About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: May 2008

Microsoft: Safari Flaw a Danger to Windows Users

Microsoft warned on Friday that Apple's Safari Web browser for Windows exposes PCs to a security hole that permits potentially malicious files to be downloaded to a user's machine and run without prompting the user. Microsoft's advisory comes two weeks...

By Brian Krebs | May 31, 2008; 4:55 PM ET | Comments (29)

New Trillian IM Software Fixes Three Security Holes

Trillian, a popular all-in-one instant messaging suite that handles AOL IM, Yahoo, MSN and even Internet relay chat (IRC) communications, has issued an update that corrects at least three very serious security flaws in the program. The vulnerabilities, found in...

By Brian Krebs | May 30, 2008; 10:27 AM ET | Comments (1)

Apple Patches 40 Security Holes

Apple on Wednesday released an update to fix at least 40 different security holes in computers powered by its Mac OS X operating system and other software, including a just-in-time update to fix a dangerous vulnerability in the Adobe Flash...

By Brian Krebs | May 29, 2008; 6:35 AM ET | Comments (12)

Symantec Pledges Less Bloat, More Speed

Every other week, when I host a Security Fix Live chat with our readers, I almost always hear gripes from Symantec users complaining about how various Norton software titles are causing their PCs to operate sluggishly. Well, the folks at...

By Brian Krebs | May 28, 2008; 4:25 PM ET | Comments (91)

Exploit In-the-Wild: Patch Your Flash Player Now

If you have not yet applied the patch that Adobe released last month to plug security holes in its Flash Player, do not procrastinate further: Security experts warn that a growing number of Web sites are using Flash vulnerabilities to...

By Brian Krebs | May 28, 2008; 7:05 AM ET | Comments (27)

Security Fixes in Foxit Update

People who use the free Foxit Reader software as an alternative to Adobe for viewing portable document format (PDF) files should take note: Foxit has shipped a new version that plugs a serious security hole in the program. The newest...

By Brian Krebs | May 27, 2008; 10:00 AM ET | Comments (0)

ING Introduces Tool for Safe E-Banking on Infected PCs

ING Direct, the nation's largest online-only bank, said this week that it was giving away a software tool that would allow customers to bank online safely at ING, even if the user's PC was already infected with data-stealing malicious software....

By Brian Krebs | May 23, 2008; 9:35 AM ET | Comments (0)

New Tax Plan Could Jeopardize Small Business Owners' Privacy

The Bush administration is proposing a new tax collection program that would force credit card companies to report merchants' income to the Internal Revenue Service. The plan has come under fire from privacy groups, who say it will create another...

By Brian Krebs | May 22, 2008; 4:40 PM ET | Comments (0)

Govt' Earns 'C' on Computer Security Report Card

The federal government earned an overall grade of "C" for securing its computer systems and networks from cyber attack last year, a slight improvement from the "C-minus" mark the government was given in 2006. The report cards were issued today...

By Brian Krebs | May 20, 2008; 2:41 PM ET | Comments (4)

Most Spam Sites Tied to a Handful of Registrars

New research suggests that more than three quarters of all Web sites advertised through spam are clustered at just 10 domain name registrars. The data comes from millions of junk messages collected over the past year by Knujon ("no junk"...

By Brian Krebs | May 19, 2008; 11:54 AM ET | Comments (17)

Gov't Secrecy and the Mysterious Cyber Initiative

The secrecy surrounding the Bush administration's updated National Cyber Security Initiative -- designed to improve the government's digital defenses and put forth an offensive information warfare doctrine -- is endangering the deterrent value of the project and appears to be...

By Brian Krebs | May 15, 2008; 3:50 PM ET | Comments (0)

Debian and Ubuntu Users: Fix Your Keys

Online merchants who have used a Debian-based operating system to generate secure sockets layer (SSL) certificates for encrypting customer communications should check to make sure the private key needed to decrypt those transactions isn't already posted on the Web for...

By Brian Krebs | May 15, 2008; 2:44 PM ET | Comments (0)

Three Charged With Hacking Dave & Buster's Chain

Three men have been indicted for hacking into a number of cash registers at Dave & Buster's restaurant locations nationwide to steal data from thousands of credit and debit cards, data that was later sold or used to cause more...

By Brian Krebs | May 14, 2008; 5:15 PM ET | Comments (4)

Microsoft Patches Six Security Holes

Microsoft today issued four updates to fix at least six security flaws in its Windows operating system and Office software. The bundle includes a patch for a critical flaw that hackers already are exploiting to break into vulnerable Windows systems....

By Brian Krebs | May 13, 2008; 3:30 PM ET | Comments (12)

Online Sellers: Beware of Fake Check Scams

If you sell enough stuff online at sites like Craigslist and eBay, eventually you will receive an offer for your wares that far exceeds your asking price. Such offers are often the first stage of a scam in which the...

By Brian Krebs | May 13, 2008; 11:30 AM ET | Comments (9)

Adobe Plugs 8 Security Holes in Reader

This post was updated at 12:20 p.m. to clarify what's new in this Adobe patch. See the update below the original post. Adobe has issued an update to plug at least eight security holes in its PDF Reader software....

By Brian Krebs | May 9, 2008; 11:40 AM ET | Comments (15)

Mozilla Distributes Virus-Infected Language Pack

Anyone who downloaded the Vietnamese language pack for Firefox 2 needs to run an anti-spyware and anti-virus scan, then disable the pack for now. Mozilla warned yesterday that all versions of that language pack downloaded from its servers since Feb....

By Brian Krebs | May 8, 2008; 12:51 PM ET | Comments (0)

Robotraff: A Hacker's Go-To For Clicks

Anyone who doubts that Internet click fraud has become a big money maker should take a look at a Russian Web site called Robotraff.com, which bills itself as "the first stock exchange of Web traffic." Set up a free account...

By Brian Krebs | May 7, 2008; 6:22 PM ET | Comments (4)

Microsoft Releases Windows XP Service Pack 3

Microsoft today finally released Service Pack 3 for Windows XP users. The update should now be offered via both Windows Update or Automatic Updates. The company was expected to release it last week, but pulled the plug at the last...

By Brian Krebs | May 6, 2008; 8:35 PM ET | Comments (0)

Tech Groups Back Kaspersky in Fight Against Zango

A broad coalition of technology groups today told a federal appeals court to toss out a lawsuit that adware maker Zango is continuing to pursue against computer security vendor Kaspersky Lab, arguing that to do otherwise would harm consumers and...

By Brian Krebs | May 5, 2008; 6:30 PM ET | Comments (18)

Stepped Up Cyber Role for Spy Agencies

Read Brian Krebs's latest story on washingtonpost.com: "White House Plans Proactive Cyber-Security Role for Spy Agencies." America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy set...

By washingtonpost.com Editors | May 2, 2008; 12:46 PM ET | Comments (8)

Cyber Justice Chronicles

Security Fix is launching a new feature today called Cyber Justice Chronicles, which will periodically provide short snippets of news about individuals who have been arrested or convicted of computer crime offenses. Law enforcement takes its share of lumps for...

By Brian Krebs | May 1, 2008; 5:15 PM ET | Comments (5)

 

©  The Washington Post Company