Security patches from Microsoft and Apple joined the sentencing of e-mail hacker David Kernell as some of the top news stories for the past week.
From Microsoft and Apple security updates to the sentencing of the man
who hacked former vice presidential candidate Sarah Palin's e-mail, there was
no shortage of news this past week in security.
In a relatively small Patch Tuesday update, Microsoft released three
security bulletins to
cover
11 vulnerabilities in Microsoft Forefront Unified Access Gateway and Office
products. The most serious of the bulletins is MS10-087, which received
Microsoft's highest rating of "Critical."
"The
bulletin
is rated Critical for Office 2007 and Office 2010 due to a preview pane
vector in Outlook that could trigger the vulnerability when a customer views a
specially crafted malicious RTF (Rich Text Format) file," blogged Jerry
Bryant, group manager of response communications for Microsoft Security
Response Center, on Nov. 9. "The update also addresses an Office vector
for the vulnerability described in
Security
Advisory 2269637, which has been referred to as 'DLL Preloading' and
'Binary planting.'"
Rival OS vendor Apple came out with a
much
larger update of its own later in the week, patching more than 130 security
issues in Mac OS X. Users of Symantec's PGP Whole Disk Encryption product who
downloaded the update ran into problems, however. The Apple update, Symantec
explained, included a new version of the boot.efi file that overwrites the
previous edition used by the encryption product. As a result, users found
themselves locked out of their computers.
"If the update to OS X 10.6.5 has already been made and the machine
fails to boot, the data on the machine is not lost," Symantec told eWEEK.
"The system can be restored using the PGP Recovery CD. Instructions can be
found in this
Knowledgebase
Article."
Meanwhile, attackers continued to target the recently disclosed Internet
Explorer zero-day with new malware. But the week also closed with some
news about a familiar name in the security community-Koobface. In a
new paper released by Information Warfare Monitor, a researcher took
a long look at how the
Koobface
botnet managed to make $2 million between June 2009 and June 2010.
Elsewhere in the world of attacks, David Kernell, the man convicted of
hacking
Palin's
personal Yahoo account during the 2008 presidential campaign, was sentenced
Friday to a year and a day in federal custody. Kernell was found guilty in
April of breaking into Palin's account by abusing Yahoo's password
recovery feature. He then posted screenshots of the account online.
Also in the
realm
of e-mail security, Microsoft added the option to have always-on HTTPS
encryption to Windows Live Hotmail. The announcement followed in the footsteps
of a move by Google, which turned on persistent HTTPS by default in Gmail
earlier this year. Microsoft's decision also builds on recent changes meant to
bolster security, including the addition of new "proofs" for user
authentication.
Email
Print
