chiawaikian

http://news.com.com/Another+security+hole+...ml?tag=nefd.top

Why, you're welcome lokoike. This is one of my stops when I post security news.

Above is the message by Chris Dixon, SiteAdvisor CEO More in http://blog.siteadvisor.com/2006/04/taking..._the_next.shtml Press release at http://www.mcafee.com/us/about/press/consu...3_050000_q.html

Briz Trojans, a "malware-creation-for-hire scam recently uncovered by security researchers" have affected hotels, airline and financial institutions. Spanish firm Panda Software analyzed the Trojan Briz-A, revealing the "existence of a complex system dedicated to creating and selling of ? la carte malware designed for stealing personal and confidential data." Panda Software and RSA Security identified and shut down several websites involved in the scam, and contacted affected businesses. http://www.theregister.co.uk/2006/04/05/tr...ork_dismantled/

Employees who access their MySpace.com accounts from work are not just lowering their productivity, but may visit fake MySpace sites that could capture keystrokes, including corporate network passwords and other sensitive information. MySpace has 63 million users. One expert suggests that the most serious threat comes from the fact that many people use the same login information for their MySpace.com page for several other accounts, including banking and access to their employer's network. http://searchsecurity.techtarget.com/origi...1178653,00.html

Yes res45, I used SpoofGuard (by Stanford) before and didn't experience any compatability problems. There are other tools of course such as Spoofstick and Earthlink's Scamguard. Information about Spoofstick can be found here: http://www.spoofstick.com/

Here is an anti-spoof weapon that can also probably be used : http://crypto.stanford.edu/SpoofGuard/ SpoofGuard is a browser plug in that is compatible with Microsoft Internet Explore. SpoofGuard places a traffic light in your browser toolbar that turns from green to yellow to red as you navigate to a spoof site. If you try to enter sensitive information into a form from a spoof site, SpoofGuard will save your data and warn you. SpoofGuard warnings occur when alarm indicators reach a level that depends on parameters that are set by the user.

BBC news

Zdnet.com

http://www.vnunet.com/vnunet/news/2150984/...low-risk-adware

180solutions, the controversial adware marketer admitted last week that it was initially unable to identify the rogue affiliate that was installing its Zango software illegally. http://www.securitypipeline.com/181400632

Source: http://arstechnica.com/news.ars/post/20060225-6264.html

Source: http://www.viruslist.com/en/news?id=180268032

Please be informed that the Microsoft Baseline Security Analyzer (MBSA) v1.2.1 will be discontinued on March 31, 2006. After this date, MBSA 1.2.1 will no longer be supported and the MSSecure.xml file that is automatically downloaded by MBSA 1.2 will no longer be updated to include new security bulletins. Microsoft encourage you to migrate to MBSA 2.0 before this date to guarantee continued security bulletin detection. More info in Microsoft KB895660 and in Microsoft Baseline Security Analyzer page.

Sorry hazelnut.

Used the anti-virus module in ZoneAlarm Security Suite, which is the ETrust engine. Thus I voted for that.

ZoneAlarm Internet Security Suite.

Source: http://blogs.securiteam.com/index.php/archives/293

Source: http://home.businesswire.com/portal/site/g...184&newsLang=en

German DVDs of the movie 'Mr. and Mrs. Smith' carry a digital rights management (DRM) software with rootkit features, according to F-Secure. Settec Alpha-DISC copy protection hides its processes from the user, but unlike the Sony XCP rootkit it cannot hide other files and programs, making it less of a threat. Settec offers an uninstaller for its DRM, but F-Secure vice-president Antti Vihavainen argues that program should never hide themselves from users or the administrators responsible for the maintenance of a machine. Source: http://www.eweek.com/article2/0,1759,1926917,00.asp

The policy statement titled the National Strategy to Secure Cyberspace has reached its third anniversary, and a panel of experts agreed that, while "progress has been made in the past three years", cyberattacks have also advanced during the same period. The policy "called for the government to work with private industry to create an emergency response system to cyberattacks and to reduce the nation's vulnerability to such threats". Information sharing between the private sector and the government accounts for much of the progress, with the international exercise "Cyber Storm" cited as an example. Many areas still require attention, and experts identified software security, anti-phishing initiatives, the need for new cybercrime laws, and industrial espionage as some of them. http://news.com.com/Panel+sees+progress+ma..._3-6039677.html

Source: http://searchsecurity.techtarget.com/origi...1166552,00.html

Hi acooldozen, I'm ranked GURU at ZoneLabs User Forum. Moderators there are ZoneLabs employees.

Hi Eldmannen and lokoike, I must agree that your points are valid.

Glad to see the community spirit here. All the best to everyone.