Lisa Vaas

Microsoft is throttling a potentially evil paperclip this Patch Tuesday: Namely, a critical vulnerability in its Microsoft Agent—aka “Clippy”—that can open a system up to hijacking. The security advisory for Microsoft Agent, MS07-051, is the only critical release out of four security advisories the company put out on Sept. 11. It addresses a vulnerability whereby […]

A Swedish security researcher who publicly posted 100 embassy, government and Fortune 500 e-mail passwords in late August has revealed that he used The Onion Router, or ToR, exit nodes outfitted with a packet sniffer to catch the unencrypted e-mail messages and passwords. Ironically enough, ToR is a free tool distributed by the Electronic Frontier […]

Yet another worm is sticking it to Skype. The VOIP (voice over IP) companys security team as of Sept. 11 was working with domain owners to shut down malicious sites that are infecting Skype for Windows users with a virus being spread via cleverly composed instant messages. Initially, Skype was calling the virus w32/Ramex.A, but […]

Burglars broke into Mitt Romneys Boston presidential campaign headquarters over the weekend, making off with multiple laptops and a television. Alex Burgos, a spokesman for the campaign, told eWEEK that the burglary happened sometime during the evening of Sept. 9. The forced entry into the building, a harbor side location on Commercial Street in Bostons […]

I had just finished writing up this story of a European country with a defense agency site that’s got its database dangling out for all the world to play with, when Exploit Prevention Labs Chief Technology Officer Roger Thompson pointed to about a dozen poisoned government sites that are hosting pages serving malware and porn. […]

Microsoft is planning to release five security bulletins on Septembers Patch Tuesday. While only one—a vulnerability in Windows—is deemed critical, three of the advisories address vulnerabilities that can lead to system takeover: the Windows flaw, flaws in MSN Messenger and Windows Live Messenger, and holes in Visual Studio. The IM client vulnerability in particular should […]

No -Defense Department”> On July 18, Sunbelt Software came across a SQL command passed as a query within a URL belonging to an arm of a European countrys military. With that, any visitor can pass queries in the URL straight to the back-end database and squeeze out any data, no password required. At the time, […]

Before you rush out to snag one of those new iPods or cheaper iPhones, update your iTunes, because its got a buffer overflow that could let some nasty music file “pwn” your toy. Apple on Sept. 6 put out an update, iTunes 7.4, that deals with the buffer overflow, which occurs when processing album cover […]

Online networking site Quechup.com is infuriating would-be members by e-mailing their contacts without permission, turning the unwary into unintentional spammers. “I inadvertently invited everyone in my Gmail contact [list] to join a lousy social network called Quechup,” reads one apologetic message from a typically chagrined ex-Quechup member. “Please ignore that and please accept my apologies.” […]

China can keep on denying that its Peoples Liberation Army is responsible for infiltrating government networks, but good luck denying that its pumping out the most malware on the planet. Sophos nailed China as the top junk-spewer back in its July 2007 Sophos Threat Report. In the report, Sophos said that China servers are behind […]