DNS poisoning requires elite hacking skills, which is why most analysts believe it falls short of a large-scale threat. But before you get too complacent, take notice of the poor man's pharm, a less sophisticated and far less costly way to hijack Web page requests and forward unsuspecting users to counterfeit sites.

Instead of harvesting requests from a DNS server, the "retail" version of pharming is a desktop affair in which a user unwittingly downloads spyware, a Trojan horse or a virus. This malware simply intercepts Web site requests and shunts the user to a bogus Web site. The rest is the now too familiar game of capturing your personal information and then redirecting you to the authentic site. Some say such low-rent pharming accounts for the vast majority of incidents. "The bad guys are always trying to stay low enough in the food chain to escape notice but high enough to make money,"

Another technique, somewhere between DNS poisoning and desktop hijacking, involves search engines. This scam takes advantage of the fact that users forget URLs -- for a bank Web site, for example. The user conducts a search on Google, gets a page of results, and clicks the first one that looks right. But in fact it's a bogus site.

"If you can tag your site so it shows at the top of a search query result page, you can be in the pharming business," said Jim Stickley, chief technology officer and co-founder of TraceSecurity. "This is what legitimate businesses do all the time -- namely, optimize their sites for various search engines."

Apple on Wednesday posted Security Update 2005-006. The new update is ready for download from Apple’s Web site. Separate downloads are available for Mac OS X v10.3.9 and Mac OS X v10.4.1. Apple said the download is recommended for all affected Mac users.

The security update for Mac OS X v10.4.1 contains those Bluetooth and PHP improvements, as well as a buffer overflow correction and other improvements to AFP Server, correct handling of cleanup of poorly-formatted PDF documents by CoreGraphics and a security improvement to prevent unprivileged users from launching commands into root sessions; more secure folder permissions to protect the cache folder and Dashboard system widgets; removal of a vulnerability in the launchd command; a correction to LaunchServices’ query code; a change to MCX client involving Portable Home Directories; modification of NFS exporting code; and correction of a buffer overflow problem in “vpnd.” More details are available from Apple’s Web site.

New versions of the Mozilla Foundation's browsers have reintroduced a 7-year-old flaw that makes them vulnerable to spoofing attacks, security advisory company Secunia said yesterday.

Secunia first publicized the flaw last summer, warning that a feature built into most browsers for years was a security liability. The firm argued that a feature allowing one Web page to load arbitrary content into a frame of another page could allow an attacker to, for example, substitute his own log-in window on a bank's Web site. The feature was found in Internet Explorer, Mozilla, Opera, Safari and Mozilla derivatives such as Konqueror.

"We believe that it is important that Microsoft and the other vendors seriously consider the minor gains from such 'functionality' against the possible consequences for their customers," said Secunia Chief Technology Officer Thomas Kristensen last summer at the time of the flaw. "In our opinion, this is a vulnerability and should be treated as such, whether the vendors implemented this intentionally or not."

The Mozilla Project said it is investigating the report, and a moderator of the organization's online support site said the flaw had not been exploited. "To protect yourself, close all other windows/tabs before accessing a site where you routinely put in a secure password (your bank or PayPal account), or your bank or credit card details (e.g., Amazon), or other sensitive data," the moderator said.

W32.Mytob.DL@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.     Type: Worm Infection Length: 52,862 bytes.       Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Mytob.DJ@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.       Type: Worm Infection Length: 42,253 bytes       Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Spybot.PKC is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities. Note: Definitions dated prior to June 6, 2005 detect this threat as W32.Spybot.Worm.     Type: Worm Infection Length: 121,504 bytes.       Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Apple Computer announced Monday it was switching to Intel-based processors, one of the first to express support was Roz Ho, general manager of Microsoft's Macintosh Business Unit.

The Mac BU has already started work on developing products to back up that attitude of support, according to a Microsoft spokesperson. Some of the primary projects are the next versions of Office for Mac and Virtual PC for Mac.

