Computer Security Alerts Archive

Marilyn McMillan, Associate Provost and CITO

A large percentage of people who use the Internet have downloaded music or movies. And most of the individuals who download these files—through paid services, file-sharing applications, or peer-to-peer networks—by now are aware of how prominent the issue of illegal downloading has become.

The University's stance on this issue is simple: downloading copyrighted material without permission is illegal, and you should not do it. You should also not use your computer to distribute copyrighted material without the permission of the copyright holder. Be aware: some applications for downloading music, movies and other files actually turn your computer into a server, allowing it to be used for distributing copyrighted material. If you are doing illegal downloads or distributions now or have done so, you should stop.

The music industry thus far has principally targeted those whose computers distribute illegally downloaded music, rather those who simply download. The Recording Industry Association of America (RIAA) is using the legal tools provided by the U. S. Digital Millennium Copyright Act (DMCA) of 1998. If the RIAA believes you are involved in illegal downloads or distribution of copyrighted materials and submits a valid subpoena to NYU seeking your identity, the University will comply with the subpoena and furnish your name and contact information to the RIAA's lawyers.

We know that illegal downloading of music is a widespread practice. It has become an international phenomenon, one that is hardly confined to college campuses. Its allure is clear: why would you pay for something—a song to load on your MP3 player or a movie to load on your laptop—when you can get it for free with a little exploration and few keystrokes? And why would you not share something for free with friends?

In answering those questions, the University appeals to what Abraham Lincoln once called "the better angels" of your nature and to your commitment to the culture of scholarship.

As communities of scholars and learners, research universities—such as NYU—have two primary missions: to educate students and to create knowledge. This latter mission involves the production of original scholarship and research. Accordingly it is accompanied by an enormous respect for proper recognition being given to the creator of those ideas and knowledge. In higher education, it is considered a grave act to take another's work without permission or attribution. At NYU, which also has large and renowned programs in the arts, this respect extends to the creation of new art.

Few in this community would uphold shoplifting CDs from a record store. And few would be content to see their own work—a paper, for instance, or a journal article, or a term project in a course—taken by someone else and used without permission.

Yet, in reality, that is what you do when you download copyrighted files illegally. However you may feel about the music or film industry or about their responses to piracy, when you download copyrighted files without permission, you are stealing the work of a director or a producer or an artist. It is not only wrong, it puts you at legal risk.

The Internet has brought unimaginable access to information and extraordinary flexibility and opportunities for exploration and communication. NYU wants you to take advantage of all that. But, just as you abide by certain standards of behavior for scholarship and for University life, so, too, should you abide by high standards when it comes to the intellectual property of others on the Internet.

March 2007

Posted by Kate at 02:28 PM | Permalink

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'help desk'. The message requests that the person reply back to the email with the email address & password in order to avoid the email account from being 'shut off'

NYU members should not reply to the fraudulent phishing emails. Instead, forward the messages as an attachment to our email filtering account phishing@nyu.edu. Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

Please note: It is very important to forward the message as an attachment, otherwise or email filters will not be able to parse through the message correctly.

As a reminder of better security practices, always remember that:

• No NYU member will ever ask for your account password, especially not over email
• Do not reply back to emails from unidentified, untrusted sources.
• Forward all phishing messages as an attachment to phishing@nyu.edu. This helps train our email filters to block such messages in the future
• Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to is.spam@nyu.edu. When in doubt, do not reply and contact security@nyu.edu.
• If a message informs you of an impending 'account closure' unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

A sample of the phishing message can be found below:

Dear E-mail Users,

We are currently carrying-out a maintainance process to your nyu account. To complete this process you must reply to this email and enter your Current User Name here ( Here ) and Password here ( Here ) if you are the rightful owner of this account. Our Message Center will confirm your identity including your Secret Question and Answer immediately.

The new nyu Webmail is a fast and light-weight appliction to quickly and easily access your e-mail. This process will also help us to fight against spam mails. Failure to summit your password, will render your email address in-active from our database.

You can also confirm your email address by logging into your nyu Webmail account at:
https://webmail.nyu.edu/

NOTE: You will be send a password reset messenge in next seven (7) working days after under going this process for security reasons.

