Kevin's song of the week
news://msnews.microsoft.com/uqi9pIESFHA.2860@TK2MSFTNGP10.phx.gbl
--------------------------
Blogs of interest
Trend Micro issue
Pattern File 2.594.00 may cause high CPU utilization
http://www.trendmicro.com/en/support/pattern594/overview.htm
New KB for post 05-019 issue
Network connectivity between clients and servers may not work after the
installation of security update MS05-019 or Windows Server 2003 Service
Pack 1:
http://support.microsoft.com/default.aspx?scid=898060
Aaron's Non Admin Blog
http://blogs.msdn.com/aaron_margosis/archive/2005/04/18/TableOfContents.aspx
SBS user groups
http://blogs.technet.com/jhoward/archive/2005/04/22/404059.aspx
Another book for me to buy
http://blogs.technet.com/steve_lamb/archive/2005/04/21/404020.aspx
Stepto on a vulnerability
http://blogs.technet.com/msrc/archive/2005/04/20/404003.aspx
RSS feeds by product
http://blogs.technet.com/mjmurphy/archive/2005/04/20/403945.aspx
Blogcasts on VPN
http://blogs.technet.com/tristank/archive/2005/04/21/404014.aspx
http://blogs.technet.com/eileen_brown/archive/2005/04/20/403943.aspx
Getting started with Patch Management
Webcast on Patch Management
http://www.msreadiness.com/recordedeventregister.asp?eid=2211
----------------------------------
In other news
Widespread Internet Attack Cripples Computers with Spyware
Experts say at least 20,000 PCs already have been
affected. Is your company next? An insidious new
Internet attack that hijacks a victim's Internet
connection and stealthily installs a barrage of
adware and spyware is targeting businesses and
organizations across the United States.
http://www.pcworld.com/news/article/0,aid,120448,00.asp
- - - - - - - - - -
Hynix - Agrees to Plead Guilty to Price Fixing
and Agrees to Pay $185 Million Fine for Role
in DRAM Conspiracy. Hynix Semiconductor Inc.,
a Korean manufacturer of dynamic random access
memory (DRAM), has agreed to plead guilty and
to pay a $185 million fine for participating
in an international conspiracy to fix prices
in the multi-billion dollar DRAM market, the
Department of Justice today announced. Hynix?s
fine is the third-largest criminal antitrust
fine in U.S. history and the largest in five
years.
http://www.usdoj.gov/opa/pr/2005/April/05_at_207.htm
- - - - - - - - - -
Kraft sued over alleged Gevalia spam
A small California Internet service provider
has sued Kraft Foods Inc., alleging the firm
is responsible for thousands of illegal spam
messages. Hypertouch.com founder Joe Wagner
said his company has in the past 12 months
received 8,500 copies of an e-mail pitching
Kraft's high-end coffee subscription service,
Gevalia.
http://www.msnbc.msn.com/id/7602542/
- - - - - - - - - -
MoD laptop found on rubbish tip
The Ministry of Defence is to hold an investigation
after a laptop containing Army records was found
on a rubbish tip. Car parts dealer Martin Dunn
found the laptop, along with an Army manual,
at the Bar End tip in Winchester. The laptop's
hard drive contained documents on Worthy Down,
a Royal Army Pay Corps near Winchester, and
HMS Sultan in Gosport, Hampshire.
http://www.vnunet.com/news/1162671
The mysterious link between security, laptops and rubbish dumps
http://www.theregister.co.uk/2005/04/22/letters_2204/
- - - - - - - - - -
MP3 zapping malware worms onto P2P network
The Nopir-B worm, which appears to have originated
in France, poses on P2P networks as a program
to make copies of commercial DVDs. In reality
the application offers no such function. Instead
it attempts to delete MP3 music files on infected
PCs. Nopir-B also attempts to disable various
system utilities and wipe .COM programs whilst
displaying an anti-piracy graphic. Nopir-B only
infects Windows machines.