Microsoft's Mac team is also busy putting finishing touches on updates to current versions, the company spokesperson said. These include Entourage improvements for Exchange users, new Tiger functionality, and a fresh version of Messenger for Mac due to be released in a few months.

In order to create software that can accommodate the platform shift, the Mac BU has been collaborating with Apple engineers on Xcode to create universal binaries of future versions of Office, so that it will run natively on Apple's future hardware.

Xcode, now in version 2.0, was created as a way for developers to craft Mac OS X applications and take advantage of Apple technology as it got released. Xcode 2.0 puts the operating system together with Unix as well as with a number of development technologies.

Historically, the Mac BU hasn't been known to use Xcode, but the platform shift will give the unit more exposure to and experience with the development tool suite.

We seriously think MS knows exactly what will happen here and is trying to rally all the support they can. Who will be the winner here at the end of the day? This time hands down it is the consumer!

The battle between MS and Mac has clearly heated and this is one we personally enjoy.  These are the two operating systems which have been de-geeked enough for the average user to understand.

We personally set Linux aside here as it takes a completely different thought process. Linux geeks it does not make you smarter! You are just more willing to sit and read rims of nasty looking, poorly formatted Doc's.

In the operating system race thus far, Apple's incremental approach to system releases has paid off compared to Microsoft's strategy of giant leaps at long intervals.

Since Windows XP shipped in 2001, Apple has shipped five major versions of Mac OS X. Apple's Unix-based operating system started out far behind Windows XP, but is now out in front in terms of features, functionality and user interface.

Though MS is working hard at security it is clear that Apple has clearly gained users here with the clear edge. However it all turns out which we personally have no favorite. Though I am have been a PC person for years. We doubt any of this will change MS. Their corporate campus will grow and things will likely not change with LongHorn really anymore than they did with the release of Windows 2003.

If Apple makes a OS version that will run on generic PC hardware they will not be able to print the disks fast enough. The reason is simple everyone likes something different. Though both have their own view of the world. People will then have things they like about both, though at the end of the day I honestly think MAC has the edge and it is doubtful that MS even knows why.

"eWeek's View."

A new version of the Netscape Web browser is being criticized by spyware experts for failing to notify Web surfers when they're visiting Web sites that distribute the noxious monitoring programs.

Netscape 8's Trust Rating System, which warns users about insecure Web sites, gives a "green light" to Web sites that download spyware onto users' machines, according to Ben Edelman, a student at Harvard University Law School and an expert on spyware software.

In a conversation Wednesday, AOL spokesman Andrew Weinstein acknowledged that some spyware sites received an "unknown" rating from the browser. The spokesman subsequently confirmed evidence viewed by eWEEK magazine suggesting that other spyware sites received a "trusted" rating. The company is working to correct the problem with the new browser.

The critiques are the latest bump in the road for Netscape 8, which was released this month. It was patched almost immediately to cover a host of known holes in its code, which is based on the popular Firefox browser, and to fix a conflict with Microsoft's Internet Explorer browser.

UPDATED: In an advisory posted by enterprise IM vendor IMlogic Wednesday, officials warned of a new worm (define) spread by old means: getting users to click on a URL (define) that purports to come from a friend on their buddy list.

The latest threat to AOL's instant messaging (IM) platform, AIM, again targets users' penchants to blindly click on links supplied by friends. The Gpic.aol worm comes with a message saying, "damn this looks just like me lol" and a link to what is displayed as pictures.google.com.

In reality, the displayed URL obscures the real Web site at newpeople.no-ip.info, which then downloads onto the user's system, collects the names in the buddy list and sends the same message to all of them.

Gpic.aol is considered a medium-level risk threat; it doesn't actually deliver a payload that allows the malware (define) writer to gain remote access to the computer or corrupt or erase data on the hard drive.

A four-member panel of cybercrime fighters dissected the ominous "phishing without a lure" pharming attacks in an "eCrime Calling" workshop at the InBox e-mail security conference here, co-sponsored by the Anti-Phishing Working Group.

