8 out of 10 browsers are not secure
Online July 10th 2003
According to a survey released Wednesday by the Belgian security company ScanIT, most Web users do not fix security holes in their browser even though patches are available, SecurityFocus reports.
ScanIT's free browser security test identifies 27 known browser vulnerabilities, most of them in Internet Explorer. Results collected from over 100,000 visitors to the site show that 86% of them suffer from at least one of those vulnerabilities, and 45% are susceptible to "high risk" vulnerabilities that give attackers remote access to the victim machine. Internet users in China were the most vulnerable, with 65% at high risk; American users the least, at 36%.
"Hackers are increasingly entering through flaws in Internet browsers themselves," said ScanIT's managing director David Michaux in a statement. "Developers put out patches regularly but most users aren't installing them."
Microsoft issued a patch Wednesday for a critical vulnerability in most versions of Windows that gives attackers remote control of a user's machine though Internet Explorer. But obviously, if the results of the new survey are any guide, most users won't install it.
Other stuff on the subject:
A ZDNet UK article on the latest Microsoft patch.
Russian hackers are no pals
Online July 10th 2003
Russian hackers are suspected of being behind a professional-looking but fake PayPal email scam designed to steal a person's financial and personal details for identity theft, Silicon.com reports.
The email, which has being doing the rounds this week, is a much more detailed and convincing version of the long-running email that asks users to confirm their PayPal account details.
The fake message appears to come from the billing department at PayPal.com and asks people to click on a link taking them to a genuine-looking PayPal page and re-enter their account details.
Once there the victim is presented with a convincing version of the PayPal site with a list of fields including name, address and date of birth, social security number, driving licence number, mother's maiden name, credit card and bank account details and PIN numbers, email address and password.
In short, that's just about all the information anyone would need to commit complete identity theft and use the details to apply for credit cards and loans.
Spectacular solution to spam
Online July 9th 2003
The Internet Research Task Force's (IRTF) quest for an effective solution to spam has struck gold in the form of IT specialist Mark McCarron, The Register reports.
The IRTF's Anti-Spam Research Group (ASRG) mailing list has over the course of the last month carried details of Mr McCarron's remarkable Global ISP Email Identity System (GIEIS) which he has devised over six years to provide a global system to stop not only spam but also viruses, worms and inappropriate content such as porn.
The system, if adopted, is predicted to bring in revenues of nearly ?50 billion and create two million jobs. It would certainly prove controversial however, since it would mean abolishing the accepted email and news protocols SMTP and NNTP and involve the introduction of a centralised authentication point for all emails.
Naked Julia Roberts virus
Online July 9th 2003
Users hoping for a sneaky peek at some candid shots of Hollywood star Julia Roberts in compromising positions are facing disappointment - the email attachment turns out to be a computer virus, ZDNet UK reports.
Curious smut-seekers are in danger of infecting their machines with the mass-mailing worm MyLife.M, which purports to be a screensaver featuring the movie star.
However, the virus is still carrying a low-level warning from most anti-virus vendors and appears to be doing very little damage currently, perhaps because of the lack of originality in terms of infection methods.
Anna Kournikova, Jennifer Lopez, Catherine Zeta-Jones and Colombian singer Shakira have all been given the dubious honour of having a virus named after them.
Other stuff on the subject:
A Silicon.com story
Hacker challenge ends in farce
Online July 8th 2003
A battle among hackers erupted on the Internet Sunday as some factions disrupted a loosely coordinated "contest" among other groups trying to vandalize thousands of Web sites around the world, CBSNews.com reports.
The international contest, known as the Defacers Challenge, was scheduled to begin Sunday. However, unknown attackers knocked offline for most of Sunday an independent security Web site, zone-h.org, that was verifying reports of online vandalism and being used by hackers to tally points for the competition.
At least three such vigilante-style attacks forced the hacker organizer, who identified himself only as "Eleonora[67]," to extend the contest until 6 p.m. EDT Sunday. By late Sunday - with the zone-h.org Web site still offline - only around 500 defacements had been recorded. Mostly obscure Web sites such as www.thebuffrestaurant.com in Boulder, Colorado and www.ddwautomotive.com in Mishakawa, Indiana.
The Defacers Challenge Web site is now up and running again after it suddenly went offline last week. It will publish names of the competition winners on Tuesday.
Other stuff on the subject:
An IDG.net article
Read more news at news.bullguard.com
'till next week
The BullGuard Team
|
