ie8 fix

Security & Privacy

Bots exploiting Microsoft's latest RPC flaw

Several antivirus vendors are reporting on Monday a new round of exploitation of Microsoft's out-of-cycle security bulletin last month. The flaw in MS08-067, which affects how remote procedure calls (RPC) are handled in the Windows Server Service, has the potential to become a fast-spreading worm, according to Microsoft. But experts predict any exploitation will be bundled within an existing Trojan horse or botnet package because that's where criminals can make the most money from the malware code.

Ken Dunham of iSIGHT Partners said his company was looking at three samples of interest.

One is what F-Secure is calling … Read more

Ex-McAfee worker arrested for alleged theft

A former marketing manager at McAfee has been arrested on charges that she directed more than $3.8 million of McAfee business to companies that she and her husband own.

Susan Despinic, 35, and Aurawm Almaneih, 37, posted $1 million and $500,000 bail, respectively, and were released after their arrest Thursday on grand theft charges.

At least one of the companies that made money off McAfee was a "shell" company created for that sole purpose, according to the Santa Clara County District Attorney's Office.

The Los Gatos couple faces up to seven years in prison.

Despinic, … Read more

McAfee's focus as a one-stop shop

The Web site Dictionary.com defines the word focus as "a central point, as of attraction, attention, or activity." This is an apt description of McAfee's inaugural customer event, McAfee Focus.

McAfee customers received the message that the company is focused in three areas:

Growth through acquisition. McAfee is intent on becoming a one-stop shop for governance, compliance, and risk management. To this end, the company purchased outside firms like Reconnex, SafeBoot, and Secure Computing. Look for McAfee to continue this trend by buying companies in areas like application security, identity management, IT operations management, and security … Read more

Microsoft: Trojans are huge and China is tops in browser exploits

Three things you might not know: Vulnerabilities are decreasing but becoming easier to exploit. Trojans are the biggest threat. And Chinese computers are infected with more browser-based exploits than anywhere else.

Those are findings in the Microsoft Security Intelligence Report, due to be released on Monday. Covering the first half of this year, the report provides statistics compiled from Microsoft's Malware Protection Center that reveal trends about threats, breaches, and infection rates.

"Industrywide, we've seen a decrease in the last 12 months in vulnerabilities across products," down nearly 20 percent from the year-ago period, George Stathakopoulos, … Read more

ISC East showcases video, surveillance, GPS tech

I spent several hours at ISC East in New York last week to see the latest security hardware and software.

I was disappointed because the conference and expo offered more of the same; nothing really innovative caught my attention, or that of my associates. It seems the industry is focusing on video technology: cameras, DVRs, IP, wireless, remote surveillance, and many flavors of software that all essentially accomplish the same result. There were a few lock manufacturers, alarm distributors, monitoring centers, and access control providers, but I thought the number of exhibitors was relatively slim.

The integration of sophisticated electronics, … Read more

Google patches Android security flaw

Google has begun distributing a patch to its Android mobile phone operating system, an early test for how nimbly the company can respond and how well the infrastructure works to distribute and install updates.

For the Android test phone I'm using, a T-Mobile G1, the update was smoother than the process by which the software problem came to light publicly on October 24.

The handset I'm testing gave me a message Saturday afternoon: "A system update is available," and a choice to update now or later. When I clicked the button to begin the update, it … Read more

Google changes JotSpot privacy settings after complaint

Google said Friday that it was modifying the privacy settings on its JotSpot online collaboration service after a researcher discovered that user e-mail addresses and names were being exposed to the Web without user consent.

Ben Edelman, Harvard Business School professor and security researcher, posted a blog entry on Thursday showing how JotSpot user names and e-mail addresses were easily accessible on Google search.

After being contacted by CNET News, Google issued a statement disavowing any responsibility by saying that the administrators of the JotSpot groups were responsible for setting the privacy controls. If the information was exposed on the … Read more

1 Trojan + 3 years = 500,000 online financial accounts

RSA FraudAction Research Lab has discovered log-in information for about 300,000 online bank accounts and 250,000 credit and debit card accounts that have been gathered by a cybercrime gang over the past three years using the Sinowal Trojan.

"This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," according to a blog entry posted Friday from RSA, EMC's security unit.

The Sinowal Trojan infects computers without the owner knowing it by surrepticiously planting itself onto the computer while the owner is Web surfing in an attack dubbed a &… Read more

Google's JotSpot exposes user data

Updated at 10 p.m. PT with comments from Google.

A researcher has found that Google's JotSpot service, which allows people to collaborate on online documents, exposes user names and e-mail addresses to anyone on the Internet, but Google says the problem is due to administrator users not making the settings private.

As a result, sensitive user data is indexed by Google's crawler and made accessible on the Web, said Ben Edelman, a Harvard Business School professor and security researcher.

"This is not a security issue," a Google spokesman said in an e-mail. "The information … Read more

Symantec layoffs coming

Symantec will lay off an undetermined number of workers before the end of the year as part of a cost-cutting move in the economic downturn, a company spokesman said on Thursday.

The company, which gave guidance on Wednesday that was short of analyst expectations, plans a 4.5 percent cost savings in its workforce budget and will reduce the headcount enough to accomplish that, said spokesman Cris Paden.

Paden said he did not know how many employees would be laid off as a result, but said the layoffs will be global, will vary across geographies, and that no specific business … Read more

ie8 fix