Thursday, July 30, 2009

Apple: Jailbreaking Could Knock Out Transmission Towers

By JEREMY KIRK of IDG News Service\London Bureau
Apple has told the U.S. Copyright Office that modifying the iPhone's operating system could crash a mobile phone network's transmission towers or allow people to avoid paying for phone calls.

The claims are Apple's contribution to the Copyright Office's regular review of the U.S. Digital Millennium Copyright Act (DMCA), a law that forbids the circumvention of copy control mechanisms.

Apple says that modification of the phone's software, a process known as jailbreaking, could lead to major network disruptions. Jailbreaking gets around the copyright control features that prohibit, for example, the installation of applications unapproved by Apple.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.

Extra '&' in Microsoft development code gave hackers IE exploit

Company's security development expert confirms reports by outside researchers

By Gregg Keizer, ComputerWorld
Microsoft yesterday confirmed that a single superfluous character in its own development code is responsible for the bug that has let hackers exploit Internet Explorer (IE) since early July.

A pair of German researchers who analyzed a vulnerability in a Microsoft-made ActiveX control came to the same conclusion three weeks ago.

"The bug is simply a typo," Michael Howard, a principal security program manager in Microsoft's security engineering and communications group, said in a post Tuesday to the Security Development Lifecycle (SDL) blog. Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the typo -- an errant "&" character -- is the "core issue" in the MSVidCtl ActiveX control.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.

Researcher reveals massive 'professional thieving' botnet

A nasty piece of malware that's infected up to a million PCs is stealing financial information from consumers and businesses at an alarming rate, a noted botnet researcher said today.

By Gregg Keizer, ComputerWorld
A ferocious piece of malware that's infected up to a million PCs is stealing a "tremendous" amount of financial information from consumers and businesses that log on to their bank, stock broker, credit card, insurance, job hunting and favorite e-shopping sites, a noted botnet researcher said today.

"Clampi is the most professional thieving pieces of malware I've ever seen," said Joe Stewart, director of malware research for SecureWorks' counter-threat unit. "We know of few others that are this sophisticated and wide-ranging. It's having a real impact on users."

The Clampi Trojan horse has infected anywhere between 100,000 and 1 million Windows PCs, said Stewart -- "We don't have a good way of counting at this point," he acknowledged -- and targets the user credentials of 4,500 Web sites.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.

False-positive swindles grow rapidly online

Fake anti-virus programs set to rule the roost

By John E. Dunn, Techworld
The phenomenon of fake anti-virus (AV) software is growing at such a pace that it could grow to eclipse all other types of malicious software, one security company has suggested.

The Business of Rogueware, the latest threat report from PandaLabs, the research wing of Spanish AV company Panda Security, contains the usual round of statistics on malware growth found in all such vendor reports, but it is the section on rogue anti-virus that should make PC users sit up and pay attention.

In the first quarter of 2009, the company detected more bogus anti-virus files or variants than in the whole of 2008, 111,000 in total. Unconfirmed second quarter figures show that this rose during the second quarter to 374,000. This rise accords with similar statistics published last week by rival Sophos, which said that it was now detecting 15 new bogus AV sites a day, compared to five a day in the latter half of 2008.

FOR COMPLETE STORY, PLEASE CLICK HERE.



~Sandy G.