ArsTechnica: Security Content

Microsoft Patch Tuesday for July 2008: four bulletins

(Emil Protalinski) — Thu, 03 Jul 2008 19:00:00 GMT

Microsoft will patch four vulnerabilities on Tuesday July 8, 2008. All four are rated "Important." Details on each bulletin are inside.

Mobile group to establish security standards for mobile web

jacqui@arstechnica.com (Jacqui Cheng) — Wed, 02 Jul 2008 22:35:00 GMT

Mobile operators like AT&T, T-Mobile, and Vodafone have joined the BONDI initiative supported by the Open Mobile Terminal Platform. Through BONDI, they hope to establish specifications and even offer reference implementations for security standards when developing mobile websites.

40% of surfers don't bother with browser security updates

jhruska@arstechnica.com (Joel Hruska) — Wed, 02 Jul 2008 00:10:00 GMT

A new collaborative study between Google, IBM, and the Swiss Federal Institute of Technology suggests that users are slower to move between product updates than they should be—especially those using Internet Explorer. The researchers believe that browsers could learn from the food industry, of all things.

Tiger users get Security and Safari updates, too

jeff.smykil@gmail.com (Jeff Smykil) — Tue, 01 Jul 2008 16:58:00 GMT

Hot on the heels of OS X 10.5.4, Apple has a Security Update and a Safari fix for you old-fashioned Tiger users.

US-CERT warns of Internet Explorer frames vulnerability

(Emil Protalinski) — Tue, 01 Jul 2008 14:30:00 GMT

US-CERT has released a security advisory which notes that IE6, IE7, and IE8 beta 1 do not properly restrict access to a document's frames. Currently, the only known workaround is to disable Active Scripting.

Microsoft: some PCs with Office 2003 can't use WSUS 3.0

(Emil Protalinski) — Tue, 01 Jul 2008 13:44:00 GMT

Microsoft has published a short security advisory that describes a problem involving some machines with Office 2003 installed that are not able to synchronize with a WSUS server. A workaround is available while the software giant figures out a permanent solution.

Friday afternoon Apple links, end of June edition

jacqui@arstechnica.com (Jacqui Cheng) — Fri, 27 Jun 2008 18:48:00 GMT

This Friday, there are a lot of Apple links. They include talk about how many users switched to the iPhone from a RAZR, that annoying Safari Carpet Bomb attack, iSuppli's estimates on the cost of the new iPhone, some more rumors about July 11, securely wiping your data from an iPhone, some software updates, a tribute to George Carlin, and more Apple seminars.

Microsoft offers tools for fighting SQL injection attacks

(Emil Protalinski) — Thu, 26 Jun 2008 17:52:00 GMT

Microsoft has posted download links to three tools to help IT administrators, DB administrators, and web developers prevent and mitigate SQL injection attacks. The move is a follow-up to Microsoft's denial that recent attacks were caused by its vulnerabilities in its software.

UK government to tap white hat hackers in security probe

jhruska@arstechnica.com (Joel Hruska) — Thu, 26 Jun 2008 17:42:00 GMT

Some seven months after Britain's Revenue and Customs department lost data records from 25 million families, reports on the overall security practices of the British government are beginning to come in—and they aren't pretty. Cabinet Secretary Gus O'Donnell has called for a variety of reforms and changes, including a plan to use "white hat" hackers to attack government networks.

Report: majority of world's malware originates from China

jhruska@arstechnica.com (Joel Hruska) — Wed, 25 Jun 2008 23:35:00 GMT

Stopbadware.org has released its latest findings on the prevalence of what it refers to as "badware," and the upward trend is not surprising. What is a bit startling, however, is how much of it flows from just one nation.

Flaw in Apple Remote Desktop exploited via trojan

ars@chrisforesman.com (Chris Foresman) — Fri, 20 Jun 2008 18:41:00 GMT

A verified Mac trojan is circulating on the Internet, exploiting a rather egregious flaw in a component of Apple Remote Desktop. There are ways to avoid being infected, however.

Safari for Windows 3.1.2 released with four security fixes

justin.berka@gmail.com (Justin Berka) — Fri, 20 Jun 2008 14:39:00 GMT

Apple has released Safari for Windows 3.1.2, which includes four security fixes involving images, file downloads, trusted zones, and WebKit.

Counter Spy Act leaves loopholes open for "legal" spyware

jhruska@arstechnica.com (Joel Hruska) — Wed, 18 Jun 2008 01:15:00 GMT

Five years after CAN-SPAM did nothing to prevent Internet spam, Congress is ready to consider a similarly useful anti-spyware act. The Counter Spy Act, if passed into law in its current form, would spell out the circumstances under which companies are liable for monitoring end-users—and those in which they are not.

Parents up in arms over Australian student database

jacqui@arstechnica.com (Jacqui Cheng) — Mon, 16 Jun 2008 16:32:00 GMT

The education system in Queensland, Australia is aggressively pushing a new database that will profile nearly half a million public school students in the state, complete with photos, contact info, career aspirations, attendance, and performance records. Parents aren't happy about the privacy implications, but the Education Minister says participation is "nonnegotiable."

TSA to let polite terrorists fly without ID

segphault@arstechnica.com (Ryan Paul) — Wed, 11 Jun 2008 02:56:00 GMT

A new TSA policy will block passengers from flying if they refuse to show ID to security agents, but will permit passengers to fly if they claim to have left their ID at home.

QuickTime 7.5 hits the streets

jeff.smykil@gmail.com (Jeff Smykil) — Tue, 10 Jun 2008 15:30:00 GMT

Apple has released an update for QuickTime, addressing compatibility and security.

Study: Data theft notification laws not stopping data theft

jhruska@arstechnica.com (Joel Hruska) — Mon, 09 Jun 2008 23:40:00 GMT

Laws requiring corporations to notify their customers in the event of a security breach have become popular over the past two years; 43 states currently have such laws on the books. A new study suggests such laws may not be having much of an effect on actually curbing identification data theft.

PGP ups ante for whole disk encryption for Mac OS X

ars@chrisforesman.com (Chris Foresman) — Mon, 09 Jun 2008 15:38:00 GMT

PGP has updated Whole Disk Encryption for Mac OS X to include full boot disk support with pre-boot authorization. Infinite Loop talks to PGP's John Dasher, who says that in addition to easy management via PGP Universal server, the software adds automatic external media encryption as well.

"Spear Phishers" land 15,000 sucker fish

jhruska@arstechnica.com (Joel Hruska) — Fri, 06 Jun 2008 17:05:00 GMT

If a recent VeriSign report is accurate, your future inbox won't just be filled with generic spam. Instead, the documents, offers, and scams will all have a personal touch, courtesy of a new trend in the phishing industry, nicknamed "spear phishing."

Microsoft Patch Tuesday for June 2008

(Emil Protalinski) — Thu, 05 Jun 2008 17:52:00 GMT

Microsoft will patch four vulnerabilities on Tuesday June 10, 2008. Three of them are rated "Critical," three are marked "Important," and one is "Moderate." Details inside.