Thank you for using nyu Webmail!
https://webmail.nyu.edu/

Posted by cp493 at 05:33 PM | Permalink

A malicious email message purporting to be an "e-card" from Hallmark.com is being sent to NYU community members. The link in the message requests that the recipient click on a link to access the "e-card". The link does not point to the Hallmark.com domain; rather, it will download harmful software to your computer. Commercial antivirus products are not always able to immediately detect and remove this malicious software.

You can read more about the alert on Hallmark's website.

If you happen to receive this phishing message, forward it as an attachment to phishing@nyu.edu and then delete it. Do not respond to it or click on any links in the body of the message.

Also, please remind your colleagues to be aware of these types of phishing scams - their infected machine could negatively impact others.

If you or another NYU member may have clicked on the link, contact ITS Technology Security Services immediately at security@nyu.edu. Alternatively, you may contact ITS Client Services at 212-998-3333.

Posted by Alissa Wilkinson at 02:00 PM | Permalink

There have been various reports from sources at NYU as well as from other colleges about a phishing message that purports to be the 'help desk'. The message requests that the person reply back to the email with the email address & password in order to avoid the email account from being 'shut off'

NYU members should not reply to the fraudulent phishing emails. Instead, forward the messages to our spam filtering system's email address is.spam@nyu.edu. Doing so trains our email filters to prevent such types of spam from arriving into inboxes.

As a reminder of better security practices, always remember that:

• No NYU member will ever ask for your account password, especially not over email
• Do not reply back to emails from unidentified, untrusted sources.
• Forward all spam to is.spam@nyu.edu. This helps train our email filters to block such messages in the future
• Messages that request personal information over plaintext email should be regarded as being suspicious. If it is spam, forward it to is.spam@nyu.edu. When in doubt, do not reply and contact security@nyu.edu.
• If a message informs you of an impending 'account closure' unless you comply with its demands, it is often a sign that the message is a phishing scam. Do not comply with its requests.

A sample of the phishing message can be found below:

Dear Email Account Owner,

This message is from webmail messaging center to all webmail account owners. We are currently upgrading our data base and e-mail account center. We are terminating all unused email accounts to create space for new accounts.

To prevent your account from being terminated, you will have to update it by providing the information requested below:

***********************************************************
CONFIRM YOUR EMAIL IDENTITY NOW
E-mail Username : ...............
E-mail Password : ...............

***********************************************************

Warning!!! Account owners that refuses to update his or her account within
Seven days of receiving this warning will lose his or her account permanently.

Warning Code:11XXTT8765

Thanks,
Webmail Administrator

Posted by cp493 at 04:32 PM | Permalink

We have received several reports from NYU members of a suspicious email purporting to come from the BBB, i.e. the Better Business Bureau, which indicates to click on a link and to provide personal information. The sender may appear to come from seatac@bbb.org, operations@bb.org, or some other address ending with "@bbb.org". The link points to a site that pretends to be a legitimate BBB website, such as:

http:// w w w . n a t i o n a l - b b b . o r g

That message is a scam and should be ignored. Do not click on any link in the message and do not reply to it.

Simply forward the message to the following addresses and then delete it:

• is.spam@nyu.edu (sending spam to this email address will help our email gateways filter it out in the future)
• spam@uce.gov (this is a branch of the FTC that tracks these types of phishing scams)

As always, never open emails from unexpected sources & never click on links inside emails asking you to provide personal information or asking you to download software to your computer. Always be skeptical when you receive messages asking you to provide personal information.

When in doubt, feel free to contact NYU ITS's Technology Security Group for more information. We can be reached at security@nyu.edu

Posted by cp493 at 05:44 PM | Permalink

Recently, a number of people received an email message that referred to the recent lunar eclipse and included a link purporting to show a video of a lunar eclipse. Clicking on the link resulted in delivery of harmful software to the person's computer.

Those who send malicious emails may use current events (such as the lunar eclipse, holidays, or the 2008 President Election) to entice you to visit a website, click on a link, open an attachment, or perform other actions that may download harmful software to your computer. Commercial antivirus products are not always able to immediately detect this malware.

ITS reminds you to never click on a link you receive in an email unless you are sure of where the link leads, and never open an email attachment unless you know the sender and are sure the message comes from him or her. If an email from a known email address is unexpected or seems suspicious, contact the sender to verify the validity of the message.