Oliver Friedrichs, security manager at Symantec Corp.'s security response center, said the increase in pharming attacks has produced a steep rise in cybercrime statistics.The company's DeepSight global Internet sensor network recorded a 360% increase in phishing or pharming e-mails during the last half of 2004. DeepSight's 2 million honeypots and 4,000 devices recorded 9 million phishing e-mails for the last half of 2004, dwarfing the 2 million identified in last year's first six months. In a phishing scam, e-mail messages that look like they come from a legitimate Web site, such as a bank, are sent to users to lure them into entering sensitive information.

DeepSight analysis shows that 54% of all malware is designed to harvest confidential information from users, up from 44% in the second half of 2004 and 36% in the first half, Friedrichs said. Once infected, the top targets of the botnets are financial services companies followed by manufacturers. "Full Story"

The Internet Corporation for Assigned Names and Numbers (ICANN) will begin technical and commercial negotiations with ICM Registry to launch .xxx, officials announced Wednesday.

ICM Registry claims the Internet community as a whole would be better off with a specified area for the adult industry, making it easier for parents and organizations to filter porn while giving members of the adult entertainment industry a venue for their wares.

The overall effect of a .xxx top-level domain (define) is up for debate.

While the domain extension will give the adult industry a "safe zone" to conduct its business relatively, it's a voluntary effort. Adult sites are not required to pack up their .com or .net Web site and sign up to the .xxx domain extension.

More than 10 percent of all online traffic and 25 percent of Internet searches are oriented towards adult content, officials from the registry company stated on their Web site, with more than 100,000 adult webmasters worldwide and 1 million adult domains.

Microsoft Corp. plans to announce as early as next week that it is ready to ship a Windows 2000 Update Rollup, the final security patch for the 5-year-old operating system.

The Update Rollup, which replaces Windows 2000 SP5 (Service Pack 5), is a cumulative set of hot fixes, security patches and critical updates packaged together for easy deployment.

An announcement could coincide with the company's TechEd conference, scheduled for Orlando, Fla., next week.

The Update Rollup will contain all security-related updates produced for Windows 2000 between the time SP4 was released and the date the update ships. It will also feature a small number of important, non-security updates.

The Update Rollup comes just one month before mainstream support for Windows 2000 client and server releases expires on June 30. Microsoft divides its support lifecycle into two phases: mainstream and extended. Once a product enters the extended support period, Microsoft charges for support.

SAN FRANCISCO (Reuters)— Network computer maker Sun Microsystems Inc. said on Thursday it agreed to buy Storage Technology Corp. for $4.1 billion in cash, bolstering its presence in the fast-growing market for data storage.

Santa Clara, California-based Sun will pay $37 per share for Louisville, Colorado-based Storage Technology, also known as StorageTek, and the price includes the assumption of StorageTek employee stock options. The $37 price is an 18.5 percent premium to StorageTek's closing price on Wednesday.

The move by Sun is the company's largest acquisition in recent memory as the one-time Wall Street darling seeks to reinvent itself after falling on hard times since the implosion of the dot-com boom in 2000. The deal could also help shore up Sun's computer server business, where it has lost market share to rivals such as International Business Machines Corp. on the high end and Dell Inc. on the low end.

Sun Acquires StorageTek

02 June 2005 | 5:00am PT
» Audiocast 5:15am PT
» Press Release
» Presentation Slides(.pdf)
» Presentations Slides (StarOffice)

I find it amazing the way in which people think that making a software selection means you have to chose sides. Conspiracy theories about Microsoft's 'dirty tactics.' Here is the ZDNet article you decide. The real humor lies in the posts.

MS used a registry key value, Netscape 8 changed this when it was installed and MS created this problem. This is so sad it is amusing but honestly. It is clear ZDNets technical audience has all but disappeared over time based on these posts.

Got to love the people pointing out how insecure Windows is yet the facts to date do not back up this statement, if we are comparing it to Linux. Nor does the cost difference of keeping a Linux machine patched verses Windows. Though I am sure that Bill Gates hired someone to generate these facts. 

