This Week in Security
Welcome back to our weekly "This Week In Security" segment. Each week we'll be bringing you a list of interesting and useful stories/articles from around the Internet in one easy to find place. Enjoy and happy reading!
Spyware/Malware/Phishing/Virus/etc:
In-the-wild exploits against the latest unpatched Windows vulnerability have started circulating, using Internet Explorer as the attack vector to load identity theft Trojans and rootkits on infected machines.
http://www.eweek.com/article2/0,1895,2022805,00.asp
Pond-dwelling scammers are seeking to exploit interest in last weekend's Brazilian airline disaster to tempt potential victims onto a site hosting a Trojan downloader.
http://www.theregister.co.uk/2006/10/03/flight_disaster_phishing_scam/
Increased use of stealth techniques such as rootkits is leading to fewer reports of new viruses, according to a study by net security outfit VeriSign iDefense.
http://www.theregister.co.uk/2006/10/03/verisign_stealth_malware_report/
The malware headache began for Robyn when she saw a MySpace bulletin from a friend inviting her to view new photos. She knew the friend in real life, so she went ahead and clicked the link. The site looked like a photo-sharing site, but one she had never heard of. Then her computer practically froze. A few days later, her MySpace friends received photo-viewing invites that seemed to come from her.
http://www.pcworld.com/article/id,127347-c,onlinesecurity/article.html
An instant messaging botnet attack that plagued users of Yahoo's Messenger client has been revamped into a more sophisticated approach that could lure people into clicking lucrative ads for the attacker's benefit.
One of the hackers who demonstrated exploit code for a vulnerability in the way the Firefox browser handles JavaScript at a hacker conference in San Diego admitted today that the presentation was meant to be a joke, according to Mozilla Corp.'s chief of security.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003837
Social-networking sites could give hackers a backdoor into corporate IT platforms and databases, putting businesses at risk for malicious cyber attacks as more adults access these sites from computers at work., according to a study released Wednesday by CA (the former Computer Associates) and the National Cyber Security Alliance (NCSA).
http://www.techweb.com/wire/security/193104231
Sophos has launched a host intrusion detection (HIPS) technology it claims can spot malware before it has a chance to execute anywhere on the network.
http://www.techworld.com/security/news/index.cfm?newsid=7025&pagtype=all
Those who have spent a long time working with and learning about technology have found it hard to determine why non-techies seem more vulnerable to phishing attacks.
A new service will call on the Internet community to identify suspected phishing scams. Freedom Networks' OpenDNS, which provides free directory services necessary to translate a Web site's domain name into its actual numeric Internet address, developed the system to help block its users from so-called phishing sites.
http://www.technewsworld.com/story/53464.html
Security & Legal:
Employees at the U.S. Department of Interior (DOI) spend significant time on sexually explicit and gambling Web sites and even more time shopping and playing online games while at work, according to a report released Wednesday.
http://www.itworld.com/Tech/2987/061005usworkers/
Russian hackers get eight years in clink
http://www.theinquirer.net/default.aspx?article=34841
Microsoft:
Microsoft will unveil Oct. 4 a new software protection platform and accompanying technologies that it plans to incorporate into a variety of products, starting with Windows Vista and Windows Server Longhorn, in hopes of combating piracy.
http://www.eweek.com/article2/0,1895,2024182,00.asp
Every system and network administrator's favorite time of the month, the unofficially-celebrated Patch Tuesday, arrives next week with eleven patches ready to battle a host of vulnerabilities.
McAfee Inc. top executives went on the offensive Monday against Microsoft Corp., saying Vista will be even less secure for customers than previous versions of Windows.
http://smallbusiness.itworld.com/4380/061004mcafeevista/page_1.html
Mobile:
A UK firm is hoping a cell phones security system it has developed which sets off a high pitch scream, permanently locks the handset and wipes all data if stolen, will halt the spiraling rise in phone theft.
http://news.yahoo.com/s/nm/20061002/tc_nm/telecoms_screaming_phone_dc_2
Cell phone worms and VoIP fraud are among the top 10 security threats to watch next year, according to a panel of experts assembled by the SANS Institute.
Misc/Humour:
Google has bought itself a birthday present for its 8th birthday: the 1,900-square-foot Menlo Park house that boasts the garage where Sergey Brin and Larry Page launched Google eight years ago.
http://blogs.zdnet.com/micro-markets/index.php?p=494
A Bulgarian woman driver escaped relatively unscathed from a head-on pile-up with another vehicle when her 40DD breast implants absorbed most of the impact, Ananova reports.
http://www.theregister.co.uk/2006/10/03/bulgarian_airbags/
It looked like any other auction, until you noticed the guy with pointed Vulcan ears.
http://www.canada.com/topics/technology/story.html?id=de3faea8-3c71-4ee3-97ee-f50938d6cec0
Gallery of Trek items up for auction
http://www.canada.com/topics/technology/photogalleries/trekauc.html
