Archive: From the Bunker
Gov't Secrecy and the Mysterious Cyber Initative
The secrecy surrounding the Bush administration's updated National Cyber Security Initiative -- designed to improve the government's digital defenses and put forth an offensive information warfare doctrine -- is endangering the deterrent value of the project and appears to be...
By Brian Krebs | May 15, 2008; 03:50 PM ET | Comments (2)
Three Charged With Hacking Dave & Buster's Chain
Three men have been indicted for hacking into a number of cash registers at Dave & Buster's restaurant locations nationwide to steal data from thousands of credit and debit cards, data that was later sold or used to cause more...
By Brian Krebs | May 14, 2008; 05:15 PM ET | Comments (3)
Tech Groups Back Kaspersky in Fight Against Zango
A broad coalition of technology groups today told a federal appeals court to toss out a lawsuit that adware maker Zango is continuing to pursue against computer security vendor Kaspersky Lab, arguing that to do otherwise would harm consumers and...
By Brian Krebs | May 5, 2008; 06:30 PM ET | Comments (17)
More Trouble With Ads on ISPs' Error Pages
Last week, Security Fix examined new research suggesting that some major Internet service providers are exposing their customers to security flaws when they redirect wayward Web surfers to ad-filled pages. I'm revisiting this controversial practice because another major provider of...
By Brian Krebs | April 30, 2008; 06:00 AM ET | Comments (10)
A Case of Network Identity Theft?
Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as one of the world's most notorious spammers. What's remarkable...
By Brian Krebs | April 28, 2008; 06:35 PM ET | Comments (13)
Hundreds of Thousands of Microsoft Web Servers Hacked
Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software...
By Brian Krebs | April 25, 2008; 08:00 AM ET | Comments (65)
Hannaford's Breach Tests Limits of Security Controls
Supermarket chain Hannaford Bros. is spending millions of dollars to upgrade its security in a bid to close the holes that allowed thieves to steal up to 4.2 million credit and debit card numbers from store networks. The remarkable thing...
By Brian Krebs | April 23, 2008; 05:40 PM ET | Comments (12)
Badware Threat Changes Apple's Tune on Safari
In response to mounting criticism from security and privacy experts, Apple has changed the way its Software Update program pushes out the Safari Web browser to Windows users. But the changes may not go far enough for many people because...
By Brian Krebs | April 23, 2008; 11:27 AM ET | Comments (32)
Obama Site Visitors Redirected to Clinton Campaign
On the eve of the presidential primary in Pennsylvania, an online prankster leveraged a security vulnerability on Sen. Barack Obama's campaign Web site to redirect visitors to Sen. Hillary Rodham Clinton's campaign site. According to Symantec, someone embedded computer code...
By Brian Krebs | April 22, 2008; 01:26 PM ET | Comments (133)
A Shifting Definition of 'Severity'
Microsoft this week issued a study that examines the malicious software threat to Windows computers ... a report clearly written from the software giant's vantage point. While the report includes some interesting stats about which malware samples were most prevalent...
By Brian Krebs | April 22, 2008; 09:00 AM ET | Comments (1)
When Monetizing ISP Traffic Goes Horribly Wrong
In seeking to further monetize Web site traffic on their networks, a number of major Internet service providers may be inadvertently exposing their customers to a greater risk of online attack from identity thieves, according to research released today. Many...
By Brian Krebs | April 19, 2008; 02:00 PM ET | Comments (18)
Identity Theft Smash & Grab, CEO Style
Tens of thousands of corporate executives were the target of a series of identity-theft scams this week, e-mail-borne schemes that appear to have netted close to 2,000 victims so far. Early Monday morning, according to two security experts with firsthand...
By Brian Krebs | April 15, 2008; 10:44 PM ET | Comments (30)
Online Security: A Closer Look at a Negative Example
It may be easier than you think for someone to steal your wireless phone records. At least, that's the case if you're a Sprint wireless phone user. Sprint makes it very easy for customers to go online to view and...
By Brian Krebs | April 15, 2008; 06:09 PM ET | Comments (7)
Security Fix Pop Quiz, Spring 2008 Edition
Have you been keeping up to date with the latest security patches? Examine the list below to see how you've done. If you're not sure which version of a program you're running, you can usually tell by selecting "Help" and...
By Brian Krebs | April 14, 2008; 10:07 AM ET | Comments (27)
Online Banking: Do You Know Your Rights?
The financial industry in the United Kingdom recently reaffirmed a policy that holds online banking customers liable for losses if they fail to secure their personal computers against data-stealing computer viruses. While this policy may seem surprising or even draconian...
By Brian Krebs | April 10, 2008; 08:49 AM ET | Comments (27)
Get Paid to Find 'Back Doors'
A security research and training group is offering up to $20,000 in grants to anyone with computer programming chops who can help locate and close hidden "back doors" in commercial hardware and software. According to the Bethesda, Md.-based SANS Institute...
By Brian Krebs | April 9, 2008; 12:55 PM ET | Comments (7)
Kraken Spawns a Clash of the Titans
Most of my waking hours on Monday were spent fielding indignant queries from sources in the anti-virus industry who were wondering what I knew about reports of a new family of malicious software that allegedly had managed to infect more...
By Brian Krebs | April 8, 2008; 11:38 AM ET | Comments (10)
Consumers Report $239 Million Lost To Cyber Fraud In '07
U.S. consumers reported losing more than $239 million from online fraud last year, up from $198 million in 2006, according to data released today by the FBI. Internet auction fraud (35.7 percent) and merchandise non-delivery (24.9 percent) were the most...
By Brian Krebs | April 4, 2008; 12:49 PM ET | Comments (2)
Reach Out And Hack Someone
Gone are the days when telephones were dumb appliances that you simply plugged into the wall and forgot: Security researchers from one Internet security firm say they have located more than 100 vulnerabilities in hardware and software that powers the...
By Brian Krebs | April 3, 2008; 05:15 PM ET | Comments (10)
8.3 Million Records Spilled in Data Breaches This Year
At least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released today. The San Diego based Identity...
By Brian Krebs | April 2, 2008; 03:00 PM ET | Comments (7)
April Fool's Day Warning, And Some Fun
This post has been updated. Please read through to the end. Original post: The cyber criminal(s) behind the Storm worm want to make an April Fool out of you today. The Storm worm author(s) likes to use holidays and other...
