Archive: Latest Warnings
Mozilla Distributes Virus-Infected Language Pack
Anyone who downloaded the Vietnamese language pack for Firefox 2 needs to run an anti-spyware and anti-virus scan, then disable the pack for now. Mozilla warned yesterday that all versions of that language pack downloaded from its servers since Feb....
By Brian Krebs | May 8, 2008; 12:51 PM ET | Comments (10)
Hundreds of Thousands of Microsoft Web Servers Hacked
Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software...
By Brian Krebs | April 25, 2008; 08:00 AM ET | Comments (67)
Identity Theft Smash & Grab, CEO Style
Tens of thousands of corporate executives were the target of a series of identity-theft scams this week, e-mail-borne schemes that appear to have netted close to 2,000 victims so far. Early Monday morning, according to two security experts with firsthand...
By Brian Krebs | April 15, 2008; 10:44 PM ET | Comments (31)
Online Security: A Closer Look at a Negative Example
It may be easier than you think for someone to steal your wireless phone records. At least, that's the case if you're a Sprint wireless phone user. Sprint makes it very easy for customers to go online to view and...
By Brian Krebs | April 15, 2008; 06:09 PM ET | Comments (7)
Time to Patch Your Flash
Adobe has issued an update to patch several security holes in its Flash player. Most people will have some version of Flash installed on their computers, so it's a good idea to take a moment and make sure your system...
By Brian Krebs | April 11, 2008; 03:31 PM ET | Comments (20)
Spammers Using Google, Outlook Calendars to Get Your Attention
Spammers are starting to use the meeting invite features of both Google Calendar and Microsoft Outlook to send messages advertising the latest designer watches and prescription drugs. This week, Security Fix heard from a reader who said he had received...
By Brian Krebs | April 10, 2008; 02:32 PM ET | Comments (11)
Online Banking: Do You Know Your Rights?
The financial industry in the United Kingdom recently reaffirmed a policy that holds online banking customers liable for losses if they fail to secure their personal computers against data-stealing computer viruses. While this policy may seem surprising or even draconian...
By Brian Krebs | April 10, 2008; 08:49 AM ET | Comments (28)
Microsoft Fixes 10 Security Vulnerabilities
Microsoft today issued software updates to plug at least 10 security holes in its Windows operating systems and other software. More than half of the vulnerabilities fixed by these patches earned the company's most dire "critical" rating, and several of...
By Brian Krebs | April 8, 2008; 03:01 PM ET | Comments (9)
Kraken Spawns a Clash of the Titans
Most of my waking hours on Monday were spent fielding indignant queries from sources in the anti-virus industry who were wondering what I knew about reports of a new family of malicious software that allegedly had managed to infect more...
By Brian Krebs | April 8, 2008; 11:38 AM ET | Comments (10)
Social Networking Accounts Prized By Cybercrooks
Cyber criminals increasingly are moving away from trying to break into computers directly, choosing instead to target Internet users where they spend much of their time online -- at social networking Web sites, new data suggests. In an analysis of...
By Brian Krebs | April 8, 2008; 12:01 AM ET | Comments (16)
RedBox Warns of Credit Card Skimmers
DVD-rental vending machine maker RedBox today warned customers to be on the lookout for any unusual activity or physical changes to local RedBox kiosks, after the company discovered evidence that criminals had retrofitted at least three of the machines with...
By Brian Krebs | April 7, 2008; 01:55 PM ET | Comments (8)
Beware Targeted Data-Stealing Tax Scam
A fresh round of targeted e-mail attacks is underway, arriving in messages that personally address both the recipient and his or her employer. One pretends to be sent from the IRS requesting more information about company tax filings. Another set...
By Brian Krebs | April 4, 2008; 02:22 PM ET | Comments (11)
Reach Out And Hack Someone
Gone are the days when telephones were dumb appliances that you simply plugged into the wall and forgot: Security researchers from one Internet security firm say they have located more than 100 vulnerabilities in hardware and software that powers the...
By Brian Krebs | April 3, 2008; 05:15 PM ET | Comments (10)
Apple Issues QuickTime Update for Mac, Windows
Apple on Wednesday pushed out an update to its QuickTime media player software, fixing at least 11 security vulnerabilities in the software for both Mac and Windows systems. Mac users can get the latest version through Software Update. Windows QuickTime...
By Brian Krebs | April 3, 2008; 06:45 AM ET | Comments (14)
8.3 Million Records Spilled in Data Breaches This Year
At least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released today. The San Diego based Identity...
By Brian Krebs | April 2, 2008; 03:00 PM ET | Comments (7)
Don't Depend on Anti-virus to Save You
Last week I wrote a story about how anti-virus companies are struggling to keep up with the huge volumes of viruses and other malware being released on the Internet. The story examined the various ways the anti-virus industry has responded...
By Brian Krebs | March 25, 2008; 09:28 AM ET | Comments (42)
They Told You Not To Reply
When businesses want to communicate with their customers via e-mail, many send messages with a bogus return address, e.g. "somethinghere@donotreply.com." The practice is meant to communicate to recipients that any replies will go unread. But when those messages are sent...
By Brian Krebs | March 21, 2008; 09:30 AM ET | Comments (134)
The Anatomy of a Vishing Scam
A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies. The scams in this case took...
By Brian Krebs | March 15, 2008; 05:54 PM ET | Comments (5)
Microsoft Patches 12 Office Security Holes
Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or...
By Brian Krebs | March 11, 2008; 02:30 PM ET | Comments (6)
The MonaRonaDona Extortion Scam
Online tech support forums are starting to light up over an increasing number of PCs sickened by something called the "MonaRonaDona virus," a piece of malware that threatens to trash host computers. As it happens, MonaRonaDona appears to be a...
By Brian Krebs | March 3, 2008; 06:06 PM ET | Comments (27)
Hackers Exploiting Facebook, MySpace Plug-ins
If you use Internet Explorer (versions 6 or 7) to browse the Web, listen up: Criminals are starting to exploit security holes in several widely installed IE plug-ins to plant invasive software when users are coerced or tricked into visiting...