http://www.theregister.co.uk/2005/04/22/nopiracy_worm/
http://news.zdnet.co.uk/internet/security/0,39020375,39195963,00.htm
- - - - - - - - - -
Statewide initiative set to fight cyber crime
Most cyber criminals in New Hampshire are not
sleazy peddlers of child pornography. Rather,
they are electronic pickpockets and thugs who
use the Internet to rob, defraud, impersonate
and even harass regular people, according to
a survey of police departments statewide.
http://www.theunionleader.com/articles_showa.html?article=53686
- - - - - - - - - -
New cyberterrorism security center opens
A new cybersecurity operations center at the
University of Pennsylvania in Philadelphia has
been set up to continuously monitor and report
cyberattacks against computer networks related
to critical infrastructure.
http://www.gcn.com/vol1_no1/daily-updates/35632-1.html
- - - - - - - - - -
'Pharmers' hit online bank users with fraud scam
It's the next Internet scam, and it could be
the most menacing. The reason: Even experienced
Internet users can become victims and not know it.
The ploy is called pharming ? a play on "phishing,"
another type of Internet fraud ? and it involves
highly skilled hackers who secretly redirect users'
computers from financial sites to the scammers'
fake ones, where they steal passwords and other
personal information. Even the Web address
looks the same.
http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-04-22-pharming_x.htm
From Pfishing to Pfarming: The Top Five Spam Scams
http://www.ksbitv.com/technology/1497427.html
Phishers turn their aim on corporate networks
http://www.it-observer.com/news.php?id=4961
- - - - - - - - - -
Do Firefox browser bugs matter?
Open source means you can fix it yourself,
if you like. No program is perfect, but bugs
in open source software are less of a problem,
says technology analyst Bill Thompson. The
Firefox open source browser is full of bugs,
some of which are rather serious. In March
Danish security firm Secunia reported that
it had found eight. Some could be used to
trick users into giving away confidential
information.
http://news.bbc.co.uk/2/hi/technology/4472219.stm
- - - - - - - - - -
CA Drafts New Policy for Spyware Vendor Appeals
Computer Associates International Inc. is changing
its policy for handling appeals from suspected
spyware vendors. CA's eTrust PestPatrol unit
will no longer remove detection signatures for
suspected spyware from its database of known
spyware and adware programs while it considers
appeals filed by the makers of those programs,
said Tori Case, director of eTrust Security
Management at CA. The change follows criticism
from customers and other anti-spyware vendors
after PestPatrol temporarily removed signatures
for the ubiquitous Gator family of spyware and
adware programs.
http://www.eweek.com/article2/0,1759,1788832,00.asp?kc=EWRSS03129TX1K0000614
- - - - - - - - - -
Firewall to zap XML viruses
Web services security specialist Forum Systems
has teamed up with Computer Associates to create
an antivirus device to protect XML applications,
an area expected to see a rise in attacks. The
licensing deal will allow Forum to include CA's
eTrust antivirus software in its XML firewall
for blocking unwanted traffic into company
networks, Forum said on Friday. The product,
called Forum XWall, will be able to scan traffic
for viruses, worms and other malicious software
in applications that use XML code.
http://news.zdnet.com/2100-1009_22-5681424.html
- - - - - - - - - -
Lack of testing 'threatening stability of Linux'
One of the maintainers of the Linux kernel has
said that a lack of 'credit or money or anything'
for those who test the open source OS could
threaten its long-term stability. A lack of
commitment to testing by the Linux community
may ultimately threaten the stability of
the operating system, Linux kernel co-maintainer
Andrew Morton has warned.
http://news.zdnet.co.uk/software/linuxunix/0,39020390,39195957,00.htm
- - - - - - - - - -
Hotspot Hacking And How To Fight It
Use of public wireless hotspots is increasing,
giving mobile workers and others access to
essential data. The bad news: Security threats
against hotspot users also are increasing.
That's the word from Richard Rushing and he
should know since he is chief security officer
for AirDefense, which specializes in security
of mobile workers.
http://www.mobilepipeline.com/161500845;jsessionid=JVGLVDVFA4ZC2QSNDBCCKH0CJUMEKJVN
- - - - - - - - - -
--
An open letter to the Security Community::
http://msmvps.com/bradley/archive/2004/12/12/23540.aspx