By Brian Krebs | April 1, 2008; 01:50 PM ET | Comments (8)
Cyber Attacks on the Campaign Trail
It is rare for the key topics typically covered in this blog -- cybercrime and computer security -- to be wielded as talking points by a major presidential candidate. But in a foreign policy speech last week, presumptive Republican Party...
By Brian Krebs | March 31, 2008; 03:08 PM ET | Comments (8)
Happy 3rd Birthday To Security Fix
Security Fix turned three years old this weekend. Since March 2005, this blog has featured roughly 900 entries and attracted more than 14,000 comments. I have enjoyed watching the Security Fix community grow, and owe a big shout of "Thanks!"...
By Brian Krebs | March 31, 2008; 10:05 AM ET | Comments (21)
The Curious Case of Dmitry Golubov
Earlier this month, Security Fix took a look at Dmitry Ivanovich Golubov, a Ukrainian politician once considered by U.S. law enforcement to be a top cybercrime boss. Golubov took rather strong exception to the way he was characterized in that...
By Brian Krebs | March 28, 2008; 10:50 AM ET | Comments (16)
U.S.-Based ISPs Count Known Terror Groups as Clients
Herndon, Va.-based Network Solutions said Wednesday that it suspended Hizbollah.org, an official site of Hezbollah, a Lebanese political and paramilitary group. Turns out, Network Solutions, which was one of the original firms in the domain registration business, was accepting payment...
By Brian Krebs | March 27, 2008; 04:46 PM ET | Comments (11)
Don't Depend on Anti-virus to Save You
Last week I wrote a story about how anti-virus companies are struggling to keep up with the huge volumes of viruses and other malware being released on the Internet. The story examined the various ways the anti-virus industry has responded...
By Brian Krebs | March 25, 2008; 09:28 AM ET | Comments (42)
Network Solutions Pre-Censors Anti-Islam Site
Web site name registrar Network Solutions is blocking access to a site owned by a controversial Dutch politician known for his confrontational views about Islam and Muslim immigrants. The move by one of the largest companies in the domain registration...
By Brian Krebs | March 23, 2008; 10:36 PM ET | Comments (197)
They Told You Not To Reply
When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread. But when those messages are sent...
By Brian Krebs | March 21, 2008; 09:30 AM ET | Comments (132)
Hannaford Breach May Presage '08 Trend
The Hannaford Bros. supermarket chain said Monday that a breach of its computer systems may have given criminals access to more than four million credit and debit cards issued by nearly 70 banks nationwide. While the banks appear all but...
By Brian Krebs | March 18, 2008; 11:08 AM ET | Comments (25)
The Anatomy of a Vishing Scam
A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies. The scams in this case took...
By Brian Krebs | March 15, 2008; 05:54 PM ET | Comments (5)
Six Degrees of E-Separation
If you've ever played the game "Six Degrees of Kevin Bacon," you know there's a lot of truth to it. It's based on the notion that any actor can be linked through his or her film roles to Mr. Bacon....
By Brian Krebs | March 12, 2008; 05:23 PM ET | Comments (8)
Microsoft Patches 12 Office Security Holes
Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or...
By Brian Krebs | March 11, 2008; 02:30 PM ET | Comments (6)
When Ads Go Bad
A long-time trusted source recently alerted me that some inappropriate advertisements were running on Neopets.com, a Web site full of addictive Macromedia Flash games aimed at pre-teens. Surprisingly, the curators of Neopets.com -- major media conglomerate Viacom -- are disavowing...
By Brian Krebs | March 10, 2008; 12:34 PM ET | Comments (20)
When Blocking Porn Isn't Enough
Last year, Security Fix looked at a free service that helps parents and other network administrators block adult Web sites for all of the PCs they control, without installing any software. Now, the company and community that built that service...
By Brian Krebs | February 26, 2008; 01:28 PM ET | Comments (30)
YouTube Censorship Sheds Light on Internet Trust
If you happened to be searching for a video at YouTube.com Sunday afternoon, there's a good chance your browser told you it was unable to locate the entire Web site. Turns out, much of the world was blocked from getting...
By Brian Krebs | February 25, 2008; 11:08 AM ET | Comments (32)
How Not To Write a 'Geek Wanted' Ad
When you're trying to hire a computer security professional to manage the network for one of the nation's largest counties, it's probably not the best idea to advertise to the world the precise digital defenses you have in place to...
By Brian Krebs | February 22, 2008; 02:15 PM ET | Comments (13)
Wall Street Reports Increase In PC Intrusions In '07
On Thursday, Security Fix featured an exclusive look at data pulled from an unreleased government report showing a steep increase in the amount of funds that banks, businesses and consumers lost last year due to computer hacking and malicious software...
By Brian Krebs | February 22, 2008; 09:40 AM ET | Email a Comment
Research May Hasten Death of Mobile Privacy Standard
Researchers at a computer security conference in Washington, D.C. this week detailed a method for dramatically reducing the cost and time needed to crack the security that prevents eavesdropping of GSM-based mobile phones. The weaknesses in the GSM encryption technology...
By Brian Krebs | February 19, 2008; 12:52 PM ET | Comments (24)
Fake Prez. Campaign Video Spreads Malware
Spammers are taking advantage of public awareness about the U.S. presidential race to trick people into installing malicious software. A recent blast of spam purports to contain links to a video of Sen. Hillary Clinton (D-N.Y.) on the campaign trail,...
By Brian Krebs | February 14, 2008; 04:50 PM ET | Comments (9)
Beware Bogus E-Valentines
If you want to express your affection for someone this Valentine's Day, try to find a more original way to do it than by sending e-greeting cards. You could be training your loved one to respond to scammers who are...
By Brian Krebs | February 13, 2008; 11:17 AM ET | Comments (20)
The Storm Worm's Family Tree
New research suggests that the infamous Storm worm has its roots in a computer worm that first surfaced as early as 2004, two-and-a-half years prior to Storm's widely-recognized birthday. The findings come from security researchers at Damballa, a start-up in...
