Microsoft is planning to release an anti-phishing filter for Internet Explorer 6.0 (IE6) (the version we are using in WinXP). This new feature will further enhance the web browser and make it a more secure one. Microsoft Phishing Filter is suppose to be integrated to the forthcoming IE7, which will be due next year, but now it will be released ahead of originally planned schedule.

Quoted:
The Microsoft Phishing Filter will not only help provide consumers with a dynamic system of warning and protection against potential phishing attacks, but — more important — it will also benefit legitimate ISPs and Web commerce site developers that want to try to ensure that their brands are not being “spoofed” to propagate scams and that their legitimate outreach to customers is not confusing or misinterpreted by filtering software.

Continue Reading »
Microsoft Phishing Filter

Security flaw found in numerous famous applications from big companies, such as Google, MSN, etc. Applications that affected are namely Google Maps, Gmail, AOL’s AIM Mail, Flikr and MSN Virtual Earth and so on.

This security flaw was actually found in a toolkit for developing those affected applications. The toolkit is called CPAINT, which is used to create applications using AJAX, which stands for Asynchronous JavaScript and XML. It is is an approach to putting more dynamic interactivity into Web applications using a combination of HTML, CSS, Document Object Model, JavaScript, and XMLHttpRequest.

Quoted:
The CPAINT flaw could allow an attacker to execute malicious code on a server running CPAINT, or running an application built using CPAINT

The AJAX approach has been adopted by a number of Web developers, the best known of them being Google, whose Google Maps, Google Suggest, Gmail and other applications use AJAX, although Google has since stated that Gmail is not affected. Other high-profile AJAX-based services include Microsoft’s MSN Virtual Earth, Yahoo’s Flickr and AOL’s AIM Mail. Many lesser-known services have also adopted AJAX, such as Swiss mapping service map.search.ch and invoicing program Blinksale.

Continue Reading »
Security Flaw In Google, MSN, Flickr And So On

This is a security alert to users of Windows 2000 and some early versions of Microsoft XP (I suppose Windows XP without SP1 & SP2 installed). A new worm has been found on Tuesday, August 16, 2005, infected computer systems using Microsoft operating systems (OS). The worm shut down computers in the United States, Germany and Asia, even big companies like CNN, ABC and The New York Times were affected.

Quoted:
Lysa Myers, a virus researcher for the computer security firm McAfee, Inc., said the worm exploits a vulnerability in Microsoft’s plug-and-play service. “How it’s spreading is it’s looking for machines that are unpatched and running itself,” she said.

Symptoms of infection of this nasty worm include the repeated shutdown and rebooting of a computer, similar to the well known Blaster’s.
Continue Reading »
New Worm Shuts Down PC

Thanks to FeiCiPet for reminding me the first virus for Windows Vista is not actually the first.

Why do I say so? It’s actually the new command shell, codenamed Monad, which got exploited by the virus writer will not be part of the next Windows Vista release, Microsoft announced it last Friday, Aug 5, 2005.

Quoted:
“Monad will not be included in the final version of Windows Vista. So these potential viruses do not affect Windows Vista.” Said Stephen Toulouse, a program manager in Microsoft’s security group.

Continue Reading »
Not Really The First Virus For Windows Vista

An Austrian hacker, who named “Second Part To Hell“, become the first virus writer by writing what are thought to be the first known viruses for Microsoft’s Windows Vista operating system (OS), according to Mikko Hypponen, chief research officer at F-Secure.

Quoted:
The viruses take advantage of a new command shell, codenamed Monad, that was included in the Windows Vista beta code. They were published on a virus-writing tutorial written for an underground hacker group calling itself the Ready Ranger Liberation Front, and take advantage of security vulnerabilities in the new command shell.

This command shell would be similar to what Linux OS is using, allows users to use powerful text-based commands, it is much like Windows’ predecessor, DOS too. The command shell is so powerful and allows users to make as huge and complex scripts as users do in Linux’s BASH (Bourne Again Shell).
Continue Reading »
First Virus For Windows Vista

As Firefox supporters, we always argue that Firefox is a better and more secure browser over Internet Explorer. More secure in the sense of less security flaws, I suppose. Somehow this argument is not right based on statistical data provided by a security advisory service, Secunia, at least for this year, 2005.

Quoted:
The report in the UK-based IT trade publication states: “There have now been more flaws in the Firefox browser this year than in Microsoft’s Internet Explorer.”

Secunia advisories affecting Mozilla Firefox 1.x on a month-by-month basis.

Continue Reading »
More Attack On Firefox Than IE This Year