security

Microsoft claims Vista more secure than XP, OSX and Linux

After a few days off from blogging it's always nice to see that Microsoft has provided some fodder. Today it's an impressive array of lies, damn lies, and statistics about security. They even made some nice charts!

You don't need my commentary...the Gizmodo guys nailed it:

In every category, Vista is either the lowest, or tied for the lowest. And since your argument seems to boil down to the logic: the less vulnerabilities, the less fixes, the more secure, Vista wins. Of course, from what our tiny brains make of the case, such an argument doesn'… Read more

Anonymous hackers take on the Church of Scientology

A copyright violation claim by the Church of Scientology against the posting of one of its videos to YouTube has prompted a full-on assault by a group calling itself Anonymous.

The video, in which Tom Cruise proclaims, in part, that Scientologists are the only experts on the mind, was pulled by YouTube over the weekend at the request of the Church of Scientology as part of a long-standing effort to keep copyrighted material from appearing on the Internet. Other sites have since posted the Cruise video in full.

In response to the take-down of the Cruise video, a group of … Read more

Winny Trojan author arrested in Japan

On Thursday, Japanese authorities announced the arrest of a college student and two associates who are alleged to have written and distributed a Trojan horse via a popular peer-to-per network.

Because Japan currently lacks computer crime laws, the three (whose names were withheld) were instead arrested on copyright violations. Between October and November of 2007, the author of a Trojan known as Harada used images of a popular anime character to entice users of the Winny P2P network to download the malware.

Computers infected with one strain of Harada displayed a message saying, "You're already dead. Come here. … Read more

First conviction for Estonia's 'cyberwar'

A 20-year-old Russian has been convicted for organizing some of the attacks on Estonia's government sites during spring 2007, the Agence France-Presse reported on Thursday.

"Dmitri Galushkevich is the first hacker to be sentenced for organizing a massive cyberattack against an Estonian Web page," Gerrit Maesalu, spokesman for the regional prosecutor's office in northeast Estonia, told the AFP. Galushkevich was fined 17,500 krooni (about $1,600). He admitted his guilt, said Maesalu.

The distributed denial of service (DDoS) attacks, which some security experts have alternatively called a flash mob or the first-ever cyberwar, was prompted … Read more

Juniper gets by with a little help from its friends

Unlike other tech industry chief executives, Scott Kriens of Juniper Networks is refreshingly candid and pragmatic.

Despite the fact that Juniper revenue exceeds $2 billion annually and the company's market cap is nearly $13 billion, Kriens recognizes that Juniper just can't match Cisco Systems' product depth, global sales reach, and resources. Kriens still believes that Juniper can compete by following a simple formula: 1. Pick the technical battles it can win; 2. Stay ahead of the industry on innovation and performance; and 3. Acquire and/or partner to supplement Juniper's value.

Kriens' business strategy will be in … Read more

IE7 coming at you (whether you like it or not)

With its February 12, 2008, Patch Tuesday release, Microsoft has decided, for security reasons, to push out Internet Explorer 7, even to businesses that have previously blocked the automatic upgrade.

According to this Microsoft knowledge base article the software giant will release the Windows Internet Explorer 7 Installation and Availability update to Windows Server Update Services (WSUS) marked as an Update Rollup package. Microsoft says for business customers who have "set WSUS to 'auto-approve' Update Rollup packages (this is not the default configuration), Windows Internet Explorer 7 will be automatically approved for installation." Microsoft introduced the delay feature … Read more

BullGuard releases a free spam filter

On Wednesday, the Danish security company BullGuard announced it will offer its spam filter product as a free download. The BullGuard Spamfilter (download) integrates with Microsoft Outlook, Outlook Express, Windows Mail, and Mozilla Thunderbird e-mail clients. It runs on Windows 2000, XP, and Vista.

The BullGuard product relies upon fellow users to identify spam; once e-mail is marked as spam, all other Spamfilter users will no longer receive that e-mail in their in-boxes. It will be available within the spam folder instead.

According to Google's Postini, 2007 saw record spam levels, with as much as 90 percent of all … Read more

Mozilla confirms low-risk Firefox flaw

There's a directory traversal vulnerability in the chrome protocol scheme within Firefox 2. Proof of concept code for this was first posted to the Internet on January 19, 2008. On Tuesday, Mozilla security chief Window Snyder confirmed that the flaw affects fully patched versions of the Firefox browser.

When a "flat" add-on is present, an extension which stores its information within Javascript files as opposed to .jar files, an attacker exploiting this flaw may be able to retrieve data or profile a compromised system. Extensions such as Greasemonkey and Download Statusbar may be affected.

On the Mozilla … Read more

Apple closes security gaps for QuickTime, iPhone, iPod Touch

Apple released the first patches for 2008 to the QuickTime media player as well as the iPhone and iPod Touch on January 15.

The updates to QuickTime 7.4 for Windows and Mac users are designed to prevent a system from being hijacked when malicious movie files are opened.

Apple Downloads lists the updates for Windows XP and Vista as well as Mac OS X 10.3.9 and higher. Mac users also can access the download via Apple's Software Update.

Memory corruption issues in QuickTime's handling of Sorenson 3 video, Macintosh Resource Records, and Image Descriptor atoms … Read more