The Connecticut attorney general has launched an investigation into the compromise of up to 17,000 of Pfizer employees, including some 300 employees within his home state. Pfizer would not comment on when the breach occurred other than to say it involved a Pfizer employee who had taken the data home on a laptop, a machine that subsequently became compromised. The data, including the employees' name, home address, bonus information, and Social Security number, was surreptitiously uploaded and later appeared on an Internet site. Pfizer did not know how much of that information had been copied or used by others. … Read more
Microsoft has released its June 2007 security bulletin, which includes six updates: four are designated Critical by the software giant. Two of the patches affect Windows Vista, with one Critical patch specific to Internet Explorer. One of the Important patches affects Microsoft Office. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Within hours of Apple's public release of the beta for Safari 3.0 for Windows, three security researchers independently found holes within the new browser. Researcher Aviv Raff highlighted in a blog post the company's product statement, that reads: "Apple's engineers designed Safari to be secure from day one." Raff found a vulnerability, a memory corruption error that could allow an attacker to insert malicious code on a Windows machine, within three minutes using publicly available fuzzing tools.
On this week's Security Bites podcast, I asked Robert Hansen, aka RSnake, the security researcher who disclosed the man-in-the-middle attack on the Google Desktop last week, what readers can do to avoid becoming a victim.
Hansen said: "They could turn off the integration between Google Desktop and the Web. Or they could wait for a patch to come out, which I'm sure there will be. Or my favorite answer is to uninstall the Google Desktop entirely.
"I'm not exactly quick to tell people to stop using applications, but Google Desktop's had, like I said (… Read more
Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.
The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.
People could find their systems at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.… Read more
At least two sets of exploit code have been posted on the Internet for the security flaws in Yahoo Messenger 8 first disclosed on Wednesday by the security vendor eEye on Tuesday. The two exploits were posted on the Full Disclosure mailing list on Wednesday. One set of code shows how to cause buffer overflow in the Webcam ActiveX component. Another causes a buffer overflow in the viewer ywcvwr.dll. Both exploits were written by Danny.
These days, criminal enterprises don't just want to steal your Outlook contact list, they want to own your computer, and they will download a remote-access Trojan horse at the first available opportunity. Within the last six months, Symantec has seen the number of these "bot" infections increase 29 percent over the previous six months. That's why Symantec is rushing to market a new application they're calling Norton AntiBot.
While most antivirus applications today provide adequate protection against spyware and malware, once these are removed, your machine is vulnerable to new and different variations of the … Read more
After finishing dead last in a comparative antivirus test, Microsoft Windows Live OneCare recently garnered some positive press. The latest tests performed by AV-Comparatives.org seem to show an improvement, with OneCare moving up two places. While OneCare is certified by West Coast Labs and ICSA, it is the competitive independent antivirus testing results that mean more in terms of how well a product performs in the real world against real malware. Thus, some might argue that things are looking up for the nascent Redmond antimalware team.
That's until you look closer at the tests. AV-Comparatives performed two different … Read more
A number of highly critical security flaws have been found in the latest version of Yahoo Messenger, which could allow attackers to gain remote access to users systems, according to a security advisory issued by eEye Digital Security.
The vulnerabilities affect Yahoo Messenger versions 8.1 and 8.0, running on Windows, eEye stated in its "upcoming advisories."
Although eEye does not disclose extensive details about vulnerabilities until the respective vendor develops a patch, the security researcher did note the Yahoo IM flaws requires little user interaction for an attacker to exploit the vulnerabilities.
"It's the … Read more
It is common knowledge that IT security is made up of isolated security islands that don't talk to each other and must be managed on a one-off basis.
Why is this? Best I can figure is that it is a historical combination of budget and behavior. Security budgets are notoriously tight, so tools tend to be brought in on an as-needed basis. As for behavior, security professionals grew up with a "best of breed" mindset. If security widgets 1 and 2 are deemed to be the best products available, they buy them. Security benefits tend to trump … Read more