By Brian Krebs | February 7, 2008; 03:05 PM ET | Comments (2)
Untraceable or Uncatchable?
On Friday, I caught a showing of "Untraceable," a horror/thriller flick about a serial killer who relies on computer insecurity to help him broadcast his crimes onto the Internet. Far too many hacker movies completely flub the technical details, and...
By Brian Krebs | January 28, 2008; 01:01 PM ET | Comments (26)
Just Say No To Work-At-Home Money Mule Scams
washingtonpost.com today ran a story I wrote that examines the ever-evolving scams that organized cyber thieves are coming up with to con people into laundering stolen funds on their behalf. The piece features interviews with a couple of unfortunate victims...
By Brian Krebs | January 25, 2008; 11:00 AM ET | Comments (30)
Report: 51 Percent Of Malicious Web Sites Are Hacked
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect the visitor's PC with malware now exceeds the number of sites specifically created by cyber criminals, according to a report released today....
By Brian Krebs | January 22, 2008; 09:29 AM ET | Comments (5)
Drawing a (Scary) Face On Malicious Software
If the phishing scams, computer viruses and worms that land in our inboxes each day take the form of hostile-looking beasts, we might all want to avoid them like the plague. Such is the vision of Romanian artist Alex Dragulescu,...
By Brian Krebs | January 18, 2008; 01:10 PM ET | Comments (6)
Wishing an (Un)Happy Birthday to the Storm Worm
This week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family circulating online today. This...
By Brian Krebs | January 17, 2008; 09:37 AM ET | Comments (26)
Report: TSA Site Exposed Travelers To ID Theft
A House of Representatives panel yesterday released a damning report about a Transportation Security Administration Web site built to address grievances from travelers errantly flagged by the government's no-fly list. It conlucded that cronyism and a lack of oversight exposed...
By Brian Krebs | January 12, 2008; 09:15 AM ET | Comments (59)
Microsoft Patches Three Windows Security Holes
Microsoft yesterday pushed out a couple of patches to fix at least three separate security flaws in its various Windows operating systems, including one that could be especially dangerous for Windows home users. The most serious update is included in...
By Brian Krebs | January 9, 2008; 10:43 AM ET | Comments (12)
New Nasty Hides From Windows, Anti-Virus Tools
A new family of malicious software that runs before Windows even boots up has infected thousands of PCs worldwide and remains undetected by virtually all of the commercial anti-virus tools, security experts warn. The newly-discovered malware is what's known as...
By Brian Krebs | January 8, 2008; 02:10 PM ET | Comments (67)
Class Action Suit Alleges Sears Privacy Failures
Class-action lawyers are circling around retailer Sears, Roebuck & Co., just days after privacy activists revealed that the company's Web site exposed the details of customer purchases going back more than a decade. In a complaint filed Friday in Cook...
By Brian Krebs | January 5, 2008; 02:10 PM ET | Comments (43)
Sears's Privacy Promises Broken?
Sears is having a bit of a rough day with the privacy community. The company got off to a rocky start with revelations that many customers who gave Sears their personal details after shopping at the company's Web site also...
By Brian Krebs | January 3, 2008; 06:40 PM ET | Comments (72)
The Mysterious Unsent 'Bounced' E-mail
The subject line from the e-mail that just landed in your inbox indicates the message was returned because it could not be delivered. Upon closer inspection, the message -- hawking cheap designer watches -- doesn't look like any message you've...
By Brian Krebs | January 2, 2008; 11:15 AM ET | Comments (27)
Microsoft Plugs 11 Windows Security Holes
Microsoft today released software updates to plug at least 11 security holes in PCs powered by its Windows operating systems and other software. Windows users can download the fixes either directly through the Microsoft Update Web site or via Automatic...
By Brian Krebs | December 11, 2007; 03:15 PM ET | Comments (14)
Top 10 Best & Worst Anti-Phishing Web Registrars
Web site domain name registrars are increasingly finding themselves at the forefront of the never-ending slog against online con artists and phishers. But there is little consensus on how far registrars should go to police their pool of names for...
By Brian Krebs | December 11, 2007; 08:30 AM ET | Comments (35)
MPAA University 'Toolkit' Raises Privacy Concerns
The Motion Picture Association of America is urging some of the nation's largest universities to deploy custom software designed to pinpoint students who may be using the schools' networks to illegally download pirated movies. A closer look at the MPAA's...
By Brian Krebs | November 23, 2007; 06:30 AM ET | Comments (105)
Credit Card Thieves Flood Wikimedia With Pennies
The Wikimedia Foundation, the parent organization of the free online encyclopedia Wikipedia and other open-source projects, recently increased the minimum amount it will accept in donations after scammers apparently began testing the validity of stolen credit cards by sending a...
By Brian Krebs | November 20, 2007; 02:57 PM ET | Comments (31)
Salesforce.com Acknowledges Data Loss
Business software provider Salesforce.com acknowledged that a recent spate of targeted e-mail virus and phishing attacks against its customers resulted from one of its own employees falling for a phishing scam and turning over the keys to the company's customer...
By Brian Krebs | November 6, 2007; 11:34 AM ET | Comments (19)
Deconstructing the Fake FTC E-mail Virus Attack
A targeted e-mail virus disguised as an identity theft inquiry from the Federal Trade Commission appears to have successfully compromised more than 500 PCs, including victims at banks, real estate brokerages, law firms and marketing companies. Each of the victims...
By Brian Krebs | November 5, 2007; 06:00 AM ET | Comments (28)
'Net Governance Body Punts On WHOIS Privacy
The nonprofit organization that manages the Internet's domain-name system has voted to punt on a proposed change to the global WHOIS database of Web site name registrants. The changes would have given Web site owners the ability to shield their...
By Brian Krebs | October 31, 2007; 04:20 PM ET | Comments (14)
Hiding In Plain Sight
Security Fix pop quiz, here. Is the document pictured in the image to the right the depiction of a text document, or is it an executable malicious program disguised as a harmless text file? It's actually an executable file (one...
By Brian Krebs | October 31, 2007; 11:42 AM ET | Comments (19)
Spammers Tempt Surfers to Help Solve Captchas
Call it an online game of strip poker, only spammers are the ones walking away with all the winnings. The latest innovation in malicious software takes the form of shapely "Melissa," an alluring, scantily clad blond who requests the victim's...
