2008-05-09T16:26:55Z tag:blog.washingtonpost.com,2008:/securityfix//66 Copyright (c) 2008, WashingtonPost.Newsweek Interactive 2008-05-09T16:26:55Z tag:washingtonpost.com,2008-05-09:/securityfix/2008/05/adobe_plugs_8_security_holes_i.html

This post was updated at 12:20 p.m. to clarify what's new in this Adobe patch. See the update below the original post. Adobe has issued an update to plug at least eight security holes in its PDF Reader software. The latest patch brings the current, patched, version of Adobe to 8.1.2. If you're reading this post on a system that has Adobe Reader installed, please take a moment now to download and apply this...Please click on the title to continue reading this entry.

Brian Krebs 2008-05-08T16:51:39Z tag:washingtonpost.com,2008-05-08:/securityfix/2008/05/mozilla_distributes_virusinfec_1.html

Anyone who downloaded the Vietnamese language pack for Firefox 2 needs to run an anti-spyware and anti-virus scan, then disable the pack for now. Mozilla warned yesterday that all versions of that language pack downloaded from its servers since Feb. 18, 2008, were infected with pop-up ad serving software. Window Snyder, Mozilla's chief security officer, said the Vietnamese language pack was contaminated as the result of a virus infection. "This usually results in the user...Please click on the title to continue reading this entry.

Brian Krebs 2008-05-07T23:42:56Z tag:washingtonpost.com,2008-05-07:/securityfix/2008/05/the_click_fraud_stock_exchange_1.html

Anyone who doubts that Internet click fraud has become a big money maker should take a look at a Russian Web site called Robotraff.com, which bills itself as "the first stock exchange of Web traffic." Set up a free account at Robotraff and you're ready to buy or sell Web traffic. Got 30,000 hacked personal computers under your thumb? Super! Now you can use those systems to generate a steady income just by pointing them...Please click on the title to continue reading this entry.

Brian Krebs 2008-05-07T00:40:19Z tag:washingtonpost.com,2008-05-06:/securityfix/2008/05/microsoft_releases_windows_xp_1.html

Microsoft today finally released Service Pack 3 for Windows XP users. The update should now be offered via both Windows Update or Automatic Updates. The company was expected to release it last week, but pulled the plug at the last minute due to a compatibility problem with an obscure product they offer. Many readers have asked me whether this update is really necessary, given that there isn't a whole lot new in Service Pack 3...Please click on the title to continue reading this entry.

Brian Krebs 2008-05-06T15:17:10Z tag:washingtonpost.com,2008-05-05:/securityfix/2008/05/tech_groups_back_kaspersky_in.html

A broad coalition of technology groups today told a federal appeals court to toss out a lawsuit that adware maker Zango is continuing to pursue against computer security vendor Kaspersky Lab, arguing that to do otherwise would harm consumers and the future of the security software market. In May 2007, Bellvue, Wash.-based Zango -- a company that makes software to serve pop-up ads and tracks users' activities on behalf of online marketers -- sued Kaspersky,...Please click on the title to continue reading this entry.

Brian Krebs 2008-05-02T16:48:44Z tag:washingtonpost.com,2008-05-02:/securityfix/2008/05/stepped_up_cyber_role_for_spy.html

Read Brian Krebs's latest story on washingtonpost.com: "White House Plans Proactive Cyber-Security Role for Spy Agencies." America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy set to be detailed by the White House next week, a senior administration official said Wednesday. Speaking at a security conference in Washington, the official said the Bush administration wants to harness the intelligence community's offensive...Please click on the title to continue reading this entry.

washingtonpost.com Editors 2008-05-01T23:25:13Z tag:washingtonpost.com,2008-05-01:/securityfix/2008/05/cyber_justice_chronicles_1.html