By Brian Krebs | February 23, 2008; 10:00 AM ET | Comments (86)
Research May Hasten Death of Mobile Privacy Standard
Researchers at a computer security conference in Washington, D.C. this week detailed a method for dramatically reducing the cost and time needed to crack the security that prevents eavesdropping of GSM-based mobile phones. The weaknesses in the GSM encryption technology...
By Brian Krebs | February 19, 2008; 12:52 PM ET | Comments (27)
Fake Prez. Campaign Video Spreads Malware
Spammers are taking advantage of public awareness about the U.S. presidential race to trick people into installing malicious software. A recent blast of spam purports to contain links to a video of Sen. Hillary Clinton (D-N.Y.) on the campaign trail,...
By Brian Krebs | February 14, 2008; 04:50 PM ET | Comments (19)
Beware Bogus E-Valentines
If you want to express your affection for someone this Valentine's Day, try to find a more original way to do it than by sending e-greeting cards. You could be training your loved one to respond to scammers who are...
By Brian Krebs | February 13, 2008; 11:17 AM ET | Comments (26)
Microsoft's Valentine: 17 Security Updates
Microsoft today pushed out software updates to fix a large number of security flaws in computers running its Windows operating systems and other software. Notable among the patches is a critical roll-up of fixes for Internet Explorer, the Web browser...
By Brian Krebs | February 12, 2008; 04:50 PM ET | Comments (24)
Hackers Exploit Adobe Reader Flaw
Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers. On Wednesday, we alerted...
By Brian Krebs | February 9, 2008; 08:55 AM ET | Comments (26)
Heads Up Internet Explorer Users
A plug-in for Microsoft's Internet Explorer Web browser that helps users upload photos to popular sites such as Facebook and Myspace contains multiple security holes. To make matters worse, hackers have now published instructions showing how to exploit those flaws...
By Brian Krebs | February 5, 2008; 12:24 PM ET | Comments (10)
RealPlayer Labeled 'Badware'
An industry-academia group designed to raise public awareness about software that violates fair information and privacy practices has labeled recent versions of RealPlayer video streaming software as "badware," charging that the software surreptitiously installs pop-up ad serving software as well...
By Brian Krebs | January 31, 2008; 01:23 PM ET | Comments (46)
Best Buy Digital Photo Frames Shipped With Virus
Electronics retailer Best Buy has pulled a popular brand of digital photo frames from its online and in-store shelves, following reports that many of the devices shipped with computer viruses. The affected frames are limited to a particular size of...
By Brian Krebs | January 28, 2008; 05:47 PM ET | Comments (30)
Massive Java Update Includes Security Fixes
Sun has released another update to its Java software that brings some 370 bug fixes, including a number of security updates. For most home users, this update brings the latest version of the software to Java 6 Update 4. Most...
By Brian Krebs | January 23, 2008; 01:42 PM ET | Comments (38)
Report: 51 Percent Of Malicious Web Sites Are Hacked
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect the visitor's PC with malware now exceeds the number of sites specifically created by cyber criminals, according to a report released today....
By Brian Krebs | January 22, 2008; 09:29 AM ET | Comments (5)
Drawing a (Scary) Face On Malicious Software
If the phishing scams, computer viruses and worms that land in our inboxes each day take the form of hostile-looking beasts, we might all want to avoid them like the plague. Such is the vision of Romanian artist Alex Dragulescu,...
By Brian Krebs | January 18, 2008; 01:10 PM ET | Comments (6)
Targeted Attacks Use Unpatched Excel Flaw
Microsoft said Tuesday that it has seen evidence that criminals are breaking into Windows systems through a previously unknown security hole in its Excel software. Tim Rains, the security response communications lead for Microsoft, said in an e-mailed statement that...
By Brian Krebs | January 16, 2008; 09:40 AM ET | Comments (31)
Scareware Program Targets Mac Users
The same tried-and-true social engineering tactics traditionally wielded against Windows users to frighten people into buying bogus security software are now being employed to target Mac users. Security experts say the curators of macsweeper.com warn visitors that their machine is...
By Brian Krebs | January 15, 2008; 01:50 PM ET | Comments (4)
Barbara Moratek Is Not Your Friend
Scammers are targeting non-profit organizations with e-mails that claim to have been sent from a "Barbara Moratek" of the "Ivete Foundation." If you receive one of these e-mails, simply delete it. They appear to be designed to entice curious recipients...
By Brian Krebs | January 11, 2008; 02:12 PM ET | Comments (7)
New Nasty Hides From Windows, Anti-Virus Tools
A new family of malicious software that runs before Windows even boots up has infected thousands of PCs worldwide and remains undetected by virtually all of the commercial anti-virus tools, security experts warn. The newly-discovered malware is what's known as...
By Brian Krebs | January 8, 2008; 02:10 PM ET | Comments (67)
Holiday Spam Quadruples Storm Worm Infections
The flood of phony e-greetings cards spammed out over the holidays may have helped to more than quadruple the number of Microsoft Windows PCs infected with the "Storm worm," new research suggests. By mid-December, the size of the Storm worm...
By Brian Krebs | January 4, 2008; 01:40 PM ET | Comments (16)
Malware-Laced Banner Ads At MySpace, Excite
It was not for nothing that I led our 2007 Internet security retrospective and 2008 cyber storm forecast with a look at how online crooks are increasingly lurking on high-traffic sites to ensnare new victims. According to security researchers, banner...
By Brian Krebs | January 3, 2008; 04:32 PM ET | Comments (21)
Blogspot Blogs Help Spread Storm Worm Attacks
In an attack that showcases what cyber criminals have in store for Web 2.0 next year, the individual or group behind the Storm worm is distributing new versions of the malware with the help of hijacked and newly-created Google Blogspot...
By Brian Krebs | December 27, 2007; 08:38 PM ET | Comments (15)
Microsoft Plugs 11 Windows Security Holes
Microsoft today released software updates to plug at least 11 security holes in PCs powered by its Windows operating systems and other software. Windows users can download the fixes either directly through the Microsoft Update Web site or via Automatic...
By Brian Krebs | December 11, 2007; 03:15 PM ET | Comments (14)
QuickTime Flaw a Potential Threat to Second Life Fans
Security experts have spotted several Web sites exploiting an unpatched security hole in Apple's QuickTime media player to install malicious software on computers used to browse the sites. Last week, Security Fix carried a post warning readers about the QuickTime...
