recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: June 2006

Exploit Out for Newly-Patched Mac OS X Flaw

Symantec is warning that it has detected a new piece of malware that tries to exploit a flaw in Mac OS X systems that Apple released a patch to fix just two days ago. "OSX.Exploit.Launchd," exploits a security hole in...

By Brian Krebs | June 30, 2006; 12:54 PM ET | Comments (7)

Apple Issues ITunes Security Update

Apple has pushed out another update to fix a security hole in its popular iTunes application that the company says attackers could use to break into or seize control over affected machines just by getting the user to play a...

By Brian Krebs | June 30, 2006; 9:06 AM ET | Comments (9)

Microsoft Reissues Anti-Piracy Tool, Lawyers Sue

Microsoft this week reissued a software component designed to detect pirated versions of Windows, citing a consumer backlash following revelations that part of the program phoned home to Redmond each day plus every time the user rebooted the machine. Meanwhile,...

By Brian Krebs | June 29, 2006; 2:14 PM ET | Comments (90)

Exploits Target Multiple Excel, IE Security Holes

Security researchers have released blueprints showing would-be attackers precisely how to exploit four unpatched security flaws in Microsoft Excel and Microsoft's Internet Explorer Web browser, at least two of which could be used by attackers to hijack vulnerable PCs. Microsoft...

By Brian Krebs | June 28, 2006; 2:09 PM ET | Comments (3)

Now, It's the GAO's Turn for a Data Gaffe

The Government Accountability Office -- the federal oversight body charged with investigating waste, fraud, abuse and sloppiness at federal agencies -- is the latest to divulge that it inadvertently exposed the Social Security numbers and other personal information of Americans....

By Brian Krebs | June 28, 2006; 10:45 AM ET | Comments (7)

Apple Updates Fix Five Flaws for Mac OS X

Apple today released five software updates to mend security holes in its various programs for certain computers powered by the Mac OS X operating system. This update affects systems running OS X and OS X Server versions 10.4 through 10.4.6....

By Brian Krebs | June 27, 2006; 4:41 PM ET | Comments (2)

The Scoop on the m00p Group

Various European media outlets are reporting that investigators abroad have arrested three men they sare are connected to a rather aggressive online criminal gang that goes by the name "m00p." According to a story on the Times of London's Web...

By Brian Krebs | June 27, 2006; 1:04 PM ET | Comments (4)

'Vishing': Dialing for Dollars

Long before e-mail and phishing scams, criminals were using public telephone networks to trick people into giving away their financial and personal information. Last week, security experts spotted another sign that crooks are finding success in scams that marry new...

By Brian Krebs | June 26, 2006; 3:18 PM ET | Comments (8)

Security Update Available for Winamp

America Online has released another update to its Winamp media and music player that includes at least one security update. The newest version that fixes the flaw is 5.24 and is downloadable from this link here (newer versions of...

By Brian Krebs | June 26, 2006; 1:49 PM ET | Comments (3)

Flaws in Financial Sites Aid Scammers

Most major U.S. financial institutions have made a noticeable effort over the past year to educate customers about the dangers of online "phishing" scams that use e-mail lures to trick people into giving away their personal data at fake bank...

By Brian Krebs | June 23, 2006; 10:45 AM ET | Comments (9)

Lessons Learned from the 'Leaves' Worm?

This week marks the fifth anniversary of the "Leaves worm," a crafty piece malware that broke new ground in a myriad ways and offered a taste of what the criminal hacking world had in store for computer users and online...

By Brian Krebs | June 22, 2006; 3:25 PM ET | Comments (1)

FTC Laptop Theft Exposes Consumer Data

The Federal Trade Commission -- an agency whose mission includes consumer protection and occasionally involves suing companies for negligence in protecting customer information -- today disclosed a recent theft of two laptop computers containing personal and financial data on consumers....

By Brian Krebs | June 22, 2006; 10:51 AM ET | Comments (10)

May Was Record Month for Phishing

May was a record-breaking month in many respects for "phishing" scams that use e-mail to lure people into giving up their financial and personal information at fake bank and e-commerce sites, according to a new report from the Anti-Phishing Work...

By Brian Krebs | June 22, 2006; 10:07 AM ET | Comments (0)

Web Security Holes: A Tasty Treat for Hackers

Vulnerability watcher Secunia recently posted an advisory about a "moderately critical" flaw in an obscure Web-based software application called Fast Menu Restaurant Ordering, which -- as you might expect -- is used by some dining establishments to allow customers to...

By Brian Krebs | June 21, 2006; 8:34 AM ET | Comments (4)

Microsoft Site Defacement Spurs IIS Flaw Rumors

Microsoft's Web site for France was defaced by digital graffiti artists over the weekend. Normally, I wouldn't call attention to this kind of childish and illegal behavior, except in this case the "attacker" appears to be only breaking into sites...

By Brian Krebs | June 19, 2006; 10:50 AM ET | Comments (17)

ZoneAlarm Update Flaky for McAfee Users

Two Security Fix readers wrote in on Friday to call attention to a little software compatibility problem introduced by an update to the popular ZoneAlarm firewall program. Apparently, a new version of ZoneAlarm (6.5.714, released on Thursday) is causing problems...

