Lisa Vaas

F-Secure has received a sample submission of a virus for iPods running on Linux, showing that “the computer underground is actively studying new platforms such as portable devices,” according to Chief Research Officer Mikko Hyppönen. The virus, sent to F-Secure in a .zip file called Oslo, doesn’t work on iPods running the default iPod operating […]

Microsoft hasn’t outpatched itself; it’s hitting its normally scheduled April 10 Patch Tuesday with four Windows security bulletins, at least one of which is rated critical, according to Microsoft’s Security Bulletin Advance Notification site. The company on April 3 posted a patch, MS07-017, that it had rushed out to fix a critical flaw in Windows’ […]

The Mozilla Foundation is looking at disabling support for the Windows animated cursor format as a workaround for the ANI vulnerability that has left Windows systems open to exploit and complete takeover for the past week. Firefox users who use automatic update should get an update notification for the workaround. Users who have turned off […]

Researchers have discovered a new way of attacking Wired Equivalent Privacy that requires an amount of data “more than an order of magnitude” less than the best known key-recovery attacks. In effect, the cracking can be done within a minute, as the title of the paper suggests: Breaking 104 bit WEP in less than 60 […]

Firefox users have a greater need than do users running IE in protected mode to install the patch for the animated cursor flaw that caused Microsoft to rush out a security bulletin on April 3, given that Firefox lacks a low-privilege mode. Alexander Sotirov, the security researcher at Determina who first discovered the ANI flaw […]

Microsoft has posted a patch for the Windows animated cursor files vulnerability even as exploits spread. The company is telling customers to apply the patch for what it’s calling a critical flaw, released as Security Bulletin MS07-017, immediately. MS07-017 addresses a vulnerability in the way Windows handles Animated Cursor (.ani) files. The vulnerability could allow […]

ANI Exploit Tries the ‘Hot Pictures of Britiney Speers’ Shtick Spam promising “Hot Pictures of Britiney Speers [sic]” is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from “Nude BritineySpeers.com,” is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments. The […]

A large clump of sites in the Asia Pacific region are sporting embedded IFrames pointing to a site that’s spreading ANI exploit code, Websense reported yesterday. An IFrame is an HTML element that makes it possible to embed an HTML document inside a main document. The security firm’s ThreatSeeker technology is tracking more than 450 […]

Texas is suing RadioShack after the retailers employees dumped thousands of customer records in garbage bins behind a store near Corpus Christi, Texas, on March 21. The records contained Social Security numbers, credit and debit card information, names, addresses and telephone numbers, according to investigators. Texas Attorney General Greg Abbott late on Monday filed documents […]

eEye has updated its workaround for the Windows animated cursor flaw—a flaw that some are claiming is responsible for the first real remote code execution exploit on Vista. The update was released in response to a variant on the original attack that bypasses the security firm’s original workaround patch. The updated eEye patch is available […]