By Brian Krebs | December 3, 2007; 04:54 PM ET | Comments (12)
Exploit Released for Unpatched QuickTime Flaw
Instructions for exploiting a previously undocumented security hole in Apple's QuickTime media player software are now available online, and security firms are warning that it may not be long before we start seeing criminal groups taking advantage of the flaw...
By Brian Krebs | November 27, 2007; 10:52 AM ET | Comments (11)
A Fresh Round of Targeted E-mail Attacks
Another series of sophisticated e-mail attacks were launched over the past 24 hours, addressing recipients by name and warning of complaints filed against them and/or their company with the Justice Department and the Better Business Bureau. E-mail security firm MessageLabs...
By Brian Krebs | November 19, 2007; 10:30 PM ET | Comments (19)
Storm Worm Victims Get Stock Spam Pop-Up
If you're a Windows users and today received a surprise pop-up advertisement urging you to invest in an obscure penny stock, it is highly likely that your computer is infected with the virulent Storm worm, a nasty intruder that currently...
By Brian Krebs | November 13, 2007; 05:11 PM ET | Comments (8)
Russian Business Network: Down, But Not Out
A major Russian Internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. But security experts caution that there are signs that the highly profitable network may already be...
By Brian Krebs | November 7, 2007; 12:31 PM ET | Comments (11)
Deconstructing the Fake FTC E-mail Virus Attack
A targeted e-mail virus disguised as an identity theft inquiry from the Federal Trade Commission appears to have successfully compromised more than 500 PCs, including victims at banks, real estate brokerages, law firms and marketing companies. Each of the victims...
By Brian Krebs | November 5, 2007; 06:00 AM ET | Comments (28)
Hiding In Plain Sight
Security Fix pop quiz, here. Is the document pictured in the image to the right the depiction of a text document, or is it an executable malicious program disguised as a harmless text file? It's actually an executable file (one...
By Brian Krebs | October 31, 2007; 11:42 AM ET | Comments (19)
Firefox Update Plugs 8 Security Holes
Mozilla has shipped an update to its Firefox Web browser that corrects at least eight separate security flaws, including two that Mozilla flagged as especially serious. Firefox users should have already received an update that brings the browser to version...
By Brian Krebs | October 25, 2007; 09:38 AM ET | Comments (23)
Should E-Mail Addresses Be Considered Private Data?
A database of e-mail addresses and other contact information stolen from business software provider Salesforce.com is being used in an ongoing series of targeted e-mail attacks against customers of several Salesforce.com business clients, including SunTrust and Automatic Data Processing Inc....
By Brian Krebs | October 19, 2007; 06:00 PM ET | Comments (19)
Stock Spammers Pump It Up With MP3 Files
Spammers involved in pump-and-dump scams touting penny stocks now are using MP3 music files to lure investors, a switch security experts say is the latest tactic designed to sneak the messages past spam filters. According to e-mail security provider MessageLabs,...
By Brian Krebs | October 18, 2007; 01:48 PM ET | Comments (5)
Microsoft Changes Tune on IE7 Vulnerability
Reversing its initial assessment, Microsoft on Wednesday acknowledged that it needs to fix a vulnerability in its Internet Explorer 7 Web browser that could allow malicious Web sites to install unwanted software on Windows XP and Windows Server 2003 machines....
By Brian Krebs | October 11, 2007; 10:43 AM ET | Comments (14)
Java Update Plugs Multiple Security Holes
Sun Microsystems is pushing out an important security update to various versions of its Java Runtime Environment (JRE) software, along with a couple of changes designed to make patching the program more predictable and manageable for companies running custom versions...
By Brian Krebs | October 8, 2007; 01:28 PM ET | Comments (8)
First the Campaign Ads, Then the Phishing...
It's bad enough that most of us have to deal with the daily flood of scam e-mails trying to steal our precious personal and financial data. But with next year's crop of presidential candidates now raising millions of dollars online,...
By Brian Krebs | October 5, 2007; 05:58 PM ET | Comments (5)
Just How Bad Is the Storm Worm?
The Storm worm has earned its share of superlatives, but security experts disagree over just how many computers running Microsoft Windows have been compromised by the e-mail worm. Some new figures released from Microsoft and estimates obtained by Security Fix...
By Brian Krebs | October 1, 2007; 10:31 AM ET | Comments (11)
Would You Like Some Quechup With Your Spam?
A fair number of bloggers and readers have complained of being duped into handing over the e-mail and instant messaging addresses of their friends and family to a new social-networking site called "Quechup," which tends to welcome new members by...
By Brian Krebs | September 13, 2007; 03:27 PM ET | Comments (13)
Skype Users: Beware of Instant Message Worm
Skype, the eBay-owned Internet telephone service, is warning users to be on guard against a new computer worm that arrives disguised as a chat invitation via Skype's built-in instant messaging feature. The worm, which goes by the names "W32/Ramex.A," "W32/Pyskpa.D"...
By Brian Krebs | September 11, 2007; 09:10 AM ET | Comments (4)
Banner Ad Trojan Served on MySpace, Photobucket
Several banner ads containing Trojan horse programs that can compromise a user's computer have been running on some high-traffic Web sites for the past several weeks, including MySpace.com and Photobucket.com, Security Fix has learned. Web security company ScanSafe said it...
By Brian Krebs | September 9, 2007; 07:32 PM ET | Comments (12)
E-Greeting Card Giant Unaffected By Storm Worm
It's been nearly three weeks since I first wrote about the Storm worm authors using fake online greeting cards to trick people into clicking on links to Web sites that try to download and install malicious software. Since then, it...
By Brian Krebs | September 6, 2007; 08:52 AM ET | Comments (14)
USAJobs.gov Hit By Attack On Monster.com
USAJobs, the official job search site for the federal government, said Wednesday that more than 146,000 users had their account information stolen as a result of an attack on job search giant Monster.com earlier this month. In mid August, attackers...
