It is now safe to update :)...
Microsoft Releases Critical Internet Explorer Patch
By Thomas Claburn
InformationWeek
January 21, 2010
Microsoft on Thursday released an out-of-band patch, MS10-002, to address eight vulnerabilities in Internet Explorer, a move prompted by the revelation last week that a series of cyber attacks from China on Google and some 33 other companies relied on a flaw in Microsoft's browser.
The eight vulnerabilities are rated "critical" in most cases and have an Exploitability Index rating of 1, meaning that exploit code is likely.
In fact, proof-of-concept exploit code has already been reported and malicious exploit code is circulating online.
Microsoft is urging customers to install this update as soon as possible. The vulnerabilities affect Internet Explorer versions 5-8 and Windows 2000, XP, Vista, 7, Server 2003, and Server 2008. The company maintains that it has only seen limited and targeted attacks against Internet Explorer 6. But other security companies see broader risk affecting users of Internet Explorer 7 and 8.
Symantec on Wednesday said that it had detected a new exploit that attempts to leverage one of Internet Explorer's current vulnerabilities.
Friday, 22 January 2010
DarkMarket Ringleader Pleads Guilty in London
By Kim Zetter
Threat Level
Wired.com
January 21, 2010
A former ringleader of a top internet carding site run secretly by the FBI has pleaded guilty in the United Kingdom.
Renukanth Subramaniam, aka JiLsi, was a former Pizza Hut delivery guy who helped run one of the leading English-language criminal sites, DarkMarket. The site operated as an international cyber-bazaar for more than 2,000 hackers, carders and identity thieves until it was closed in 2008.
Members of the site traded in stolen bank card and identification data.
They bought and sold specialized equipment for skimming card and PIN numbers, and for cloning data to blank cards. The activities on DarkMarket are estimated to have resulted in fraud amounting to tens of millions of dollars.
Subramaniam, a Sri Lankan–born British citizen who was arrested in 2007, pleaded guilty last week to charges of conspiracy to defraud and five counts of distributing false information. The conspiracy charge alone carries a possible 10-year prison term. Judge John Hillen warned that Subramaniam “inevitably” faces a “substantial custodial sentence.”
Threat Level
Wired.com
January 21, 2010
A former ringleader of a top internet carding site run secretly by the FBI has pleaded guilty in the United Kingdom.
Renukanth Subramaniam, aka JiLsi, was a former Pizza Hut delivery guy who helped run one of the leading English-language criminal sites, DarkMarket. The site operated as an international cyber-bazaar for more than 2,000 hackers, carders and identity thieves until it was closed in 2008.
Members of the site traded in stolen bank card and identification data.
They bought and sold specialized equipment for skimming card and PIN numbers, and for cloning data to blank cards. The activities on DarkMarket are estimated to have resulted in fraud amounting to tens of millions of dollars.
Subramaniam, a Sri Lankan–born British citizen who was arrested in 2007, pleaded guilty last week to charges of conspiracy to defraud and five counts of distributing false information. The conspiracy charge alone carries a possible 10-year prison term. Judge John Hillen warned that Subramaniam “inevitably” faces a “substantial custodial sentence.”
Users still make hacking easy with weak passwords
By Jaikumar Vijayan
Computerworld
January 21, 2010
In a report likely to make IT administrators tear out their hair, most users still rely on easy passwords, some as simple as "123456," to access their accounts.
A report released today by database security vendor Imperva Inc. serves as another reminder of why IT administrators need to enforce strong password policies on enterprise applications and systems.
Imperva's report is based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.
An analysis of that list provides the latest confirmation that a majority of users still don't care about the strength of their passwords if they are left to choose them on their own.
[...]
Computerworld
January 21, 2010
In a report likely to make IT administrators tear out their hair, most users still rely on easy passwords, some as simple as "123456," to access their accounts.
A report released today by database security vendor Imperva Inc. serves as another reminder of why IT administrators need to enforce strong password policies on enterprise applications and systems.
Imperva's report is based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.
An analysis of that list provides the latest confirmation that a majority of users still don't care about the strength of their passwords if they are left to choose them on their own.
[...]
Router glitch cripples California DMV network
By Elinor Mills
InSecurity Complex
CNET News
January 21, 2010
The California Department of Motor Vehicles department suffered a network outage on Thursday due to an equipment glitch, a state official said.
A router switch malfunctioned, said Bill Maile, spokesman for Office of Technology Services for the state of California.
"It's very rare," he said. "Our staff quickly diagnosed the problem and re-routed network traffic to restore connectivity."
The network was down for about two hours and was restored at about 1:40 p.m. PST, according to Maile.
InSecurity Complex
CNET News
January 21, 2010
The California Department of Motor Vehicles department suffered a network outage on Thursday due to an equipment glitch, a state official said.
A router switch malfunctioned, said Bill Maile, spokesman for Office of Technology Services for the state of California.
"It's very rare," he said. "Our staff quickly diagnosed the problem and re-routed network traffic to restore connectivity."
The network was down for about two hours and was restored at about 1:40 p.m. PST, according to Maile.
Subscribe to:
Posts (Atom)