recent posts

Data Loss: The Ultimate Cluestick
Opera 9.5 Offers Anti-Malware Protection
Malware Silently Alters Wireless Router Settings
Microsoft, Apple Issue Security Updates
Redefining Anti-Virus Software

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: April 2008

More Trouble With Ads on ISPs' Error Pages

Last week, Security Fix examined new research suggesting that some major Internet service providers are exposing their customers to security flaws when they redirect wayward Web surfers to ad-filled pages. I'm revisiting this controversial practice because another major provider of...

By Brian Krebs | April 30, 2008; 6:00 AM ET | Comments (10)

Microsoft Delays Windows XP Service Pack 3

Microsoft is delaying the release of Service Pack 3 for Windows XP users due to a "compatibility issue" with the bundle of updates and a supply-chain solution the company markets to small- and medium-sized businesses. The software giant had previously...

By Brian Krebs | April 29, 2008; 5:43 PM ET | Comments (55)

A Case of Network Identity Theft?

Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as one of the world's most notorious spammers. What's remarkable...

By Brian Krebs | April 28, 2008; 6:35 PM ET | Comments (13)

Do You Foxit? Then Patch It!

The makers of Foxit Reader -- a free alternative application to Adobe's software for viewing portable document format (PDF) files -- has issued an update that plugs several security holes. Hats off to Foxit Software, which turned around a patched...

By Brian Krebs | April 28, 2008; 12:14 PM ET | Comments (10)

Hundreds of Thousands of Microsoft Web Servers Hacked

Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software...

By Brian Krebs | April 25, 2008; 8:00 AM ET | Comments (65)

Hannaford's Breach Tests Limits of Security Controls

Supermarket chain Hannaford Bros. is spending millions of dollars to upgrade its security in a bid to close the holes that allowed thieves to steal up to 4.2 million credit and debit card numbers from store networks. The remarkable thing...

By Brian Krebs | April 23, 2008; 5:40 PM ET | Comments (12)

Badware Threat Changes Apple's Tune on Safari

In response to mounting criticism from security and privacy experts, Apple has changed the way its Software Update program pushes out the Safari Web browser to Windows users. But the changes may not go far enough for many people because...

By Brian Krebs | April 23, 2008; 11:27 AM ET | Comments (32)

Obama Site Visitors Redirected to Clinton Campaign

On the eve of the presidential primary in Pennsylvania, an online prankster leveraged a security vulnerability on Sen. Barack Obama's campaign Web site to redirect visitors to Sen. Hillary Rodham Clinton's campaign site. According to Symantec, someone embedded computer code...

By Brian Krebs | April 22, 2008; 1:26 PM ET | Comments (133)

A Shifting Definition of 'Severity'

Microsoft this week issued a study that examines the malicious software threat to Windows computers ... a report clearly written from the software giant's vantage point. While the report includes some interesting stats about which malware samples were most prevalent...

By Brian Krebs | April 22, 2008; 9:00 AM ET | Comments (1)

Java Update Released

Sun Microsystems issued another update to fix security and stability problems with its Java software, but few users are likely to have noticed, as Sun currently isn't doing anything to alert people. Java's updater errantly says my Java 6 Update...

By Brian Krebs | April 21, 2008; 1:25 PM ET | Comments (17)

When Monetizing ISP Traffic Goes Horribly Wrong

In seeking to further monetize Web site traffic on their networks, a number of major Internet service providers may be inadvertently exposing their customers to a greater risk of online attack from identity thieves, according to research released today. Many...

By Brian Krebs | April 19, 2008; 2:00 PM ET | Comments (18)

Windows Vista Service Pack 1: Not for the Impatient

Microsoft has released a bundle of security and stability updates for Windows Vista users. What follows is a long-overdue primer on this package of goodies from Redmond known as Service Pack 1. While some peoples' experience with Service Pack 2...

By Brian Krebs | April 17, 2008; 11:15 AM ET | Comments (40)

Security Updates for Firefox, Safari

Both Apple and Mozilla issued updates late Wednesday to plug security holes in their Web browser software. The Mozilla update fixes a single critical vulnerability with the way Firefox handles "Javascript garbage collection." Mozilla says this update was issued "primarily...

By Brian Krebs | April 17, 2008; 9:02 AM ET | Comments (15)

Identity Theft Smash & Grab, CEO Style

Tens of thousands of corporate executives were the target of a series of identity-theft scams this week, e-mail-borne schemes that appear to have netted close to 2,000 victims so far. Early Monday morning, according to two security experts with firsthand...

By Brian Krebs | April 15, 2008; 10:44 PM ET | Comments (30)

Online Security: A Closer Look at a Negative Example

It may be easier than you think for someone to steal your wireless phone records. At least, that's the case if you're a Sprint wireless phone user. Sprint makes it very easy for customers to go online to view and...

By Brian Krebs | April 15, 2008; 6:09 PM ET | Comments (7)

Security Fix Pop Quiz, Spring 2008 Edition

Have you been keeping up to date with the latest security patches? Examine the list below to see how you've done. If you're not sure which version of a program you're running, you can usually tell by selecting "Help" and...

