Archive: November 2005
Sony Rootkit Sleuth to Join Class Action Suit
The security researcher whose examination of anti-piracy software included on many Sony BMG music CDs sparked a public firestorm has been hired as an expert witness in a nationwide class-action lawsuit against the company, Security Fix has learned. Mark Russinovich...
By Brian Krebs | November 30, 2005; 4:03 PM ET | Comments (18)
Phishers Promise IRS Refund
A new phishing scam is going around in an e-mail telling people they are eligible for a tax refund from the Internal Revenue Service in the amount of $571, according to an alert posted by Abingdon, England-based antivirus software maker...
By Brian Krebs | November 30, 2005; 11:50 AM ET | Comments (1)
Apple Update Patches 13 Flaws
Apple has issued a bundle of security fixes to mend 13 separate security flaws in several versions of its Mac OS X operating system, including quite a few holes that attackers could use to seize control over vulnerable machines. Nine...
By Brian Krebs | November 30, 2005; 7:50 AM ET | Comments (18)
November a Record Month for IM Worms
November produced a record number of computer worms that spread over instant-message programs like AOL Instant Messenger, Yahoo! Messenger and MSN Messenger, according to the latest stats posted by San Diego-based IM security firm Akonix. The company tracked more than...
By Brian Krebs | November 29, 2005; 1:52 PM ET | Comments (4)
The Truth About Anti-Virus Products
Eugene Kaspersky, who heads the Russian anti-virus maker Kaspersky Lab, has published an excellent article that offers a refreshingly honest look at the shortcomings inherent in most anti-virus products on the market today. Briefly, the paper points out that most...
By Brian Krebs | November 28, 2005; 12:45 PM ET | Comments (26)
Brokerage Hack Endangers Investors
St. Louis-based Scottrade, one of the nation's largest private online stock brokerage houses, has alerted its customers that a hacker break-in may have compromised the security of an untold number of accounts. The company did not disclose how many of...
By Brian Krebs | November 26, 2005; 7:05 PM ET | Comments (11)
Symantec to Ditch Sygate Firewall
Another free Windows firewall bites the dust. Symantec Corp. has announced rather abruptly that as of next week it will no longer support or offer its Sygate line of firewall products. The move comes little more than three months after...
By Brian Krebs | November 25, 2005; 10:15 PM ET | Comments (37)
Fake CIA, FBI E-Mails Power Sober Worm
Several new versions of the "Sober" e-mail worm have been mass-spammed to millions of e-mail boxes of the last 72 hours, posing as messages from the FBI and the CIA warning recipients that their Internet address has been implicated in...
By Brian Krebs | November 23, 2005; 10:22 AM ET | Comments (27)
Incomplete Advice From Uncle Sam
In a blog entry earlier today, I pointed out that the Department of Homeland Security -- in its partnership with the Carnegie Mellon University Computer Emergency Readiness Team, a DHS-run outfit now known as US-CERT -- is once again unwilling...
By Brian Krebs | November 22, 2005; 5:15 PM ET | Comments (14)
Check Your Exposure to Microsoft Flaw
There has been quite a bit of concern in the past 48 hours over the release of an exploit for a newly discovered critical security hole in Microsoft's Internet Explorer browser that could let nasty Web sites seize control over...
By Brian Krebs | November 22, 2005; 10:30 AM ET | Comments (11)
Check Your Exposure to Microsoft Flaw
There has been quite a bit of concern in the past 48 hours over the release of an exploit for a newly discovered critical security hole in Microsoft's Internet Explorer browser that could let nasty Web sites seize control over...
By Brian Krebs | November 22, 2005; 10:30 AM ET | Comments (11)
EFF, Texas Attorney General Sue Sony
Greg Abbott, the attorney general for Texas, today filed a lawsuit against Sony BMG Music Entertainment, alleging that its controversial (and now recalled) "XCP" anti-piracy software violates the state's anti-spyware and consumer protection laws. "Sony has engaged in a technological...
By Brian Krebs | November 21, 2005; 12:34 PM ET | Comments (13)
Exploit for Unpatched IE Flaw Released
Researchers have released computer code demonstrating how to exploit a previously unknown security hole in Microsoft's Internet Explorer Web browser to take over Windows computers. I'm still wading through the code to figure out exactly what this bugger does, but...
By Brian Krebs | November 21, 2005; 10:17 AM ET | Comments (10)
Sony, Amazon Detail CD Buyback
Sony BMG has just posted a series of Web pages that should help consumers who have purchased music CDs tainted with its flawed anti-piracy software exchange them for the same titles without the software. The music company's copy-protection FAQ directs...
By Brian Krebs | November 18, 2005; 10:35 AM ET | Comments (32)
Researchers See Risk From Another Sony DRM
The Sony BMG anti-piracy story just refuses to go away. And maybe it shouldn't: Security researchers -- the same ones who earlier this week found serious security holes in a patch Sony issued to remove the scariest components of its...