By Brian Krebs | August 30, 2007; 03:50 PM ET | Comments (12)
Porn & Spyware Found on Govt. and School Sites
It would be great if the compromised Web servers I wrote about last week at Lawrence Livermore National Labs were an aberration, but sadly they are not. Conducting a simple Google search for adult-themed search terms found in ".gov" domains...
By Brian Krebs | August 29, 2007; 03:26 PM ET | Comments (17)
Storm Worm Authors Turn to YouTube Lures
Security Fix has spilled quite a bit of digital ink warning readers about the ever changing tactics of criminals behind the the indefatigable "Storm worm." This week's tactic (or today's as the case may be) involves e-mailed Web links disguised...
By Brian Krebs | August 27, 2007; 10:22 AM ET | Comments (8)
Don't Join the Club
The great Groucho Marx once quipped, "I don't want to belong to any club that will accept me as a member." E-mail users would do well to adopt this attitude with respect to unsolicited invites to join members-only Web sites,...
By Brian Krebs | August 22, 2007; 03:33 PM ET | Comments (14)
Beware of Five-Star Vaporware
U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else's software received the same "5-star" rating and high praise from...
By Brian Krebs | August 20, 2007; 10:08 AM ET | Comments (8)
Would You Like A Job With That Virus?
Cyber crooks are targeting a wave of new attacks at people searching for jobs online, security experts warn. Oddly enough, the criminals behind this scam appear to be just as interested in hiring you as they are in hijacking your...
By Brian Krebs | August 17, 2007; 04:20 PM ET | Comments (12)
A Heads-Up For Yahoo! Messenger Users
People who use Yahoo! Messenger to video chat online with friends and family should be extra wary of incoming chat invitations from strangers. Reports suggest the presence of a previously unknown security hole in the software that attackers could...
By Brian Krebs | August 16, 2007; 12:02 PM ET | Comments (10)
Microsoft Fixes 14 Software Security Flaws
Microsoft today released software updates to plug at least 14 security holes in computers powered by different versions of its Windows operating system and other software. The updates are available from the Microsoft Update Web site or via Automatic Updates....
By Brian Krebs | August 14, 2007; 02:01 PM ET | Comments (12)
Attacks Prompt Update for 'Tor' Anonymity Network
One of the best-known and free services for helping Internet users maintain their anonymity online - a network known simply as "Tor" -- suffered an attack this past week that may have exposed the identities of thousands of users. The...
By Brian Krebs | August 8, 2007; 02:00 PM ET | Comments (1)
Watch Out for Fake Tax 'Rebate' Sites
It's not exactly tax-filing time in the United States, but that doesn't mean online scammers aren't out to capture the money owed to you by Uncle Sam. A scam Web site spotted recently by Security Fix is one of a...
By Brian Krebs | August 8, 2007; 08:51 AM ET | Comments (5)
Internet Explorer and Your Web Site's Privacy
Several months ago, Security Fix looked at a feature of Microsoft's Internet Explorer 6 Web browser that was difficult to fathom (see: Clipboard Data Theft Optional in IE7). While interviewing a source at the DEF CON hacker conference last week,...
By Brian Krebs | August 7, 2007; 01:30 PM ET | Comments (24)
iPhone Exploits Revealed
LAS VEGAS -- Two methods that could allow criminals to break into and steal data from Apple's iPhone were demonstrated Thursday here at the Black Hat hacker conference. Charlie Miller, a researcher with Independent Security Evaluators, had warned Apple...
By Brian Krebs | August 3, 2007; 01:39 PM ET | Comments (13)
New Tool Automates Webmail Account Hijacks
LAS VEGAS -- Logging into your MySpace, Facebook, Yahoo!, Gmail or Hotmail account over a wireless connection just got a lot more dicey, as researchers here at the Black Hat hacker conference today demonstrated a new set of tools...
By Brian Krebs | August 2, 2007; 03:16 PM ET | Comments (22)
Report: E-Voting Systems Hackable
Researchers at the University of California were able to hack into all of the electronic voting systems they tested, finding multiple security weaknesses that could allow hackers to break into and modify the systems, alter polling results, or interfere with...
By Brian Krebs | July 30, 2007; 06:00 PM ET | Comments (40)
Not-So-Friendly Greeting Cards
You might want to think twice before opening that e-greeting card sent to you via e-mail. Cyber crooks have recently been blasting out millions of fake online greeting cards in the hope that recipients will click on the included links...
By Brian Krebs | July 19, 2007; 07:15 AM ET | Comments (50)
Your Money or Your Documents
Imagine opening up the personal documents file on your computer and finding a ransom note warning you that all of your precious files will be deleted unless you wire money to cyber crooks. That's exactly what happened over the past...
By Brian Krebs | July 17, 2007; 12:13 PM ET | Comments (13)
New Threat Pits Internet Explorer Against Firefox
Blueprints have been posted online detailing a cross-browser security threat that uses Microsoft's Internet Explorer Web browser to force Mozilla's Firefox browser to provide inroads for virus writers. While fans of both software makers are pointing the finger of blame...
By Brian Krebs | July 11, 2007; 09:01 AM ET | Comments (14)
Microsoft Plugs 11 Software Holes
Microsoft Corp. today pushed out software updates to plug at least 11 separate security holes in its Windows operating system and other software. Windows users can grab the updates via the Microsoft Update Web site, through Automatic Updates, or download...
By Brian Krebs | July 10, 2007; 02:55 PM ET | Comments (7)
Web Worm Whacks MySpace Users
A complex, ongoing attack on MySpace.com users is turning victim's sites and computers into hosts for serving phishing scams and computer viruses. Earlier this week, some MySpace user pages were seeded with computer code seeking to exploit one of three...
By Brian Krebs | June 27, 2007; 01:52 PM ET | Comments (21)
Red Cross Scam Targets Military Families
Low-life scam artists have sunk to new depths by posing as American Red Cross workers in an effort to steal personal information from military families with loved ones in Iraq. The caller, who sounds like a young American, calls a...
By Brian Krebs | June 22, 2007; 04:34 PM ET | Comments (4)
Mpack Exploit Tool Slips through Security Holes
Researchers have been charting the rise in threats created by a new software exploit tool known as "Mpack," a virtual attack kit designed to be embedded in hacked or malicious Web sites. It targets security holes in multiple software products,...