By Brian Krebs | October 30, 2007; 10:20 AM ET | Comments (10)
Simplifying Long-Distance Tech Support
When you're the de facto tech support guy for most of your family and friends, you quickly find yourself making a lot of house calls. But if you're not being summoned to help install memory or a new hard drive,...
By Brian Krebs | October 29, 2007; 09:37 AM ET | Comments (9)
Should E-Mail Addresses Be Considered Private Data?
A database of e-mail addresses and other contact information stolen from business software provider Salesforce.com is being used in an ongoing series of targeted e-mail attacks against customers of several Salesforce.com business clients, including SunTrust and Automatic Data Processing Inc....
By Brian Krebs | October 19, 2007; 06:00 PM ET | Comments (19)
The Carrot & Stick Approach to Internet Pollution
Lawmakers on Capitol Hill are once again debating whether to extend a soon-to-expire ban on taxing consumer access to the Internet. Proponents of such a ban say they want to keep the Internet free from the shackles of regulation, and...
By Brian Krebs | October 18, 2007; 10:20 AM ET | Comments (5)
The Russian Business Network Responds
An individual claiming to represent the Russian Business Network has denied media reports (including a Washington Post story I wrote that ran last week) the company provides Web hosting services to numerous cyber criminal operations. Experts quoted in my story...
By Brian Krebs | October 16, 2007; 03:45 PM ET | Comments (6)
Schwarzenegger Vetoes Retail Data Security Bill
California Gov. Arnold Schwarzenegger (R) on Friday vetoed a bill that would have forced retailers to foot more of the bill in cleaning up after customer data spills. The bill was unanimously approved by the Assembly, with the state Senate...
By Brian Krebs | October 16, 2007; 08:27 AM ET | Comments (9)
Mapping the Russian Business Network
Today's Washington Post carries my story about the the Russian Business Network, an entity based in St. Petersburg that provides Web hosting services that cater exclusively to cyber criminals. From the story: "The Russian Business Network sells Web site hosting...
By Brian Krebs | October 13, 2007; 12:02 AM ET | Comments (26)
Taking on the Russian Business Network
The text below was originally included as part of the story The Washington Post ran today on the Russian Business Network. The content below was cut for space reasons, but I thought the anecdote was interesting and timely enough to...
By Brian Krebs | October 13, 2007; 12:01 AM ET | Comments (13)
VOIP Mix-Up Exposes Customer Call Data
Bill Adler was relieved to get his old phone number back. The Washington-area resident's digits were marooned shortly after his former Internet-based phone service provider -- Sunrocket -- abruptly closed its doors in mid-July. Relieved, that is, until he received...
By Brian Krebs | October 8, 2007; 11:10 AM ET | Comments (2)
Second Credit Bureau Offers File Freeze
Consumer credit reporting bureau Experian today announced that it would allow consumers in all 50 states to freeze their credit histories, becoming the second of the three national credit bureaus to offer the freeze option. The service, which will be...
By Brian Krebs | October 4, 2007; 09:32 AM ET | Comments (15)
iPhone (in)Security
This blog often takes software and hardware vendors to task when they use security updates as a means of enforcing product loyalty. Media player software makers are some of the biggest culprits here, so perhaps it's fitting that the 800-pound...
By Brian Krebs | October 2, 2007; 11:12 AM ET | Comments (40)
Just How Bad Is the Storm Worm?
The Storm worm has earned its share of superlatives, but security experts disagree over just how many computers running Microsoft Windows have been compromised by the e-mail worm. Some new figures released from Microsoft and estimates obtained by Security Fix...
By Brian Krebs | October 1, 2007; 10:31 AM ET | Comments (11)
Microsoft's Stealth Update Backfires for Some Users
A software update Microsoft quietly delivered to millions of PCs this summer prevents the installation of at least 80 security updates when some Windows users try to fix a problem with their computer using the software's "repair" feature, according to...
By Brian Krebs | September 28, 2007; 10:23 AM ET | Comments (18)
Calculating the Costs of Cyber Crime
On Monday, Security Fix looked at figures published by the Justice Department suggesting that the FBI had between 3 and 6 percent of its field agents dedicated to fighting cyber crime. On the surface, that number may seem low for...
By Brian Krebs | September 27, 2007; 11:25 AM ET | Comments (6)
Is Cyber Crime Really the FBI's No. 3 Priority?
The Federal Bureau of Investigation says that its No. 3 priority is protecting the United States "against cyber-based attacks and high-technology crimes." Given the increasing pervasiveness and costs associated with such crime, FBI Director Robert Mueller should be commended for...
By Brian Krebs | September 24, 2007; 03:14 PM ET | Comments (16)
Your Money or Your E-mail
If someone broke into your free Web mail account, reset your password and issued a $100 ransom demand, would you pay up? The answer might depend on how careless you've been with your passwords, and how many e-commerce sites you...
By Brian Krebs | September 20, 2007; 04:24 PM ET | Comments (13)
The Threat of Reputation-Based Attacks
CastleCops.com is accustomed to being attacked by online crooks: The volunteer-led cybercrime-fighting group has endured nearly a month long siege by thousands of criminally-controlled PCs aimed at crippling its Web site. So when the latest attack failed to prevent legitimate...
By Brian Krebs | September 18, 2007; 10:00 AM ET | Comments (20)
Report: Four Percent of E-Crime From Fortune 100
Roughly four percent of all spam, malicious software attacks, phishing Web sites and other cyber crime activities detected in the first half of 2007 emanated from the networks controlled by the world's 100 highest-grossing companies, according to a new report...
By Brian Krebs | September 17, 2007; 03:27 PM ET | Comments (10)
AOL's Free Anti-Virus Switcheroo
A number of AOL users who have taken advantage of the free "Active Virus Shield" anti-virus offer from Kasperksy are complaining that the software has ceased downloading updates. Turns out AOL recently severed its relationship with Kaspersky, and is now...
By Brian Krebs | September 12, 2007; 11:10 AM ET | Comments (13)
Security Updates for Windows 2000, Instant Messager
Microsoft Corp. released a mercifully light batch of software updates today as part of its regularly scheduled "Patch Tuesday" release cycle. Most Windows users will likely have to install just a single security update this time around. The fixes are...
