Newsgab

For those of you who still use Internet Explorer to browse the Web, you should know that attack code exploiting an unpatched IE flaw has been released on publicly accessible websites last week. When integrated into a specially crafted web page, the malicious code in question allows an attacker to gain control of any PC that is unfortunate enough to have browsed the rogue page.

Fully-patched Windows XP SP2 and Windows 2000 SP4 systems are open to the new attack, said David Cole, director of Symantec’s security response group. “This is proof-of-concept code, we haven’t seen any active exploits,” said Cole. “Whether it grows into something bigger is heavily linked to if it gets remote code execution [capabilities],” he added.

Since Microsoft hasn’t released a patch to fix this flaw yet, here are 2 simple tricks you can use to protect yourself:

Disable ActiveX controls in Tools-Internet Options.

An accounts clerk has been charged with causing an unauthorised modification to a computer, under the Computer Misuse Act.

He got a two months curfew, and it is the first time anyone has been convicted of this offence.

When he was dismissed after just five months in 2003, Lennon used a computer program to send continuous e-mails automatically to his ex employee, Domestic & General’s server.

Eventually the server collapsed, costing the company £30,000.

In November a judge ruled that Lennon had no case to answer, pointing out that as the purpose of a company’s server was to receive e-mails, it had consented to the e-mails being sent. But the High Court overturned the decision.

The maximum sentence is five years’ imprisonment.

One wonders what the point a a curfew is in a case like this?

Popularity: 5% [?]

Microsoft has released two patches for its Vista operating system, saying that it too is affected by flaws that were disclosed during the company’s Aug. 8 security updates.

The patches, which were released earlier this week, fix critical flaws described in Microsoft Security Bulletin MS06-042 and MS06-051. They fix bugs in Internet Explorer and the Windows kernel, and were described Tuesday in a blog posting by Vista Product Manager Alex Heaton.

The patch, rated ‘critical’, covered a similar WMF flaw that hit the company’s other operating systems a week earlier.

The vulnerability was in the Graphics Rendering Engine and could allow an attacker to gain control of a target machine.

Popularity: 5% [?]

The BBC has discovered that thousands of Britain’s are unaware that their Bank details are being sold in West Africa for less than £20.00

There is a genuine market for second hand PC’s in Nigeria, but the majority of them are used as a basis for identity fraud.

Thousands of people globally have donated an old PC, to be recycled and sold in the Third world. Many of the donors did not effectively wipe clean their personal information.

The BBC has issued guidelines for those who want to donate their computers.

SAFE PC RECYCLING

Remove remove hard drives from PCs before recycling
Use commercial erasing software, Examples include McAfee QuickClean, Acronis Drive Cleanser or ISafeguard Freeware
Sign-up for a recycling service run by your PC manufacturer
Some hard drive manufacturers also offer separate recycling programs

The Information Commissioner’s Office, the UK government’s regulatory office dealing with data protection, said that the companies had a legal requirement to delete people’s personal information from their computers. Not that that is any consolation to anyone who has donated a computer.

The US Department of Homeland Security took the unusual step of issueing a security alert yesterday, warning users of Windows-based personal computers to patch a flaw in the Microsoft operating system.

On Tuesday, Microsoft issued it’s ‘regular’ monthly list of security flaws, including one that the company rated “critical.”

The critical issue enabled an attacker who exploited the vulnerability to “take complete control of an affected system.”

Once the hacker had taken complete control of the system, they would then be free to install malicious programs or any other nasties without the owner of the machine being aware of there new tenants.

Yesterday the Department of Homeland Security said in a news release that it was urging anyone who used Windows software to install the patch as soon as possible. The department said its Computer Emergency Readiness Team was working with Microsoft to minimize the impact of the vulnerability.

Despite being touted as the most secure version of the Windows operating series to date, Microsoft’s upcoming Vista has already been hacked reports CNET News.com.

Microsoft handed out early copies of their new operating system to attendees at the Black Hat hacker conference last week, inviting them to take their best shot at hacking into it.

The company hoped to convince the industry that their latest operating system will be the most secure and malware-proof system on the market.

The result has been a mixed grill of sorts, with Polish researcher Joanna Rutkowska demonstrating that the security systems in Vista can be sidestepped by using a piece of malicious software that she named “Blue Pill“, according to CNET News.com.

Microsoft wasn’t too perturbed by this however.

Apple Computer issued on Tuesday updates for its Mac OS X operating system to fix 26 security flaws, some serious.

The story published at news.com details that several of the vulnerabilities affect the way in which Mac OS X handles images and the file sharing capabilities of the software, according to an Apple security advisory. Other flaws were found and fixed within components such as fetchmail, file compression features, and DHCP networking functionality, Apple said.

The vulnerabilities could enable a variety of attacks, security company Symantec said in an advisory sent out to customers of its DeepSight intelligence service. “Remote attackers can execute arbitrary code, trigger denial-of-service conditions, elevate privileges, and disclose potentially sensitive information,” Symantec said

Popularity: 5% [?]

Hackers have been able to exploit a critical flaw in Mozilla’s Firefox browser. The Infostealer.Snifula programme which is normally installed when a user opens an unknown attachment sent on e-mail, installs Trojans that are then loaded at browser startup. The virus uses XPCOMS to install the Trojans.

XPCOMS are cross-platform component object models, which developers use to create extensions for Firefox. Symantec said that the attacks against Mozilla’s open source browser began in March this year, according to spokesman Candid Wuest.

Wuest said: “When an infected user submits a Web form on a Web site, [JS.Ffsniff] will parse the site and steal all information that is submitted by the Web form, including passwords.” Security experts say Firefox’s popularity will mean more viruses for the end user.

Popularity: 5% [?]

Microsoft announced today that it will distribute Internet Explorer 7 for Windows XP as a “high priority” item in its Automatic Updates system — most commonly used for security patches.

However, if you don’t want the update you will be able to say no if you wish.

Users will be urged to get the upgrade when automatic updates are downloaded.

However,still smarting from the wave of bad publicity it received recently when it used its automatic updates facility to foist Windows Genuine Advantage (WGA) on unsuspecting users, Microsoft will make sure that users have a clear option to refuse the IE 7 update.

Instead of installing automatically, users will be presented with three options on a screen describing the benefits of IE 7.

Popularity: 6% [?]

A couple of weeks ago we wrote about teenagers who were unwittingly pushing Zango on Myspace resulting in thousands of users being infected with adware.

More recently, security company iDefense has confirmed that another dodgy site, deckoutyourdeck.com is responsible for infecting over 1.07 Million Users with adware via their MySpace banner ads.

The ad took advantage of unpatched versions of Microsoft Internet Explorer, which do not handle Windows Metafile images correctly. The adware tries to contact a web server in Turkey, which tracks the infected systems and downloads pop-up adware.

Myspace wasn’t the only site effected however. As the banner was hosted via an Ad network, other popular sites using the same network such as Webshots.com would have also infected their users. At this time, the total figure effected is still to be confirmed.

Popularity: 6% [?]