By Brian Krebs | June 18, 2007; 04:15 PM ET | Comments (10)
Microsoft Plugs 15 Security Holes
Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Windows users can grab the patches by visiting Microsoft Update or by turning on Automatic Updates. Nine of...
By Brian Krebs | June 12, 2007; 02:22 PM ET | Comments (18)
Yahoo! IM Users Should Upgrade Immediately
People who chat online using Yahoo! Messenger software should upgrade their program. The company has pushed out a fix to plug two newly discovered security holes. The two critical vulnerabilities reside in Yahoo! Messenger versions 8.1.0.249 and earlier. The flaws...
By Brian Krebs | June 9, 2007; 02:30 PM ET | Comments (13)
Sun Issues Java Security Update
Sun Microsystems has issued an update to plug a pair of security holes in its Java Runtime Environment software. JRE is a widely installed software bundle that Web sites use to serve visitors with multimedia, interactive content. One of the...
By Brian Krebs | June 8, 2007; 02:59 PM ET | Comments (8)
Report Shows 7 Percent of Sponsored Links Dangerous
Clicking on a search engine's results of popular computer terms like "wallpaper" or "screensaver" remains a fairly risky endeavor when it comes to security, according to an updated study. The second annual State of Search Engine Safety report from McAfee...
By Brian Krebs | June 4, 2007; 10:52 AM ET | Comments (5)
A New Vector For Hackers -- Firefox Add-Ons
Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users. By design, each Firefox extension -- any...
By Brian Krebs | May 30, 2007; 05:01 AM ET | Comments (41)
Apple, Microsoft Issue Security Updates
Apple yesterday pushed out an update to plug at least 17 separate security holes in its Mac OS X operating system and other software. Mac users can get the latest patch bundle from Apple Downloads or through the built-in Software...
By Brian Krebs | May 25, 2007; 03:29 PM ET | Comments (6)
Phishing Attacks Soar as Scammer Nets Widen
Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers, Security Fix has learned. Typically, phishing scams involve phony e-mails...
By Brian Krebs | May 24, 2007; 05:20 PM ET | Comments (9)
Cyber Crooks Hijack Activities of Large Web-Hosting Firm
Organized crime groups have modified a significant share of the Web sites operated by one of the Internet's largest Web hosting companies to launch cyber attacks against visitors, Security Fix has learned. Last month, Phoenix-based IPOWER Inc. was featured prominently...
By Brian Krebs | May 23, 2007; 10:30 AM ET | Comments (21)
Scammers Target Elderly With Aid of Data Brokers
Consumer data broker infoUSA reaped huge profits selling lists with the names of elderly individuals and others likely to be easy targets for identity thieves and con artists, according to a harrowing story in Sunday's New York Times. The newspaper...
By Brian Krebs | May 21, 2007; 02:15 PM ET | Comments (1)
Firefox Surfers More Likely Patched Than IE Users
New statistics released today indicate that people who use Mozilla's Firefox Web browser are more likely to be cruising the Web with all of the latest security updates installed than those surfing with Microsoft's Internet Explorer. Internet Security vendor Secunia...
By Brian Krebs | May 16, 2007; 04:16 PM ET | Comments (24)
New Attack Piggybacks on Microsoft's Patch Service
Security experts have been predicting that virus writers would find a way to hijack Microsoft's security patch delivery process to slip their software onto users' computers. They were right. Security researcher Frank Boldewin last week published a "proof-of-concept" program illustrating...
By Brian Krebs | May 14, 2007; 10:45 AM ET | Comments (23)
Scammers Randomly Target Checking Accounts
An alarming report published this week on the official Internet news service of the U.S. Air Force highlights the need for consumers to keep a close eye on their bank account statements for signs of fraud. The piece tells the...
By Brian Krebs | May 3, 2007; 02:00 PM ET | Comments (12)
Apple Patches QuickTime Security Hole
Apple today issued a software update to plug a security hole in its QuickTime media player software. The flaw is present in both Mac OS X and Windows versions of the player. Mac users can get the fix through Apple's...
By Brian Krebs | May 1, 2007; 05:22 PM ET | Comments (9)
Virus Writers Taint Google Ad Links
Virus writers have been gaming Google's "sponsored links" -- the paid ads shown alongside search engine results. They are aiming to get their malicious software installed on computers whose users click onto ad links after searching for legitimate sites such...
By Brian Krebs | April 25, 2007; 11:35 AM ET | Comments (42)
Apple Issues Patches for 25 Security Holes
Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web...
By Brian Krebs | April 19, 2007; 05:41 PM ET | Comments (40)
Smile, You're on Criminal Camera
Security Fix recently highlighted a pair of surveillance devices that criminals had attached to an automated teller machine in Tyson's Corner, Va., to steal financial data from unsuspecting bank machine customers. A few readers responded by asking why they should...
By Brian Krebs | April 18, 2007; 04:44 PM ET | Comments (8)
Data Breach Aided University Phishing Scam
A highly targeted phishing attack last year that scammed dozens of Indiana University students out of their personal and financial data appears to have been aided in part by a previously undisclosed hacker break-in at one of the school's main...
By Brian Krebs | April 16, 2007; 04:30 PM ET | Comments (9)
Practicing Street Smarts at the ATM
Each time I pull money out of a bank's automated teller machine -- even if it's an ATM that is very familiar to me -- I always use caution to ensure that no one or thing is surreptitiously trying to...
By Brian Krebs | April 16, 2007; 10:30 AM ET | Comments (20)
Tax Time Means Fraud Time
The arrival of tax season brings the inevitable scam e-mails and Web sites claiming to be affiliated with the Internal Revenue Service, the Treasury Department, or an online tax refund or preparation service. Here's the latest scam: Members of Phishtank,...
By Brian Krebs | April 13, 2007; 04:39 PM ET | Comments (1)
Microsoft Warns of Attacks on Web Service Flaw
Attackers are actively exploiting a newly reported flaw in Microsoft's software that is allowing them to break into vulnerable systems, the software giant warned Thursday. The vulnerability applies to Windows 2000 Server and Windows Server 2003 running the DNS Server...