I personally saw this error after installing Netscape and corrected the problem. I may install netscape again after they get it right. But please if MS made this level of mistake they would be in court again. I have to give MAC people Kudo's for not even getting involved in these things.

Acting on detailed information provided by the motion picture industry, federal agents descended on administrators and users of a popular pirate-friendly file-sharing site Wednesday in what the government is calling the first criminal law enforcement action against BitTorrent users.

FBI and Immigration and Customs Enforcement, or ICE, agents executed 10 search warrants in nine states in a strike on Elitetorrents.org, a free, members-only BitTorrent aggregator hosted in the Netherlands. On Wednesday, visitors to the site were redirected to a new government-hosted page with a stern warning about the penalties for internet piracy: "Individuals involved in the operation and use of the Elite Torrents network are under investigation for criminal copyright infringement."

Every hard disk is too small if you just wait long enough. TreeSize tells you where precious space has gone to. TreeSize can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. Scanning is done in a thread, so you can already see results while TreeSize is working. The space, which is wasted by the file system can be displayed and the results can be printed in a report. TreeSize is Mailware for Windows 9x/NT/2000/XP.

See all their offerings.

ServiceManager is a tool designed to allow System Administrators, Power Users and Developers an easy means to view, modify or remove services and their information on Windows NT 4, Windows 2000 and Windows XP platforms.

Download
ServiceManagerv1.00.zip (.zip, 552KB, Updated: 6/3/02)

Read the DriverManager documentation.
ServiceManager_doc.pdf (.pdf, 84KB, Updated: 6/3/02)

Meta Tag Expert

Version: v2.0

Price: Free

Platform: Win9x/2000/ME/XP

Size: 761 KB

Screenshots: 1 | 2 download

Meta Tag Expert is a Meta tag generator for your web pages. Meta tags include relevant information about the content of your pages. Meta Tag Expert makes the generation of these tags simple and easy.

Meta Tag Expert v2.0:

* Now supports 36 meta tags!
* Support for Dublin Core tags
* New HTML to JS Converter tool
* Help button linking to new HTML help
* Right-click on program for QuickMenu
* Statusbar added with Modified and Saved state
* More startup tips
* Beginner Wizard
* Import of text-based files
* Register free online
* Updated document on web promotion (v2.0)

 

This NETSKY worm spreads by sending out copies of itself as email attachment using its built-in SMTP engine. It gathers target recipients from certain files found on the affected machine, virtually turning the affected system into a propagation launch pad.

The email it sends out has a spoofed sender's name, varying subjects, message bodies and attachments, and generally mimics email delivery notifications. For complete details about the email that this worm sends out, please click here.

Malware type: Worm

Aliases: W32.Netsky.P@mm, W32/Mydoom.BK@mm, W32/Netsky, W32/Netsky-P, Win32/Netsky.P!Worm, Win32/Netsky.P@mm

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

The Troj/Sober-Q Trojan horse is being used to send out German nationalistic spam from PCs previously infected by the Sober-N worm.

It appears that the Sober-N worm which spread very widely, accounting for nearly 80% of reports in early May, was used to infect as many PCs as possible by posing as tickets for the 2006 World Cup in Germany. The many compromised PCs are now being used to send out masses of spam.

Spam sent by the Trojan horse from infected PCs uses various subject lines including: 'Dresden Bombing Is To Be Regretted Enormously', 'Armenian Genocide Plagues Ankara 90 Years On', 'Dresden 1945' and 'Turkish Tabloid Enrages Germany with Nazi Comparisons'.

Comcast should be watching as they win hands down at Dirty Mail. Yahoo close on their heels. See the stats here. "Sender Base" This information is easy for both these ISP's to see and ignoring this with their head in the sand will not make the problem go away. Though a number of their customers may be be spammers. The fact is the larger number are nothing more than Zombie boxes or people who fail to clean their machines.