By Brian Krebs | April 14, 2008; 10:07 AM ET | Comments (27)

Time to Patch Your Flash

Adobe has issued an update to patch several security holes in its Flash player. Most people will have some version of Flash installed on their computers, so it's a good idea to take a moment and make sure your system...

By Brian Krebs | April 11, 2008; 3:31 PM ET | Comments (20)

Spammers Using Google, Outlook Calendars to Get Your Attention

Spammers are starting to use the meeting invite features of both Google Calendar and Microsoft Outlook to send messages advertising the latest designer watches and prescription drugs. This week, Security Fix heard from a reader who said he had received...

By Brian Krebs | April 10, 2008; 2:32 PM ET | Comments (11)

Online Banking: Do You Know Your Rights?

The financial industry in the United Kingdom recently reaffirmed a policy that holds online banking customers liable for losses if they fail to secure their personal computers against data-stealing computer viruses. While this policy may seem surprising or even draconian...

By Brian Krebs | April 10, 2008; 8:49 AM ET | Comments (27)

Get Paid to Find 'Back Doors'

A security research and training group is offering up to $20,000 in grants to anyone with computer programming chops who can help locate and close hidden "back doors" in commercial hardware and software. According to the Bethesda, Md.-based SANS Institute...

By Brian Krebs | April 9, 2008; 12:55 PM ET | Comments (7)

Microsoft Fixes 10 Security Vulnerabilities

Microsoft today issued software updates to plug at least 10 security holes in its Windows operating systems and other software. More than half of the vulnerabilities fixed by these patches earned the company's most dire "critical" rating, and several of...

By Brian Krebs | April 8, 2008; 3:01 PM ET | Comments (9)

Kraken Spawns a Clash of the Titans

Most of my waking hours on Monday were spent fielding indignant queries from sources in the anti-virus industry who were wondering what I knew about reports of a new family of malicious software that allegedly had managed to infect more...

By Brian Krebs | April 8, 2008; 11:38 AM ET | Comments (10)

Social Networking Accounts Prized By Cybercrooks

Cyber criminals increasingly are moving away from trying to break into computers directly, choosing instead to target Internet users where they spend much of their time online -- at social networking Web sites, new data suggests. In an analysis of...

By Brian Krebs | April 8, 2008; 12:01 AM ET | Comments (16)

RedBox Warns of Credit Card Skimmers

DVD-rental vending machine maker RedBox today warned customers to be on the lookout for any unusual activity or physical changes to local RedBox kiosks, after the company discovered evidence that criminals had retrofitted at least three of the machines with...

By Brian Krebs | April 7, 2008; 1:55 PM ET | Comments (5)

Opera Updates and a Black Tuesday Preview

Opera this week released a new version of the Web browser to correct at least two remotely exploitable security vulnerabilities. Separately, Microsoft said it plans to release eight updates on Tuesday as part of its regular monthly patch cycle. The...

By Brian Krebs | April 7, 2008; 10:45 AM ET | Comments (1)

Beware Targeted Data-Stealing Tax Scam

A fresh round of targeted e-mail attacks is underway, arriving in messages that personally address both the recipient and his or her employer. One pretends to be sent from the IRS requesting more information about company tax filings. Another set...

By Brian Krebs | April 4, 2008; 2:22 PM ET | Comments (5)

Consumers Report $239 Million Lost To Cyber Fraud In '07

U.S. consumers reported losing more than $239 million from online fraud last year, up from $198 million in 2006, according to data released today by the FBI. Internet auction fraud (35.7 percent) and merchandise non-delivery (24.9 percent) were the most...

By Brian Krebs | April 4, 2008; 12:49 PM ET | Comments (2)

Reach Out And Hack Someone

Gone are the days when telephones were dumb appliances that you simply plugged into the wall and forgot: Security researchers from one Internet security firm say they have located more than 100 vulnerabilities in hardware and software that powers the...

By Brian Krebs | April 3, 2008; 5:15 PM ET | Comments (10)

Secret Service Agent To Lead DHS Cyber Division

A cybercrime investigator at the U.S. Secret Service has been named to head the Department of Homeland Security's National Cyber Security Division, Security Fix has learned. Cornelius F. Tate, a graduate of University of Mississippi, currently heads up the Technical...

By Brian Krebs | April 3, 2008; 12:43 PM ET | Comments (1)

Apple Issues QuickTime Update for Mac, Windows

Apple on Wednesday pushed out an update to its QuickTime media player software, fixing at least 11 security vulnerabilities in the software for both Mac and Windows systems. Mac users can get the latest version through Software Update. Windows QuickTime...

By Brian Krebs | April 3, 2008; 6:45 AM ET | Comments (14)

8.3 Million Records Spilled in Data Breaches This Year

At least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released today. The San Diego based Identity...

By Brian Krebs | April 2, 2008; 3:00 PM ET | Comments (7)

April Fool's Day Warning, And Some Fun

This post has been updated. Please read through to the end. Original post: The cyber criminal(s) behind the Storm worm want to make an April Fool out of you today. The Storm worm author(s) likes to use holidays and other...

By Brian Krebs | April 1, 2008; 1:50 PM ET | Comments (8)

 

©  The Washington Post Company