By Brian Krebs | September 11, 2007; 02:27 PM ET | Comments (7)
E-Greeting Card Giant Unaffected By Storm Worm
It's been nearly three weeks since I first wrote about the Storm worm authors using fake online greeting cards to trick people into clicking on links to Web sites that try to download and install malicious software. Since then, it...
By Brian Krebs | September 6, 2007; 08:52 AM ET | Comments (14)
A Time-to-Patch: Apple 2006
Apple computer users mostly stayed off the radar screens of the criminal hacker community in 2006, even as the Cupertino, Calif., software company learned of an unprecedented number of serious security holes in its Mac OS X systems and other...
By Brian Krebs | September 4, 2007; 08:00 AM ET | Comments (43)
Storm Worm Dwarfs World's Top Supercomputers
The network of compromised Microsoft Windows computers under the thumb of the criminals who control the Storm Worm has grown so huge that it now has more raw distributed computing power than all of the world's top supercomputers, security experts...
By Brian Krebs | August 31, 2007; 06:32 PM ET | Comments (34)
Hacking Groceries: Internet Coupon Fraud
Over the weekend, my wife and I were shopping at Magruder's, a local grocery chain to which we're fiercely loyal, and we noticed a handwritten sign attached to the credit-card reader in the checkout line: "Attn customers: Due to coupon...
By Brian Krebs | August 27, 2007; 12:15 PM ET | Comments (19)
Pharmacy Spam Blogs At U.S. Nuclear Safety Lab
The Web site for the institution charged with safeguarding the safety and integrity of the U.S. nuclear arsenal has been inadvertently hosting advertisements and blogs that link to illegal prescription drug sites hawking everything from generic painkillers to erectile dysfunction...
By Brian Krebs | August 25, 2007; 12:50 PM ET | Comments (12)
Yahoo! Messenger Network Overrun By Bots
A large number of Yahoo!'s instant messenger chat rooms are being overrun by automated programs designed to hawk commercial services, Web sites and other wares, preventing millions of actual human users from joining most of the chat rooms on the...
By Brian Krebs | August 24, 2007; 11:15 AM ET | Comments (71)
Beware of Five-Star Vaporware
U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from...
By Brian Krebs | August 20, 2007; 10:08 AM ET | Comments (8)
Security Fix Pop Quiz, Summer 2007 Edition
Yes, dear readers, it's time once again for a Security Fix Pop Quiz, intended to serve as a gentle reminder to install security updates for third-party programs. The table below lists the software title, the date each update was released,...
By Brian Krebs | August 13, 2007; 02:57 PM ET | Comments (13)
Attacks Prompt Update for 'Tor' Anonymity Network
One of the best-known and free services for helping Internet users maintain their anonymity online - a network known simply as "Tor" -- suffered an attack this past week that may have exposed the identities of thousands of users. The...
By Brian Krebs | August 8, 2007; 02:00 PM ET | Comments (1)
Watch Out for Fake Tax 'Rebate' Sites
It's not exactly tax-filing time in the United States, but that doesn't mean online scammers aren't out to capture the money owed to you by Uncle Sam. A scam Web site spotted recently by Security Fix is one of a...
By Brian Krebs | August 8, 2007; 08:51 AM ET | Comments (5)
Internet Explorer and Your Web Site's Privacy
Several months ago, Security Fix looked at a feature of Microsoft's Internet Explorer 6 Web browser that was difficult to fathom (see: Clipboard Data Theft Optional in IE7). While interviewing a source at the DEF CON hacker conference last week,...
By Brian Krebs | August 7, 2007; 01:30 PM ET | Comments (24)
Access Card Systems -- Trivially Vulnerable?
LAS VEGAS -- A broad range of access card readers designed to grant or deny entry to office buildings, airport terminals and other sensitive areas are inherently insecure and easy to hack, according to a researcher who spoke and demonstrated...
By Brian Krebs | August 5, 2007; 05:01 PM ET | Comments (5)
Letter From Hackerdom: Not the Same Old DEF CON, Black Hat
LAS VEGAS -- What a difference a year makes. Like I did the past two years, I am currently blogging from Sin City, which plays host once a year to the back-to-back Black Hat and DEF CON hacker conferences. In...
By Brian Krebs | August 4, 2007; 11:45 AM ET | Comments (5)
Report: E-Voting Systems Hackable
Researchers at the University of California were able to hack into all of the electronic voting systems they tested, finding multiple security weaknesses that could allow hackers to break into and modify the systems, alter polling results, or interfere with...
By Brian Krebs | July 30, 2007; 06:00 PM ET | Comments (40)
The Yin and Yang of Internet Security Research
A law that makes it a crime to host online or otherwise provide software that could be used in cyber attacks went into effect in Germany this month. While the reaction from Germany's hacker culture has been somewhat muted, the...
By Brian Krebs | July 30, 2007; 12:34 PM ET | Comments (5)
Software Vulnerability Auction Stokes Researchers
Last week, a number of news outlets spotlighted a Swiss Internet start-up -- curiously named "WabiSabiLabii" (pronounced "wobby-sobby-lobby") -- that is trying to establish an eBay-style auction site for software security vulnerabilities. I held off in covering this important story...
By Brian Krebs | July 12, 2007; 09:00 PM ET | Comments (6)
Cell Phone Spying Service Leaking Data?
Last week, the geek news world was abuzz with news of a spying service that lets people intercept text messages, call logs, e-mails and other information from BlackBerry and Windows Mobile-equipped smart phones. But it appears the privacy threat is...
By Brian Krebs | July 9, 2007; 09:55 AM ET | Comments (7)
A Word of Caution About Google Calendar
I've been playing around with Google Calendar, a beta service from the search-engine giant that lets users store -- and share -- calendar data online. It's a great Web-based tool, but in experimenting with it I found that far too...
By Brian Krebs | July 6, 2007; 06:00 AM ET | Comments (11)
Spammers Duke It Out In Online Turf War
Just as thugs and drug dealers jealously guard their street corners with destructive turf wars, online spammers and other shadowy characters have been known to attack one another for control over virtual real estate. This week, security experts spotted a...