What is really hard to understand if this site gives out the ip's of those most offending. Why is it that their service is simply not dropped as a course of action? Though many of yahoo's are tagged as bulk it seems this does not mean they are clean. People are making money off it while this is short term. This is a period where finger pointing might actually help. I applaud both MS efforts to help in a recent article posted all over the web. But lets get serious If senderbase.org can point to the right targets all that needs to be done is stop them.

Though the numbers are falling really it is important to stay vigilent and make e-mail something people look forward to once again. It is the way it was once though it is hard to remember that time. Here are the stats from the IronPort Site.

I am not really sure how useful this information is to the desktop user. Knowing how high the numbers are might give you some comfort feeling you are not alone. Trust us that is a easy one you aren't. One must not forget these people have something to sell you, likely that warm fuzzy feeling that they will protect you. Though the graph is interesting.

CipherTrust's ZombieMeter^SM tracks worldwide zombie activity in real-time. With more than 1,500 enterprise customers, CipherTrust has a very broad, unique view of the Internet and potential threats as they happen across the globe. By monitoring global messaging activity and identifying behavioral patterns, CipherTrust can continue to provide predictive protection against threats before they emerge.

Trojan.Gpcoder is a Trojan horse which searches for files with various extensions and encodes them. The original files are then deleted and the newly encoded ones become unreadable.

Note: Definitions prior to May 28, 2005 may detect this threat as Trojan.Pgpcoder.

Also Known As:	Virus.Win32.Gpcode.b [Kaspersky Lab], PGPcoder [McAfee], TROJ_PGPCODER.A [Trend Micro], Trojan.Pgpcoder
Type:	Trojan Horse
Infection Length:	56,832 bytes
Systems Affected:	Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Spammers use home computers to send bulk emails by the millions. They take advantage of security weaknesses to install hidden software that turns consumer computers into mail or proxy servers. They route bulk email through these "spam zombies," obscuring its true origin.

As part of a worldwide effort to prevent these abuses, the FTC announces "Operation Spam Zombies." In partnership with 20 members of the London Action Plan and 16 additional government agencies from around the world, the Commission is sending letters to more than 3000 Internet service providers (ISPs) internationally, encouraging them to take the following zombie-prevention measures:

• block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.
• apply rate-limiting controls for email relays.
• identify computers that are sending atypical amounts of email, and take steps to determine if the computer is acting as a spam zombie. When necessary, quarantine the affected computer until the source of the problem is removed.
• give your customers plain-language advice on how to prevent their computers from being infected by worms, trojans, or other malware that turn PCs into spam zombies, and provide the appropriate tools and assistance.
• provide, or point your customers to, easy-to-use tools to remove zombie code if their computers have been infected, and provide the appropriate assistance.

In a later phase, the Operation plans to notify Internet providers worldwide that apparent spam zombies were identified on their systems, and urge them to implement measures to prevent that problem. "FTC Location"

The Trojan downloader (download-aag AKA Pgpcoder) exploits a well-known Internet Explorer vulnerability (MS04-023) to download hostile code onto vulnerable Windows boxes. It then searches for files with various extensions and encodes them. The original documents are deleted and the newly encoded files become unreadable. The malware also drops a message onto the system with instructions on how to buy the tool needed to decode the files, demanding payment of $200 from victims if they ever want to see their documents again.

America Online on Thursday confirmed that a bug in its new Netscape 8 Web browser was breaking certain XML configurations in Microsoft's IE.

The issue first surfaced on Microsoft Corp.'s Internet Explorer Weblog, where chief IE developer Dave Massy recommended that users completely uninstall Netscape as a possible workaround.

According to Microsoft's Massy, Netscape 8 corrupts the XML rendering capabilities of Internet Explorer, meaning that an IE user navigating to an XML file, such as an RSS feed, is greeted with a blank page.

On message boards and newsgroups, users flocked to complain. "This is a pretty major bug and should be fixed ASAP," read one post on the Netscape Browser Review forum.

A Netscape administrator on the forum apologized to users and stressed that the registry key was not intentionally changed. "The development team is hard at work on a patch." The latest hiccup follows the embarrassing release of Netscape 8 with several publicly known security vulnerabilities.

