Security & Privacy

Microsoft on Tuesday released its November 2008 security bulletin, including one patch rated "critical."

The critical bulletin affects Microsoft XML Core Services and Internet Explorer, while the "important" bulletin affects Microsoft Server Message Block (SMB) Protocol. Both affect all versions of Windows. Starting last month, Microsoft is sharing the technical details of new vulnerabilities to give software developers a chance to update affected products before the public announcement. Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software … Read more

Internet service providers now spend most of their IT security resources detecting and mitigating distributed denial-of-service attacks, concludes a report from Arbor Networks.

The fourth edition of the Worldwide Infrastructure Security Report, released Tuesday, was based on how 70 lead security engineers responded to 90 questions. As in the previous three reports, ISPs reported attacks where their networks were overloaded with packets, what's called a distributed denial-of-service (DDoS) attack. However, this year, the ISPs indicated the attacks were not only larger in size but that most of them were stretching the upper limits of their security resources in order … Read more

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in the German company's enterprise resource-planning software.

The unspecified flaw can cause Microsoft's Internet Explorer browser to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

US-CERT warned in an advisory, updated on Monday, that if users are fooled into viewing a specially crafted HTML document, external attackers might be able to gain control of their system, with their privileges.

A patch is available from SAP, through SAP … Read more

Apple released an update on Monday for iLife 8.0 and Aperture 2 running on Mac OS v10.4.9 through v10.4.11.

The update does not affect those running Mac OS X v10.5.5. The update affects system software components shared by all iLife '08 applications and, in most cases, the specific vulnerabilities could lead to application termination or arbitrary code execution. iLife Support 8.3.1 may be obtained from the Software Update pane in System Preferences or Apple's Software Downloads Web site.

ImageIO-1 This patch affects users of iLife 8 or Aperture 2 running … Read more

Karina Wells, a Google employee in Australia, received a Facebook message from a friend on Friday saying he was stranded in Lagos, Nigeria and needed $500 for a plane ticket home. What made her suspicious was her Australian friend's use of American terms like "cell phone" instead of "mobile."

So, Wells pretended that she was going to send the money via Western Union and instead turned the case over to authorities, according to The Sydney Morning Herald.

Other Facebook users might not be so wise. Such Nigerian scams are common over e-mail but not on … Read more

Google has begun fixing a bug that would reboot T-Mobile's G1, the first Android-powered phone, any time a user typed the word "reboot."

According to the bug filed about the problem, "It would appear that Android is, at some level, interpreting specific text strings and acting as if they were local commands," according to user called mogphone.

Added another commenter, jdhorvat, "Funny story behind finding this: I was in the middle of a text conversation with my girl when she asked why I hadn't responded. I had just rebooted my phone and the … Read more

Pornography in the workplace can pose a serious problem for employers because a significant amount of material is downloaded by employees during business hours.

The viewing of porn at work can result in lost time, creativity, productivity, and employer profitability. More importantly, it can help create a hostile work environment and can be considered sexual harassment, in violation of Title VII of the Civil Rights Act of 1964. Naturally, corporations want to avoid the potentially serious legal consequences and protect their bottom line.

On Sunday, Orem, Utah-based forensic-software maker Paraben plans to introduce a unique piece of enterprise software developed … Read more

It was revealed this week that the presidential campaigns of Barack Obama and John McCain were hacked over the summer. Now, a report has surfaced that the White House has suffered multiple attacks in recent months as well.

According to a story by the Financial Times on Friday, U.S. officials have confirmed that the White House e-mail archives were attacked several times in recent months. The report says the National Cyber Investigative Joint Task Force, a new unit established in 2007 to tackle cybersecurity, detected the attacks on the White House, and also traced the attacks back to servers … Read more

In February of 2005, a Miami man sued Bank of America for not adequately protecting him against a $90,000 fraudulent wire transfer to the Parex Bank in Latvia. Joe Lopez was the first online user to sue his financial institution for not protecting his assets from a computer hacker.

Lopez, owner of a computer and copier supply business, accused Bank of America of negligence and breach of contract for not alerting him in advance to the existence of a piece of malware known as "Coreflood" prior to April 6, 2004, when the alleged theft took place.

Shortly … Read more