|
|
News Feeds |
|
Security Fix
|
|
-
Hackers Hijacked Large E-Bill Payment Site
Hackers on Tuesday hijacked the Web site CheckFree.com, one of the largest online bill payment companies, redirecting an unknown number of visitors to a Web address that tried to install malicious software on visitors' computers, the company said today. The attack, first reported by The Register, a security news Web site, began in the early morning hours of Dec. 2, when Checkfree's home page and the customer login page were redirected to a server in the Ukraine. CheckFree spokeswoman Melanie Tolley said users who visited the sites during the attack would have been redirected to a blank page that tried to install malware. Tolley added that CheckFree regained control over its site by 5 a.m. on Dec. 2. The company said it was still having the malware analyzed by experts. "The degree of exposure to users is dependent on how current their anti-virus software is and what browser they used
-
Court Rules Against Teacher in MySpace 'Drunken Pirate' Case
A student teacher who was denied a teaching degree just days before graduating has lost a court battle against her would-be alma mater. One of the contributing reasons for her dismissal was because of a photo she posted onto MySpace.com Just days before her graduation in May 2006, Millersville University in Pennsylvania, accused student Stacy Snyder of promoting underage drinking, after they discovered a photo on her MySpace page titled "Drunken Pirate," in which Snyder can be seen wearing a pirate hat and drinking from a plastic cup. (A photo can be seen on The Smoking Gun.) At the time, Snyder was 25 and working as a student-teacher at Conestoga Valley High School. Snyder maintained that the photo was taken at a costume party off campus and after school hours. But when the university refused to issue her a teaching degree, Snyder sued siting violation of her First Amendment rights.
-
Would You Like an Update With Your Java?
Sun Microsystems has released a security update to its Java software. Since cyber criminals have a history of targeting Java vulnerabilities, and because at least 800 million computer users have some version of Java installed, it's probably time for most readers to update this program. Sun's release notes are somewhat light on details, saying Sun Java 6.0 Update 11 contains fixes for one or more security vulnerabilities. Not sure whether you have Java or the latest version installed? Check out this link. Windows users can grab the latest version by opening the Windows Control Panel, clicking the Java icon, and then visiting the "Update" tab and clicking "Update Now." After you begin the update process, note that unless you want the Yaboo! toolbar also installed, you'll need to uncheck that option before proceeding with the rest of the install. Other OS users can find the update by following this link.
-
Apple: Mac Users Should Get Antivirus Software
In a notable shift, Apple is now recommending that Mac users install anti-virus software to help users secure their systems. In a technical note quietly published to its support site on Nov. 21, Apple issued the following advice: "Apple encourages the widespread use of multiple anti-virus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult." This is news to me. Just under three months ago, I asked an employee at our local Apple store whether I needed anti-virus for my MacBook, and was told not to bother, that it was not necessary. I wonder if this means Apple will stop running television ads saying Mac users don't have to worry about malicious software? Security Fix hears from readers constantly wondering whether they should secure their Macs. I suspect this may be because more people are choosing to purchase
-
Srizbi Botnet Re-Emerges Despite Security Firm's Efforts
In the fallout resulting from knocking McColo Corp. offline, this past week may prove to be a missed opportunity in the prevention of a dramatic reappearance of junk e-mail, as a botnet that once controlled 40 percent of the world's spam apparently has found a new home. The botnet Srizbi was knocked offline Nov. 11 along with Web-hosting firm McColo, which Internet security experts say hosted machines that controlled the flow of 75 percent of the world's spam. One security firm, FireEye, thought it had found a way to prevent the botnet from coming back online by registering domain names it thought Srizbi was likely to target. But when that approach became too costly for the firm, they had to abandon their efforts. "This cost us a lot of money. We engaged all the right people. In the end, it comes back to the fact that there wasn't a process
-
Spam Volumes Expected to Rise with Botnet Resurrection