FIX for the problem which there is no excuse, and Netscape looks really bad this time. Of course you can always blame MS.

1. Uninstall Netscape 8
2. START->RUN
   1. Type: regedit
   2. Hit ENTER
   3. Navigate to the following:
   4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
   5. Highlight and right-click the node titled "xml" and select delete.
   6. Restart Internet Explorer

Unfortunately if Netscape 8 remains installed then the registry key is continually rewritten so this is an essential step if you are to be able to view XML content in IE.

Security experts are warning Internet users about a new piece of software that poses as a spyware-removal tool but is actually being used to persuade unsuspecting Internet users to download spyware programs and Trojans.

The program, SpywareNo, is installed on Internet users' computers without warning, can be difficult to remove and may be accompanied by malicious programs that hijack victims' Web browsers, according to interviews with spyware experts.

The company behind the new tool claims that it is the victim of unscrupulous online advertisers who bundle the product with noxious wares. Yet you will see nothing indicating that they have been a victim or disclaimer clearly defined on their site.

But at least one spyware expert says the new application is just the latest example of so-called "rogue anti-spyware" programs that exploit user naiveté and frustration with spyware.

SpywareNo is advertised as a desktop security software suite, with integrated firewall, application security and intrusion detection features, according to spywareno.com, the program's official Web site. Personally it certainly does not look that way.

This is a warning like with "SpywareAssassin" If I were SpywareNo and this actually happened as claimed I would be pushing out corrective measures on the front page of the company site.  The FTC busted "SpywareAssassin" full article. As I am sure this is but a trend to dupe people. It took some time for FTC to act on spywareassassin, perhaps it is likely this is time frame these people will operate. The sad part is this only makes unknown software companies suspect. At the end of the day the only people to benefit long term are the large software vendors. Making it very hard for startups like LavaSoft and SpyBot which are offer great free apps which do work.

The CIA is conducting a secretive war game, dubbed "Silent Horizon," this week to practice defending against an electronic assault on the same scale as the Sept. 11 terrorism attacks.

The three-day exercise, ending Thursday, was meant to test the ability of government and industry to respond to escalating Internet disruptions over many months, according to participants. They spoke on condition of anonymity because the CIA asked them not to disclose details of the sensitive exercise taking place in Charlottesville, Va., about two hours southwest of Washington.

The simulated attacks were carried out five years in the future by a fictional alliance of anti-American organizations, including anti-globalization hackers. The most serious damage was expected to be inflicted in the war game's closing hours.

The national security simulation was significant because its premise -- a devastating cyberattack that affects government and parts of the economy with the same magnitude as the Sept. 11, 2001, suicide hijackings -- contravenes assurances by U.S. counterterrorism experts that such far-reaching effects from a cyberattack are highly unlikely. Previous government simulations have modeled damage from cyberattacks more narrowly.

"You hear less and less about the digital Pearl Harbor," said Dennis McGrath, who helped run three similar war games for the Institute for Security Technology Studies at Dartmouth College. "What people call cyberterrorism, it's just not at the top of the list."

http://www.ists.dartmouth.edu/

TimesUnion

SQLyog is an easy to use, compact and very fast graphical tool to manage your MySQL database anywhere in the world. SQLyog is FREE for personal and commercial use.

SQLyog contains ALL features of SQLyog Enterprise except the following Power Tools:

• HTTP / SSH Tunneling
• Data Synchronization
• Schema Synchronization
• Notification Services
• ODBC Import
• Scheduled Backups
  

You can install and use SQLyog on unlimited number of computers without any restrictions. SQLyog is well behaved - it does NOT contain any ADWARE or SPYWARE.

Click here to view the feature comparison between SQLyog and SQLyog Enterprise.

SQLyog was developed keep in mind the necessities of all who use MySQL as their preferred RDBMS. Whether you enjoy the control of handwritten SQL or prefer to work in a visual environment, SQLyog makes it easy for you get started and provides you with tools to enhance your MySQL experience.