Defense in Depth

Hotmail users getting locked out

Imagine getting an e-mail from a friend or family member with the following subject line: "ITS IMPORTANT YOU GET BACK ME TODAY."

CNET is aware of a couple of Hotmail users who have recently gotten locked out of their accounts. In one case, someone who had hacked into an account sent a desperate-sounding e-mail asking for money under the account holder's name.

Microsoft had no direct comment.

The body of one of the e-mails, sent to a CNET reporter, reads:

"I am in a hurry writing this mail. I had a trip to oxfordshire, United Kingdom … Read more

Will Firefox 3 set a new world record?

Mozilla hopes to set a world record for the most downloads within a 24-hour period on the day Firefox 3 is released (currently expected to be in June).

The online edition of Guinness Book of World Records does not list a current record for most downloads within 24 hours.

The final release candidates for Firefox 3 are showing a number of improvements, including greater rendering speed, the use of fewer resources, and more baked-in security features than other browsers.

To help Mozilla set a world record, the foundation recommends the following:

Sign up to get the final copy of Firefox 3 on Download Day. … Read more

Acxiom gets personal with authentication

The process of logging into your stock portfolio online is about to get a lot more personal, according to Acxiom.

The Little Rock, Ark.-based data warehouse company last week announced FactCheck-X Authenticate, a new biographical authentication service that asks users random questions based on their personal lives. But some privacy advocates say the added layer of security is not worth the extra intrusion into our personal lives.

Acxiom's Web site says its "products and services help companies improve their results by providing greater insight into what drives their business--their customers, specifically their needs and wants." Jennifer … Read more

Cisco reacts to IOS Network rootkit presentation

A paper presented at a security conference in Europe over the weekend has Cisco and the security community debating the reality of rootkits over the Cisco Internetwork Operating System (IOS) network. Devices affected include routers and voice over IP phones.

At the EUSecWest conference in London, Core Security researcher Sebastian Muniz presented what he called the "Da IOS Rootkit," a binary modification to the IOS image. "The main feature of Da IOS Rootkit is the universal password," Muniz said in an interview on the EUSecWest Web site. "Every call to the different password validation routines … Read more

Adobe Flash exploit raises concern

Update 11:10 a.m. May 30: Despite earlier reports, version 9.0.124.0 of Adobe Flash Player has no new bugs. For the latest news, click here.

Legitimate Web sites hosting Adobe Flash Player content may be compromised to embed JavaScript that redirects users to a Chinese malware server, says Symantec. Affected versions of Adobe Flash Player include 9.0.124 .0 (latest version) and 9.0.115.0.

Symantec says that under certain conditions embedded JavaScript within the player will redirect users to dota11.cn. In an alert on Tuesday, Symantec said specific details about the vulnerability … Read more

Google Docs used in latest spam attack

Spammers will do just about anything to get their e-mail through corporate and desktop filters. According to MessageLabs, they're now using Google Docs, a perfectly legitimate way to publish to the Web. Only what they're publishing is the same old wares--this time, it's enhancement pills. This week I talked with Matt Sergeant, senior anti-spam technologist with MessageLabs, who told me how they they've tracking one Google Doc since May 8, 2008.

Later in the conversation, Sergeant talks about the resurgence of Storm. Only a few weeks ago, MessageLabs reported a notable decrease in computers infected with the Storm botnet. … Read more

Four vulnerabilities affect two IM apps

On Thursday, Zero Day Initiative announced four flaws affecting two instant-messaging applications, three affecting Cerulean Studios Trillian Pro, and one affecting IBM Lotus Sametime. Zero Day Initiative is a part of TippingPoint and is controversial in that it pays researchers for finding flaws.

The first flaw in Trillian affects the header parsing code for the msn protocol and could allow remote attackers to execute arbitrary code. The advisory states "when processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges … Read more

Cisco patches three critical flaws

On Wednesday, Cisco Systems issued three patches for critical vulnerabilities affecting Cisco Internetwork Operating System (IOS). The most serious of these affects the Cisco Voice Portal and the Secure Shell server (SSH) implementations.

Cisco says the first patch covers a vulnerability that exists in the Cisco Unified Customer Voice Portal (CVP) , which provides customer voice and video self-service integration. If the vulnerability is exploited, an authenticated user can create, modify, or delete a superuser account. In other words, successful exploitation may result in full control of the system.

The second patch covers the Secure Shell server (SSH) implementation in Cisco … Read more

Apple iCal hit with three remote vulnerabilities

On Wednesday, Core Security announced three vulnerabilities within iCal, the personal calendar application that ships with the Mac operating system. The vulnerabilities affect iCal version 3.0.1 on MacOS X 10.5.1.

ZDNet's Ryan Naraine quotes an as-yet unpublished Core Security announcement as saying: "The vulnerabilities are caused due to iCal not properly sanitizing certain fields on iCal calendar files (.ics). This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file."

Apple was rumored to … Read more