A teenage computer student has pleaded guilty to hacking into IT systems at an American nuclear weapons laboratory. More info: [url=http://www.computerweekly.com/articles/article.asp?liArticleID=126141]http://www.computerweekly.com/articles/article.asp?liArticleID=126141[/url]
Microsoft, Security and the Road Ahead
In a letter to executives at technology companies, Rep. Adam Putman, R.-Fla., chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, says he’d rather avoid legislating such action–but that the gravity of such vulnerabilities may leave him no alternative.
Putman says he circulated a discussion draft to industry representatives, who responded with “some interesting ideas for alternative approaches” to accomplish the goal of protecting the nation’s computer networks.
More info: [url=http://www.technewsworld.com/perl/story/31974.html]http://www.technewsworld.com/perl/story/31974.html[/url]
Zone Labs Updates Integrity, ZoneAlarm
The updated Integrity security software also includes new features to secure corporate instant messaging (IM), including encryption, content filtering, usage controls, and event reporting.
Rather than tie itself to a specific client, Integrity can be integrated with any enterprise IM system that accesses the America Online, Microsoft, or Yahoo public instant messaging services.
Also on Monday, Zone Labs unveiled a new edition of its stand-alone ZoneAlarm personal firewall that sports several new identity theft defenses.
ZoneAlarm Pro 4.5 now verifies that users are actually connecting the real eBay Web site — not a faux, spoofed site — includes a new encryption tool called myVAULT where users can store confidential information such as credit card numbers and online banking PINs, and prevents personal data from leaving the computer without the user’s knowledge.
ZoneAlarm Pro is scheduled for release in mid-November, according to Zone Labs.
More info: [url=http://www.techweb.com/wire/story/TWB20031103S0008]http://www.techweb.com/wire/story/TWB20031103S0008[/url]
Microsoft to release threat-modeling tool
Microsoft Corp. plans to publicly release a threat modeling tool it uses internally to help software developers create more secure software. The tool can display threats in a diagram after information such as usage scenarios and the environment More info: [url=http://security.itworld.com/4357/031031msthreatmodel/page_1.html]http://security.itworld.com/4357/031031msthreatmodel/page_1.html[/url]
Security Flaws Make Macs Vulnerable To Attacks
The first advisory, “Long argv[] Buffer Overflow,” warns that an attacker could possibly crash Mac OS X and execute commands as root.
The Systemic Insecure File Permissions advisory states some applications on the vulnerable Mac OS X systems are installed with insecure file permissions and are globally writable. This lets attackers with file-system access to an OS X machine replace binaries and obtain additional privileges from unsuspecting users, who may run the replaced version of the binary.
The third vulnerability, Arbitrary File Overwrite via Core Files, enables attackers with certain access rights to overwrite arbitrary files and read certain files.
There is no patch available for these vulnerabilities.
An Apple Computer spokesperson could not say where the company would issue a fix, but Apple is working on a statement about the issue.
More info: [url=http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SJHW4MC3SCD14QSNDBGCKHQ?articleID=15800094]http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SJHW4MC3SCD14QSNDBGCKHQ?articleID=15800094[/url]
Microsoft Tweaks Pair Of Recent Patches
The retooled patches apply to the Windows Messenger Service vulnerability in Windows NT, 2000, XP, and Server 2003, and to a problem in Windows 2000’s implementation of the Windows Troubleshooter ActiveX control.
Microsoft’s original security bulletins for the two vulnerabilities were made public on Oct. 15, and were rated as ‘critical,’ Microsoft’s highest warning level.
More info: [url=http://www.techweb.com/wire/story/TWB20031030S0007]http://www.techweb.com/wire/story/TWB20031030S0007[/url]