Posted by Alissa Wilkinson at 05:31 PM | Permalink

A bogus, "phishing" email message purporting to be from the NYU F.C.U. (NYU Credit Union) is being sent to NYU community members. "Phishing" is a malicious use of email by an outside group pretending to represent an official organization (often a bank or credit card company) in an attempt to obtain important personal and financial data.

If you happen to receive this phishing message, forward it to is.spam@nyu.edu and then delete it. Do not respond to it, click on any links in the body of the message or provide any requested financial information. You should also notify your NYU colleagues of this phishing scam.

The following are tell-tale signs that this was a phishing scam:

• New York University Federal Credit Union will never ask members to call any number or visit any website for security reasons. Anyone who receives an e-mail that purports to be from New York University Federal Credit Union and asks for any information or action by the member should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
• The link in the message does not point to the domain the message supposedly came from, or any legitimate domain associated with the NYU Federal Credit Union.

If you or another NYU member may have clicked on the link and provided personal information, contact TSS immediately at security@nyu.edu. Alternatively, you may contact ITS Client Services at 212-998-3333.

If you believe your financial information may have been compromised as a result of this phishing attack, you can also contact the NYU Federal Credit Union at: http://www.nyufcu.com/asp/contact.asp

Text of Bogus NYU F.C.U. Phishing Email Follows here:

Dear NYU F.C.U. Customer,

Due to our last days online problems, many phishing attempts and identity-theft, we need to verify our members accounts information. This security method is intended to help you protect yourself and your accounts from internet fraud.

We are sorry for any inconvenience caused by our online servers, but we require you to update your profile as soon as possible by clicking on the following link:

Click here to activate your account

By completing our online form your are in accordance with our Terms of Agreement and your online access will be continued as normal. Thank you for taking your time!

Please do not reply to this notification email as it will not be reviewed. Copyright NYU F.C.U., 2007

Posted by Jill Hochberg at 02:09 PM | Permalink

If you are using the newer 'nyu' wireless network for accessing NYURoam, you will be -- or, perhaps, very recently were -- presented with a dialog box asking you to validate a new server certificate. Simply accept the new certificate and log on as usual. No further action is necessary, and you will not need to validate the certificate again until 2009.

Windows compatibility issues resolved! Difficulties experienced Wednesday, Jan. 23 by people trying to connect via "nyu" from Windows computers have been resolved. If you were trying to access NYURoam via "nyu" over the past few days and were experiencing difficulties, you can now resume using "nyu". (No difficulties were encountered with connections from Macintosh computers.)

For more about 'nyu' and NYURoam, see http://www.nyu.edu/its/wireless/configure/.

Posted by Jill Hochberg at 12:42 PM | Permalink

ITS Technology Security Services has received widespread reports about a phishing scam targeted at NYU community members using the NYUFCU (Credit Union) domain. The from address on the email was spoofed using that domain which may make it appear legitimate , but it also contains a few classic phishing characteristics such as:

1. New York University Federal Credit Union will never ask members to call any number or visit any website for security reasons. Anyone who receives an e-mail that purports to be from New York University Federal Credit Union and asks for any information or action by the member should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.
2. The link in the message does not point to the domain the message supposedly came from, or any legitimate domain associated with the NYU Federal Credit Union.
3. The message contains many spelling and grammar errors.
4. The message implies urgency: "update your profile as soon as possible" and "your access will be continued as normal". Phishing attacks try to convince victims of the urgency of the "problem" in order to steal as much personal information as possible prior to ISPs bringing down the phishing websites.

DO NOT click on any link in that message. At this time, the best thing to do is to:

1. Forward the spam message to is.spam@nyu.edu
2. Delete the message
3. Inform your coworkers of the phishing scam

In the event you or another NYU member may have clicked on the link and provided personal information, contact TSS immediately at security@nyu.edu.

If you believe your financial information may have been compromised as a result of this phishing attack, you can also contact the NYU Federal Credit Union at:

http://www.nyufcu.com/asp/contact.asp

To find out more information about these types of phishing attacks and how to report them, visit:

Federal Internet Crime Complaint Center

Posted by cp493 at 12:08 PM | Permalink

Important Email Security Announcement: Protect Your Password with SSL

Thank you, if you are among the many NYU community members who now use Secure Sockets Layer (SSL) encryption when accessing their NYU email. Since Spring 2006, when ITS first began strongly recommending SSL, we have reduced non-SSL-protected NYU email access by 80%! Configuring your email program for SSL has helped make your password and the NYU email environment more secure.