By Brian Krebs | April 13, 2007; 01:30 PM ET | Comments (10)
Critical Vista Flaw Leads Patch Tuesday Lineup
Update, April 11, 12:06 p.m.: An earlier version of this post incorrectly stated that Microsoft had re-issued a patch that it originally released on Tuesday, Apr. 3. The text below has been changed. Original post: Microsoft Corp. today issued a...
By Brian Krebs | April 10, 2007; 04:57 PM ET | Comments (14)
I'd Like a Double Espresso and Your Password, Please
One of the perennial questions I get from readers is whether it is safe to log into personal e-mail accounts at the local coffeehouse or even via a neighbor's wireless network. My answer remains the same: If you do not...
By Brian Krebs | April 9, 2007; 01:30 PM ET | Comments (18)
Yoo-Hoo! Do You Yahoo?
Yahoo! is urging users of its Yahoo! Messenger instant messaging software to update the program with a patch plugging a serious security hole that bad guys could use to break into PCs. Anyone who downloaded the program prior to Mar....
By Brian Krebs | April 4, 2007; 04:15 PM ET | Comments (12)
Microsoft Issues Emergency Patch
Microsoft Corp. today issued an emergency software update to plug a critical security hole in its Windows operating system. The free update is available either from the Microsoft Update site or via the company's automatic updates feature. Alternatively, Windows users...
By Brian Krebs | April 3, 2007; 03:58 PM ET | Comments (24)
Microsoft Rushes Out a Security Update
Microsoft Corp. yesterday said it plans to issue a software update on Tuesday to fix a dangerous security flaw in its Windows operating system -- a flaw that cyber criminals are actively targeting to gain access to computers across the...
By Brian Krebs | April 2, 2007; 01:20 PM ET | Comments (51)
Attackers Exploit Unpatched Explorer Flaw
Microsoft is warning Windows users that hackers are exploiting a newly discovered flaw. It enables criminals to hijack Windows PCs if users merely visit a hostile Web site with an Internet Explorer browser or open a specially crafted e-mail message....
By Brian Krebs | March 29, 2007; 03:10 PM ET | Comments (22)
Enabling the Spammers
Spammers are having a field day with a string of recently discovered security vulnerabilities in MailEnable, an e-mail server program offered by many large, dedicated Web hosting companies. Over the past few months, MailEnable has released updates at least a...
By Brian Krebs | March 27, 2007; 04:52 PM ET | Comments (3)
A Fresh Look at Password Thieves
Security Fix recently published information about thousands of U.S. residents whose passwords and other data had been stolen by nefarious hackers. Last week, I received more data about the number of victims caused by the hackers' Trojan horse computer program...
By Brian Krebs | March 23, 2007; 03:19 PM ET | Comments (4)
Stolen Identities Sold Cheap on the Black Market
Recovering from identity theft can take years and cost thousands of dollars. But how much is your identity worth to the thieves who sell it to other fraudsters? Turns out, less than the price of two tickets to the movies....
By Brian Krebs | March 19, 2007; 12:01 AM ET | Comments (21)
Tracking the Password Thieves
The Washington Post today ran a story I wrote about an epidemic of data theft being fueled by password-stealing viruses and phishing attacks. In some ways, the story behind the reporting that went into the piece is just as interesting,...
By Brian Krebs | March 14, 2007; 12:01 AM ET | Comments (63)
Apple Releases a Bushel of Software Patches
Today turned out to be "Patch Tuesday" after all, only the security updates were released by Apple instead of Microsoft. Apple issued security updates to plug at least 46 separate security holes in its operating system and other software. The...
By Brian Krebs | March 13, 2007; 06:42 PM ET | Comments (6)
QuickTime Security Update Taxes Some Mac Users
Some computer users running Apple Mac OS X are having a bit of a taxing time with the TurboTax software after installing a recent security update for Apple's QuickTime media player. The QuickTime update, released last week, effectively prevents a...
By Brian Krebs | March 12, 2007; 12:21 PM ET | Comments (14)
Vishing: Dialing for Dollars, Part II
Security Fix received a copy of a new scam e-mail targeting Bank of America customers that is likely to con quite a few folks before it is shut down. Sure, Bank of America is hit by this sort of thing...
By Brian Krebs | March 8, 2007; 12:26 PM ET | Comments (7)
Apple Patches QuickTime Holes
Apple on Monday issued security patches to plug multiple security holes in its QuickTime media player software. The new version of the player -- QuickTime 7.1.5 -- fixes at least eight separate and serious vulnerabilities. Updates are available for Mac...
By Brian Krebs | March 6, 2007; 10:37 AM ET | Comments (22)
Fool Me Once, Shame On You But Fool Me Twice...
In aiming to settle a class action suit, a group of companies is throwing a proverbial pie in the face of affected consumers. A Security Fix reader forwarded an e-mail about a benefit he allegedly was eligible to collect as...
By Brian Krebs | February 26, 2007; 03:35 PM ET | Comments (35)
Mozilla Plugs Firefox Security Holes
Mozilla on Friday published software updates to fix a baker's dozen security and compatibility problems with its Firefox Web browser. The new version includes fixes for serious security flaws along with updates designed to make Firefox play nicer with Vista,...
By Brian Krebs | February 26, 2007; 10:31 AM ET | Comments (4)
Microsoft Warns of More Office Exploits
Just days after Microsoft issued patches to plug some 20 security holes in its software, the software giant is warning users that bad guys are exploiting two more vulnerabilities in its Office product suite. On Valentine's Day, Microsoft said it...
By Brian Krebs | February 16, 2007; 03:52 PM ET | Comments (3)
Apple Works To Stave Off Big Mac Attack
Apple Inc. on Thursday issued patches to plug five separate security holes in software included on its Mac OS X computers. Mac users can download the free updates through the Mac's built-in software update feature or directly from Apple downloads....
By Brian Krebs | February 16, 2007; 10:40 AM ET | Comments (28)
The Dangers of Default Passwords
Stroll through any neighborhood with an open laptop in hand and you will probably notice your machine automatically connecting to various wireless Internet routers that local residents have set up. If you are given a connection that allows you to...
By Brian Krebs | February 15, 2007; 06:14 PM ET | Comments (62)
Valentine Or Virus?
