Trojan steals Gmail passwords – and charges for it
,----[ Quote ]
| Not to worry, being a computer programmer himself he used Lutz Roeder's
| well-known Reflector software to do a bit of reverse engineering. Now,
| ordinarily trying to figure out someone else's proprietary source code is
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| ethically dodgy, if not illegal. However, what Brooks discovered completely
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| overshadowed any such concerns.
`----
http://www.itwire.com/content/view/17113/1143/
Password-Stealing Hackers Infect Thousands of Web Pages
,----[ Quote ]
| Hackers looking to steal passwords used in popular online games have infected
| more than 10,000 Web pages in recent days.
|
| [...]
|
| The attack code takes advantage of bugs that have already been patched, so
| users whose software is up-to-date are not at risk. However, McAfee warns
| that some of the exploits are for obscure programs such as ActiveX controls
| for online games, which users may not think to patch.
`----
http://www.pcworld.com/article/id,143397-c,hackers/article.html
"We should dedicate a cross-group team to come up with ways to leverage Windows
technically more."
--Jim Allchin, Vista escapee
Yesterday:
Microsoft fixes a dozen Office flaws in four patches; all are critical
,----[ Quote ]
| Microsoft today released its March 2008 security bulletin, which includes
| four bulletins, all deemed critical by Microsoft.
`----
http://www.news.com/8301-10789_3-9891047-57.html?part=rss&subj=news&tag=2547-1_3-0-20
Microsoft Patch Tuesday Fixes A Dozen Office Flaws
http://news.yahoo.com/s/cmp/20080312/tc_cmp/206903046
Related:
Vista SP1 will contain undocumented fixes
,----[ Quote ]
| Interesting email in today mailbag: “Will SP1 contain undisclosed or
| undocumented security fixes?”
|
| For some people, counting the number of security flaws that one OS has
| compared to another is important because it offers a metric upon which to
| determine which OS is the most secure (personally, I feel that it’s a bogus
| metric, but I’ll let it slide for now). However, many claim that Microsoft
| stacks the deck in its favor by not disclosing a full list of vulnerabilities
| that have been patched by omitting to include those discovered and patched
| in-house.
`----
http://blogs.zdnet.com/hardware/?p=1225
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
|
|