On Wednesday, October 24, ITS is taking the next step in securing passwords and email by requiring SSL use when accessing NYU email. If you think you may be one of those who do not yet use SSL, please read on.

Do I Use SSL When Accessing Email?
If you access your email by opening a web browser like Internet Explorer, Firefox or Safari and logging directly into NYUHome (https://home.nyu.edu), you are already using SSL, since ITS has activated it for NYUHome's webmail client. However, if you access your NYU email by means of an email program like Thunderbird, Eudora or Outlook, you are using SSL only if you have activated the program's SSL feature.

Instructions & Help
For easy-to-follow activation instructions for many different email programs for both Macintosh and Windows operating systems, or if you want to confirm that SSL is activated in your email program, visit http://www.nyu.edu/its/email/ssl/ . For additional help, contact ITS Client Services by web (AskITS.nyu.edu) or email (AskITS@nyu.edu), or call us at 212-998-3333.

Posted by Jill Hochberg at 06:24 PM | Permalink

July '07 has been a busy one for software companies: multiple critical updates have been issued for Adobe, Microsoft, Apple operating systems and applications.

Adobe:

Two (2) vulnerabilities in Adobe's popular Flash player may allow a specially crafted website to load malicious arbitrary code and possibly even take control over a victim's computer. These updates apply to both Windows and Mac OS X.

Adobe recommends all users of Adobe Flash Player 9.0.45.0 and earlier versions upgrade to the newest version 9.0.47.0. Click here to download the latest version.

Apple:

Eight (8) vulnerabilities in Apple's popular Quicktime player may attackers to load malicious arbitrary code and possibly even take control over a victim's computer. These updates apply to both Windows and Mac OS X.

Apple recommends all users download the latest version of Quicktime player 7.2, available here

Microsoft:

Eleven (11) vulnerabilities in Windows (i.e. Windows XP SP2, Vista, etc.) and Office suite may allow attackers to load malicious arbitrary code and possibly even take control over a victim's computer. These updates apply to Windows only.

Microsoft recommends all users update their computers via the Automatic Updates feature or by visiting: http://update.microsoft.com

Posted by cp493 at 01:17 PM | Permalink

On June 13th, 2 days after launching the beta version of the Safari web browser for Windows, Apple released several security updates to patch critical vulnerabilities that could be potentially exploited.

The 3 "critical" vulnerabilities could permit remote attackers to launch a "Denial-of-Service" condition or execute arbitrary code. Just as is the case with any software that is in the "beta" development stage, vulnerability issues should be expected until further testing can be completed.

The updated Safari browser, version 3.0.1, is now available for download here:

http://www.apple.com/safari/

Posted by cp493 at 02:35 PM | Permalink

Microsoft released several critical Windows patches on June 12 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Windows, Office and Internet Explorer.

This update affects multiple versions of Windows including Windows 2000, XP Professional SP2, & Vista.

Download the latest updates here:

http://update.microsoft.com

Posted by cp493 at 04:55 PM | Permalink

On 05-25-07, Apple released several critical security updates that address vulnerabilities in applications such as iChat, VPN, PPP and others. These updates should be downloaded and installed as soon as possible.

To update your computer in OS X, simply navigate to the Apple Menu on the top left corner & click on Software Update

You can read more about this critical update here:

http://www.apple.com/support/downloads/
securityupdate20070051039client.html

Posted by cp493 at 10:48 AM | Permalink

Apple has issued an important battery update for all versions of MacBook and MacBook Pro laptops. The update addresses a battery firmware issue and improves battery functionality.

It is highly recommended that you install this update as soon as possible. To get this and other updates immediately, go to the Apple menu & choose "Software Update". The update will require a restart.

More info can be found here:

Apple MacBook & MacBook Pro Battery Update

Posted by cp493 at 05:41 PM | Permalink

On Wednesday, March 28, Microsoft announced a new vulnerability that targets the "animated cursor" function in Internet Explorer 6 and 7.

Animated cursors are used on different websites for legitimate reasons. However, this latest vulnerability uses the animated cursor function to install and execute a trojan file on the victim computer. Infected computers may be controlled by a remote attacker, who may install a keylogging tool or other malicious files

The attack does not require any user interaction. Computers can be compromised simply by visiting a website that contains the malicious code. The infection happens in the background and the user may not be aware that the computer is compromised.

