Microsoft to patch 17 year old computer bug
The February update for Windows will close the loophole that dates from the time of the DOS operating system. First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.
The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs.
Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.
The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.
Full Story
Facebook Privacy, Security Fears Grow with Social Network Risks
According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest social networking site. The statistics, which were included in Sophos' "Security Threat Report: 2010", revealed that while 33 percent block Facebook for productivity reasons, businesses are also concerned with the prospect of spam, malware and data leakage on social networks.
“Furthermore, over 72 percent of firms believe that employees’ behavior on social networking sites could endanger their business’s security,” according to the report. When it comes to Facebook in particular, 45 percent of respondents said they do not control access to the site.
Users of social networks can also face a more indirect risk – attackers using the sites to conduct surveillance on potential victims and ultimately compromise them. “Undoubtedly a large part of the incentive of social networking attacks is to compromise the victim's machine and infect it with malware that turns it into part of a bot,” As such, compromised accounts can have real value on the black market. According to Dmitry Bestuzhev, senior regional researcher for Latin Americaat Kaspersky Lab, said recently a Twitter account was seen being offered for $1,000 on a hacker forum. In the hands of cyber-criminals, the accounts can be used to spam out malicious links that lead to malware infections, he said.
Full Story
Microsoft Working on a Zune Phone?
Technologist Long Zheng's watchful eye caught a clue that points to the likely existence of an upcoming Zune phone. A Zune software update includes a USB device driver package that references hardware IDs for an as of yet unknown Microsoft Zune product.
Microsoft's Windows Mobile business model has been reliant on third parties, but that model hasn't given the platform much wind in its sails as evidenced by the OS's sinking market share.
Last year, it was reported that Microsoft was giving devices makers reference designs to use to build their own next generation Windows Mobile devices. It is also working on Zune-branded services, code-named "Pink," "Skybox," and "SkyMart," to standardize the user experience across devices. The company realizes that people are accessing information and services from a growing number of devices.
Full Story
China Rebukes U.S. Calls to Investigate Hacking
China delivered a bristling response to the United States’ demand that it investigate recent attacks on American computers from Chinese soil, saying that any suggestion that it conducted or condoned hackers’ intrusions was “groundless and aims to denigrate China.”
A brace of interviews and news articles placed in major state newspapers and on many prominent Web sites underscored the chill in public exchanges between the two governments since Jan. 12, when Google threatened to leave China unless Beijing stopped censoring its search results.
Google issued the ultimatum after discovering efforts by still-unidentified Chinese hackers to steal valuable corporate software codes and break into the Google mailboxes of Chinese human-rights activists. Dozens of other American computers were also targets of the attack, Google has said.
The Chinese government’s comments come atop months of increasingly stringent limits on what ordinary Chinese citizens can access on the Internet, and increasingly strict programs to monitor those who try to view unapproved content.
The sharpest language, however, came from the Communist Party-backed Global Times, which frequently criticizes American policy. The newspaper quoted a Chinese analyst as calling Google’s complaint “a U.S. government-initiated strategy with covert political intentions.”
Full Story
Weak Passwords Pervasive, Despite Security Risks
Five years ago, Microsoft Chairman Bill Gates predicted the end of passwords because they failed to keep information secure. The real problem turns out to be people, who just can't pick passwords that offer enough protection.
This point has been hammered home in a study of some 32 million passwords that were posted on the Internet after a hacker obtained them from social entertainment site RockYou last year.
In a report released by Imperva, a security firm, analyzed the strength of the passwords people used and found that the frequent choice of short, simple passwords almost guarantees the success of brute force password attacks. A brute force attack involves automated password guessing, using a dictionary or set of common passwords.
The report reveals that 50% of users rely on slang words, dictionary words, or common arrangements of numbers and letters, like "qwerty," for their passwords.
Jon Brody, VP at TriCipher, another security vendor, confirms that this isn't a new problem. He puts part of the blame on technology innovators for not recognizing that password policies are doomed to fail if they go against human nature.
Full Story
