« Web Hosting Company XO to Launch Flex VoIP Solution | Main | MSN Outage Caused by Data Center Issue »

February 04, 2005

Internet Security Weekly Review

Recently Linux vendors Red Hat, Novell and Mandrakesoft released patches for several vulnerabilities. The patches range from flaws to buffer overflows. Secunia rated five of the updates "highly critical". SuSE issued updates to resolve flaws including a vulnerability that could allow malicious code to cause a local denial-of-service attack. Red Hat issued recently a package of updates for its desktop and enterprise software.

The Spanish security company Panda Software warned last week that several companies are apparently using Microsoft Media Player's digital rights management (DRM) tool to fool people into downloading spyware and viruses.

Microsoft responded that the security risk does not arise from a flaw in its tool. It was found that some sites can use Windows Media Player to pop up a Web page with information about a video or song, and here the page was apparently loaded with automatic spyware. Microsoft representatives said that the automatic downloads would be blocked on any computer running the Service Pack 2 release of Windows.

Microsoft has been working for the last three years to improve the security of its software, as more and more attackers targets weaknesses in Windows and other Microsoft software.

Another issue last week warned the security experts. A subsequent investigation found that the unidentified person had accessed the names and Social Security numbers of 400 T-Mobile customers. Online hackers also reached the personal information of more than 30,000 students, faculty and staff at George Mason University.

In other news, McAfee has released an update to its tool that uses Google to automatically search for security holes in Web sites. SiteDigger 2.0 is functioning as it looks for information about a Web site's security by sending specific queries to Google's Web database. The newly released free service will help site owners about what information is out there regarding their sites, according to Chris Prosise, vice president of worldwide professional services for security technology company McAfee.

Symantec acquired storage vendor Veritas, and the new company would offer CIOs data storage, security protection and information recovery technology. Symantec will pay $30.78 a share in the deal, which represents a premium of 9.5 percent over Veritas' closing price Wednesday of $28.11 on the Nasdaq.

Netcraft analyzed last week that once a bank has been alerted to the fact that it is the subject of a phishing attack, it should immediately close the target phishing site as quickly as possible. The monitoring site warned that some unscrupulous hosting companies actually promote fraud hosting as a service.

This page displays the last 10 Virus Alerts, which have been issued by Secunia Virus Information.

Last week was announced that eCompany signs allianced with Symantec to improve Internet Security in the UAE. The two entities have come together in recognition of their joint commitment to the security of the Internet in the Emirates.

Recent IDC figures showed that the UAE is one of the leading countries in the region in terms of IT markets, showing an expected growth of 21% in 2004, with a major growth driver coming from the small and medium business sector.

The top internet threats last year included computer worms which are spreading by tools. The other threat was from the scammers sending so-called 'phishing' emails. The attackers were aimed to trick bank account holders into revealing passwords.

06:03 AM in Security | Permalink