Security Fix is launching a new feature today called Cyber Justice Chronicles, which will periodically provide short snippets of news about individuals who have been arrested or convicted of computer crime offenses. Law enforcement takes its share of lumps for not doing enough to go after cyber crooks, and while the victories on that front may be few and far between, it seems worthwhile to highlight some of the successes: * On Wednesday, Justice Department...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-30T10:05:40Z tag:washingtonpost.com,2008-04-30:/securityfix/2008/04/more_trouble_with_ads_on_isps.html

Last week, Security Fix examined new research suggesting that some major Internet service providers are exposing their customers to security flaws when they redirect wayward Web surfers to ad-filled pages. I'm revisiting this controversial practice because another major provider of these services (for one of the nation's largest ISPs) was found to be similarly vulnerable. As noted here last week, Earthlink and a few other ISPs are using a service from a U.K. company called...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-29T21:44:03Z tag:washingtonpost.com,2008-04-29:/securityfix/2008/04/microsoft_delays_windows_xp_se.html

Microsoft is delaying the release of Service Pack 3 for Windows XP users due to a "compatibility issue" with the bundle of updates and a supply-chain solution the company markets to small- and medium-sized businesses. The software giant had previously said SP3 would be released to XP customers today via Windows Update and its software download center. In a written statement, Microsoft said: "In order to make sure customers have the best possible experience we...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-29T15:44:41Z tag:washingtonpost.com,2008-04-28:/securityfix/2008/04/a_case_of_network_identity_the_1.html

Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as one of the world's most notorious spammers. What's remarkable about this case study is that it pits a vocal spammer against the American Registry for Internet Numbers, which has yet to take action. ARIN is one of five regional Internet registries worldwide that is...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-28T16:13:49Z tag:washingtonpost.com,2008-04-28:/securityfix/2008/04/use_foxit_patch_it.html

The makers of Foxit Reader -- a free alternative application to Adobe's software for viewing portable document format (PDF) files -- has issued an update that plugs several security holes. Hats off to Foxit Software, which turned around a patched version of its program about 24 hours after a security researcher published information about the vulnerabilities. The latest build, available from this link, brings the current, patched version to 2.3 Build 2825. The "what's new?"...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-29T15:33:38Z tag:washingtonpost.com,2008-04-25:/securityfix/2008/04/hundreds_of_thousands_of_micro_1.html

Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors' machines. The attackers appear to be breaking into the sites with the help of a security vulnerability in Microsoft's Internet Information Services (IIS) Web servers. In an alert issued last week, Microsoft said...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-23T21:40:30Z tag:washingtonpost.com,2008-04-23:/securityfix/2008/04/hannaford.html

Supermarket chain Hannaford Bros. is spending millions of dollars to upgrade its security in a bid to close the holes that allowed thieves to steal up to 4.2 million credit and debit card numbers from store networks. The remarkable thing about this case is not that the company was hacked, despite being certified as compliant with the security rules laid out by the payment card industry, but that so few retailers and businesses who accept...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-23T15:26:35Z tag:washingtonpost.com,2008-04-23:/securityfix/2008/04/badware_threat_changes_apples_1.html

In response to mounting criticism from security and privacy experts, Apple has changed the way its Software Update program pushes out the Safari Web browser to Windows users. But the changes may not go far enough for many people because the browser is still being disguised as a security update. A screenshot of how the the old updater offered Safari. Cupertino has long used the The Apple Software Updates to deploy iTunes and QuickTime patches...Please click on the title to continue reading this entry.

Brian Krebs 2008-04-28T15:31:43Z tag:washingtonpost.com,2008-04-22:/securityfix/2008/04/obama_site_visitors_redirected.html

On the eve of the presidential primary in Pennsylvania, an online prankster leveraged a security vulnerability on Sen. Barack Obama's campaign Web site to redirect visitors to Sen. Hillary Rodham Clinton's campaign site. According to Symantec, someone embedded computer code into a posting on the Obama blog. The content in this case targeted a cross-site scripting flaw (XSS), an exceedingly common type of vulnerability that can be used to automatically redirect Web browsers viewing the...Please click on the title to continue reading this entry.

Brian Krebs