By Brian Krebs | June 19, 2006; 9:48 AM ET | Comments (10)

Microsoft Warns of Attack Via Unpatched Excel Flaw

Microsoft says it was made aware today of a previously unknown security hole in its Excel spreadsheet program that was used in at least one targeted attack against Windows users. In a blog post put up this evening (ignore the...

By Brian Krebs | June 15, 2006; 7:42 PM ET | Comments (9)

New Adobe Version Plugs Security Holes

Adobe has released yet another update of its Adobe Reader for PDF documents that fixes several security flaws in both the Windows and Mac OS X versions. The latest version, 7.0.8, includes several stability and security bug fixes. Adobe's advisory...

By Brian Krebs | June 15, 2006; 11:15 AM ET | Comments (0)

More Windows Exploits Out; Hacker Wins $10K Challenge

Several security sources are reporting that "exploit code" -- instructions showing bad guys how to attack vulnerabilities -- has been posted online for several more security flaws for which Microsoft just issued patches. As I mentioned in yesterday's patch roundup,...

By Brian Krebs | June 14, 2006; 10:47 AM ET | Comments (0)

12 Microsoft Patches Plug 21 Security Holes

Microsoft today released a dozen security updates to fix at least 21 vulnerabilities in its Windows operating system and other software, including 12 flaws Redmond labeled "critical," its most severe warning level. Today's patch bundle is the largest yet for...

By Brian Krebs | June 13, 2006; 3:01 PM ET | Comments (27)

Spam Spotted Using TinyURL

A co-worker yesterday forwarded to me a piece of junk e-mail he'd received that used a clever yet simple method for not only getting around spam filters, but also obfuscating the destination Web site. The hyperlink to the spam site...

By Brian Krebs | June 13, 2006; 9:54 AM ET | Comments (0)

Yahoo Webmail Worm on the Loose

Security experts are warning of a new e-mail worm that takes advantage of a flaw in Yahoo's Web mail system to redirect users to advertising sites and to spread the worm to everyone in the victim's e-mail address book. According...

By Brian Krebs | June 12, 2006; 3:32 PM ET | Comments (0)

Microsoft Releases Windows Malware Stats

Microsoft today gave the world a rare -- albeit conservative -- glimpse of its view on just how bad the virus and bot problem has gotten for Windows users worldwide. The data comes from 15 months' worth of experience scanning...

By Brian Krebs | June 12, 2006; 2:01 PM ET | Comments (25)

Security Fix Pop Quiz

I thought it might be a good idea to periodically remind Security Fix readers of recent security updates to popular software programs, because we all know how these things can slip through the cracks. The following entries include a link...

By Brian Krebs | June 10, 2006; 10:53 AM ET | Comments (0)

Only EBay and Paypal Scams Allowed Here

On Thursday, a source of mine pointed out a live phishing Web site constructed to look exactly like eBay's user login page. Another page on the site contained an identical copy of eBay's Paypal login page (actually, both were still...

By Brian Krebs | June 9, 2006; 10:19 AM ET | Comments (0)

Fake Blogs Use Security Fix to Support Bad Advice

The other day I was using Google's Blog Search tool to locate a news post I recalled reading a few weeks back, and on a whim decided to search under my name. Turns out that most of the results link...

By Brian Krebs | June 8, 2006; 3:30 PM ET | Comments (0)

Microsoft Plans 12 Security Updates Next Week

Microsoft said today it will issue at least 12 software updates Tuesday to fix security flaws in its Windows operating system and other software. Some of the patches are expected to carry the company's most serious rating of "critical," which...

By Brian Krebs | June 8, 2006; 2:36 PM ET | Comments (0)

One-Third of U.S. Companies Read Employee E-Mail

Move over, NSAT&T: A new study suggests that more than one-third of US companies pay someone to read employees' outbound e-mail. The figures come from a new study (PDF file) by Forrester Consulting done on behalf of Proofpoint, an e-mail...

By Brian Krebs | June 7, 2006; 11:09 AM ET | Comments (0)

P.O.'s P.D. Goes CSI on DVD

I spent some time over the weekend reviewing some free DVDs produced by the U.S. Postal Inspection Service, which is giving away the discs in a campaign to call attention to the dangers that lurk at the intersection of online...

By Brian Krebs | June 5, 2006; 3:03 PM ET | Comments (0)

New Firefox Version Fixes 13 Security Holes

Mozilla on Thursday released a new version of its Firefox Web browser to correct 13 security holes, including at least five that Mozilla said could let attackers install software without any action on the part of the user. The update...

By Brian Krebs | June 2, 2006; 8:33 AM ET | Comments (0)

Circuit City Support-Site Hack Installed Spamming Program

The customer support Web site for Richmond-based Circuit City, a leading supplier of computers and other consumer electronics, was for several weeks serving up an invasive computer virus to any visitor who browsed the site with an unpatched version of...

By Brian Krebs | June 1, 2006; 3:26 PM ET | Comments (7)

Modern Mischief and the Digital Prankster

As a teenager, I played my share of lame practical jokes and stupid pranks. I can remember a spate of midnight ring-and-run missions, and more than a few prank calls -- usually involving heavy breathing or asking if there was...

By Brian Krebs | June 1, 2006; 12:35 PM ET | Comments (0)

 

©  The Washington Post Company