By Brian Krebs | June 29, 2007; 03:39 PM ET | Comments (4)
Web Worm Whacks MySpace Users
A complex, ongoing attack on MySpace.com users is turning victim's sites and computers into hosts for serving phishing scams and computer viruses. Earlier this week, some MySpace user pages were seeded with computer code seeking to exploit one of three...
By Brian Krebs | June 27, 2007; 01:52 PM ET | Comments (21)
LexisNexis Warns of Consumer Database Breaches
Last month, Security Fix wrote that scam artists were trying to steal the login credentials that law enforcement officers use to access their accounts at Accurint, a database operated by LexisNexis owner ReedElsevier that contains highly detailed and personal files...
By Brian Krebs | June 21, 2007; 09:34 AM ET | Comments (6)
Glubble: The Web in a Kid-Friendly Bubble
Last week, Security Fix highlighted a software-free approach to helping parents block objectionable online content. Today, I'm profiling a new service that debuted this week - an "add-on" or extension for Mozilla's Firefox Web browser that takes the opposite approach:...
By Brian Krebs | June 19, 2007; 11:41 AM ET | Comments (8)
A Software-Free Approach to Blocking Online Porn
Many readers have asked for advice on how to protect their kids from accidentally or purposefully viewing Internet porn, so over the next week or so Security Fix will examine various free methods for helping users block adult Web sites...
By Brian Krebs | June 15, 2007; 02:22 PM ET | Comments (20)
FBI Unveils Movable Feast with 'Operation Bot Roast'
The FBI said today it has identified more than 1 million personal computers that have been infected with computer worms enabling the attackers to control PCs for criminal purposes such as sending spam, spreading spyware and attacking Web sites. The...
By Brian Krebs | June 13, 2007; 05:03 PM ET | Comments (6)
Microsoft Plugs 15 Security Holes
Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Windows users can grab the patches by visiting Microsoft Update or by turning on Automatic Updates. Nine of...
By Brian Krebs | June 12, 2007; 02:22 PM ET | Comments (18)
Sun Issues Java Security Update
Sun Microsystems has issued an update to plug a pair of security holes in its Java Runtime Environment software. JRE is a widely installed software bundle that Web sites use to serve visitors with multimedia, interactive content. One of the...
By Brian Krebs | June 8, 2007; 02:59 PM ET | Comments (8)
Substitute Teacher Granted New Trial in Porn Case
A former Connecticut middle-school teacher was granted a new trial today at her sentencing hearing, where she had faced up to 40 years in prison for exposing her students to pornographic material on a classroom computer. Judge Hillary Strackbein said...
By Brian Krebs | June 6, 2007; 01:49 PM ET | Comments (83)
High Court Ruling Could Be Boon for Retailers
A Supreme Court ruling handed down Monday could be good news for more than 100 major retailers targeted by class-action lawsuits alleging that the companies failed to comply with a law designed to protect consumers from identity theft. The retailers...
By Brian Krebs | June 5, 2007; 10:35 AM ET | Comments (2)
Report Shows 7 Percent of Sponsored Links Dangerous
Clicking on a search engine's results of popular computer terms like "wallpaper" or "screensaver" remains a fairly risky endeavor when it comes to security, according to an updated study. The second annual State of Search Engine Safety report from McAfee...
By Brian Krebs | June 4, 2007; 10:52 AM ET | Comments (5)
A New Vector For Hackers -- Firefox Add-Ons
Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users. By design, each Firefox extension -- any...
By Brian Krebs | May 30, 2007; 05:01 AM ET | Comments (41)
Spy vs. I-Spy: A Tale of Dueling Anti-Spyware Bills
The House of Representatives last week passed a bill called the "I-SPY Act" -- a.k.a. the "Internet Spyware Prevention Act of 2007." I believe it's important to highlight the benefits and limitations of this measure. For starters, I-SPY is an...
By Brian Krebs | May 29, 2007; 08:43 AM ET | Comments (3)
Phishing Attacks Soar as Scammer Nets Widen
Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers, Security Fix has learned. Typically, phishing scams involve phony e-mails...
By Brian Krebs | May 24, 2007; 05:20 PM ET | Comments (9)
Cyber Crooks Hijack Activities of Large Web-Hosting Firm
Organized crime groups have modified a significant share of the Web sites operated by one of the Internet's largest Web hosting companies to launch cyber attacks against visitors, Security Fix has learned. Last month, Phoenix-based IPOWER Inc. was featured prominently...
By Brian Krebs | May 23, 2007; 10:30 AM ET | Comments (21)
Scammers Target Elderly With Aid of Data Brokers
Consumer data broker infoUSA reaped huge profits selling lists with the names of elderly individuals and others likely to be easy targets for identity thieves and con artists, according to a harrowing story in Sunday's New York Times. The newspaper...
By Brian Krebs | May 21, 2007; 02:15 PM ET | Comments (1)
Firefox Surfers More Likely Patched Than IE Users
New statistics released today indicate that people who use Mozilla's Firefox Web browser are more likely to be cruising the Web with all of the latest security updates installed than those surfing with Microsoft's Internet Explorer. Internet Security vendor Secunia...
By Brian Krebs | May 16, 2007; 04:16 PM ET | Comments (24)
Tuning Up Uncle Sam's Cyber Crime Laws
Lawmakers in the House of Representatives on Monday introduced a bill that seeks to modernize the nation's computer crime laws and give prosecutors more leeway and resources in going after cyber crooks. The Cyber-Security Enhancement Act of 2007, authored by...
By Brian Krebs | May 15, 2007; 11:34 AM ET | Comments (4)
The Politics of Identity Theft
Washingtonpost.com today ran an in-depth story I wrote examining the politics behind the identity theft problem in one state. It is told through the eyes of a Delaware resident who championed a measure and ultimately won passage of a law....
By Brian Krebs | May 9, 2007; 11:25 AM ET | Comments (22)
Federal Data Breach Bills Clear Senate Panel
Update, May 13: Please read the entire post, which has been updated. Original post: A key Senate committee today approved two bills that would force businesses to notify consumers if their personal or financial data is lost or stolen. The...