This vulnerability affects the following operating systems:

• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 2
• Microsoft Windows Server 2003
• Microsoft Windows Vista
• (See link below for more Operating Systems)

Vista's IE 7 in protected mode shields the computer against drive-by installations.

There are no patches for the vulnerability at this time. Microsoft suggests that customers avoid visiting unknown websites or open email from unknown, untrusted addresses. It is also suggested that users open emails in plain text format since it will reduce the risk of malicious code executing.

Read more about this alert on Microsoft's Security Bulletin website:

Microsoft Security Advisory (935423)

Continue reading "Windows Animated Cursor Attack" »

Posted by cp493 at 12:11 PM | Permalink

Mozilla, the company which owns and distributes Firefox, has released a patch that addresses a javascript vulnerability in Firefox 2.0 & 1.5. This update addresses that security issue and is availble for both the Mac and Windows versions of FireFox.

Following recent updates, Mozilla discovered that disabling the javascript feature in the web browser could be circumvented by specially crafted image file tags.

Click here to download the latest patch for your version of Firefox.

Posted by cp493 at 04:33 PM | Permalink

On Monday March 5th, Apple released 8 security patches for both the Windows and Mac versions of Quicktime. Quicktime is an Apple media player application that is bundled with iTunes.

Without the patches, Mac's and Windows PC's are vulnerable to a cyberattack. A malicious file can be created that when opened with Quicktime, could give the attacker full control over a computer.

If you have Quicktime installed, click here and download the latest updates for your operating system.

Posted by cp493 at 04:16 PM | Permalink

In an effort to ensure the privacy of your passwords and personal information, ITS encourages you and everyone at NYU to comply with current email security standards. An important step for you to take is to use SSL (Secure Sockets Layer) encryption, a security feature that is already built into most email programs, and requires just a few clicks on your part to activate.

If you have not already done so, please assist us in our efforts to protect your private information and the University's network by activating SSL in *every* email program you use. If you check your email through NYUHome, SSL has already been activated for you, but if you use other email programs (such as Eudora or Outlook Express), ITS cannot activate SSL for you in those programs.

TO ACTIVATE SSL:

1. Go to http://www.nyu.edu/its/email/ssl/
2. Follow the instructions for email programs you use to check your NYU email. Do this for each computer or device you use (e.g., your office computer, home computer, laptop, and handheld devices).
3. If you have a question or need assistance, contact the ITS Client Services Center at 212-998-3333 or its.clientservices@nyu.edu, or your department's system administrator.

Posted by Kate at 10:24 AM | Permalink

Microsoft released several critical Windows patches on Feb. 12 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Microsoft Office, Word, PowerPoint, Visual Studio, and Windows 2000 workstations.

This update affects multiple versions of Windows including, but not limited to, Windows XP Professional SP2. The patches for MS Office and its family of applications affect both the Windows and Mac versions. It is very important that you update as soon as possible.

Download the latest updates here: (Windows)

http://update.microsoft.com

Download the latest updates here: (MS Office for Mac OS X)

MacTopia Downloads

Posted by cp493 at 05:59 AM | Permalink

There is a a flaw in the pop-up blocker of Firefox that could allow an attacker to access local files. However, this vulnerability only affects Firefox 1.5.0.9. This vulnerability does not affect Firefox 2.0 which is the latest version of the browser.

When the pop-up blocker feature is disabled, Firefox gives unnecessary access to local files. If a malicious file containing exploit code is already on the computer, then it can be remotely launched.

This is not easy, since the file would have to be planted on the system by tricking a user to click on a link that would download the file. The malicious file could then enable access to other files, which could be transferred to a remote computer belonging to an attacker.

Mozilla, the distributor of Firefox, is currently working on a solution. In the meantime, make sure your pop-up blocker is enabled whenever possible. Alternatively, you can upgrade to the latest version of Firefox, version 2.0 here:

Download Firefox 2.0

Posted by cp493 at 03:32 PM | Permalink

A new trojan horse virus known as Trojan.Peacomm and Storm Trojan is rapidly spreading. Symantec Security Response has seen a large increase in the number of infections of this Trojan as well as new versions that have additional capabilities. The Trojan horse arrives as an attachment to an email claiming to contain a video of one of several different recent news stories. To protect your computer, delete any suspicious messages without opening the attachment, and be sure to keep your virus definitions up to date.

