Archive: May 2006
Redmond Derby: Microsoft Meets NASCAR
Security experts have long compared the process of securing and safely using a Microsoft Windows PC to that of maintaining an automobile. Most people depend so much upon their cars -- and their computers -- yet have such a poor...
By Brian Krebs | May 30, 2006; 10:29 PM ET | Comments (24)
The Importance of the Limited User, Revisited
If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a...
By Brian Krebs | May 30, 2006; 2:03 PM ET | Comments (15)
Fun With Java Updates
Sun Microsystems has issued an update to fix stability and security problems with its Java software. The "platform-independent" programming language is supposed to make it easier for Web users to interact with some Web sites, but keeping it up to...
By Brian Krebs | May 26, 2006; 8:20 AM ET | Comments (22)
New Winamp Version Fixes Major Security Hole
AOL's Nullsoft division released a new version of its popular Winamp music and video player on Thursday, in part to fix a "major" security flaw in the program, according to the accompanying advisory. Winamp 5.22 includes a huge list of...
By Brian Krebs | May 26, 2006; 7:32 AM ET | Comments (0)
Mozilla to End Support for Older (1.0.x) Firefox Versions
Mozilla is expected to release a bunch of security fixes and other updates to its Firefox Web browser next week, but it won't be issuing any updates for people still using older versions of Firefox from the 1.0 family (the...
By Brian Krebs | May 24, 2006; 3:33 PM ET | Comments (0)
How Many Spams Can a Scammer Scam If a Spammer Can Scam Spams?
See if you can say that headline three times fast. I absolutely love the scamming-the-scammer stories because they're generally so convoluted that they're almost funny (that is, if you can forget for a moment that there are thousands of victimized...
By Brian Krebs | May 23, 2006; 2:21 PM ET | Comments (0)
Microsoft: Hackers Exploiting Unpatched Flaw in MS Word
Microsoft today warned Windows users to take extra care when opening e-mail attachments that contain Microsoft Word documents, as several new threats were spotted online exploiting an unpatched security flaw in the word processing program. Redmond said the flaw is...
By Brian Krebs | May 19, 2006; 3:29 PM ET | Comments (12)
When Spyware Performs as Advertised
A few words of caution to any Myspace users out there considering "free" software designed to let you spy on unsuspecting others online: Be sure to read the fine print when a product like this says "free," and don't be...
By Brian Krebs | May 18, 2006; 10:44 AM ET | Comments (0)
Blue Security Kicked While It's Down
Hours after anti-spam company Blue Security pulled the plug on its spam-fighting Blue Frog software and service, the spammers whose attack caused the company to wave the white flag have escalated their assault, knocking Blue Security's farewell message and thousands...
By Brian Krebs | May 17, 2006; 3:27 PM ET | Comments (0)
Spam Fighter Calls It Quits
The Washington Post today ran a story I wrote on the demise of Blue Security, a software company whose innovative approach to fighting spam -- by having its users strike back at the spammers with a disruptive flood of return...
By Brian Krebs | May 17, 2006; 7:23 AM ET | Comments (43)
Mac Update Brings Trouble for Some Users
The large bundle of security updates issued by Apple last week is causing headaches for some users who have had trouble powering up their systems after installing the patches. According to numerous posts on the Mac OS X support forums,...
By Brian Krebs | May 16, 2006; 10:24 AM ET | Comments (0)
Apple Update Mends Dozens of Security Flaws (Windows Users Read This Too)
Apple Computer Inc. today released free software updates that fix at least 43 separate security flaws in its Mac OS X operating system and other products, including a dozen problems with its popular Quicktime media player. The new version of...
By Brian Krebs | May 11, 2006; 5:38 PM ET | Comments (0)
Bill Would Criminalize Failure to Report Breaches
Legislation introduced in Congress by a key House lawmaker envisions prison time and stiff fines for officials at companies that fail to inform law enforcement when a digital break-in jeopardizes consumers' personal and financial data. The Cyber-Security Enhancement and Consumer...
By Brian Krebs | May 11, 2006; 4:48 PM ET | Comments (2)
Your Spycar Ran Over My Dogma
Anti-spyware company Webroot released a report yesterday stating that the rate of spyware infections soared in the first quarter of 2006, infecting an estimated 87 percent of consumers' PCs with an average of 34 pieces of spyware per machine. Now,...
By Brian Krebs | May 10, 2006; 10:23 AM ET | Comments (23)
Microsoft Issues Three Security Updates
Microsoft today issued three software patches to fix a security flaw in Windows, another in iits Exchange Server e-mail product, and two "critical" vulnerabilities in older versions of Adobe's Macromedia Flash Player that comes bundled with Windows. The Flash patch...
By Brian Krebs | May 9, 2006; 3:05 PM ET | Comments (1)
Botmaster Sentenced to 57 Months in Prison
A 21-year-old California man was sentenced today to 57 months in prison for hacking into hundreds of thousands of computers and renting the network of hacked PCs out to spyware companies and to people who used the network to send...
By Brian Krebs | May 8, 2006; 6:30 PM ET | Comments (10)
Ransomware Rising
A relatively new form of malware may be starting to gain popularity among virus writers and Internet scam artists. Known as "ransomware," this type of malicious code invariably tries to seize control over the victim's files or computer until that...
By Brian Krebs | May 8, 2006; 3:26 PM ET | Comments (5)
More Spyware, Typosquatting Allegations Against Yahoo
Yet another class action lawsuit has been filed against Yahoo! Inc., accusing the company of bilking advertisers by displaying their online ads via spyware and adware products and on so-called "typosquatter" Web sites that capitalize on misspellings of popular trademarks...
By Brian Krebs | May 5, 2006; 12:53 PM ET | Comments (2)
FCC Looking at Abuse of Phone Services for the Deaf
The Federal Communications Commission this week asked for input on ways to curtail the amount of credit card fraud being carried out by criminals abusing Internet-based "telecommunications relay services" designed to help the the deaf and hard-of-hearing make telephone calls....
By Brian Krebs | May 5, 2006; 11:28 AM ET | Comments (5)
Microsoft to Issue Three Security Updates Next Week
Microsoft said today it plans next week to release three free software updates to fix security holes in its products, including two vulnerabilities in Windows and another in its Exchange Server corporate e-mail product.. At least one, possibly both, of...
By Brian Krebs | May 4, 2006; 1:22 PM ET | Comments (2)
Suit Levels Spyware, Typosquatting Allegations at Yahoo
A class-action lawsuit filed Monday against Yahoo! Inc. and group of unnamed third-parties accuses the company of engaging in "syndication fraud" against advertisers who pay Yahoo to display their ads on search results and on the Web pages of partner...
By Brian Krebs | May 2, 2006; 5:36 PM ET | Comments (25)
A Time to Patch III: Apple
Over the past several months, Security Fix published data showing how long it took Microsoft and Mozilla to issue updates for security flaws. Today, I'd like to present some data I compiled that looks at Apple's performance on this front....
By Brian Krebs | May 1, 2006; 4:35 PM ET | Comments (90)
Hired Internet Gun Sentenced to Two Years
A 31-year-old Ohio man thought to be one of the first U.S. citizens convicted of contracting to organize crippling attacks against commercial Web sites has been sentenced to two years in prison for his crimes. Paul Garrett Ashley was ordered...
By Brian Krebs | May 1, 2006; 3:07 PM ET | Comments (1)