By Brian Krebs | May 3, 2007; 04:55 PM ET | Comments (4)
Building A Web-Based Neighborhood Watch
At any given time, tens of millions of personal computers around the globe are infected with malicious software that criminals use to turn them into spam-relaying "zombies." But many machines could be inoculated if there was a distributed, Internet-wide system...
By Brian Krebs | April 30, 2007; 12:18 PM ET | Comments (9)
Lawmakers Aim to Crack Down on Caller ID Spoofing
Congress appears poised to enact a law that would make it a crime for someone to fake their phone's caller ID information if that information belongs to an actual person who did not provide prior consent. The "Preventing Harassment Through...
By Brian Krebs | April 26, 2007; 12:15 PM ET | Comments (11)
Nation's Cyber Plan Outdated, Lawmakers Told
The nation's plan and policies for protecting its critical online infrastructures is severely outdated and flawed, experts told lawmakers Wednesday at a House subcommittee hearing. "Demanding report cards, legislating under the influence of adrenaline, imagining that cyber-security is an end...
By Brian Krebs | April 26, 2007; 05:00 AM ET | Comments (6)
$10K Prize Nets Apple Vulnerability
It is often said that hackers eschew exploiting security holes in Apple's Mac OS X operating system in favor of researching flaws in Microsoft Windows computers due to the fact that most of the world runs Microsoft machines. Thus, finding...
By Brian Krebs | April 21, 2007; 09:15 AM ET | Comments (12)
Rogue Networks Stir Trouble for Firms of All Sizes
It is disconcerting to hear that a recent audit of the Internal Revenue Service's computer security posture revealed that some field offices were operating wireless networks accessible to anyone lurking nearby with a laptop. The IRS inspector general's office scanned...
By Brian Krebs | April 20, 2007; 02:15 PM ET | Comments (8)
The Easy Way to Unclutter a New PC
If you recently purchased a new Windows PC for yourself or a loved one, you probably found that it came loaded with a boatload of trial software programs that compete for your attention with pop-ups and random "buy me" icons...
By Brian Krebs | April 19, 2007; 09:33 AM ET | Comments (26)
Data Breach Aided University Phishing Scam
A highly targeted phishing attack last year that scammed dozens of Indiana University students out of their personal and financial data appears to have been aided in part by a previously undisclosed hacker break-in at one of the school's main...
By Brian Krebs | April 16, 2007; 04:30 PM ET | Comments (9)
Practicing Street Smarts at the ATM
Each time I pull money out of a bank's automated teller machine -- even if it's an ATM that is very familiar to me -- I always use caution to ensure that no one or thing is surreptitiously trying to...
By Brian Krebs | April 16, 2007; 10:30 AM ET | Comments (20)
Tax Time Means Fraud Time
The arrival of tax season brings the inevitable scam e-mails and Web sites claiming to be affiliated with the Internal Revenue Service, the Treasury Department, or an online tax refund or preparation service. Here's the latest scam: Members of Phishtank,...
By Brian Krebs | April 13, 2007; 04:39 PM ET | Comments (1)
Uncle Sam Earns "C-Minus" in Computer Security
The federal government earned an overall grade of "C-minus" last year for securing its computer systems and networks from hackers, malicious insiders and viruses, a slight improvement from scores awarded to agencies in 2005, Security Fix has learned. Last year,...
By Brian Krebs | April 11, 2007; 05:01 PM ET | Comments (10)
Research Suggests Weakness in Anti-Phishing Technology
Security experts have warned for some time now that certain anti-online-fraud technology deployed by many major financial institutions may be lulling online banking users into a false sense of protection. Today, two university researchers released a demo in an attempt...
By Brian Krebs | April 10, 2007; 10:01 AM ET | Comments (10)
I'd Like a Double Espresso and Your Password, Please
One of the perennial questions I get from readers is whether it is safe to log into personal e-mail accounts at the local coffeehouse or even via a neighbor's wireless network. My answer remains the same: If you do not...
By Brian Krebs | April 9, 2007; 01:30 PM ET | Comments (18)
¿Security Fix en Español?
Google offers a translation tool that can aid readers of many languages. It can help Spanish-only speakers read the Security Fix column in Spanish, for example. Here's a message for our Spanish-language readers: Si prefieres leer la columna "Security Fix"...
By Brian Krebs | April 9, 2007; 12:40 PM ET | Comments (10)
Happy Birthday Security Fix
This week marks the second anniversary of the Security Fix blog. We've received thousands of comments and track-backs during the last two years. The response from readers and the community has been enormous and informative. Thank you! We are constantly...
By Brian Krebs | April 6, 2007; 01:18 PM ET | Comments (16)
Microsoft Rushes Out a Security Update
Microsoft Corp. yesterday said it plans to issue a software update on Tuesday to fix a dangerous security flaw in its Windows operating system -- a flaw that cyber criminals are actively targeting to gain access to computers across the...
By Brian Krebs | April 2, 2007; 01:20 PM ET | Comments (51)
Fortune 500s Unwittingly Become Spammers
The next time you receive a piece of junk e-mail touting penny stock, pimping Rolex watches, or lauding a work-at-home scam, consider investigating who really sent it. You may be surprised. Security Fix reviewed spam samples captured in the last...
By Brian Krebs | March 29, 2007; 11:11 AM ET | Comments (12)
Enabling the Spammers
Spammers are having a field day with a string of recently discovered security vulnerabilities in MailEnable, an e-mail server program offered by many large, dedicated Web hosting companies. Over the past few months, MailEnable has released updates at least a...
By Brian Krebs | March 27, 2007; 04:52 PM ET | Comments (3)
They Say They Want a Revolution
Educational institutions churn out computer science degrees to fresh faced graduates bursting with new ideas and skills to match, but how well do they hammer home the need to write software securely? Judging from the massive number of software vulnerabilities...
By Brian Krebs | March 26, 2007; 04:45 PM ET | Comments (21)
A Fresh Look at Password Thieves
Security Fix recently published information about thousands of U.S. residents whose passwords and other data had been stolen by nefarious hackers. Last week, I received more data about the number of victims caused by the hackers' Trojan horse computer program...
