Vulnerabilities & attacks

Microsoft has offered an explanation as to why it took the company seven years to issue a patch for a known vulnerability.

The flaw, which lies in the Microsoft Server Message Block (SMB) protocol, was addressed Tuesday in Microsoft security bulletin MS08-068. The flaw could enable an SMB Relay attack, which would allow an attacker to install programs; view, change or delete data; or create new accounts with full user rights.

Christopher Budd, a security program manager in the Microsoft Security Response Center, said in a blog post Thursday that while Microsoft had been aware of the vulnerability, fixing it … Read more

On Wednesday, Mozilla released Firefox 3.0.4 (download for Windows and Mac) and Firefox 2.0.0.18 to address a dozen security flaws, half of which the browser maker ranks as critical. Among the critical is one that could allow an attacker privilege escalation after a session restore. Another could allow arbitrary code to execute with compromised Flash media files.

The updates are pushed automatically to current users and will take effect the next time the browser is restarted. Updates will soon no longer be available for users of Firefox 2; the update is a security update only. … Read more

CA announced Thursday plans to acquire Israel-based Eurekify, in a move to expand its identity and access management software portfolio.

IT management software company aims to use Eurekify's analytics engine to reduce the time and effort it takes for customers to shift through employee's duties and responsibilities and to monitor their access management settings.

The combined CA Identity Manager and Eurekify Enterprise Role Manager will aim to help customers clean up existing identity data and build a model that "serves as the foundation to automate the user provisioning process and enhances identity lifecycle management," according to … Read more

Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.

For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.

Security vendor MXLogic said it was seeing about a 50 percent decline in spam volume as … Read more

One week after a breached corporate health care company refused to pay extortionists, the criminals now are seeking money from the corporate clients whose employee data might have been exposed.

St. Louis-based Express Scripts said on Tuesday that a limited number of its clients--which include government agencies, unions, and employers--have received letters threatening to expose the personal information of its members. The company said the letters sent to its clients were similar to the original extortion threat it received in October.

The company also said it was establishing a reward totaling $1 million to anyone providing information that results in … Read more

Microsoft on Tuesday released a security update, MS08-068, which addresses an NT LAN Manager reflection vulnerability in the Server Message Block protocol. The exploit was discovered in 2000, and the code was first published back in March of 2001.

That means that a known security vulnerability related to a Microsoft authentication protocol sat on your Windows box for more than seven years, waiting for Microsoft to get around to fixing it:

This vulnerability allows an attacker to redirect an incoming SMB connection back to the machine it came from and then access the victim machine using the victim's own … Read more

Asked which industry is the biggest target for cyberattack, critical infrastructure insiders in the U.S., Canada, and Europe point to the energy sector.

The energy industry also is the most vulnerable to cyberattacks and would have the most detrimental breach, while the financial sector is the best prepared in the case of a cyberattack, according to the survey sponsored by security firm Secure Computing. All other industries were deemed to be "not prepared" by greater than 50 percent of the respondents.

Survey participants from the U.S. and Canada were also asked how soon major exploits of … Read more

When it comes to telling customers about security weaknesses, there's a fine line between alerting customers and inviting attacks. With T-Mobile G1, the first phone to run Google's Android operating system, I think the companies are erring on the side of inadequate disclosure.

I've been testing a review model of the G1, and an update arrived first on November 1 and then a second a week later. Only by dint of much pestering and more than a week of waiting did I find out from Google what was in those two Android patches.

And T-Mobile has been … Read more

On Tuesday an update for AVG 8 suggested that a Windows system file is a Trojan horse, and users who delete the file form the system could leave their Windows XP systems endlessly rebooting or unable to reboot at all. The problem only affects users of AVG 8 products running the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP. AVG immediately sent out a corrected update to its customers, including those using the free editions of AVG.

A representative for AVG said, "AVG is actively working to remedy the problem some users are experiencing related to … Read more