By Brian Krebs | November 17, 2005; 4:46 PM ET | Comments (29)
Major Internet Backbone Goes Down
Update, 5:53 p.m. ET: Cogent says the problem in the District was repaired at a little after 3 p.m. ET today and that the company expects the cut in its fiber line in New Orleans to be fixed within the...
By Brian Krebs | November 17, 2005; 2:12 PM ET | Comments (23)
Removing Sony's Software? Not Quite
This post is geared toward people who read today's wrapup in The Washington Post about huge security holes in Sony BMG's anti-piracy software and are interested in removing some or all of the broken software from their computers. That software...
By Brian Krebs | November 17, 2005; 12:45 AM ET | Comments (20)
Yet Another Sony Flaw Found
When it rains, it pours. Researchers at Atlanta-based Internet Security Systems Inc. say they've uncovered yet another security flaw in Sony BMG's anti-piracy software that attackers could exploit to take total control over any vulnerable machine. The discovery was made...
By Brian Krebs | November 15, 2005; 3:49 PM ET | Comments (11)
Researcher: Sony DRM on Half a Million Networks
New data published today by notable security researcher Dan Kaminsky indicates that Sony BMG's security-flaw-ridden anti-piracy software is installed on more than half a million computer networks in at least 165 countries. Kaminsky arrived at the number by poking around...
By Brian Krebs | November 15, 2005; 12:25 PM ET | Comments (21)
Researchers: Sony Patch Opens Huge Security Hole
As Security Fix warned in a post late last night, researchers have found new flaws in a program designed to remove portions of an anti-piracy software included in an unknown number of Sony BMG music CDs. A patch that Sony...
By Brian Krebs | November 15, 2005; 11:10 AM ET | Comments (16)
More Sony Problems to Be Revealed
Several groups of privacy and security experts are expected to release research later today that points to multiple, serious security flaws present in "XCP," the anti-piracy software used on an undisclosed number of Sony BMG music CDs. (For the record,...
By Brian Krebs | November 15, 2005; 1:24 AM ET | Comments (44)
Sony Faces Another Class-Action Suit
Sony BMG is facing yet another class-action lawsuit stemming from the controversy over its anti-piracy software, this time from a New York attorney who filed a federal case that could potentially include consumers in all 50 states. Scott Kamber filed...
By Brian Krebs | November 14, 2005; 5:01 PM ET | Comments (36)
Counting the Cost of Data Loss
New research from the The Ponemon Institute underscores the hit companies can take when they lose control over their customers' personal and financial information. The institute surveyed more than 9,000 people and found that nearly 12 percent had been notified...
By Brian Krebs | November 14, 2005; 12:25 PM ET | Comments (3)
Microsoft: Sony Anti-Piracy Software Is Spyware
Microsoft said Saturday that it is updating its anti-spyware software (now called "Windows Defender") to detect and remove the file-hiding capabilities of the anti-piracy software installed by some Sony BMG music CDs. In December, Microsoft will automate that process through...
By Brian Krebs | November 13, 2005; 1:11 AM ET | Comments (18)
Sony Suspends Use of Anti-Piracy Software
Bowing to nearly two weeks of relentless criticism from security experts, customers and even the Bush administration, Sony BMG Music Entertainment today said it had temporarily suspended production of music CDs that feature its controversial anti-piracy software. "As a precautionary...
By Brian Krebs | November 11, 2005; 2:34 PM ET | Comments (20)
DHS Official Weighs In on Sony
A high-ranking Bush administration official weighed in Thursday on anti-piracy efforts domestically and abroad, indirectly chastising Sony BMG Music Entertainment for its digital rights management (DRM) software, which computer security analysis say uses tactics typically employed by virus writers to...
By Brian Krebs | November 11, 2005; 1:30 PM ET | Comments (34)
RealPlayer Patches Critical Flaws
RealNetworks Inc. has issued patches to fix at least two serious security holes in a number of its RealVideo and RealOne media players. These flaws are especially interesting because they are present in versions of the company's software designed for...
By Brian Krebs | November 11, 2005; 9:29 AM ET | Comments (8)
FTC Says It Has Shut Down Spyware Ring
The Federal Trade Commission said today its enforcement division had obtained a court order freezing the assets of a group of online outfits it says is responsible for spreading spyware through a network of Web sites and blogs peddling cell...
By Brian Krebs | November 10, 2005; 1:40 PM ET | Comments (3)
Virus Writers Exploit Sony Anti-Piracy Software
This was bound to happen. Anti-virus maker Sophos is reporting that it has spotted an e-mail going around that tries to exploit the controversial file-hiding abilities of anti-piracy software embedded on some of Sony BMG's music CDs. According to Sophos,...
