-----Original Message----- From: information_technology-admin@private on behalf of InfraGard Sent: Mon 9/15/2003 7:58 AM To: Information Technology Cc: Subject: [Information_technology] Daily News 9/15/03 September 11, Sydney Morning Herald (Australia) — Thirty unpatched holes in IE, says security researcher. As Microsoft releases details of new vulnerabilities, it is yet to tackle the 30 unpatched holes in Internet Explorer which have been documented by well-known security researcher Thor Larholm. Larholm, a former black hat and now a senior security researcher with a private company, said on Friday, September 12, that seven more vulnerabilities had been added to the list he maintains, all of them having been discovered by Chinese researcher Liu Die Yu. "One of these new vulnerabilities exploits a new attack vector that has surfaced in IE lately, namely misdirecting user input," Larholm said. According to Larholm, "This allows you to redirect a user's mouseclick to (for example) the OK button on a dialog asking for security confirmation by moving the browser window prior to the mouse being released. This resurrects the debate on whether to disable some core functionality to heighten security. Similarly, several of the vulnerabilities that remain unpatched are known to be under active investigation by the Microsoft Security Response Center, and I am confident that a secure patch is being prepared for prompt release." Source: http://www.smh.com.au/articles/2003/09/11/1063249516080.html September 11, KIRO TV (Seattle, WA) — Voice mail hijacked to accept collect calls from crooks. The words "Yes, Yes, Yes" usually mean something positive, but not in this case. A new con uses these three words to rip off voice mail users. Maureen Claridge says she got stuck with a large phone bill because someone hijacked her voice mail. Maureen's voice mail usually sounded like this: "This is Maureen; I'm in the office, but on the other line, leave a number and I'll get back to you as soon as I can." But a crook hacked into it and recorded the words "yes, yes, yes." The crooks target people who have simple voice mail passwords. They use the password to hack into the system and change the message to accept collect calls. Then they ask you a series of questions, usually three, and the answer is "yes, yes, yes." The voice mail telephone company says small business people are often targeted, because they don't answer their phones on the weekend. To protect yourself, check your outgoing message from time to time and change your password to something only you would know. Source: http://www.kirotv.com/money/2476956/detail.html AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 2 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_LOVGATE.G Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 1434 (ms-sql-m), 137 (netbios-ns), 445 (microsoft-ds), 80 (www), 593 (http-rpc-epmap), 1433 (ms-sql-s), 139 (netbios-ssn), 21 (ftp), 17300 (Kuang2TheVirus) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Mon Sep 15 2003 - 09:59:08 PDT