Continue reading "Storm Trojan Alert" »

Posted by Kate at 12:46 PM | Permalink

Microsoft released several critical Windows patches on Nov. 14 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Adobe Flash Player 6+, Remote Code Execution, and ActiveX scripting.

This update affects multiple versions of Windows including, but not limited to, Windows XP Professional SP2. It is very important that you update your Windows operating system as soon as possible.

Download the latest updates here:

http://update.microsoft.com

Posted by cp493 at 02:54 PM | Permalink

Microsoft has released 10 updates for October's "Patch Tuesday" monthly cycle. These updates are the largest amount of grouped updates for the year so-far. The updates will fix 26 known vulnerabilities being actively exploited on the Internet.

Due to a software glitch, MS is not able to push out the updates to their users automatically at this time (10/10/06 @ 5PM EDT). It is suggested that you visit their website below to manually download & install the latest updates:

http://update.microsoft.com

Posted by cp493 at 04:59 PM | Permalink

In an effort to reassure their customers, Dell has recalled an additional 100,000 laptop batteries, on top of the 4.2 million already being recalled. The affected batteries may explode without warning, posing a risk of fire and/or injury. Lenovo and Toshiba have also begun to recall their defective notebook batteries. Please visit the respective manufacturer's website for information on their laptop battery recall programs:

• Dell - https://www.dellbatteryprogram.com/
• Lenovo - Thinkpad Battery Recall
• Toshiba - Satellite, Tecra Battery Recall

Posted by Kate at 04:09 PM | Permalink

Microsoft, in an effort to mitigate further exploits from the latest vulnerability, has released a Microsoft Windows patch ahead of the scheduled October 10th "Patch Tuesday" update.

Download this critical update by going to Microsoft's Windows Update page here:

Microsoft Windows Update

Posted by cp493 at 04:26 PM | Permalink

Reported 09/15/06 in the Security Alerts page, Microsoft's latest vulnerability is quickly gaining momentum with many malicious sites and hackers crafting code and HTML to exploit vulnerable computers. Currently, even the most patched versions of Windows XP are completely vulnerable to this attack and there is no projected patch until sometime in October.

This new attack targets Internet Explorer and the HTML component in Outlook and can result in a computer being compromised by an attacker. So in theory, visiting a malicious website or opening an email with the malicious HTML code can leave the computer fully compromised.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.

Posted by cp493 at 05:12 PM | Permalink

Apple released an update today for their Airport wireless cards that addresses multiple vulnerabilities. Those vulnerabilities put all wireless-capable OS X computers at risk of being compromised by an attacker, including the new Intel-based Macs.

Without the update, an Apple computer connected to a malicious "WiFi spot" could potentially be compromised to the degree that an attacker can gain control of the computer and execute arbitrary code.

To get the latest update, simply go on the Apple menu and select "Software Update". Download any updates available.

You can read up on the vulnerability here:

Apple releases Airport update

Posted by cp493 at 12:19 PM | Permalink

Apple released an update today for their Airport wireless cards that addresses multiple vulnerabilities. Those vulnerabilities put all wireless-capable OS X computers at risk of being compromised by an attacker, including the new Intel-based Macs. Without the update, an Apple computer connected to a malicious "WiFi spot" could potentially be compromised to the degree that an attacker can gain control of the computer and execute arbitrary code.

To get the latest update, simply go on the Apple menu and select "Software Update". Download any available updates. For more information about the vulnerability, visit the Apple website.

Posted by Kate at 04:29 PM | Permalink

Recently a new worm that propagates itself via AIM began circulating the Internet. Known as W32.pipeline, this worm transmits itself via AIM, contacting all individuals on the victim's "Buddylist".

The worm sends an innocuous IM message to the individuals on the victim's Buddylist with the message "Hey, would it be okay if I upload this picture of you to my blog?" If the recipient clicks on the link, an executable file that looks like a JPEG will download into a Windows folder.

Once installed, the file then begins to contact other individuals on the new victim computer to infect their machines as well. Another side effect is that the victim computer acts as a botnet, downloading in the background malicious files and viruses onto the computer, and possibly even sending out large quantities of spam

The best solution to this problem is to:

• If you receive the above IM, ignore it and do not respond. If you receive a suspicious variant, or are unsure, reply to the Instant Message and verify that the person really did send it to you. 3-4 IM messages should verify the status of the sender.

