Ryan Naraine

Free Microsoft Tool Hardens Programs Against Attack

Microsoft has released
a free tool for retroactively hardening applications against known
attacks, without recompiling the program with a special compiler flag.
The Enhanced Mitigation Evaluation Toolkit
(EMET) allows developers and administrators to activate specific
protection mechanisms in compiled binaries without requiring access to
the source code. The tool is currently able to prevent or impede four
attack techniques. Read the full story [The H Online]  See Microsoft blog post on EMET [technet.com]

Microsoft Cleans Up Bugs After Biggest Patch Release

After releasing its largest-ever group of security patches two weeks ago, Microsoft has done a little cleaning up.Over the past few days, the company has re-released two security updates and issued a workaround for a Windows CryptoAPI patch that caused Microsoft’s own instant-messaging server to crash.  Read the full story [IDG News Service/Robert McMillan]

Facebook Wins $711 Million in Spam Case

Social networking website Facebook was awarded $711.2 million in
damages relating to an anti-spam case against Internet marketer Sanford
Wallace, court documents show.

The site filed an anti-spamming case against Wallace in February for
accessing people’s Facebook accounts without their permission and
sending phony mail and posts to the individuals’ public message wall,
the company said in a blog post.  Read the full story [Reuters]


In what could mark a major improvement to the nation’s ability to defend itself against cyber threats, the Department of Homeland Security will announce Friday that the US Computer Emergency Readiness Team will merge with the National Coordinating Center for Telecommunications.The two groups — now separated by two floors — will now be co-located and will operate jointly. It’s an interesting pairing, putting the public-private CERT together with the NCC, an interagency group of 22 Federal departments and agencies first created by President Kennedy in the aftermath of the Cuban Missile Crisis. Read the full story [Colin Clark/DoD Buzz] 

As many as one in every 500 web addresses posted on Twitter lead to
sites hosting malware, according to researchers at Kaspersky Labs who
have deployed a tool that examines URLs circulating in tweets.
The spread of malware is aided by the popular use of shortened URLs
on Twitter, which generally hide the real website address from users
before they click on a link, preventing them from self-filtering links
that appear to be dodgy.  Read the full story [Wired/Kim Zetter] Also see this report [CNet/Elinor Mills]

How
quaint seem the days when naïve hacker wannabes phished PayPal logons,
then posted them on IRC chat channels, to try to make a few bucks — but
mostly for bragging rights. That was circa 2002-2003.
Fast forward to the present. At this moment, Facebook is being blanketed by two high-volume email phishing campaigns.  Read the full story [Byron Acohido/Last Watchdog]

Twitter warned on Wednesday about a new phishing attack in which direct
messages to users link to a fake log-in page that steals passwords.
“We’ve seen a few phishing attempts today; if you’ve received a strange
(direct message), and it takes you to a Twitter log-in page, don’t do
it!” the Twitter spam warning says. Read the full story [CNet/Elinor Mills]

On the same day Mozilla shipped a Firefox update
to fix multiple critical vulnerabilities, Opera dropped a major patch
to fix three documented flaws, including a memory corruption issue that
exposes users to code execution attacks. Here are the raw details:

Cybercriminals have found a new launching pad for their scams: the phone systems of small and medium-sized businesses across the U.S.

In recent weeks, they have hacked into dozens of telephone systems across the country, using them as a way to contact unsuspecting bank customers and trick them into divulging their bank account numbers and passwords.  Read the full story [IDG News Service/Robert McMillan]

Robert Tappan Morris was the first person convicted by a jury
under the Computer Fraud and Abuse Act of 1986. The story of the
worm he created and what happened to him after it was released
is a tale of mistakes, infamy, and ultimately the financial and
professional success of its author.  Read the full story [Mark Menninger/transmeet.com]