Spam volumes could rise considerably over the next few days now that one of the world's largest networks of compromised computers used for blasting out junk e-mail was brought back to life tonight. The "Srizbi" botnet, a collection of more than half a million hacked PCs that were responsible for relaying approximately 40 percent of all spam sent worldwide, was knocked offline two weeks ago due to pressure from the computer security community. On Nov. 11, the Internet servers used to control the Srizbi botnet were disconnected when a Web hosting firm identified by security experts as a major host of organizations engaged in spam activity was taken offline by its Internet providers. Turns out, Srizbi's authors had planned ahead for such a situation by building into each bot a fail-safe mechanism in case its master control servers were unavailable: A mathematical algorithm that generates a random but unique Web
-
Two Weeks Out, Spam Volumes Still Way Down
A full two weeks after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline, the volume of spam sent globally each day has yet to bounce back. The block graph over at e-mail security firm IronPort suggests that the company blocked around 35 billion spam messages on Monday. Prior to hosting provider McColo's shutdown, IronPort was flagging somewhere around 160 billion junk e-mails per day. A quick glance at the volume flagged by Spamcop.net shows that they're still detecting well below half of the spam volumes they were just two weeks ago. I'm not suggesting this is a permanent situation: I happen to agree with most experts who have said they expect spam volumes to at some point bounce back or even exceed previous levels. Still, it is nice to see this drop in junk e-mail
-
Pharmacy Extortionists Take on CIA, DoD, FBI, NSA
Extortionists targeting clients of Express Scripts -- one of the nation's largest pharmacy benefits management firms -- may have inadvertently picked a fight for which they were ill-prepared. Security Fix has learned that among the company's biggest customers is the federal government, and specifically almost every federal law enforcement, military and intelligence agency in the country. Last month, St. Louis-based Express Scripts said extortionists are threatening to disclose personal and medical information about millions of Americans if the company fails to meet payment demands. Express Scripts is the third-largest U.S. pharmacy benefit management firm, which processes and pays prescription drug claims. Working with more than 1,600 companies, it handles roughly 500 million prescriptions a year for about 50 million Americans. The company has refused to pay the demand, and since then the extortionists have moved on to targeting clients of its member companies directly. Locally, the Fairfax County Public Schools
-
Felony Spyware/Porn Charges Against Teacher Dropped
A substitute teacher in Connecticut who faced 40 years in prison for allegedly surfing porn Web sites in the presence of seventh graders has been cleared of the charges after state prosecutors dropped the case. The remarkable story of Julie Amero touched a nerve with our readers the last time I wrote about it. Prosecutors had charged Amero with four felony counts of endangering a child, but security experts rose up to her defense. They argued that spyware and adware, which had infected her PC, was responsible for serving the porn sites on her machine. According to a story Friday in the Hartford Courant, Amero agreed to plead guilty to a single charge of disorderly conduct, which is considered a misdemeanor and came with a $100 fine. "Amero, who has been hospitalized and suffers from declining health, also surrendered her teaching license," the Courant's Rick Green writes. Alex Eckelberry, president
-
Spamhaus: Microsoft Now 5th Most Spam Friendly ISP
Microsoft is rising quickly on a running list of the Top 10 Worst Spam Service ISPs as maintained by spamhaus.org, a group that tracks unsolicited commercial e-mail. The software giant debuted on the list earlier this month at number 9 (one being the worst), and has slid over the past few days down to number 5. Spamhaus says spammers and scam artists are abusing Microsoft's live.com and livefilestore.com properties to redirect visitors to sites that peddle fake pharmacy products, porn and Nigerian 419 scams. Spamhaus explains how entities wind up on its Top 10 list: Although all networks claim to be anti-spam, some network executives factor revenue made from hosting known spam gangs into corporate policy decisions to continue to sell services to spam operations. Others simply decide that closing the holes in their end-user broadband systems that allow spammers access would be too costly to their bottom lines. Richard
|
|
|