By Brian Krebs | November 10, 2005; 11:57 AM ET | Comments (24)
Sony's Attitude Has a History
A Security Fix reader with an excellent memory (thanks, Patrick) reminded me today of a few choice words spoken nearly five years ago by Sony Corp. chief executive Howard Stringer that eerily foreshadowed the controversial soup that Sony BMG now...
By Brian Krebs | November 10, 2005; 10:05 AM ET | Comments (44)
Sony's Attitude Has a History
A Security Fix reader with an excellent memory (thanks, Patrick) reminded me today of a few choice words spoken nearly five years ago by Sony Corp. chief executive Howard Stringer that eerily foreshadowed the controversial soup that Sony BMG now...
By Brian Krebs | November 10, 2005; 10:05 AM ET | Comments (37)
Calif. Lawsuit Targets Sony
A class-action lawsuit has been filed on behalf of California consumers who may have been harmed by anti-piracy software installed by some Sony music CDs. A second, nationwide class-action lawsuit is expected to be filed against Sony in a New...
By Brian Krebs | November 8, 2005; 6:35 PM ET | Comments (32)
Google Phishing
Internet security firm Websense is warning surfers to be on guard for a phishing e-mail that pretends to be from Google alerting recipients that they have won $400. The e-mail directs users to a spoofed copy of Google's site, where...
By Brian Krebs | November 8, 2005; 3:42 PM ET | Comments (1)
Microsoft Patches Windows Image Problem
Microsoft today issued a software update to fix several serious security problems with the way its Windows computers render digital images. The most serious of the three vulnerabilities addressed by today's patch -- a problem with Windows' graphics rendering engine...
By Brian Krebs | November 8, 2005; 2:35 PM ET | Comments (8)
Hackers Raid Sony's Playbook
Over the weekend, I was contacted by a Security Fix reader who spends a great deal of his time taking apart software applications to find security vulnerabilities (which he occasionally sells to security companies that use them to brag to...
By Brian Krebs | November 7, 2005; 1:35 PM ET | Comments (13)
Microsoft to Bundle Anti-Spyware App With Windows
Microsoft said Friday that it plans to bundle its "Windows Anti-Spyware" tool with Windows Vista, the chronically delayed next version of the company's operating system. Microsoft also decided to rename the program "Windows Defender," in part to give it "a...
By Brian Krebs | November 7, 2005; 10:50 AM ET | Comments (8)
Macromedia Flash Player Patch
Macromedia, maker of the Macromedia Flash online video/audio player, has issued an update that fixes a rather serious security flaw in its software that could allow hackers to take over your PC through your Web browser. The vulnerability is present...
By Brian Krebs | November 7, 2005; 8:00 AM ET | Comments (5)
The Botnet-Spyware Love Affair
Wired and other news outlets are reporting that the FBI has arrested a 20-year-old Los Angeles man on charges that he used viruses to take control over 400,000 computers and use them as a giant install base for spyware. The...
By Brian Krebs | November 4, 2005; 9:35 AM ET | Comments (3)
Critical Windows Patch Coming Next Week
Microsoft will release just one software update next week to plug a critical flaw in computers running its Windows operating system, the company said today. Redmond rates patches "critical" if they close a security hole that attackers could use to...
By Brian Krebs | November 3, 2005; 4:09 PM ET | Comments (0)
Consumer Group Asks FTC To Sue Spyware Company
A pair of consumer groups today filed a formal complaint with the Federal Trade Commission and the Canadian Competition Bureau urging the agencies to consider filing civil lawsuits against Integrated Search Technologies (IST), easily one of the most egregious spyware...
By Brian Krebs | November 3, 2005; 1:48 PM ET | Comments (3)
Microsoft Calls for National Privacy Law
Microsoft Corp. today called on Congress to enact a new federal privacy law, a move that is sure to prompt lawmakers to consider whether consumer privacy both online and offline should go further than merely requiring companies to notify people...
By Brian Krebs | November 3, 2005; 1:05 PM ET | Comments (9)
Sony Raids Hacker Playbook
New research from Mark Russinovich over at Sysinternals (the company I've blogged about before as the source a ton of excellent and free software utilities) indicates that Sony BMG has configured some of its music CDs to install antipiracy software...
By Brian Krebs | November 1, 2005; 3:08 PM ET | Comments (156)
Cheerio Kerio
I note with a wisp of sadness that Kerio Technologies, the makers of a fine free software firewall that I've used on several PCs over the years, will discontinue its Kerio Personal Firewall at the end of the year. Kerio...
By Brian Krebs | November 1, 2005; 9:45 AM ET | Comments (11)
Apple Patches Five Holes
Apple has an update that corrects several security vulnerabilities in its Mac OS X operating system. The new version, Mac OS X 10.4.3, fixes at least five problems, including one in Mac's Software Update feature, as well as its Keychain...
By Brian Krebs | November 1, 2005; 9:16 AM ET | Comments (5)
