Lisa Vaas

eBay has confirmed that, early on the morning of March 8 EST, an alleged Romanian hacker calling himself “Born_To_Scam_American_Guys” posted records for 15 eBay users on an eBay forum for between 40-60 minutes before the company removed them. The posts were put up on the Trust & Safety board. According to other forum members who […]

E-mails with legitimate slide shows of cars for sale on eBay are quietly dropping a Trojan that redirects a victim when he or she clicks on a link to a legitimate auction. If the victim bids, his or her money winds up going to the criminal with no car going anywhere. Symantec says if the […]

Microsoft is taking a breather from security, with no security updates coming on this month’s Patch Tuesday, March 13. The company posted a note to that effect on its security bulletin advance notice page on March 8. Microsoft will still be putting out its monthly updated version of the Microsoft Windows Malicious Software Removal Tool, […]

The Securities and Exchange Commission has suspended trading in securities of 35 companies suspected to be spammers as part of a new effort, “Operation Spamalot,” to shut down potentially fraudulent spam hyping small company stocks with phrases such as “Ready to Explode,” “Ride the Bull” and “Fast Money.” The SEC has estimated that 100 million […]

The Securities and Exchange Commission announced March 7 it has won an emergency court order to freeze assets in a Latvian-based bank’s trading account that was being used in a high-tech market manipulation scheme. The SEC is charging that account has been used to launch a “pump-and-dump” scheme involving stocks of 15 public companies. Part […]

Microsoft has confirmed that its Windows Live OneCare managed security service is swallowing entire mail stores, sometimes going back years, from Outlook and Outlook Express. What’s happening is that OneCare, in its zeal to quarantine infected Outlook .pst files or Outlook Express .dbx files, is also quarantining clean mail files. It’s doing such a good […]

Researchers are fuzzy about the impact of a flaw discovered in Microsoft Windows Explorer, but US-CERT’s advisory said there’s exploit code out there for it. At issue is Windows Explorer’s failure to properly handle malformed Office documents. Although researchers aren’t clear about the implications, the advisory said that it may allow an attacker to take […]

Core Security Technologies has discovered a flaw in GNU Privacy Guard—the open-source cryptographic software system that’s part of the GNU software project and at the heart of third-party e-mail that’s signed, encrypted and trusted—that allows attackers to reach into e-mail and add whatever content they dream up. Besides the ability to mislead recipients about the […]

The Mozilla Foundation reported on Monday that a critical JavaScript bug in the Firefox browser and in the SeaMonkey Internet application suite could allow a malicious Web site to inject arbitrary code into a vulnerable PC. The bug was inadvertently brought into being by an earlier fix that came out in December 2006. That fix […]

Ubuntu has a security alert out on its Thunderbird e-mail client, with a flaw that could allow an attacker to take over a vulnerable PC. Versions 5.10, 6.06 LTS and 6.10 are affected and can be fixed by upgrading to versions specified in Ubuntu’s alert. Ubuntu says the problem is with the SSLv2 protocol support […]