It could be a Happy Virus Day for you as virus writers love to take advantage of the blizzard of e-greeting cards swirling around the Internet. Finnish anti-virus firm F-Secure warns that the poisoned love letters already are circulating. The...
By Brian Krebs | February 14, 2007; 01:01 PM ET | Comments (5)
Microsoft Releases Patches to Fix 20 Security Holes
Microsoft Corp. today issued a dozen software updates to plug at least 20 security holes in its Windows operating system and other software, including fixes for a number of vulnerabilities in Office that hackers are currently exploiting to hijack vulnerable...
By Brian Krebs | February 13, 2007; 02:22 PM ET | Comments (3)
Perils in Parallels?
Earlier this week Security Fix managed to install a new copy of Microsoft's Windows Vista Ultimate on top of Apple's Mac OS X operating system running on a Macbook Pro. I did this using Parallels, a powerful "virtual machine" program...
By Brian Krebs | February 10, 2007; 03:30 PM ET | Comments (35)
Cell Phones: The New Phish Food
Last year, we started to see cases of voice phishing or "vishing" attacks. That's when bad guys send e-mails urging people to call an automated 1-800 number that prompts callers to enter their credit card data. Now scammers are targeting...
By Brian Krebs | February 9, 2007; 12:26 PM ET | Comments (2)
Internet Attacked! (Did Anyone Notice?)
Tuesday marked the fourth anniversary of "Safer Internet Day," a 40-country effort to raise awareness about computer and Internet security. But the day probably didn't feel too safe for the dozens of unheralded technologists responsible for defending the World Wide...
By Brian Krebs | February 8, 2007; 12:05 AM ET | Comments (54)
Super Bowl Site Trojan Aims to Nab Passwords
This story was updated at 3:02 p.m. Please read the entire post. -- The official Web site of Dolphin Stadium -- the location of this weekend's Super Bowl XLI game -- has been infected with a Trojan horse program. The...
By Brian Krebs | February 2, 2007; 01:26 PM ET | Comments (30)
Birth of the Verbal Hack?
Microsoft Corp. said Wednesday that a voice-recognition feature built into Vista -- the new version of Windows that went on sale this week -- could be exploited remotely to delete files on a victim's machine if he or she visited...
By Brian Krebs | February 1, 2007; 10:50 AM ET | Comments (18)
In Praise of Phish Fighters
It isn't often that the public is afforded a peek into federal law enforcement efforts to combat "phishing" scams, fraudulent e-mail lures for Web sites created to assume the look of trusted online brands and steal personal information. But February...
By Brian Krebs | January 31, 2007; 05:45 PM ET | Comments (5)
Apple Patches Mac Wireless Security Hole
Apple Inc. on Thursday released a security update to patch a hole in the wireless Internet software built into many of its computers running Mac OS X. The update applies to Core Duo versions of the Mac mini, MacBook and...
By Brian Krebs | January 26, 2007; 01:26 PM ET | Comments (12)
Another Unpatched Microsoft Word Flaw
Symantec Corp. is reporting that it has spotted active exploitation of yet another undocumented security hole in Microsoft Word. If Symantec's report is correct -- this would mean we now have at least three known unpatched Word vulnerabilities that are...
By Brian Krebs | January 26, 2007; 09:11 AM ET | Comments (4)
Substitute Teacher Faces Jail Time Over Spyware
A 40-year-old former substitute teacher from Connecticut is facing prison time following her conviction for endangering students by exposing them to pornographic material displayed on a classroom computer. Local prosecutors charged that the teacher was caught red-handed surfing for porn...
By Brian Krebs | January 25, 2007; 11:24 AM ET | Comments (200)
Time to Reboot the Internet Again
Cisco Systems Inc., the company whose hardware routers are responsible for handling the majority of the world's Internet traffic, today issued patches to fix at least three very serious security holes in its products. This is generally not something that...
By Brian Krebs | January 24, 2007; 01:52 PM ET | Comments (6)
Great Strides in Phishing
Earlier this month, Security Fix called attention to a phishing scam where bad guys were making use of the real Amazon.com Web site to trick people into entering personal information at a fake Amazon site they created. Now, according to...
By Brian Krebs | January 17, 2007; 01:15 PM ET | Comments (18)
Do Away With HTML Based E-mail
Last week, Microsoft issued a patch to fix an extremely dangerous flaw in Windows that cyber crooks could use to break into your computer just by getting you to open an e-mail. Let that sink in a moment: Merely by...
By Brian Krebs | January 17, 2007; 08:39 AM ET | Comments (57)
Note to MySpace Users: Get Better Passwords
An active scam Web site designed to look like the login page for social-networking site MySpace.com appears to have stolen user names and passwords from nearly 60,000 people, according to data in a file that was linked to today from...
By Brian Krebs | January 15, 2007; 12:45 PM ET | Comments (13)
The Spammer-as-Hit Man Scam
The FBI is warning people not to be alarmed if they receive the latest e-mail scam going around, which purports to have been sent by a hit man who was hired to rub out the recipient. The message claims that...
By Brian Krebs | January 12, 2007; 02:17 PM ET | Comments (1)
More Adobe Reader Vulnerabilities
Last week, Security Fix warned readers about a newly discovered design flaw in Adobe Reader that could be used to trick users into giving away personal and financial data. This week, Adobe warned warned that versions 7.0.8 and 7.0.3 of...
By Brian Krebs | January 11, 2007; 12:50 PM ET | Comments (4)
A Warning to Windows Users on Acer Laptops
Update, Jan. 16, 12:57 p.m: Acer has released an update that automates the deactivation of the culprit file, as described in this blog. The patch can be downloaded from this link here. Also, U.S. CERT has issued an advisory about...
By Brian Krebs | January 10, 2007; 12:52 PM ET | Comments (16)
Microsoft Plugs Ten Security Holes
Microsoft Corp. today issued free software updates to plug at least 10 security holes in its Windows operating system and other software. Windows users can download the patches directly from Microsoft Update or by using the Windows Automatic Updates feature....
By Brian Krebs | January 9, 2007; 01:58 PM ET | Comments (9)
Scary Blogspam Automation Tools
As the de facto administrator of the Security Fix blog, I've spent many an hour deleting spammy links left in the comments section -- comments that usually lead back to the same kinds of Web sites you most commonly see...