By Brian Krebs | March 23, 2007; 03:19 PM ET | Comments (4)
Online Trading Firms to Swap Fraud Tips
Washingtonpost.com today ran a story I wrote about representatives from some of the nation's top online stock trading firms who will meet tomorrow with federal law enforcement officials to discuss ways they can work together to combat Internet fraud. From...
By Brian Krebs | March 22, 2007; 08:28 PM ET | Email a Comment
Hot Air Swirls Around ID Theft Measure
While some of the hot air circulating on Capitol Hill today focused on former Vice President Al Gore's testimony on global warming, a debate down the hall managed to carve out its own environmental issues around another topic -- how...
By Brian Krebs | March 21, 2007; 06:19 PM ET | Comments (7)
Stolen Identities Sold Cheap on the Black Market
Recovering from identity theft can take years and cost thousands of dollars. But how much is your identity worth to the thieves who sell it to other fraudsters? Turns out, less than the price of two tickets to the movies....
By Brian Krebs | March 19, 2007; 12:01 AM ET | Comments (21)
Task Force Shapes ID Theft Policy
A viral epidemic of consumer identity fraud and data theft prompted President Bush last year to create a task force charged with crafting proposals to marshal Uncle Sam's resources to prevent identity fraud, assist victims and more aggressively prosecute those...
By Brian Krebs | March 15, 2007; 09:36 AM ET | Comments (16)
Tracking the Password Thieves
The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting,...
By Brian Krebs | March 14, 2007; 12:01 AM ET | Comments (63)
RFID Flap Silences Security Researchers
New research into security vulnerabilities in radio frequency identification cards made by technology giant HID Global has been pulled from the lineup at an East Coast security conference this week. Researchers from Seattle-based security provider IOActive were planning to detail...
By Brian Krebs | February 27, 2007; 04:43 PM ET | Comments (11)
They'll Always Have Paris
The young men who reached notoriety for illegally accessing the cell phone of socialite Paris Hilton are now either in federal prison or headed there shortly. Security Fix has learned the whereabouts of the hackers who pleaded guilty last fall...
By Brian Krebs | February 27, 2007; 12:58 PM ET | Comments (5)
Fool Me Once, Shame On You But Fool Me Twice...
In aiming to settle a class action suit, a group of companies is throwing a proverbial pie in the face of affected consumers. A Security Fix reader forwarded an e-mail about a benefit he allegedly was eligible to collect as...
By Brian Krebs | February 26, 2007; 03:35 PM ET | Comments (35)
Congressman Wants Answers About TSA Site
Citing reports by Security Fix and Wired, the chairman of the House Committee on Oversight and Government Reform is demanding that the Transportation Security Administration produce a raft of documents to explain why it created a Web site for airline...
By Brian Krebs | February 24, 2007; 12:30 PM ET | Comments (4)
Fraudsters Declare War on Anti-Scam Services
Spammers have been attacking and threatening several of the groups and individuals who have been performing some of the most important work in hobbling online scams, spam and computer viruses. The SANS Internet Storm Center on Thursday found a piece...
By Brian Krebs | February 23, 2007; 01:40 PM ET | Comments (11)
Mass. Bill Would Make Retailers Pay for Data Breaches
Lawmakers in Massachusetts are poised to consider legislation that would force retailers who suffer data breaches to cover the costs associated with any fraud-related losses by their customers, according to a story in today's Wall Street Journal (link is by...
By Brian Krebs | February 22, 2007; 03:27 PM ET | Comments (2)
Data Breach Hits Close to Home
I took some time off work last fall to spend with my wife, who had just been diagnosed with a golf-ball-sized tumor in her brain that needed to be removed. With the help of a few well-connected friends, we were...
By Brian Krebs | February 22, 2007; 11:45 AM ET | Comments (6)
Microsoft to Tighten Anti-Piracy Noose in Vista
In response to "overly optimistic" sales forecasts for its Vista operating system, Microsoft Corp. plans to "dial up" the anti-piracy technology built into this latest version of Windows. No doubt this move will boost Microsoft's sales to some degree, but...
By Brian Krebs | February 20, 2007; 01:37 PM ET | Comments (11)
The Dangers of Default Passwords
Stroll through any neighborhood with an open laptop in hand and you will probably notice your machine automatically connecting to various wireless Internet routers that local residents have set up. If you are given a connection that allows you to...
By Brian Krebs | February 15, 2007; 06:14 PM ET | Comments (62)
Valentine Or Virus?
It could be a Happy Virus Day for you as virus writers love to take advantage of the blizzard of e-greeting cards swirling around the Internet. Finnish anti-virus firm F-Secure warns that the poisoned love letters already are circulating. The...
By Brian Krebs | February 14, 2007; 01:01 PM ET | Comments (5)
Wanted: Missing FBI Laptops
If you lose your laptop, don't go crying on the shoulder of the Federal Bureau of Investigation. It has its own problems. The agency had at least 160 laptops lost or stolen over the past four years. Ten of those...
By Brian Krebs | February 12, 2007; 02:33 PM ET | Comments (10)
Perils in Parallels?
Earlier this week Security Fix managed to install a new copy of Microsoft's Windows Vista Ultimate on top of Apple's Mac OS X operating system running on a Macbook Pro. I did this using Parallels, a powerful "virtual machine" program...
By Brian Krebs | February 10, 2007; 03:30 PM ET | Comments (35)
When Security Companies Fail
SAN FRANCISCO: Security Fix has long pontificated on the necessity of Microsoft Windows users setting up their machines to run under "limited user" accounts. It is considered a fairly effective method for warding off spyware and virus infections on your...
By Brian Krebs | February 7, 2007; 07:28 AM ET | Comments (23)
Retailers, Banks Trade Blame in Data Thefts
The Washington Post today ran a story I wrote about data breach legislation being crafted on Capitol Hill. Lawmakers are looking to respond to the almost daily disclosures of companies, schools and government agencies suffering data breaches or otherwise exploiting...
By Brian Krebs | February 2, 2007; 10:28 AM ET | Comments (2)
Birth of the Verbal Hack?
Microsoft Corp. said Wednesday that a voice-recognition feature built into Vista -- the new version of Windows that went on sale this week -- could be exploited remotely to delete files on a victim's machine if he or she visited...
By Brian Krebs | February 1, 2007; 10:50 AM ET | Com