari Web browser wherein they use an unmodified device to surf to a maliciously crafted drive-by download site. The site downloads exploit code that forces the iPhone to make an outbound connection to a server controlled by the security firm.
Today's featured artist:
Visit Studio Blue for more on Derek Powazek
Author Claims Mac OS X Worm 'Ready to Go'
By Lisa Vaas
The same troll who claimed to have intercepted and reverse-engineered Dino Dai Zovi's QuickTime exploit from the Mac Pwn-to-Own contest at CanSecWest said over the weekend that he or she now has a Mac OS X worm loaded and ready to go.
Mission Statement
Leading progressive advocacy and strengthening the progressive movement to ensure robust and equal access to levers of government power.
Australian Government Sues Google over Deceptive AdWords
Thursday, July 12, 2007 10:06 AM/EST
An Australian government consumer advocacy group is suing Google for "misleading and deceptive conduct" in its SERP AdWords.
A Six-Pack of iPhone Hangover Cures
Mission
The A.J. Muste Memorial Institute is a nonprofit charitable foundation established in 1974 to honor the legacy of pacifist leader A.J. Muste and to further his belief that nonviolent action is the means to achieve social and economic justice. We do this by providing grants, resources and a wide range of support to activist organizations that use nonviolent strategies to oppose war and promote justice and by publishing and distributing educational materials about nonviolence.
Does the CIA's Dark Past Foretell Current Data Abuse?
By Lisa Vaas
News Analysis: With the CIA's release of reports on 25 years of illegal exploits, data privacy advocates now have a lengthy record of abuses to justify restraining governments' access to personal data.
With the CIA's June 26 release of documents detailing 25 years of illegal exploits, data privacy advocates now have a book-length record of misdeeds—including examples of data abuse such as wiretapping—to back up their arguments that personal data is better off when kept out of the hands of an unsupervised government or law enforcement agency.
Today's featured artist:
Visit Studio Blue for more on ProjectK777
Don't Hold Your Breath for a MS DNS Hole Patch
Microsoft says it hopes to patch the hole in its Domain Name System Server—which is now leaving vulnerable PCs open to a worm attack—by "no later" than Patch Tuesday in May.
Microsoft teams are working around the world and around the clock to get a fix out for the May 8 security bulletin release, the MSRC's Christopher Budd wrote in the security center's blog on Tuesday night.
Budd said that Microsoft teams are now developing and testing 133 separate updates, including one in every language for every currently supported version of Windows servers.
"Each of these has to be tested to ensure they effectively protect against the vulnerability," Budd said. "Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing."
EIGHTEEN YEARS OF SERVICE (1988-2006)
International Relief Teams mobilizes volunteers and distributes medical supplies to support the
organization’s four missions: 1) domestic and international disaster relief, 2) medical education and
training, 3) surgical and clinical outreach, and 4) public health. Volunteer medical teams augment local
health care professionals during natural disasters and other crises, conduct comprehensive in-hospital
training in cardiac resuscitation, obstetrical and neonatal care, and perform surgery in remote,
impoverished areas where specialists do not exist. Volunteer construction teams repair homes
damaged by natural disaster, build public health facilities, and conduct community-based construction
training. IRT also sponsors peer-counseling programs to reduce mother to child HIV/AIDS
transmission. Since 1988, IRT has provided more than $5.1 million in volunteer services, and more
than $96 million in medicines and supplies to families in desperate need worldwide.
Today's featured artist:
Visit Studio Blue for more on Scarlett1313
By Brian Prince
Microsoft Investigates DNS Attacks
Microsoft is investigating attacks exploiting a vulnerability in the Windows Server Domain Name System Service, as well as two types of hacks targeting Vista's OEM BIOS activation feature.
A company spokesperson said a very limited number of attacks exploiting the flaw in the Windows Server DNS Service have been seen in the wild.
"Our investigation reveals that this vulnerability could allow a criminal to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM," a Microsoft spokesperson said.
Today's featured artist:
Visit Studio Blue for more on mareblu
Symantec Patches Flaw in Enterprise Security Manager
By Brian Prince
Symantec has patched a security hole in its Enterprise Security Manager tool that allows attackers to take control of infected machines.
The Cupertino, Calif., company cautioned users in an advisory that all versions of ESM, except version 6.5.3, are vulnerable to a remote code execution attack. The problem, officials at the anti-virus vendor reported, is that the ESM agent remote upgrade interface does not authenticate the source of remote upgrade requests – a vulnerability that can be exploited to launch malware via a specially crafted upgrade request.
Today's featured artist:
Visit Studio Blue for more on SanguineVamp
Today's featured artist:
Visit Studio Blue for more on Yvonne
ANI Patch: The Day After
Microsoft's release of the patch for the animated cursor—or ANI—vulnerability isn't the end of the story. More chapters will unfold as the company answers why the patch took so long to develop, as so many other flaws are fixed, and as IT organizations grapple with deploying an out-of-band patch.
The ANI vulnerability rose to urgency near the end of March, when the first exploit code appeared and reappeared again and again. Within days of the first exploit, ANI posed such serious risk that Microsoft instructed end users to read all e-mail in plain text.
But while exploits appeared about a week ago, Microsoft had known about the vulnerability since mid-December. Why did the patch take so long?
The ANI vulnerability bears striking similarity to the WMF (Windows Metafile) bug that squashed some Microsoft researchers' 2005 holiday and 2006 New Years. Both flaws affect the Windows graphics subsystem—or GDI—and were exploited without patches being available.
Firefox Still Sitting Duck for ANI Exploits
By Lisa Vaas
Firefox browsers are still vulnerable to attacks exploiting the animated cursor flaw that caused Microsoft to rush out a patch on April 3.
Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw and reported it to Microsoft in December, has posted a video depicting successful ANI vulnerability exploits on both Internet Explorer 7 and Firefox 2.0 running on Vista in default mode.