By Brian Krebs | January 8, 2007; 03:55 PM ET | Comments (35)
Microsoft's Achilles' Heel: Office
The cyber attack last month against a U.S.-based public utility came wrapped in a Microsoft PowerPoint document featuring holiday illustrations and heartwarming reflections. This PowerPoint file, which resembled an innocuous version that was being forwarded around the Web by many...
By Brian Krebs | January 5, 2007; 06:00 AM ET | Comments (15)
Take Me to Your (Adobe) Reader
It seems like almost every week now we learn about a security threat that is linked to ill-conceived "features" built into widely used software applications. Most recently, it was a design flaw in the Apple QuickTime player that powered the...
By Brian Krebs | January 4, 2007; 08:35 PM ET | Comments (26)
Internet Explorer Unsafe for 284 Days in 2006
Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. Since Windows is the most-used operating system in the world, it...
By Brian Krebs | January 4, 2007; 06:45 AM ET | Comments (108)
Not Your Average Phishing Scam
One of the first phishing scams to catch Security Fix's eye in the new year -- a counterfeit Amazon.com login page -- may set the tone for the sophistication of online schemes involving fake bank and e-commerce sites in 2007....
By Brian Krebs | January 3, 2007; 07:40 AM ET | Comments (28)
QuickTime Flaw Kicks Off Month of Apple Bugs
A previously undocumented flaw in Apple's QuickTime media player could be exploited remotely by attackers to install malicious software on computers running either the Windows or Mac OS X operating systems, according to the inaugural posting by the Month of...
By Brian Krebs | January 1, 2007; 05:01 PM ET | Comments (27)
Grim 2007 Cyber Forecast (and a Nod to Late Pres. Ford)
The Washington Post's Business section today ran a story I wrote last week about the rise in spam and organized cyber crime -- a rise driven principally by a huge uptick in the number of security holes identified in widely...
By Brian Krebs | December 27, 2006; 12:27 PM ET | Comments (2)
New Firefox Version Fixes 8 Security Holes
Mozilla on Tuesday released updates to fix at least eight security vulnerabilities in its Firefox Web browser and related software. Five of the eight flaws received a "critical" label, meaning that an attacker could exploit them to break into machines...
By Brian Krebs | December 20, 2006; 09:10 AM ET | Comments (21)
Coming in January: "Month of Apple Bugs"
A pair of security researchers has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple's OS X operating system or in Apple applications that...
By Brian Krebs | December 19, 2006; 09:50 AM ET | Comments (257)
Ransom-Mail: All Your E-Mails Are Belong to Us
Internet security company Websense has an interesting writeup about a unique form of cyber extortion that we can probably expect to see more of in the future, wherein attackers hold their victims' Web mail messages and contact lists for ransom....
By Brian Krebs | December 14, 2006; 07:38 PM ET | Comments (11)
Microsoft's Monthly Patch Release Plugs 11 Security Holes
Microsoft Corp. today released software updates to fix at least 11 security holes in various versions of its Windows operating system and other products. Windows users can download the free updates manually from Microsoft Update or via Automatic Updates. This...
By Brian Krebs | December 12, 2006; 01:57 PM ET | Comments (10)
Phishing Scams Soared in October
The number of phishing Web sites set up to impersonate banks and steal people's financial and personal data skyrocketed in October to 37,444, the highest on record, according to stats released this week. The Anti-Phishing Working Group reports that 52...
By Brian Krebs | December 12, 2006; 10:50 AM ET | Comments (5)
Time to Update Your Adobe Reader
Adobe Systems is urging users who run the company's Adobe Reader software on Microsoft Windows computers to update to a new version of the popular PDF document viewer, after the company was alerted to several flaws that criminals could exploit...
By Brian Krebs | December 8, 2006; 12:30 PM ET | Comments (20)
Microsoft: Attacks Targeting Unpatched Word Flaw
Microsoft warned on Tuesday that has received reports of online criminals attacking a previously undocumented (and unpatched) security hole in various versions of its Microsoft Word application. In an advisory, Microsoft said the problem is present in Microsoft Word 2000,...
By Brian Krebs | December 6, 2006; 01:30 PM ET | Comments (6)
How Not to Distribute Security Patches
Over the weekend MySpace was hit by a password-stealing computer worm that took advantage of a weakness in Apple's QuickTime media player to spread rapidly among the online community's users. On Tuesday, MySpace administrators sent around a memo urging millions...
By Brian Krebs | December 6, 2006; 09:07 AM ET | Comments (16)
MySpace Video Worm Pimps Adult Content
A password-stealing computer worm broke out in the Myspace social-networking universe over the weekend, with the perpetrators using hijacked accounts to blast out junk messages seeking to gin up traffic to several porn sites, including some sponsored by an adware...
By Brian Krebs | December 4, 2006; 12:12 PM ET | Comments (17)
Federal Reserve E-Banking System Outages
A system widely used by U.S. banks to process large volumes of payroll, credit and debit card transactions experienced intermittent outages on Monday and Tuesday, possibly due to some sort of malfunction or communications failure in portions of the Federal...
By Brian Krebs | November 28, 2006; 11:25 PM ET | Comments (9)
Exploit Released for Unpatched Mac OS X Bug
The "Month of Kernel Bugs" strikes again. At the beginning of the month, a security researcher known only as LMH started the project to highlight unpatched flaws that are so severe that attackers could use them to completely subvert the...
By Brian Krebs | November 21, 2006; 09:30 AM ET | Comments (33)
Microsoft Patches 9 Security Holes
Microsoft Corp. today issued patches to mend at least nine separate vulnerabilities in its Windows operating systems and other software, including three security holes that criminal hackers already are exploiting. As always, users can download and install the patches via...
By Brian Krebs | November 14, 2006; 03:00 PM ET | Comments (7)
Exploit Targets Widely Deployed Wireless Flaw
A security researcher has released a set of instructions for exploiting a security flaw in the wireless Internet devices built into millions of new laptops from HP, Dell, Gateway and other computer makers. An attacker could use the flaw to...
By Brian Krebs | November 11, 2006; 06:08 PM ET | Comments (11)