zero

Microsoft warns of zero-day IE hole on Patch Tuesday

Microsoft warned of a new vulnerability in Internet Explorer 6 and IE 7 that has been targeted in attacks, and released fixes for eight holes in Windows and Office as part of Patch Tuesday.

The company issued Security Advisory 981374, which addresses a privately disclosed vulnerability. The hole could allow an attacker to take control of a machine if a user visited a malicious Web site, Microsoft said.

There are some features that could mitigate the effects of an attack. For instance, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the … Read more

Microsoft warns of zero-day hole for older Windows

Microsoft warned of a new hole on Monday that could be exploited by attackers to take control of older Windows systems running Internet Explorer and for which proof-of-concept exploit code has been released publicly.

The vulnerability affects Windows 2000-, XP- and Server 2003-based systems. It exists in the way that Visual Basic Scripting, or VBScript, interacts with Windows Help files, Microsoft said in its security advisory. VBScript is an Active Scripting language for executing functions embedded in Web pages.

In an attack scenario, victims would somehow be lured to visit a malicious Web site that displays a specially crafted dialog … Read more

Mozilla patches critical flaws

Mozilla has released fixes for five security holes in older versions of Firefox, while a security company has warned of a zero-day flaw in the latest version of the popular browser.

Mozilla issued patches Wednesday for versions 3.5.8 and 3.0.18 of the browser, sending out fixes for the latter even though it had said it would stop supporting Firefox 3.0 in January. In its security bulletin, the company said the vulnerabilities had previously been resolved in Firefox 3.6, which was launched on January 21. The five flaws addressed by Mozilla included three the company … Read more

Mass., Nissan partner on Leaf charging network

The 24-city Nissan Leaf Zero-Emission Tour stopped at the Museum of Science in Boston on Tuesday to announce that Nissan and Massachusetts will develop an electric-vehicle charging network and policies to support widespread adoptions of electric cars.

The agreement includes plans to promote a charging infrastructure for electric cars so drivers could charge their cars at home, work, and other locations. Nissan also has agreed to make available a supply of electric vehicles statewide.

Nissan has spearheaded a holistic approach to zero-emission mobility by working with several states, municipalities, utility companies, including the state of Tennessee, the state of Oregon, … Read more

McAfee: China attacks a 'watershed moment'

The China-based cyberattacks on Google and other companies were "a watershed moment in cybersecurity," according to an executive at computer security company McAfee.

"I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations," McAfee Chief Technology Officer George Kurtz wrote on his blog Sunday. "While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits."

"What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the … Read more

Promise releases fuss-free NAS server

LAS VEGAS--Network-attached storage servers have always been among the harder products to install and use. Most of them require at least some know-how of computers and networking setup. This might change, however, with what Promise has to offer.

The company released at CES the new SmartStor ZERO NS2600, which it claims is the first no-muss, no-fuss NAS server. According to Promise, all you need to do is plug the server in, power it on, and install the included software and the rest is taken care of. The software will map an open network share, allowing instant access for data backup … Read more

Microsoft, Adobe prep critical security patches

Microsoft will issue one bulletin on Patch Tuesday next week that is rated "critical" for Windows 2000.

The patch is designed to address a vulnerability that could allow an attacker to take control of a computer by remotely executing code on it, according to an advisory released Thursday. It is rated "low" severity for Windows 7, Vista, XP, Server 2003, and Server 2008 operating systems.

Meanwhile, Adobe Systems is scheduled to release a patch for a vulnerability in Adobe Reader and Acrobat on Tuesday that was discovered in mid-December and which is being exploited by attacks … Read more

E-tail Scrooges and how one woman defeated them

The nightmare of the mysterious debit card charges began this way for Caroline Butler:

She noticed that Privacy Matters 123, a membership program she had never heard of, was charging her $20 every month. She had no idea how to get her money back or even how to get the company to stop. All she knew was that they were draining the bank account used to help pay the medical bills for her 18-year-old daughter, a cancer patient.

Somehow, Butler, a freelance photographer from Paducah, Ky., unintentionally enrolled in the membership program during a visit to social-networking site, Classmates.com, … Read more

Symantec confirms zero-day Acrobat, Reader attack

Symantec on Tuesday confirmed a vulnerability in Adobe Acrobat and Reader and said it was being exploited by a Trojan hidden in e-mail attachments.

The malicious Adobe Acrobat PDF file is distributed via an e-mail attachment that "drops and executes when opened on a fully patched system with either Adobe Acrobat or Reader installed," Symantec said in a statement.

Symantec identified the file as Trojan Pidief.H, which targets Windows 98, 95, XP, Windows Me, Vista, NT, 2000 and Server 2003.

The rate of infection is extremely limited and the risk assessment level is very low, according to … Read more