Posted by cp493 at 10:34 AM | Permalink

Following a week of updates from both Microsoft & Apple, the team over at Mozilla also issued critical updates for its popular Firefox web browser.

The update comes on the heel of multiple vulnerabilities being recently discovered. Secunia.com rates these vulnerabilities as being highly critical, because they allow a remote attacker to exceute arbitrary code, and possibly take over a compromised computer.

These updates should download automatically, however, you can also upgrade your current browser to version 1.5.0.7 by going to:

GetFireFox.com

Posted by cp493 at 10:54 AM | Permalink

Following Microsoft's monthly "Tuesday Patch Day", whereby Microsoft provided multiple critical Windows & Office updates, a new vulnerability began circulating the Internet. This new attack specifically targets Internet Explorer and can result in a computer being compromised by an attacker.

Once an individual visits a specially crafted website, the attack can either force IE to crash or the attacker can use the vulnerability to launch arbitrary commands and compromise the victim computer.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. Beyond suggesting that users avoid "bad websites", users are also being told to disable "ActiveX scripting" in IE or secure it to your trusted security zones as a precaution.

Multiple security vendors are labeling this attack as "high" because an update is not available, and may not be available until the next monthly patch cycle. As always, we suggest that you avoid any suspicious or "bad" websites. If you believe you may have entered one of these sites, it may be prudent to simply quit out of your browser and restart the application again.

Posted by cp493 at 11:29 AM | Permalink

On September 13th, Microsoft issued a 3rd patch for an ongoing vulnerability that was cited in August. Following 2 previous updates, Microsoft received multiple reports of computers still being vulnerable to attack. Specifically, the type of attack involves running long, processor-power consuming tasks that may result in serious performance issues.

At this time, it highly recommended to download the latest Microsoft Windows updates.

Download Microsoft updates by going to:http://updates.microsoft.com

Posted by cp493 at 10:41 AM | Permalink

There is a critical MS Word vulnerability circulating the Internet and it is appearing as a simple Word document file. This specially crafted Word document contains an embedded trojan file that can put a computer at risk to a malicious attack.

Once the infected Word file is opened, it loads a trojan file onto the computer. Following the trojan's installation, it then initiates a backdoor command that allows more malicious files to be downloaded onto the infected computer. Those malicious files can include keylogging tools, which can be used to record what you type on your computer.

For the moment, Microsoft does not have an update available. Users are being told to not open untrusted Word document files. Once an update is available, a link will be posted in the alerts page.

Confirmed affected systems for this paritcular attack are computers running both Windows 2000 & Microsoft Word 2000. Although not yet confirmed, it is cautioned that this vulnerability may affect other versions of Microsoft Windows and/or Word.

More information regarding this attack can be found here :

MS Word 0-day attack flaw

Update available 09/12/06

Microsoft has stated that there will be one Office and two Windows updates available on 09/12/06 that will address multiple critical vulnerabilities. It is believed that these updates will fix the current Word vulnerability, amongst other exploits. We will issue an alert when this becomes available.

Posted by cp493 at 04:00 PM | Permalink

Due to a few recent cases of Sony-manufactured laptop batteries overheating, and in some cases even exploding, both Apple and Dell have issued free battery recalls. The affected batteries may pose a serious fire risk and potentially injure the user. The affected laptops are:

Apple

• 12-inch iBook G4
• 12-inch PowerBook G4
• 15-inch PowerBook G4

Dell

• Latitude
• Precision
• Inspiron
• XPS

Consumers that are affected by the recall are being told to remove the battery immediately and to power the laptop via the AC adapter only.

To find out if your laptop is affected by the recall, visit the corresponding manufacturer's battery recall information website:

Apple Battery Exchange Program iBook G4 and PowerBook G4

Dell Battery Return Program

Posted by cp493 at 10:42 AM | Permalink

The Department of Homeland Security has issued an alert to all Windows users to update their computers with the latest Microsoft Windows vulnerability patch. A computer lacking this latest patch could be compromised and remotely controllled by an attacker. It is imperative that this update be applied as soon as possible.

Windows Operating Systems users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users.

Download the latest patch(es) here:
Microsoft Windows Update

Posted by cp493 at 04:30 PM | Permalink