Author: admini

‘Critical’ patch sent out for Office flaw

Posted on by admini

The “critical update,” released late on Tuesday, applies to three of the four major applications in Office 2003–the Word word-processing program, the PowerPoint presentation application and the Excel spreadsheet software, according to a Microsoft bulletin.

The problem happens when a document created with one of those applications is opened with an earlier version of Office.

If the document contains graphics elements created using the OfficeArt tool, the earlier version of Office will misinterpret that part of the document and add invalid data to the file when it is saved.

An attempt to re-open the file with the Office 2003 application that created it could result in a corrupted document, missing content or other errors.

More info: [url=http://news.com.com/2100-1012_3-5103267.html]http://news.com.com/2100-1012_3-5103267.html[/url]

Read more

Weakness Reported in Wireless Security Protocol

Posted on by admini

Most implementations of WPA, in order to make use of the cryptography accessible to unsophisticated users with normal home computing equipment, allow users to enter a common shared phrase into a WPA user interface on the computer.

Other key management techniques are available to WPA, but these generally require more expensive and complex network management equipment, such as authentication servers.

Moskowitz states that after sniffing a few packets of data from certain points in Wi-Fi standard communication, an attacker could use a “dictionary attack” on the data offline in an attempt to guess the passphrase.

According to Moskowitz: “A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks.

More info: [url=http://www.eweek.com/article2/0,3959,1375027,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1375027,00.asp?kc=EWRSS03119TX1K0000594[/url]

Read more

Conqueror Worm?

Posted on by admini

Last week’s elevated warning levels surrounding MiMail.C, a new, fast-spreading worm, gave IT departments time to brace themselves for a new round of attacks–but only barely.

The arrival of this new family of worms is not without attendant irony: MiMail.C arrived just as SoBig finally lost its spot at the top of the “Most Popular Virus” heap.

MiMail may or may not achieve a similar “status,” but the time between first deployment and release of refined versions spanned just a couple of months.

But those vendors–and all IT security professionals, for that matter–face an ongoing challenge of shortening the time between detection, alert announcement, and effective prevention and/or removal tools.

More info: [url=http://www.securitypipeline.com/showArticle.jhtml;jsessionid=Z2SCZM2ERD0ASQSNDBGCKHY?articleId=16000158]http://www.securitypipeline.com/showArticle.jhtml;jsessionid=Z2SCZM2ERD0ASQSNDBGCKHY?articleId=16000158[/url]

Read more

Users look to redefine security approach

Posted on by admini

In a presentation to the RSA Security Conference in Amsterdam, members of the Royal Mail, ICI and BT Global Services outlined their position on what defines a secure network and how they want to see it achieved.

“This isn’t pushing for a new BS7799 standard or anything,” said Paul Simmonds, global information security director at chemical manufacturer ICI.

The eventual goal is to shift the security market away from trying to keep networks pure from outside influences with a hardened perimeter, and concentrate on securing data access and enabling more business-to-business secure traffic.

He described Microsoft’s Rights Management Services (RMS) as interesting, but said that an ideal solution would see documents passed over a variety of operating systems and computing environments without sacrificing any degree of confidentiality.

Cisco has already been contacted and other large IT vendors are on the target list.

More info: [url=http://www.vnunet.com/News/1147499]http://www.vnunet.com/News/1147499[/url]

Read more

Brazil police bust gang of Internet hackers

Posted on by admini

The operation, dubbed “Trojan Horse” and involving 205 officers, targetted a gang that stole more than $10 million last year by breaking into banks and clients computers, federal police said in a statement.

Police said the gang had created Internet sites and programs capable of uncovering the passwords of clients who transferred money on the Web.

Once the gang obtained the passwords, funds were stolen electronically from accounts and transferred to other bank accounts held in the names of third persons.

More info: [url=http://economictimes.indiatimes.com/cms.dll/html/uncomp/articleshow?msid=269501]http://economictimes.indiatimes.com/cms.dll/html/uncomp/articleshow?msid=269501[/url]

Read more

Hackers in attack on Scottish credit card firm

Posted on by admini

WorldPay, which is part of Edinburgh-based Royal Bank of Scotland Group, said it had been bombarded with millions of bogus e-mails in the past couple of days, which had left the firm struggling to deal with genuine payments.

The bulk of its clients are located in the UK and mainland Europe, and payment requests from websites are normally sent in via e-mail.

The firm said a massive number of messages from elsewhere had come in to the same address over a 24-hour period.

As a result, transaction requests have either crashed or been slowed down.

However, it appears those behind the e-mails – which originate in the Ukraine – have set out to disrupt business rather than attempt to commit fraud.

At the start of this year, Visa and Mastercard admitted a hacker had gained access to more than five million credit card accounts.

More recently, net provider PSINet and security firm PanSec International said an unprotected website they set up as part of a study was attacked about 2000 times a week over a two-month period.

More info: [url=http://www.edinburghnews.com/business.cfm?id=1224512003]http://www.edinburghnews.com/business.cfm?id=1224512003[/url]

Read more